program:
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_RESET(r0, 0xc01064c4, &(0x7f0000000080)={0x0}) (async, rerun: 64)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) (rerun: 64)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3e, 0x0, &(0x7f0000000040)) (async, rerun: 64)
r2 = dup(r1) (rerun: 64)
r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000340)={0x2, 0x0, 0x2, 0x0, 0x4}) (async)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000080)={0x1, @pix={0x0, 0x0, 0x35314258}})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000001c0)={'team_slave_1\x00', <r7=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000080)={'team0\x00', <r8=>0x0}) (async, rerun: 32)
r9 = syz_genetlink_get_family_id$team(&(0x7f0000000100), 0xffffffffffffffff) (rerun: 32)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)={0x60, r9, 0x809, 0x0, 0x0, {}, [{{0x8, 0x1, r8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}]}}]}, 0x60}}, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r2, 0x0) (async)
fadvise64(r1, 0x0, 0x0, 0x5) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async)
r11 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r11, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) (async)
r12 = openat2(r2, &(0x7f0000000200)='./file5\x00', &(0x7f0000000280)={0xc00, 0x100}, 0x18)
connect$unix(r12, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e) (async, rerun: 64)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r10, 0x84, 0xc, &(0x7f0000000180)=0x5, 0x4) (rerun: 64)
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) (async, rerun: 64)
r13 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) (rerun: 64)
ioctl$LOOP_SET_BLOCK_SIZE(r13, 0x4c09, 0x8000) (async, rerun: 32)
linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) (async, rerun: 32)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r10, 0xfffff000) (async)
ioctl$FICLONE(r10, 0x40049409, r10)

[   85.120156][   T45] Bluetooth: hci0: command tx timeout
[   85.175941][ T5328] ------------[ cut here ]------------
[   85.179461][ T5328] WARNING: CPU: 0 PID: 5328 at mm/page_alloc.c:4935 __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.184031][ T5328] Modules linked in:
[   85.186044][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[   85.190748][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.195079][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   85.198024][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 92 3f 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.206073][ T5328] RSP: 0018:ffffc9000d3ff9c0 EFLAGS: 00010246
[   85.208702][ T5328] RAX: ffffc9000d3ffa00 RBX: 000000000000000c RCX: 0000000000000000
[   85.212161][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3ffa28
[   85.215453][ T5328] RBP: ffffc9000d3ffaa8 R08: ffffc9000d3ffa27 R09: 0000000000000000
[   85.218654][ T5328] R10: ffffc9000d3ffa00 R11: fffff52001a7ff45 R12: 0000000000000000
[   85.222411][ T5328] R13: 1ffff92001a7ff3c R14: 0000000000040cc0 R15: dffffc0000000000
[   85.226187][ T5328] FS:  00007f9ba93266c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[   85.230222][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.232706][ T5328] CR2: 00007f9ba49f4fc8 CR3: 0000000035be2000 CR4: 0000000000352ef0
[   85.235930][ T5328] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   85.239726][ T5328] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   85.243922][ T5328] Call Trace:
[   85.245531][ T5328]  <TASK>
[   85.247049][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.250048][ T5328]  __alloc_pages_noprof+0xa/0x30
[   85.252202][ T5328]  ___kmalloc_large_node+0x85/0x210
[   85.254372][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   85.257016][ T5328]  __kmalloc_noprof+0x36f/0x4f0
[   85.259545][ T5328]  ? drm_syncobj_array_find+0x3a/0x450
[   85.261948][ T5328]  drm_syncobj_array_find+0x3a/0x450
[   85.264181][ T5328]  drm_syncobj_reset_ioctl+0x16b/0x2f0
[   85.266501][ T5328]  drm_ioctl_kernel+0x2cf/0x390
[   85.268514][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.271074][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.273287][ T5328]  drm_ioctl+0x67f/0xb10
[   85.275147][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.277713][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   85.279984][ T5328]  ? __fget_files+0x2a/0x420
[   85.282070][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.284175][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   85.286243][ T5328]  __se_sys_ioctl+0xfc/0x170
[   85.288184][ T5328]  do_syscall_64+0xfa/0x3b0
[   85.290209][ T5328]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.292119][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.294790][ T5328]  ? clear_bhb_loop+0x60/0xb0
[   85.296826][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.299482][ T5328] RIP: 0033:0x7f9ba858e929
[   85.301351][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.309647][ T5328] RSP: 002b:00007f9ba9326038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.313361][ T5328] RAX: ffffffffffffffda RBX: 00007f9ba87b5fa0 RCX: 00007f9ba858e929
[   85.316534][ T5328] RDX: 0000200000000080 RSI: 00000000c01064c4 RDI: 0000000000000003
[   85.320053][ T5328] RBP: 00007f9ba8610b39 R08: 0000000000000000 R09: 0000000000000000
[   85.323288][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.326678][ T5328] R13: 0000000000000000 R14: 00007f9ba87b5fa0 R15: 00007ffedb9e6988
[   85.330337][ T5328]  </TASK>
[   85.331755][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.334901][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[   85.339083][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.343700][ T5328] Call Trace:
[   85.345176][ T5328]  <TASK>
[   85.346605][ T5328]  dump_stack_lvl+0x99/0x250
[   85.348902][ T5328]  ? __asan_memcpy+0x40/0x70
[   85.351250][ T5328]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.353668][ T5328]  ? __pfx__printk+0x10/0x10
[   85.355856][ T5328]  panic+0x2db/0x790
[   85.357668][ T5328]  ? __pfx_panic+0x10/0x10
[   85.359836][ T5328]  ? show_trace_log_lvl+0x4fb/0x550
[   85.362138][ T5328]  __warn+0x31b/0x4b0
[   85.363977][ T5328]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.366576][ T5328]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.369278][ T5328]  report_bug+0x2be/0x4f0
[   85.371225][ T5328]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.373939][ T5328]  ? __alloc_frozen_pages_noprof+0x2c8/0x370
[   85.376643][ T5328]  ? __alloc_frozen_pages_noprof+0x2ca/0x370
[   85.379317][ T5328]  handle_bug+0x84/0x160
[   85.381254][ T5328]  exc_invalid_op+0x1a/0x50
[   85.383302][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   85.385488][ T5328] RIP: 0010:__alloc_frozen_pages_noprof+0x2c8/0x370
[   85.388440][ T5328] Code: 74 10 4c 89 e7 89 54 24 0c e8 74 14 0d 00 8b 54 24 0c 49 83 3c 24 00 0f 85 a5 fe ff ff e9 a6 fe ff ff c6 05 92 3f 74 0d 01 90 <0f> 0b 90 e9 18 ff ff ff a9 00 00 08 00 48 8b 4c 24 10 4c 8d 44 24
[   85.396679][ T5328] RSP: 0018:ffffc9000d3ff9c0 EFLAGS: 00010246
[   85.399357][ T5328] RAX: ffffc9000d3ffa00 RBX: 000000000000000c RCX: 0000000000000000
[   85.402926][ T5328] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc9000d3ffa28
[   85.406622][ T5328] RBP: ffffc9000d3ffaa8 R08: ffffc9000d3ffa27 R09: 0000000000000000
[   85.410364][ T5328] R10: ffffc9000d3ffa00 R11: fffff52001a7ff45 R12: 0000000000000000
[   85.414001][ T5328] R13: 1ffff92001a7ff3c R14: 0000000000040cc0 R15: dffffc0000000000
[   85.417584][ T5328]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   85.420405][ T5328]  __alloc_pages_noprof+0xa/0x30
[   85.422600][ T5328]  ___kmalloc_large_node+0x85/0x210
[   85.424980][ T5328]  __kmalloc_large_node_noprof+0x18/0x90
[   85.427561][ T5328]  __kmalloc_noprof+0x36f/0x4f0
[   85.429806][ T5328]  ? drm_syncobj_array_find+0x3a/0x450
[   85.432121][ T5328]  drm_syncobj_array_find+0x3a/0x450
[   85.434481][ T5328]  drm_syncobj_reset_ioctl+0x16b/0x2f0
[   85.436903][ T5328]  drm_ioctl_kernel+0x2cf/0x390
[   85.439202][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.441870][ T5328]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[   85.444328][ T5328]  drm_ioctl+0x67f/0xb10
[   85.446352][ T5328]  ? __pfx_drm_syncobj_reset_ioctl+0x10/0x10
[   85.448853][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   85.451020][ T5328]  ? __fget_files+0x2a/0x420
[   85.452983][ T5328]  ? bpf_lsm_file_ioctl+0x9/0x20
[   85.455692][ T5328]  ? __pfx_drm_ioctl+0x10/0x10
[   85.458138][ T5328]  __se_sys_ioctl+0xfc/0x170
[   85.460432][ T5328]  do_syscall_64+0xfa/0x3b0
[   85.462346][ T5328]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.464486][ T5328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.467107][ T5328]  ? clear_bhb_loop+0x60/0xb0
[   85.469250][ T5328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.471719][ T5328] RIP: 0033:0x7f9ba858e929
[   85.473700][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.482149][ T5328] RSP: 002b:00007f9ba9326038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   85.485819][ T5328] RAX: ffffffffffffffda RBX: 00007f9ba87b5fa0 RCX: 00007f9ba858e929
[   85.489272][ T5328] RDX: 0000200000000080 RSI: 00000000c01064c4 RDI: 0000000000000003
[   85.493025][ T5328] RBP: 00007f9ba8610b39 R08: 0000000000000000 R09: 0000000000000000
[   85.496515][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.500319][ T5328] R13: 0000000000000000 R14: 00007f9ba87b5fa0 R15: 00007ffedb9e6988
[   85.504122][ T5328]  </TASK>
[   85.506116][ T5328] Kernel Offset: disabled
[   85.508445][ T5328] Rebooting in 86400 seconds..