program:
r0 = socket(0x11, 0x800000003, 0x0)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
read$nci(r1, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$nci(r1, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x80)
r3 = syz_open_dev$dri(&(0x7f0000000340), 0x2, 0x40502)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x4b564d04, 0x0, 0x2}]})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, &(0x7f0000000100)={<r7=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r3, 0xc02864c3, &(0x7f00000002c0)={&(0x7f0000000380)=[r7], 0x5, 0x400000ca, 0x2})
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r8, 0xc00864bf, &(0x7f00000003c0)={<r9=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r8, 0xc01064c4, &(0x7f0000000080)={&(0x7f0000000040)=[r9, r9], 0x2})
ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r2, 0xc02864c3, &(0x7f0000000240)={&(0x7f00000001c0)=[r7, r9], 0x3, 0x2})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r10=>0x0})
r11 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$nl_route_sched(r11, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x1c, 0x2, [@TCA_TBF_PRATE64={0xd, 0x5, 0xb54bf6f78a96ef3d}, @TCA_TBF_PRATE64={0xc, 0x5, 0x28cabef59d718095}]}}]}, 0x48}}, 0x0)
r12 = socket(0x11, 0x800000003, 0x0)
ioctl$int_in(r11, 0x5452, &(0x7f00000000c0)=0x1f440e78)
ioctl$ifreq_SIOCGIFINDEX_team(r12, 0x8933, &(0x7f0000000600))
r13 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f00001d8000/0x2000)=nil, 0x2000, 0x0, 0x12, r13, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r13, 0xc06864a1, &(0x7f0000000400)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5})
setsockopt$SO_J1939_FILTER(r13, 0x6b, 0x1, &(0x7f0000000480)=[{0x3, 0x2, {0x0, 0xf0, 0x2}, {0x0, 0x1, 0x3}, 0xff, 0x1}, {0x1, 0x802, {0x1, 0xf0, 0x2}, {0x1, 0xff, 0x3}, 0x2, 0x1}, {0x3, 0x3, {}, {0x1, 0xff, 0x1}, 0xff, 0x1}, {0x0, 0x3, {0x0, 0xff, 0x3}, {0x0, 0xf0}, 0xb5e74d1c7169e594, 0x2}, {0x1, 0x0, {0x2, 0xf0, 0x1}, {0x0, 0x1, 0x1}, 0xfe, 0x2}, {0x1, 0x200002, {0x7, 0xf0, 0x3}, {0x0, 0x0, 0x2}, 0x1, 0xfe}, {0x0, 0x2, {0x2, 0xf0, 0x6}, {0x2, 0x1, 0x2}, 0x2, 0xfd}, {0x2, 0x1, {0x0, 0xff}, {0x1, 0x1}}, {0x3, 0x3, {0x0, 0x0, 0x3}, {0x0, 0xff, 0x3}, 0xff, 0xfe}, {0x3, 0x0, {0x1, 0xff, 0x1}, {0x2, 0xf0, 0x4}, 0x0, 0x2}], 0x140)
socket$netlink(0x10, 0x3, 0x4)

[   85.738831][ T5338] Bluetooth: hci0: command tx timeout
[   85.971727][ T5368] ------------[ cut here ]------------
[   85.974213][ T5368] WARNING: CPU: 0 PID: 5368 at mm/page_alloc.c:5124 __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.979450][ T5368] Modules linked in:
[   85.981026][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.984611][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.989846][ T5368] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   85.992338][ T5368] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 12 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   86.000380][ T5368] RSP: 0018:ffffc9000d3378e0 EFLAGS: 00010246
[   86.003152][ T5368] RAX: ffffc9000d337900 RBX: 0000000000000015 RCX: 0000000000000000
[   86.006319][ T5368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d337948
[   86.009684][ T5368] RBP: ffffc9000d3379c8 R08: ffffc9000d337947 R09: 0000000000000000
[   86.013369][ T5368] R10: ffffc9000d337920 R11: fffff52001a66f29 R12: 0000000000000000
[   86.016565][ T5368] R13: 1ffff92001a66f20 R14: 0000000000040cc0 R15: dffffc0000000000
[   86.019999][ T5368] FS:  00007f69c215b6c0(0000) GS:ffff88808d009000(0000) knlGS:0000000000000000
[   86.023682][ T5368] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.026404][ T5368] CR2: 00007f69c13729e0 CR3: 000000003f777000 CR4: 0000000000352ef0
[   86.029566][ T5368] Call Trace:
[   86.030932][ T5368]  <TASK>
[   86.032048][ T5368]  ? stack_depot_save_flags+0x40/0x860
[   86.034153][ T5368]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   86.036755][ T5368]  ? kasan_save_track+0x4f/0x80
[   86.039136][ T5368]  ? kasan_save_track+0x3e/0x80
[   86.041387][ T5368]  ? policy_nodemask+0x27c/0x720
[   86.043767][ T5368]  ? do_syscall_64+0xfa/0x3b0
[   86.045906][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.048685][ T5368]  alloc_pages_mpol+0x232/0x4a0
[   86.050669][ T5368]  ___kmalloc_large_node+0x5f/0x1b0
[   86.053033][ T5368]  __kmalloc_large_node_noprof+0x18/0x90
[   86.055678][ T5368]  __kmalloc_noprof+0x36f/0x4f0
[   86.058091][ T5368]  ? drm_syncobj_array_find+0x3a/0x450
[   86.062338][ T5368]  drm_syncobj_array_find+0x3a/0x450
[   86.064570][ T5368]  drm_syncobj_wait_ioctl+0x208/0x520
[   86.066876][ T5368]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   86.069267][ T5368]  drm_ioctl_kernel+0x2cf/0x390
[   86.071473][ T5368]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   86.074080][ T5368]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   86.076584][ T5368]  drm_ioctl+0x67f/0xb10
[   86.078683][ T5368]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   86.082096][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   86.084519][ T5368]  ? __fget_files+0x2a/0x420
[   86.086890][ T5368]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.089666][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   86.092056][ T5368]  __se_sys_ioctl+0xfc/0x170
[   86.094772][ T5368]  do_syscall_64+0xfa/0x3b0
[   86.097840][ T5368]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.101053][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.104162][ T5368]  ? clear_bhb_loop+0x60/0xb0
[   86.106405][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.108648][ T5368] RIP: 0033:0x7f69c138ec29
[   86.110384][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.119207][ T5368] RSP: 002b:00007f69c215b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.123626][ T5368] RAX: ffffffffffffffda RBX: 00007f69c15d6180 RCX: 00007f69c138ec29
[   86.127413][ T5368] RDX: 00002000000002c0 RSI: 00000000c02864c3 RDI: 0000000000000005
[   86.131122][ T5368] RBP: 00007f69c1411e41 R08: 0000000000000000 R09: 0000000000000000
[   86.134741][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.138440][ T5368] R13: 00007f69c15d6218 R14: 00007f69c15d6180 R15: 00007ffe47960288
[   86.142518][ T5368]  </TASK>
[   86.144092][ T5368] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.147229][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.150939][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.155338][ T5368] Call Trace:
[   86.156887][ T5368]  <TASK>
[   86.158439][ T5368]  dump_stack_lvl+0x99/0x250
[   86.160934][ T5368]  ? __asan_memcpy+0x40/0x70
[   86.163107][ T5368]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.165257][ T5368]  ? __pfx__printk+0x10/0x10
[   86.167118][ T5368]  vpanic+0x281/0x750
[   86.168625][ T5368]  ? __pfx__printk+0x10/0x10
[   86.170637][ T5368]  ? __pfx_vpanic+0x10/0x10
[   86.172543][ T5368]  ? is_bpf_text_address+0x26/0x2b0
[   86.174664][ T5368]  panic+0xb9/0xc0
[   86.176184][ T5368]  ? __pfx_panic+0x10/0x10
[   86.178037][ T5368]  __warn+0x31b/0x4b0
[   86.179829][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   86.182786][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   86.186002][ T5368]  report_bug+0x2be/0x4f0
[   86.188097][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   86.190893][ T5368]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   86.193709][ T5368]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   86.196309][ T5368]  handle_bug+0x84/0x160
[   86.198225][ T5368]  exc_invalid_op+0x1a/0x50
[   86.200434][ T5368]  asm_exc_invalid_op+0x1a/0x20
[   86.202450][ T5368] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   86.205500][ T5368] Code: 74 10 4c 89 e7 89 54 24 0c e8 64 1e 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 ea 12 96 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   86.213799][ T5368] RSP: 0018:ffffc9000d3378e0 EFLAGS: 00010246
[   86.216550][ T5368] RAX: ffffc9000d337900 RBX: 0000000000000015 RCX: 0000000000000000
[   86.220396][ T5368] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d337948
[   86.224162][ T5368] RBP: ffffc9000d3379c8 R08: ffffc9000d337947 R09: 0000000000000000
[   86.227613][ T5368] R10: ffffc9000d337920 R11: fffff52001a66f29 R12: 0000000000000000
[   86.231055][ T5368] R13: 1ffff92001a66f20 R14: 0000000000040cc0 R15: dffffc0000000000
[   86.234416][ T5368]  ? stack_depot_save_flags+0x40/0x860
[   86.236710][ T5368]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   86.240467][ T5368]  ? kasan_save_track+0x4f/0x80
[   86.243090][ T5368]  ? kasan_save_track+0x3e/0x80
[   86.245726][ T5368]  ? policy_nodemask+0x27c/0x720
[   86.248301][ T5368]  ? do_syscall_64+0xfa/0x3b0
[   86.250475][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.253070][ T5368]  alloc_pages_mpol+0x232/0x4a0
[   86.255742][ T5368]  ___kmalloc_large_node+0x5f/0x1b0
[   86.258191][ T5368]  __kmalloc_large_node_noprof+0x18/0x90
[   86.260659][ T5368]  __kmalloc_noprof+0x36f/0x4f0
[   86.262803][ T5368]  ? drm_syncobj_array_find+0x3a/0x450
[   86.265091][ T5368]  drm_syncobj_array_find+0x3a/0x450
[   86.267582][ T5368]  drm_syncobj_wait_ioctl+0x208/0x520
[   86.269972][ T5368]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   86.272468][ T5368]  drm_ioctl_kernel+0x2cf/0x390
[   86.274438][ T5368]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   86.276952][ T5368]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   86.279174][ T5368]  drm_ioctl+0x67f/0xb10
[   86.281081][ T5368]  ? __pfx_drm_syncobj_wait_ioctl+0x10/0x10
[   86.283717][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   86.285876][ T5368]  ? __fget_files+0x2a/0x420
[   86.287996][ T5368]  ? bpf_lsm_file_ioctl+0x9/0x20
[   86.290078][ T5368]  ? __pfx_drm_ioctl+0x10/0x10
[   86.292071][ T5368]  __se_sys_ioctl+0xfc/0x170
[   86.294013][ T5368]  do_syscall_64+0xfa/0x3b0
[   86.295936][ T5368]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.298603][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.301847][ T5368]  ? clear_bhb_loop+0x60/0xb0
[   86.304262][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.306819][ T5368] RIP: 0033:0x7f69c138ec29
[   86.308854][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.316962][ T5368] RSP: 002b:00007f69c215b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.320651][ T5368] RAX: ffffffffffffffda RBX: 00007f69c15d6180 RCX: 00007f69c138ec29
[   86.324361][ T5368] RDX: 00002000000002c0 RSI: 00000000c02864c3 RDI: 0000000000000005
[   86.328262][ T5368] RBP: 00007f69c1411e41 R08: 0000000000000000 R09: 0000000000000000
[   86.331928][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.335133][ T5368] R13: 00007f69c15d6218 R14: 00007f69c15d6180 R15: 00007ffe47960288
[   86.338489][ T5368]  </TASK>
[   86.340236][ T5368] Kernel Offset: disabled
[   86.342401][ T5368] Rebooting in 86400 seconds..