program:
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x17, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB="1808000000000000000000002000000018110000", @ANYRES64=r0, @ANYRES64=r0], &(0x7f00000001c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r2 = dup(r1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r2, 0xab00, r3)
ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000040)={0x7f, 0x80, {}, {0xffffffffffffffff}, 0x39, 0x80000000})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01864c2, &(0x7f0000000200)={<r4=>0x0, 0x1, r2})
r5 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r5, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[0x0], 0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_SYNC_FILE(r5, 0xc01064c1, &(0x7f0000000240))
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r6, 0xc00864bf, &(0x7f00000003c0)={<r7=>0x0})
r8 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r8, 0xc00864bf, &(0x7f00000000c0)={<r9=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r6, 0xc01864cd, &(0x7f0000000600)={&(0x7f0000000580)=[r7, r9], 0x0, 0x2})
ioctl$DRM_IOCTL_SYNCOBJ_DESTROY(r6, 0xc00864c0, &(0x7f0000000440)={r9})
r10 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r10, 0xc00864bf, &(0x7f0000000100)={<r11=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(r10, 0xc03064ca, &(0x7f0000000b40)={&(0x7f0000000ac0)=[r7], 0x0, 0x0, 0x40000130})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r2, 0xc01864c2, &(0x7f0000000840)={<r12=>0x0, 0x0, r2})
r13 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r13, 0xc00864bf, &(0x7f0000000140)={<r14=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r13, 0xc01864cb, &(0x7f0000000180)={&(0x7f0000000080)=[r14], 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r2, 0xc01864c2, &(0x7f0000000880)={<r15=>0x0, 0x0, r2})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000008c0)={<r16=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000900)={<r17=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01864c2, &(0x7f0000000940)={<r18=>0x0, 0x1, r2})
ioctl$DRM_IOCTL_PANTHOR_GROUP_SUBMIT(r2, 0xc0186449, &(0x7f0000000bc0)={0x0, 0x0, {0x28, 0xa, &(0x7f0000000a00)=[{0x8, 0x642bd820, 0x62e825a3b4416c40, 0xffd, 0x0, {0x10, 0x2, &(0x7f0000000100)=[{0x1, 0x0, 0x6}, {0xff, 0x0, 0x1}]}}, {0x10, 0x9c445600, 0x751908d5141c7340, 0x5, 0x0, {0x10, 0x2, &(0x7f00000002c0)=[{0x1, 0x0, 0x9}, {0x0, 0x0, 0x9}]}}, {0x2, 0xea561038, 0xea08149bda7f7640, 0x2, 0x0, {0x10, 0x2, &(0x7f0000000300)=[{0x1, 0x0, 0xfffd}, {0x1, 0x0, 0x8000}]}}, {0x6, 0x8d20d0c8, 0xe0142da173e6eac0, 0x9, 0x0, {0x10, 0xa, &(0x7f0000000540)=[{0xff, 0x0, 0x5}, {0x80000000, 0x0, 0xaaba}, {0x1, 0x0, 0xffffffffffffffff}, {0x100000000, 0x0, 0x1400}, {0xff, 0x0, 0x3}, {0xff, 0x0, 0x100}, {0x0, 0x0, 0x6}, {0xff, 0x0, 0xffff}, {0x80000000, 0x0, 0x7}, {0xff, 0x0, 0x7}]}}, {0x3, 0x19d09fe8, 0x20509c7d95ebaac0, 0x4a003a51, 0x0, {0x10, 0x4, &(0x7f0000000680)=[{}, {0xff, r12, 0x200}, {0xff, 0x0, 0x7}, {0x0, 0x0, 0x2}]}}, {0x9, 0x60745708, 0x1202c666508cecc0, 0x4, 0x0, {0x10, 0x2, &(0x7f0000000700)=[{0xff, 0x0, 0x9}, {}]}}, {0x9, 0x2f164b48, 0xc9d613d23011d900, 0x5, 0x0, {0x10, 0x2, &(0x7f0000000780)=[{0x80000000, 0x0, 0x7}, {0xff, r4, 0x7}]}}, {0x5, 0x8a1336e8, 0x775a095d0d03d9c0, 0x7, 0x0, {0x10, 0x0, &(0x7f00000007c0)}}, {0x5, 0x9a4e5658, 0x606f6d15408c63c0, 0x9, 0x0, {0x10, 0x3, &(0x7f0000000800)=[{0x1, 0x0, 0x4}, {0xff, 0x0, 0xa}, {0x80000000, r9, 0x7}]}}, {0x8, 0xb47e8680, 0x2e3ea3b879b9a900, 0x800000, 0x0, {0x10, 0x8, &(0x7f0000000980)=[{0x80000000, 0x0, 0x8}, {0x0, r11, 0x20000000000000f}, {0x80000000, r12, 0x6}, {0xfc, r14}, {0x0, r15, 0x9}, {0xff, r16, 0x2}, {0x0, r17, 0x81}, {0x0, r18, 0xf}]}}]}})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffd, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xa19a, 0x4}, 0x0, 0x0, 0xffffffff, 0x1, 0x9, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
gettid()

[   83.943528][ T4663] Bluetooth: hci0: command tx timeout
[   84.087230][ T5317] ------------[ cut here ]------------
[   84.090047][ T5317] 1
[   84.090060][ T5317] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5317
[   84.096515][ T5317] Modules linked in:
[   84.098839][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.103387][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.108192][ T5317] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   84.111997][ T5317] Code: 74 10 4c 89 e7 89 54 24 0c e8 3b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 87 79 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   84.120556][ T5317] RSP: 0018:ffffc9000e26f8a0 EFLAGS: 00010246
[   84.123222][ T5317] RAX: ffffc9000e26f800 RBX: 0000000000000015 RCX: 0000000000000000
[   84.126863][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e26f908
[   84.131267][ T5317] RBP: ffffc9000e26f988 R08: ffffc9000e26f907 R09: 0000000000000000
[   84.135230][ T5317] R10: ffffc9000e26f8e0 R11: fffff52001c4df21 R12: 0000000000000000
[   84.138908][ T5317] R13: 1ffff92001c4df18 R14: 0000000000040cc0 R15: dffffc0000000000
[   84.142484][ T5317] FS:  00007ff9d805d6c0(0000) GS:ffff88808ca59000(0000) knlGS:0000000000000000
[   84.146832][ T5317] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   84.151103][ T5317] CR2: 00007f1866a14fb3 CR3: 00000000344d5000 CR4: 0000000000352ef0
[   84.156185][ T5317] Call Trace:
[   84.158221][ T5317]  <TASK>
[   84.159953][ T5317]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   84.163320][ T5317]  ? __pfx_policy_nodemask+0x10/0x10
[   84.166425][ T5317]  ? kasan_save_track+0x4f/0x80
[   84.168564][ T5317]  ? kasan_save_track+0x3e/0x80
[   84.170713][ T5317]  ? kasan_save_free_info+0x46/0x50
[   84.173176][ T5317]  ? kfree+0x1c1/0x630
[   84.174898][ T5317]  ? tomoyo_path_number_perm+0x501/0x630
[   84.177394][ T5317]  ? security_file_ioctl+0xc3/0x2a0
[   84.179763][ T5317]  alloc_pages_mpol+0x232/0x4a0
[   84.181835][ T5317]  ___kmalloc_large_node+0x4e/0x150
[   84.184521][ T5317]  __kmalloc_large_node_noprof+0x18/0x90
[   84.186773][ T5317]  __kmalloc_noprof+0x3e8/0x760
[   84.188881][ T5317]  ? drm_syncobj_array_find+0x3a/0x440
[   84.191271][ T5317]  drm_syncobj_array_find+0x3a/0x440
[   84.193738][ T5317]  ? __lock_acquire+0x6b5/0x2cf0
[   84.195918][ T5317]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   84.198554][ T5317]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.202878][ T5317]  drm_ioctl_kernel+0x2df/0x3b0
[   84.205142][ T5317]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.208190][ T5317]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   84.210372][ T5317]  drm_ioctl+0x6ba/0xb80
[   84.212127][ T5317]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.215314][ T5317]  ? __pfx_drm_ioctl+0x10/0x10
[   84.217350][ T5317]  ? __fget_files+0x2a/0x420
[   84.219325][ T5317]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.221375][ T5317]  ? __pfx_drm_ioctl+0x10/0x10
[   84.223798][ T5317]  __se_sys_ioctl+0xfc/0x170
[   84.225903][ T5317]  do_syscall_64+0x14d/0xf80
[   84.228033][ T5317]  ? trace_irq_disable+0x3b/0x150
[   84.230588][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.233964][ T5317]  ? clear_bhb_loop+0x40/0x90
[   84.236214][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.238756][ T5317] RIP: 0033:0x7ff9d719c799
[   84.240709][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.249025][ T5317] RSP: 002b:00007ff9d805cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.254070][ T5317] RAX: ffffffffffffffda RBX: 00007ff9d7415fa0 RCX: 00007ff9d719c799
[   84.257732][ T5317] RDX: 0000200000000b40 RSI: 00000000c03064ca RDI: 0000000000000009
[   84.261521][ T5317] RBP: 00007ff9d7232bd9 R08: 0000000000000000 R09: 0000000000000000
[   84.265456][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.269703][ T5317] R13: 00007ff9d7416038 R14: 00007ff9d7415fa0 R15: 00007fffd8c225c8
[   84.273497][ T5317]  </TASK>
[   84.274930][ T5317] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   84.278043][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   84.282021][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   84.285916][ T5317] Call Trace:
[   84.287238][ T5317]  <TASK>
[   84.288632][ T5317]  vpanic+0x56c/0xa60
[   84.290526][ T5317]  ? __pfx__printk+0x10/0x10
[   84.292873][ T5317]  ? __pfx_vpanic+0x10/0x10
[   84.295340][ T5317]  ? is_bpf_text_address+0x292/0x2b0
[   84.298378][ T5317]  ? is_bpf_text_address+0x26/0x2b0
[   84.300805][ T5317]  panic+0xc5/0xd0
[   84.302587][ T5317]  ? __pfx_panic+0x10/0x10
[   84.304537][ T5317]  __warn+0x315/0x4f0
[   84.306517][ T5317]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.309050][ T5317]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.311837][ T5317]  __report_bug+0x29a/0x540
[   84.313974][ T5317]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.316846][ T5317]  ? __pfx___report_bug+0x10/0x10
[   84.319468][ T5317]  ? is_bpf_text_address+0x26/0x2b0
[   84.321710][ T5317]  ? is_bpf_text_address+0x292/0x2b0
[   84.324018][ T5317]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.326735][ T5317]  report_bug+0x16a/0x220
[   84.328560][ T5317]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   84.331237][ T5317]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   84.334154][ T5317]  handle_bug+0x9c/0x200
[   84.336244][ T5317]  exc_invalid_op+0x1a/0x50
[   84.338370][ T5317]  asm_exc_invalid_op+0x1a/0x20
[   84.340708][ T5317] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   84.343678][ T5317] Code: 74 10 4c 89 e7 89 54 24 0c e8 3b 47 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 87 79 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   84.353717][ T5317] RSP: 0018:ffffc9000e26f8a0 EFLAGS: 00010246
[   84.356564][ T5317] RAX: ffffc9000e26f800 RBX: 0000000000000015 RCX: 0000000000000000
[   84.360129][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000e26f908
[   84.363906][ T5317] RBP: ffffc9000e26f988 R08: ffffc9000e26f907 R09: 0000000000000000
[   84.369247][ T5317] R10: ffffc9000e26f8e0 R11: fffff52001c4df21 R12: 0000000000000000
[   84.373024][ T5317] R13: 1ffff92001c4df18 R14: 0000000000040cc0 R15: dffffc0000000000
[   84.376790][ T5317]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   84.380003][ T5317]  ? __pfx_policy_nodemask+0x10/0x10
[   84.382528][ T5317]  ? kasan_save_track+0x4f/0x80
[   84.385240][ T5317]  ? kasan_save_track+0x3e/0x80
[   84.387536][ T5317]  ? kasan_save_free_info+0x46/0x50
[   84.390032][ T5317]  ? kfree+0x1c1/0x630
[   84.391946][ T5317]  ? tomoyo_path_number_perm+0x501/0x630
[   84.394636][ T5317]  ? security_file_ioctl+0xc3/0x2a0
[   84.396898][ T5317]  alloc_pages_mpol+0x232/0x4a0
[   84.399204][ T5317]  ___kmalloc_large_node+0x4e/0x150
[   84.401576][ T5317]  __kmalloc_large_node_noprof+0x18/0x90
[   84.404315][ T5317]  __kmalloc_noprof+0x3e8/0x760
[   84.406918][ T5317]  ? drm_syncobj_array_find+0x3a/0x440
[   84.409450][ T5317]  drm_syncobj_array_find+0x3a/0x440
[   84.411955][ T5317]  ? __lock_acquire+0x6b5/0x2cf0
[   84.414324][ T5317]  drm_syncobj_timeline_wait_ioctl+0x19d/0x6b0
[   84.417316][ T5317]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.420796][ T5317]  drm_ioctl_kernel+0x2df/0x3b0
[   84.424196][ T5317]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.427224][ T5317]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   84.429873][ T5317]  drm_ioctl+0x6ba/0xb80
[   84.431856][ T5317]  ? __pfx_drm_syncobj_timeline_wait_ioctl+0x10/0x10
[   84.435050][ T5317]  ? __pfx_drm_ioctl+0x10/0x10
[   84.437334][ T5317]  ? __fget_files+0x2a/0x420
[   84.439988][ T5317]  ? bpf_lsm_file_ioctl+0x9/0x20
[   84.442425][ T5317]  ? __pfx_drm_ioctl+0x10/0x10
[   84.444656][ T5317]  __se_sys_ioctl+0xfc/0x170
[   84.446528][ T5317]  do_syscall_64+0x14d/0xf80
[   84.448263][ T5317]  ? trace_irq_disable+0x3b/0x150
[   84.450297][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.452631][ T5317]  ? clear_bhb_loop+0x40/0x90
[   84.454619][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.457627][ T5317] RIP: 0033:0x7ff9d719c799
[   84.460763][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   84.469156][ T5317] RSP: 002b:00007ff9d805cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.472570][ T5317] RAX: ffffffffffffffda RBX: 00007ff9d7415fa0 RCX: 00007ff9d719c799
[   84.475820][ T5317] RDX: 0000200000000b40 RSI: 00000000c03064ca RDI: 0000000000000009
[   84.480095][ T5317] RBP: 00007ff9d7232bd9 R08: 0000000000000000 R09: 0000000000000000
[   84.483779][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   84.486997][ T5317] R13: 00007ff9d7416038 R14: 00007ff9d7415fa0 R15: 00007fffd8c225c8
[   84.490406][ T5317]  </TASK>
[   84.492311][ T5317] Kernel Offset: disabled
[   84.494606][ T5317] Rebooting in 86400 seconds..