program:
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x2, 0x82300)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000000c0)={<r1=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r0, 0xc02064cc, &(0x7f00000001c0)={r1, r1, 0x0, 0x80000001, 0x2})
r2 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x8, 0x0, {0x60, 0x0, 0x0, r4, {0x0, 0x8}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x200, 0x5, 0x1, 0x0, 0xf407}, 0xfffffffb, 0x0, 0x0, 0x4, 0x7, 0x0, 0x40, 0x9, 0x0, 0x1ff, {0x0, 0x0, 0x0, 0x6}}}}]}, 0x78}}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000380)={<r5=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f0000000140)={&(0x7f0000000040)=[r5, r1], 0x3ffffffffffffe19})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r6)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x64}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r9, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r10 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r11=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r9, 0xc01c64a3, &(0x7f0000000280)={0x1, r11, 0x3, 0x0, 0xa, 0x1ff, 0x1})
sendmsg$NFT_MSG_GETSETELEM(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="40000000210a018800000000000000000a0000010900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
perf_event_open(&(0x7f00000006c0)={0x2, 0x80, 0xc1, 0x1, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x2, 0x8363}, 0x0, 0x0, 0x7fffffff, 0x9, 0x7ffc, 0xfbff, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xfffffffffffffe84}, 0x68)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000000), 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x44, r12, 0x100, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0x89}, @NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x8bb}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x3}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0xf7}]}, 0x44}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
syz_usbip_server_init(0x2)

[  103.804817][ T5286] Bluetooth: hci0: command tx timeout
[  104.078861][ T5324] ------------[ cut here ]------------
[  104.081232][ T5324] 1
[  104.081240][ T5324] WARNING: mm/page_alloc.c:5202 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5324
[  104.086892][ T5324] Modules linked in:
[  104.088807][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  104.093053][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.097453][ T5324] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  104.100256][ T5324] Code: 74 10 4c 89 e7 89 54 24 0c e8 bb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 09 12 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  104.109349][ T5324] RSP: 0018:ffffc9000f1bf940 EFLAGS: 00010246
[  104.112398][ T5324] RAX: ffffc9000f1bf900 RBX: 0000000000000016 RCX: 0000000000000000
[  104.116201][ T5324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f1bf9a8
[  104.119679][ T5324] RBP: ffffc9000f1bfa28 R08: ffffc9000f1bf9a7 R09: 0000000000000000
[  104.123157][ T5324] R10: ffffc9000f1bf980 R11: fffff52001e37f35 R12: 0000000000000000
[  104.126712][ T5324] R13: 1ffff92001e37f2c R14: 0000000000040cc0 R15: dffffc0000000000
[  104.130398][ T5324] FS:  00007fe3a2eba6c0(0000) GS:ffff88808c888000(0000) knlGS:0000000000000000
[  104.134309][ T5324] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  104.136966][ T5324] CR2: 00007fe3a2eb9ff8 CR3: 000000001262b000 CR4: 0000000000352ef0
[  104.139994][ T5324] Call Trace:
[  104.141418][ T5324]  <TASK>
[  104.142749][ T5324]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  104.145417][ T5324]  ? __pfx_policy_nodemask+0x10/0x10
[  104.147830][ T5324]  ? __lock_acquire+0x6b5/0x2cf0
[  104.150057][ T5324]  alloc_pages_mpol+0x235/0x490
[  104.152314][ T5324]  ___kmalloc_large_node+0x4e/0x120
[  104.154703][ T5324]  __kmalloc_large_node_noprof+0x18/0x90
[  104.157482][ T5324]  __kmalloc_noprof+0x3e8/0x760
[  104.159717][ T5324]  ? drm_syncobj_array_find+0x3a/0x440
[  104.162262][ T5324]  ? drm_dev_enter+0x49/0x150
[  104.164427][ T5324]  drm_syncobj_array_find+0x3a/0x440
[  104.167018][ T5324]  drm_syncobj_signal_ioctl+0x179/0x570
[  104.169624][ T5324]  ? drm_dev_exit+0x3a/0x60
[  104.171702][ T5324]  drm_ioctl_kernel+0x2df/0x3b0
[  104.173888][ T5324]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  104.176551][ T5324]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  104.178616][ T5324]  drm_ioctl+0x6ba/0xb80
[  104.180428][ T5324]  ? __fget_files+0x2a/0x420
[  104.182516][ T5324]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  104.185092][ T5324]  ? __pfx_drm_ioctl+0x10/0x10
[  104.187254][ T5324]  ? __fget_files+0x2a/0x420
[  104.189190][ T5324]  ? bpf_lsm_file_ioctl+0x9/0x20
[  104.191255][ T5324]  ? __pfx_drm_ioctl+0x10/0x10
[  104.193472][ T5324]  __se_sys_ioctl+0xfc/0x170
[  104.195600][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.198144][ T5324]  do_syscall_64+0x15f/0xf80
[  104.200294][ T5324]  ? trace_irq_disable+0x3b/0x140
[  104.202343][ T5324]  ? clear_bhb_loop+0x40/0x90
[  104.204540][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.207665][ T5324] RIP: 0033:0x7fe3a1f9cdd9
[  104.210032][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.218956][ T5324] RSP: 002b:00007fe3a2eb9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  104.223202][ T5324] RAX: ffffffffffffffda RBX: 00007fe3a2216090 RCX: 00007fe3a1f9cdd9
[  104.226776][ T5324] RDX: 0000200000000140 RSI: 00000000c01064c5 RDI: 0000000000000003
[  104.230337][ T5324] RBP: 00007fe3a2032d69 R08: 0000000000000000 R09: 0000000000000000
[  104.234287][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.238204][ T5324] R13: 00007fe3a2216128 R14: 00007fe3a2216090 R15: 00007ffebb8f9af8
[  104.241873][ T5324]  </TASK>
[  104.243226][ T5324] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  104.246483][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  104.251710][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  104.256866][ T5324] Call Trace:
[  104.258377][ T5324]  <TASK>
[  104.259684][ T5324]  vpanic+0x56c/0xa60
[  104.261438][ T5324]  ? __pfx__printk+0x10/0x10
[  104.263531][ T5324]  ? __pfx_vpanic+0x10/0x10
[  104.265552][ T5324]  ? is_bpf_text_address+0x292/0x2b0
[  104.268032][ T5324]  ? is_bpf_text_address+0x26/0x2b0
[  104.270155][ T5324]  panic+0xc5/0xd0
[  104.271835][ T5324]  ? __pfx_panic+0x10/0x10
[  104.273865][ T5324]  __warn+0x315/0x4c0
[  104.275671][ T5324]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  104.278376][ T5324]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  104.281093][ T5324]  __report_bug+0x29a/0x540
[  104.283640][ T5324]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  104.286204][ T5324]  ? __pfx___report_bug+0x10/0x10
[  104.288247][ T5324]  ? is_bpf_text_address+0x292/0x2b0
[  104.290572][ T5324]  ? is_bpf_text_address+0x26/0x2b0
[  104.292788][ T5324]  ? kernel_text_address+0xa5/0xe0
[  104.295002][ T5324]  ? __kernel_text_address+0xd/0x30
[  104.297333][ T5324]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  104.300333][ T5324]  ? arch_stack_walk+0xfb/0x150
[  104.302585][ T5324]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  104.305356][ T5324]  report_bug+0x16a/0x220
[  104.307372][ T5324]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  104.310218][ T5324]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[  104.312910][ T5324]  handle_bug+0x9c/0x200
[  104.314860][ T5324]  exc_invalid_op+0x1a/0x50
[  104.316846][ T5324]  asm_exc_invalid_op+0x1a/0x20
[  104.319007][ T5324] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  104.321861][ T5324] Code: 74 10 4c 89 e7 89 54 24 0c e8 bb db 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 09 12 f6 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  104.330262][ T5324] RSP: 0018:ffffc9000f1bf940 EFLAGS: 00010246
[  104.333015][ T5324] RAX: ffffc9000f1bf900 RBX: 0000000000000016 RCX: 0000000000000000
[  104.336419][ T5324] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000f1bf9a8
[  104.339761][ T5324] RBP: ffffc9000f1bfa28 R08: ffffc9000f1bf9a7 R09: 0000000000000000
[  104.343101][ T5324] R10: ffffc9000f1bf980 R11: fffff52001e37f35 R12: 0000000000000000
[  104.346637][ T5324] R13: 1ffff92001e37f2c R14: 0000000000040cc0 R15: dffffc0000000000
[  104.350139][ T5324]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  104.352782][ T5324]  ? __pfx_policy_nodemask+0x10/0x10
[  104.354967][ T5324]  ? __lock_acquire+0x6b5/0x2cf0
[  104.357076][ T5324]  alloc_pages_mpol+0x235/0x490
[  104.359059][ T5324]  ___kmalloc_large_node+0x4e/0x120
[  104.361045][ T5324]  __kmalloc_large_node_noprof+0x18/0x90
[  104.363431][ T5324]  __kmalloc_noprof+0x3e8/0x760
[  104.365658][ T5324]  ? drm_syncobj_array_find+0x3a/0x440
[  104.368190][ T5324]  ? drm_dev_enter+0x49/0x150
[  104.370281][ T5324]  drm_syncobj_array_find+0x3a/0x440
[  104.372751][ T5324]  drm_syncobj_signal_ioctl+0x179/0x570
[  104.375175][ T5324]  ? drm_dev_exit+0x3a/0x60
[  104.377308][ T5324]  drm_ioctl_kernel+0x2df/0x3b0
[  104.379570][ T5324]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  104.382272][ T5324]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  104.384752][ T5324]  drm_ioctl+0x6ba/0xb80
[  104.386728][ T5324]  ? __fget_files+0x2a/0x420
[  104.388904][ T5324]  ? __pfx_drm_syncobj_signal_ioctl+0x10/0x10
[  104.391685][ T5324]  ? __pfx_drm_ioctl+0x10/0x10
[  104.393908][ T5324]  ? __fget_files+0x2a/0x420
[  104.396005][ T5324]  ? bpf_lsm_file_ioctl+0x9/0x20
[  104.398169][ T5324]  ? __pfx_drm_ioctl+0x10/0x10
[  104.400377][ T5324]  __se_sys_ioctl+0xfc/0x170
[  104.402425][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.405156][ T5324]  do_syscall_64+0x15f/0xf80
[  104.407261][ T5324]  ? trace_irq_disable+0x3b/0x140
[  104.409511][ T5324]  ? clear_bhb_loop+0x40/0x90
[  104.411672][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.414343][ T5324] RIP: 0033:0x7fe3a1f9cdd9
[  104.416429][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  104.424828][ T5324] RSP: 002b:00007fe3a2eb9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  104.428522][ T5324] RAX: ffffffffffffffda RBX: 00007fe3a2216090 RCX: 00007fe3a1f9cdd9
[  104.432084][ T5324] RDX: 0000200000000140 RSI: 00000000c01064c5 RDI: 0000000000000003
[  104.435788][ T5324] RBP: 00007fe3a2032d69 R08: 0000000000000000 R09: 0000000000000000
[  104.439300][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  104.442620][ T5324] R13: 00007fe3a2216128 R14: 00007fe3a2216090 R15: 00007ffebb8f9af8
[  104.446091][ T5324]  </TASK>
[  104.447687][ T5324] Kernel Offset: disabled
[  104.449411][ T5324] Rebooting in 86400 seconds..