program:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040))
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f00000000c0)={<r2=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r1, 0xc02064cc, &(0x7f00000001c0)={r2, r2, 0x1, 0x1000000000, 0x2})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r1, 0xc01064c4, &(0x7f0000000700)={&(0x7f0000000200)=[r2], 0x3ffffffffffffd8c})
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="00040000000000008000008500000075d400009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmsg$can_bcm(r5, &(0x7f0000000600)={&(0x7f00000003c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000500)=""/43, 0x2b}, {&(0x7f0000000940)=""/4096, 0x1000}], 0x2, &(0x7f0000000580)=""/90, 0x5a}, 0x40000042)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000380)={0x9}, 0x4)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r7, 0x4)
r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000640), 0x1, 0x0)
r9 = openat$vcsa(0xffffffffffffff9c, &(0x7f00000007c0), 0xc0000, 0x0)
write$tcp_congestion(r8, &(0x7f0000000680)='bic\x00', 0x4)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000010000100000000000000322c7661e40e4d7e7a0ee9040408e0f100010500000a44000000190a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc0800034000000004400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d1030000140000001100010000000000000000000100000a"], 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r11 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r11, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r9, 0xc02064cc, &(0x7f0000000800)={r2, r2, 0x8, 0x2, 0x3})
r12 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r12, &(0x7f0000000780)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000740)={&(0x7f0000000700)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x80d}, 0x40884)

[   87.024886][ T1011] ata1.00: status: { DRDY }
[   87.026688][ T1011] ata1.00: error: { ABRT }
[   87.030518][ T1011] ata1.00: configured for UDMA/100
[   87.039818][ T1011] ata1: EH complete
[   87.184402][   T45] Bluetooth: hci0: command tx timeout
[   87.323623][ T5328] ------------[ cut here ]------------
[   87.327053][ T5328] 1
[   87.327079][ T5328] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5328
[   87.333396][ T5328] Modules linked in:
[   87.335274][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.339994][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.344544][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   87.347541][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 1b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 15 81 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   87.356893][ T5328] RSP: 0018:ffffc9000ddc7940 EFLAGS: 00010246
[   87.359532][ T5328] RAX: ffffc9000ddc7900 RBX: 0000000000000016 RCX: 0000000000000000
[   87.363907][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ddc79a8
[   87.367788][ T5328] RBP: ffffc9000ddc7a30 R08: ffffc9000ddc79a7 R09: 0000000000000000
[   87.371356][ T5328] R10: ffffc9000ddc7980 R11: fffff52001bb8f35 R12: 0000000000000000
[   87.375645][ T5328] R13: 1ffff92001bb8f2c R14: 0000000000040cc0 R15: dffffc0000000000
[   87.379570][ T5328] FS:  00007f3364d716c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[   87.383639][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   87.387473][ T5328] CR2: 00007f3364d70ff8 CR3: 0000000036dfa000 CR4: 0000000000352ef0
[   87.392321][ T5328] Call Trace:
[   87.394399][ T5328]  <TASK>
[   87.395836][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   87.399364][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[   87.401729][ T5328]  alloc_pages_mpol+0x232/0x4a0
[   87.404330][ T5328]  ___kmalloc_large_node+0x4e/0x150
[   87.407370][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   87.410741][ T5328]  __kmalloc_noprof+0x3e8/0x760
[   87.412904][ T5328]  ? drm_syncobj_array_find+0x3a/0x440
[   87.415666][ T5328]  drm_syncobj_array_find+0x3a/0x440
[   87.418532][ T5328]  drm_syncobj_reset_ioctl+0x17b/0x450
[   87.420894][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[   87.423016][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   87.425971][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   87.428717][ T5328]  drm_ioctl+0x6ba/0xb80
[   87.430771][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   87.433736][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   87.436144][ T5328]  ? __fget_files+0x2a/0x420
[   87.438610][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.440968][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   87.443440][ T5328]  __se_sys_ioctl+0xfc/0x170
[   87.445929][ T5328]  do_syscall_64+0x14d/0xf80
[   87.448653][ T5328]  ? trace_irq_disable+0x3b/0x150
[   87.451007][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.453919][ T5328]  ? clear_bhb_loop+0x40/0x90
[   87.456183][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.459467][ T5328] RIP: 0033:0x7f3363f9c799
[   87.461811][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.470081][ T5328] RSP: 002b:00007f3364d70fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.474460][ T5328] RAX: ffffffffffffffda RBX: 00007f3364216090 RCX: 00007f3363f9c799
[   87.478389][ T5328] RDX: 0000200000000700 RSI: 00000000c01064c4 RDI: 0000000000000004
[   87.481859][ T5328] RBP: 00007f3364032c99 R08: 0000000000000000 R09: 0000000000000000
[   87.485616][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.489626][ T5328] R13: 00007f3364216128 R14: 00007f3364216090 R15: 00007ffef8dd46e8
[   87.492978][ T5328]  </TASK>
[   87.494900][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   87.498763][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   87.502708][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   87.507362][ T5328] Call Trace:
[   87.509152][ T5328]  <TASK>
[   87.510594][ T5328]  vpanic+0x56c/0xa60
[   87.512449][ T5328]  ? __pfx__printk+0x10/0x10
[   87.514455][ T5328]  ? __pfx_vpanic+0x10/0x10
[   87.516447][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   87.519024][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   87.521674][ T5328]  panic+0xc5/0xd0
[   87.523542][ T5328]  ? __pfx_panic+0x10/0x10
[   87.525636][ T5328]  __warn+0x315/0x4f0
[   87.527754][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   87.530655][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   87.533819][ T5328]  __report_bug+0x29a/0x540
[   87.536291][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   87.539018][ T5328]  ? __pfx___report_bug+0x10/0x10
[   87.541344][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   87.543788][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   87.546382][ T5328]  ? kernel_text_address+0xa5/0xe0
[   87.549084][ T5328]  ? __kernel_text_address+0xd/0x30
[   87.551579][ T5328]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   87.554697][ T5328]  ? arch_stack_walk+0xfb/0x150
[   87.557260][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   87.560048][ T5328]  report_bug+0x16a/0x220
[   87.562077][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[   87.565304][ T5328]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[   87.568858][ T5328]  handle_bug+0x9c/0x200
[   87.570862][ T5328]  exc_invalid_op+0x1a/0x50
[   87.572883][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   87.575193][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[   87.579140][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 1b 4b 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 15 81 d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   87.587883][ T5328] RSP: 0018:ffffc9000ddc7940 EFLAGS: 00010246
[   87.591029][ T5328] RAX: ffffc9000ddc7900 RBX: 0000000000000016 RCX: 0000000000000000
[   87.595438][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000ddc79a8
[   87.598926][ T5328] RBP: ffffc9000ddc7a30 R08: ffffc9000ddc79a7 R09: 0000000000000000
[   87.602035][ T5328] R10: ffffc9000ddc7980 R11: fffff52001bb8f35 R12: 0000000000000000
[   87.605345][ T5328] R13: 1ffff92001bb8f2c R14: 0000000000040cc0 R15: dffffc0000000000
[   87.609355][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   87.612491][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[   87.614911][ T5328]  alloc_pages_mpol+0x232/0x4a0
[   87.617102][ T5328]  ___kmalloc_large_node+0x4e/0x150
[   87.619423][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   87.622018][ T5328]  __kmalloc_noprof+0x3e8/0x760
[   87.624530][ T5328]  ? drm_syncobj_array_find+0x3a/0x440
[   87.627459][ T5328]  drm_syncobj_array_find+0x3a/0x440
[   87.630035][ T5328]  drm_syncobj_reset_ioctl+0x17b/0x450
[   87.632627][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[   87.634976][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   87.637700][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   87.640128][ T5328]  drm_ioctl+0x6ba/0xb80
[   87.642001][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   87.644860][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   87.647198][ T5328]  ? __fget_files+0x2a/0x420
[   87.649519][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   87.651861][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   87.654087][ T5328]  __se_sys_ioctl+0xfc/0x170
[   87.656269][ T5328]  do_syscall_64+0x14d/0xf80
[   87.658690][ T5328]  ? trace_irq_disable+0x3b/0x150
[   87.661283][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.663953][ T5328]  ? clear_bhb_loop+0x40/0x90
[   87.666011][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   87.668712][ T5328] RIP: 0033:0x7f3363f9c799
[   87.671102][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   87.680385][ T5328] RSP: 002b:00007f3364d70fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   87.684011][ T5328] RAX: ffffffffffffffda RBX: 00007f3364216090 RCX: 00007f3363f9c799
[   87.687720][ T5328] RDX: 0000200000000700 RSI: 00000000c01064c4 RDI: 0000000000000004
[   87.691440][ T5328] RBP: 00007f3364032c99 R08: 0000000000000000 R09: 0000000000000000
[   87.695046][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   87.698953][ T5328] R13: 00007f3364216128 R14: 00007f3364216090 R15: 00007ffef8dd46e8
[   87.702531][ T5328]  </TASK>
[   87.704294][ T5328] Kernel Offset: disabled
[   87.706367][ T5328] Rebooting in 86400 seconds..