program:
r0 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x30}, 0x15, 0x3, 'none\x00', 0x11, 0x2, 0x72}, 0x2c)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000000)=0x8)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000040)=0x285)
r3 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r3, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) (async)
ioctl$XFS_IOC_GETBMAPA(r3, 0xc020582c, &(0x7f00000000c0)={0xfff, 0x394f, 0x3, 0x1ff, 0x2}) (async)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) (async)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$binfmt_misc(r4, &(0x7f0000002640), 0xfffffc8f)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01864c2, &(0x7f0000000100)={<r5=>0x0}) (async, rerun: 64)
r6 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0xc8d03) (rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r6, 0xc00864bf, &(0x7f0000000000)={<r7=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r6, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000080)=[r7], 0x0, 0x1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r6, 0xc01864cb, &(0x7f0000000240)={&(0x7f00000001c0)=[r7, r7], &(0x7f0000000200), 0x2}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r4, 0xc02064cc, &(0x7f0000000180)={r5, r7, 0x7, 0x51e929ff})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50) (async)
write(0xffffffffffffffff, &(0x7f0000000000)='\"', 0x1) (async)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) (async)
write$binfmt_misc(r8, &(0x7f0000000000), 0xd)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r0, 0x3)

[  100.408342][ T5324] IPVS: starting estimator thread 0...
[  100.512912][ T5328] ------------[ cut here ]------------
[  100.515343][ T5328] 1
[  100.515354][ T5328] WARNING: mm/page_alloc.c:5226 at __alloc_frozen_pages_noprof+0x2d1/0x380, CPU#0: syz.0.0/5328
[  100.521508][ T5328] Modules linked in:
[  100.523560][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  100.528321][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  100.533191][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  100.536328][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 eb 48 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 b2 7f d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  100.546551][ T5328] RSP: 0018:ffffc900094df920 EFLAGS: 00010246
[  100.549486][ T5328] RAX: ffffc900094df900 RBX: 0000000000000015 RCX: 0000000000000000
[  100.553083][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900094df988
[  100.556951][ T5328] RBP: ffffc900094dfa18 R08: ffffc900094df987 R09: 0000000000000000
[  100.560756][ T5328] R10: ffffc900094df960 R11: fffff5200129bf31 R12: 0000000000000000
[  100.565412][ T5328] R13: 1ffff9200129bf28 R14: 0000000000040cc0 R15: dffffc0000000000
[  100.569401][ T5328] FS:  00007fdf5ed826c0(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000
[  100.573267][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  100.576257][ T5328] CR2: 00007fdf5a3d4d58 CR3: 000000003695f000 CR4: 0000000000352ef0
[  100.580858][ T5328] Call Trace:
[  100.582824][ T5328]  <TASK>
[  100.584314][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  100.587561][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[  100.589961][ T5328]  alloc_pages_mpol+0x232/0x4a0
[  100.592200][ T5328]  ___kmalloc_large_node+0x4e/0x150
[  100.594535][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[  100.597236][ T5328]  __kmalloc_noprof+0x3e8/0x760
[  100.599813][ T5328]  ? drm_syncobj_array_find+0x3a/0x440
[  100.602960][ T5328]  drm_syncobj_array_find+0x3a/0x440
[  100.605537][ T5328]  drm_syncobj_timeline_signal_ioctl+0x165/0x8a0
[  100.608530][ T5328]  ? drm_dev_exit+0x3a/0x60
[  100.610600][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[  100.612875][ T5328]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  100.615826][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  100.618543][ T5328]  drm_ioctl+0x6ba/0xb80
[  100.621418][ T5328]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  100.625615][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[  100.627978][ T5328]  ? __fget_files+0x2a/0x420
[  100.630224][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[  100.632603][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[  100.635261][ T5328]  __se_sys_ioctl+0xfc/0x170
[  100.637734][ T5328]  do_syscall_64+0x14d/0xf80
[  100.640059][ T5328]  ? trace_irq_disable+0x3b/0x150
[  100.642990][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.646598][ T5328]  ? clear_bhb_loop+0x40/0x90
[  100.648895][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.651864][ T5328] RIP: 0033:0x7fdf5df9c799
[  100.654130][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  100.664229][ T5328] RSP: 002b:00007fdf5ed81fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  100.668134][ T5328] RAX: ffffffffffffffda RBX: 00007fdf5e216090 RCX: 00007fdf5df9c799
[  100.671561][ T5328] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000009
[  100.675641][ T5328] RBP: 00007fdf5e032c99 R08: 0000000000000000 R09: 0000000000000000
[  100.679417][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.682604][ T5328] R13: 00007fdf5e216128 R14: 00007fdf5e216090 R15: 00007ffe514ac5b8
[  100.686014][ T5328]  </TASK>
[  100.687552][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  100.691157][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  100.695509][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  100.700198][ T5328] Call Trace:
[  100.701994][ T5328]  <TASK>
[  100.703660][ T5328]  vpanic+0x56c/0xa60
[  100.705666][ T5328]  ? __pfx__printk+0x10/0x10
[  100.707875][ T5328]  ? __pfx_vpanic+0x10/0x10
[  100.709891][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[  100.712251][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[  100.714537][ T5328]  panic+0xc5/0xd0
[  100.716361][ T5328]  ? __pfx_panic+0x10/0x10
[  100.718993][ T5328]  __warn+0x315/0x4f0
[  100.721639][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  100.724343][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  100.727100][ T5328]  __report_bug+0x29a/0x540
[  100.729149][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  100.731820][ T5328]  ? __pfx___report_bug+0x10/0x10
[  100.734384][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[  100.737879][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[  100.740497][ T5328]  ? kernel_text_address+0xa5/0xe0
[  100.743429][ T5328]  ? __kernel_text_address+0xd/0x30
[  100.745845][ T5328]  ? unwind_get_return_address+0x4d/0x90
[  100.748460][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  100.751216][ T5328]  report_bug+0x16a/0x220
[  100.753118][ T5328]  ? __alloc_frozen_pages_noprof+0x2d1/0x380
[  100.755869][ T5328]  ? __alloc_frozen_pages_noprof+0x2d3/0x380
[  100.759939][ T5328]  handle_bug+0x9c/0x200
[  100.762708][ T5328]  exc_invalid_op+0x1a/0x50
[  100.764741][ T5328]  asm_exc_invalid_op+0x1a/0x20
[  100.766864][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2d1/0x380
[  100.769781][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 eb 48 0e 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a8 fe ff ff e9 a9 fe ff ff c6 05 b2 7f d8 0d 01 90 <0f> 0b 90 e9 17 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[  100.777539][ T5328] RSP: 0018:ffffc900094df920 EFLAGS: 00010246
[  100.780562][ T5328] RAX: ffffc900094df900 RBX: 0000000000000015 RCX: 0000000000000000
[  100.785794][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900094df988
[  100.790025][ T5328] RBP: ffffc900094dfa18 R08: ffffc900094df987 R09: 0000000000000000
[  100.793675][ T5328] R10: ffffc900094df960 R11: fffff5200129bf31 R12: 0000000000000000
[  100.797326][ T5328] R13: 1ffff9200129bf28 R14: 0000000000040cc0 R15: dffffc0000000000
[  100.800920][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  100.803860][ T5328]  ? __pfx_policy_nodemask+0x10/0x10
[  100.806439][ T5328]  alloc_pages_mpol+0x232/0x4a0
[  100.809085][ T5328]  ___kmalloc_large_node+0x4e/0x150
[  100.811976][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[  100.815072][ T5328]  __kmalloc_noprof+0x3e8/0x760
[  100.817287][ T5328]  ? drm_syncobj_array_find+0x3a/0x440
[  100.819775][ T5328]  drm_syncobj_array_find+0x3a/0x440
[  100.822245][ T5328]  drm_syncobj_timeline_signal_ioctl+0x165/0x8a0
[  100.825155][ T5328]  ? drm_dev_exit+0x3a/0x60
[  100.827391][ T5328]  drm_ioctl_kernel+0x2df/0x3b0
[  100.829887][ T5328]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  100.833270][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  100.835806][ T5328]  drm_ioctl+0x6ba/0xb80
[  100.837803][ T5328]  ? __pfx_drm_syncobj_timeline_signal_ioctl+0x10/0x10
[  100.841178][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[  100.843881][ T5328]  ? __fget_files+0x2a/0x420
[  100.846131][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[  100.848382][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[  100.850477][ T5328]  __se_sys_ioctl+0xfc/0x170
[  100.852445][ T5328]  do_syscall_64+0x14d/0xf80
[  100.854714][ T5328]  ? trace_irq_disable+0x3b/0x150
[  100.857552][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.860798][ T5328]  ? clear_bhb_loop+0x40/0x90
[  100.863238][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.865836][ T5328] RIP: 0033:0x7fdf5df9c799
[  100.867831][ T5328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  100.878023][ T5328] RSP: 002b:00007fdf5ed81fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  100.881732][ T5328] RAX: ffffffffffffffda RBX: 00007fdf5e216090 RCX: 00007fdf5df9c799
[  100.885188][ T5328] RDX: 0000200000000180 RSI: 00000000c01864cd RDI: 0000000000000009
[  100.890098][ T5328] RBP: 00007fdf5e032c99 R08: 0000000000000000 R09: 0000000000000000
[  100.893904][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  100.897440][ T5328] R13: 00007fdf5e216128 R14: 00007fdf5e216090 R15: 00007ffe514ac5b8
[  100.900875][ T5328]  </TASK>
[  100.902608][ T5328] Kernel Offset: disabled
[  100.904726][ T5328] Rebooting in 86400 seconds..