program:
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000100)=0x3)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb43, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x400, 0x3, 0x2800, 0x2800, 0x440, 0xd1, 0xc, 0x30, {0x7, 0xffffffff}, 0xd0, 0x9}})
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000040)={0x2, <r3=>r2})
read$FUSE(r3, &(0x7f00000002c0)={0x2020}, 0x2020)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb43, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})

[  104.944709][ T5319] Bluetooth: hci0: command tx timeout
[  105.006301][ T5337] ------------[ cut here ]------------
[  105.008911][ T5337] WARNING: CPU: 0 PID: 5337 at mm/util.c:670 __kvmalloc_node_noprof+0x17a/0x190
[  105.012417][ T5337] Modules linked in:
[  105.013952][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[  105.017511][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.021409][ T5337] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190
[  105.023698][ T5337] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 2f bd b9 ff 41 81 e7 00 20 00 00 74 0a e8 e1 b8 b9 ff e9 3b ff ff ff e8 d7 b8 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[  105.030906][ T5337] RSP: 0018:ffffc9000d357930 EFLAGS: 00010287
[  105.033782][ T5337] RAX: ffffffff81db2559 RBX: 000000008425cc00 RCX: 0000000000100000
[  105.037078][ T5337] RDX: ffffc9000e6ba000 RSI: 00000000000007b0 RDI: 00000000000007b1
[  105.040150][ T5337] RBP: 0000000000000000 R08: ffffffff81db2541 R09: 00000000ffffffff
[  105.043069][ T5337] R10: ffffc9000d3577a0 R11: fffff52001a6aef9 R12: 000000008425cc00
[  105.046055][ T5337] R13: ffffc9000d357a60 R14: 00000000ffffffff R15: 0000000000000000
[  105.049094][ T5337] FS:  00007f22097296c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[  105.052343][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  105.054758][ T5337] CR2: 00007f2208b23d20 CR3: 000000004451a000 CR4: 0000000000352ef0
[  105.057781][ T5337] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  105.060693][ T5337] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  105.063539][ T5337] Call Trace:
[  105.065081][ T5337]  <TASK>
[  105.066159][ T5337]  ? __warn+0x168/0x4e0
[  105.067786][ T5337]  ? __kvmalloc_node_noprof+0x17a/0x190
[  105.069891][ T5337]  ? report_bug+0x2b3/0x500
[  105.071601][ T5337]  ? __kvmalloc_node_noprof+0x17a/0x190
[  105.073617][ T5337]  ? handle_bug+0x60/0x90
[  105.075234][ T5337]  ? exc_invalid_op+0x1a/0x50
[  105.077264][ T5337]  ? asm_exc_invalid_op+0x1a/0x20
[  105.079173][ T5337]  ? __kvmalloc_node_noprof+0x161/0x190
[  105.081269][ T5337]  ? __kvmalloc_node_noprof+0x179/0x190
[  105.083356][ T5337]  ? __kvmalloc_node_noprof+0x17a/0x190
[  105.085664][ T5337]  __v4l2_ctrl_modify_dimensions+0x43b/0xb60
[  105.088072][ T5337]  ? tpg_update_mv_step+0x361/0x4f0
[  105.090127][ T5337]  vivid_update_format_cap+0x133c/0x2090
[  105.092324][ T5337]  ? __pfx_vivid_update_format_cap+0x10/0x10
[  105.094791][ T5337]  vivid_vid_cap_s_dv_timings+0x535/0x1230
[  105.096890][ T5337]  __video_do_ioctl+0xc23/0xdd0
[  105.098957][ T5337]  ? __pfx___video_do_ioctl+0x10/0x10
[  105.101133][ T5337]  ? __might_fault+0xc6/0x120
[  105.102774][ T5337]  video_usercopy+0x89b/0x1180
[  105.104553][ T5337]  ? __pfx___video_do_ioctl+0x10/0x10
[  105.106577][ T5337]  ? __pfx_video_usercopy+0x10/0x10
[  105.108607][ T5337]  ? __fget_files+0x2a/0x410
[  105.110269][ T5337]  ? __fget_files+0x2a/0x410
[  105.111981][ T5337]  v4l2_ioctl+0x189/0x1e0
[  105.113528][ T5337]  ? __pfx_v4l2_ioctl+0x10/0x10
[  105.115318][ T5337]  __se_sys_ioctl+0xf5/0x170
[  105.116973][ T5337]  do_syscall_64+0xf3/0x230
[  105.118666][ T5337]  ? clear_bhb_loop+0x35/0x90
[  105.120469][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.122644][ T5337] RIP: 0033:0x7f220897e819
[  105.124428][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.131346][ T5337] RSP: 002b:00007f2209729038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  105.134366][ T5337] RAX: ffffffffffffffda RBX: 00007f2208b35fa0 RCX: 00007f220897e819
[  105.137257][ T5337] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000004
[  105.140183][ T5337] RBP: 00007f22089f175e R08: 0000000000000000 R09: 0000000000000000
[  105.143002][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.145851][ T5337] R13: 0000000000000000 R14: 00007f2208b35fa0 R15: 00007ffdbc4a41c8
[  105.148832][ T5337]  </TASK>
[  105.149952][ T5337] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  105.152501][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-01892-g8f7c8b88bda4 #0
[  105.156030][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  105.159862][ T5337] Call Trace:
[  105.161131][ T5337]  <TASK>
[  105.162195][ T5337]  dump_stack_lvl+0x241/0x360
[  105.163929][ T5337]  ? __pfx_dump_stack_lvl+0x10/0x10
[  105.165857][ T5337]  ? __pfx__printk+0x10/0x10
[  105.167526][ T5337]  ? _printk+0xd5/0x120
[  105.169060][ T5337]  ? __init_begin+0x41000/0x41000
[  105.170787][ T5337]  ? vscnprintf+0x5d/0x90
[  105.172403][ T5337]  panic+0x349/0x880
[  105.173820][ T5337]  ? __warn+0x177/0x4e0
[  105.175435][ T5337]  ? __pfx_panic+0x10/0x10
[  105.177125][ T5337]  ? show_trace_log_lvl+0x3b2/0x410
[  105.178968][ T5337]  __warn+0x34b/0x4e0
[  105.180439][ T5337]  ? __kvmalloc_node_noprof+0x17a/0x190
[  105.182407][ T5337]  report_bug+0x2b3/0x500
[  105.184017][ T5337]  ? __kvmalloc_node_noprof+0x17a/0x190
[  105.186011][ T5337]  handle_bug+0x60/0x90
[  105.187566][ T5337]  exc_invalid_op+0x1a/0x50
[  105.189243][ T5337]  asm_exc_invalid_op+0x1a/0x20
[  105.191008][ T5337] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190
[  105.193222][ T5337] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 2f bd b9 ff 41 81 e7 00 20 00 00 74 0a e8 e1 b8 b9 ff e9 3b ff ff ff e8 d7 b8 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[  105.200206][ T5337] RSP: 0018:ffffc9000d357930 EFLAGS: 00010287
[  105.202365][ T5337] RAX: ffffffff81db2559 RBX: 000000008425cc00 RCX: 0000000000100000
[  105.205248][ T5337] RDX: ffffc9000e6ba000 RSI: 00000000000007b0 RDI: 00000000000007b1
[  105.208074][ T5337] RBP: 0000000000000000 R08: ffffffff81db2541 R09: 00000000ffffffff
[  105.210857][ T5337] R10: ffffc9000d3577a0 R11: fffff52001a6aef9 R12: 000000008425cc00
[  105.213596][ T5337] R13: ffffc9000d357a60 R14: 00000000ffffffff R15: 0000000000000000
[  105.216333][ T5337]  ? __kvmalloc_node_noprof+0x161/0x190
[  105.218420][ T5337]  ? __kvmalloc_node_noprof+0x179/0x190
[  105.220345][ T5337]  __v4l2_ctrl_modify_dimensions+0x43b/0xb60
[  105.222505][ T5337]  ? tpg_update_mv_step+0x361/0x4f0
[  105.224372][ T5337]  vivid_update_format_cap+0x133c/0x2090
[  105.226448][ T5337]  ? __pfx_vivid_update_format_cap+0x10/0x10
[  105.228621][ T5337]  vivid_vid_cap_s_dv_timings+0x535/0x1230
[  105.230645][ T5337]  __video_do_ioctl+0xc23/0xdd0
[  105.232453][ T5337]  ? __pfx___video_do_ioctl+0x10/0x10
[  105.234453][ T5337]  ? __might_fault+0xc6/0x120
[  105.236210][ T5337]  video_usercopy+0x89b/0x1180
[  105.238070][ T5337]  ? __pfx___video_do_ioctl+0x10/0x10
[  105.240127][ T5337]  ? __pfx_video_usercopy+0x10/0x10
[  105.242124][ T5337]  ? __fget_files+0x2a/0x410
[  105.243873][ T5337]  ? __fget_files+0x2a/0x410
[  105.245621][ T5337]  v4l2_ioctl+0x189/0x1e0
[  105.247268][ T5337]  ? __pfx_v4l2_ioctl+0x10/0x10
[  105.249052][ T5337]  __se_sys_ioctl+0xf5/0x170
[  105.250762][ T5337]  do_syscall_64+0xf3/0x230
[  105.252450][ T5337]  ? clear_bhb_loop+0x35/0x90
[  105.254199][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.256360][ T5337] RIP: 0033:0x7f220897e819
[  105.257947][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.264893][ T5337] RSP: 002b:00007f2209729038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  105.267970][ T5337] RAX: ffffffffffffffda RBX: 00007f2208b35fa0 RCX: 00007f220897e819
[  105.270835][ T5337] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000004
[  105.273700][ T5337] RBP: 00007f22089f175e R08: 0000000000000000 R09: 0000000000000000
[  105.276609][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  105.279544][ T5337] R13: 0000000000000000 R14: 00007f2208b35fa0 R15: 00007ffdbc4a41c8
[  105.282501][ T5337]  </TASK>
[  105.283907][ T5337] Kernel Offset: disabled
[  105.285556][ T5337] Rebooting in 86400 seconds..