program: r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r1 = socket(0x25, 0x5, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r3, 0x0, 0x2e, &(0x7f0000000480)={0x3, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) preadv(r2, &(0x7f0000001900)=[{&(0x7f0000000640)=""/97, 0x61}], 0x1, 0xfffffffd, 0x0) r4 = syz_open_dev$sg(&(0x7f0000000000), 0x800000008, 0x90060) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r1, {r0}}, './file0\x00'}) ioctl$SG_GET_LOW_DMA(r4, 0x227a, &(0x7f0000000040)) syz_open_pts(r5, 0x381001) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e22, @empty}, 0xffffffb8) open(&(0x7f0000000100)='./file1\x00', 0x490481, 0x7) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@release={0x40046306, 0x2}], 0x0, 0x0, 0x0}) r6 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) mknod(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='cifs\x00', 0x1318010, &(0x7f0000000140)='\x00\x00\x00\x00\x00\x00\x00\x00') r7 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r7, 0xc0045627, &(0x7f0000000100)=0x3) r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r8, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xd2, 0x4c1a9a5b, 0xc70860652d667100, 0x3, 0xfffffffffffffffc, 0xfffffffc, 0x9, 0x8, 0xfffffff8, 0x56c, 0xffff, 0x80, 0x1000, 0x4851, 0x12, 0x10, {0x0, 0x1}, 0x0, 0x7}}) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r7, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb43, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x1368, 0x3, 0x2800, 0x2800, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}}) sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) [ 70.288281][ T4675] Bluetooth: hci0: command tx timeout [ 70.401004][ T5326] ------------[ cut here ]------------ [ 70.402839][ T5326] WARNING: CPU: 0 PID: 5326 at mm/util.c:670 __kvmalloc_node_noprof+0x17a/0x190 [ 70.408232][ T5326] Modules linked in: [ 70.409913][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller #0 [ 70.412983][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.416694][ T5326] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190 [ 70.419337][ T5326] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 ef e5 b9 ff 41 81 e7 00 20 00 00 74 0a e8 a1 e1 b9 ff e9 3b ff ff ff e8 97 e1 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 [ 70.427692][ T5326] RSP: 0018:ffffc9000d24f930 EFLAGS: 00010283 [ 70.430326][ T5326] RAX: ffffffff81daf6f9 RBX: 00000000b1206800 RCX: 0000000000040000 [ 70.433327][ T5326] RDX: ffffc9000d7a9000 RSI: 00000000000007af RDI: 00000000000007b0 [ 70.437166][ T5326] RBP: 0000000000000000 R08: ffffffff81daf6e1 R09: 00000000ffffffff [ 70.441832][ T5326] R10: ffffc9000d24f7a0 R11: fffff52001a49ef9 R12: 00000000b1206800 [ 70.444836][ T5326] R13: ffffc9000d24fa60 R14: 00000000ffffffff R15: 0000000000000000 [ 70.447826][ T5326] FS: 00007f03362536c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 70.451220][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.453447][ T5326] CR2: 000000002000c2c0 CR3: 000000004333e000 CR4: 0000000000352ef0 [ 70.456586][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 70.459448][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 70.462244][ T5326] Call Trace: [ 70.463501][ T5326] [ 70.464572][ T5326] ? __warn+0x168/0x4e0 [ 70.466152][ T5326] ? __kvmalloc_node_noprof+0x17a/0x190 [ 70.468125][ T5326] ? report_bug+0x2b3/0x500 [ 70.469948][ T5326] ? __kvmalloc_node_noprof+0x17a/0x190 [ 70.471839][ T5326] ? handle_bug+0x60/0x90 [ 70.473399][ T5326] ? exc_invalid_op+0x1a/0x50 [ 70.475117][ T5326] ? asm_exc_invalid_op+0x1a/0x20 [ 70.477059][ T5326] ? __kvmalloc_node_noprof+0x161/0x190 [ 70.479876][ T5326] ? __kvmalloc_node_noprof+0x179/0x190 [ 70.481960][ T5326] ? __kvmalloc_node_noprof+0x17a/0x190 [ 70.483958][ T5326] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 70.486246][ T5326] ? tpg_update_mv_step+0x361/0x4f0 [ 70.488290][ T5326] vivid_update_format_cap+0x133c/0x2090 [ 70.490678][ T5326] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 70.492984][ T5326] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 70.495146][ T5326] __video_do_ioctl+0xc23/0xdd0 [ 70.496964][ T5326] ? __pfx___video_do_ioctl+0x10/0x10 [ 70.498963][ T5326] ? __might_fault+0xc6/0x120 [ 70.500804][ T5326] video_usercopy+0x89b/0x1180 [ 70.502637][ T5326] ? __pfx___video_do_ioctl+0x10/0x10 [ 70.504491][ T5326] ? __pfx_video_usercopy+0x10/0x10 [ 70.506331][ T5326] ? __fget_files+0x29/0x470 [ 70.508263][ T5326] ? __fget_files+0x3f3/0x470 [ 70.510298][ T5326] v4l2_ioctl+0x189/0x1e0 [ 70.511912][ T5326] ? __pfx_v4l2_ioctl+0x10/0x10 [ 70.513654][ T5326] __se_sys_ioctl+0xf9/0x170 [ 70.515288][ T5326] do_syscall_64+0xf3/0x230 [ 70.516897][ T5326] ? clear_bhb_loop+0x35/0x90 [ 70.518831][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.520994][ T5326] RIP: 0033:0x7f033537e719 [ 70.522656][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.529974][ T5326] RSP: 002b:00007f0336253038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.533102][ T5326] RAX: ffffffffffffffda RBX: 00007f0335535f80 RCX: 00007f033537e719 [ 70.536209][ T5326] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000009 [ 70.539576][ T5326] RBP: 00007f03353f132e R08: 0000000000000000 R09: 0000000000000000 [ 70.542344][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.545178][ T5326] R13: 0000000000000000 R14: 00007f0335535f80 R15: 00007ffffa23ecc8 [ 70.548260][ T5326] [ 70.549757][ T5326] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 70.552353][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller #0 [ 70.555671][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 70.559740][ T5326] Call Trace: [ 70.561049][ T5326] [ 70.562184][ T5326] dump_stack_lvl+0x241/0x360 [ 70.564044][ T5326] ? __pfx_dump_stack_lvl+0x10/0x10 [ 70.565919][ T5326] ? __pfx__printk+0x10/0x10 [ 70.567609][ T5326] ? _printk+0xd5/0x120 [ 70.569196][ T5326] ? __init_begin+0x41000/0x41000 [ 70.571060][ T5326] ? vscnprintf+0x5d/0x90 [ 70.572764][ T5326] panic+0x349/0x880 [ 70.574152][ T5326] ? __warn+0x177/0x4e0 [ 70.575711][ T5326] ? __pfx_panic+0x10/0x10 [ 70.577392][ T5326] ? show_trace_log_lvl+0x3b2/0x410 [ 70.579246][ T5326] __warn+0x34b/0x4e0 [ 70.580606][ T5326] ? __kvmalloc_node_noprof+0x17a/0x190 [ 70.582385][ T5326] report_bug+0x2b3/0x500 [ 70.583898][ T5326] ? __kvmalloc_node_noprof+0x17a/0x190 [ 70.585996][ T5326] handle_bug+0x60/0x90 [ 70.587549][ T5326] exc_invalid_op+0x1a/0x50 [ 70.589333][ T5326] asm_exc_invalid_op+0x1a/0x20 [ 70.591119][ T5326] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190 [ 70.593528][ T5326] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 ef e5 b9 ff 41 81 e7 00 20 00 00 74 0a e8 a1 e1 b9 ff e9 3b ff ff ff e8 97 e1 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 [ 70.600557][ T5326] RSP: 0018:ffffc9000d24f930 EFLAGS: 00010283 [ 70.603023][ T5326] RAX: ffffffff81daf6f9 RBX: 00000000b1206800 RCX: 0000000000040000 [ 70.606538][ T5326] RDX: ffffc9000d7a9000 RSI: 00000000000007af RDI: 00000000000007b0 [ 70.609741][ T5326] RBP: 0000000000000000 R08: ffffffff81daf6e1 R09: 00000000ffffffff [ 70.612806][ T5326] R10: ffffc9000d24f7a0 R11: fffff52001a49ef9 R12: 00000000b1206800 [ 70.616022][ T5326] R13: ffffc9000d24fa60 R14: 00000000ffffffff R15: 0000000000000000 [ 70.619014][ T5326] ? __kvmalloc_node_noprof+0x161/0x190 [ 70.621175][ T5326] ? __kvmalloc_node_noprof+0x179/0x190 [ 70.623473][ T5326] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 70.625865][ T5326] ? tpg_update_mv_step+0x361/0x4f0 [ 70.627887][ T5326] vivid_update_format_cap+0x133c/0x2090 [ 70.629958][ T5326] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 70.632055][ T5326] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 70.634267][ T5326] __video_do_ioctl+0xc23/0xdd0 [ 70.636132][ T5326] ? __pfx___video_do_ioctl+0x10/0x10 [ 70.638226][ T5326] ? __might_fault+0xc6/0x120 [ 70.640035][ T5326] video_usercopy+0x89b/0x1180 [ 70.641787][ T5326] ? __pfx___video_do_ioctl+0x10/0x10 [ 70.643651][ T5326] ? __pfx_video_usercopy+0x10/0x10 [ 70.645484][ T5326] ? __fget_files+0x29/0x470 [ 70.647111][ T5326] ? __fget_files+0x3f3/0x470 [ 70.648715][ T5326] v4l2_ioctl+0x189/0x1e0 [ 70.650224][ T5326] ? __pfx_v4l2_ioctl+0x10/0x10 [ 70.651927][ T5326] __se_sys_ioctl+0xf9/0x170 [ 70.653539][ T5326] do_syscall_64+0xf3/0x230 [ 70.655113][ T5326] ? clear_bhb_loop+0x35/0x90 [ 70.656625][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.658682][ T5326] RIP: 0033:0x7f033537e719 [ 70.660418][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.667452][ T5326] RSP: 002b:00007f0336253038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.670629][ T5326] RAX: ffffffffffffffda RBX: 00007f0335535f80 RCX: 00007f033537e719 [ 70.673652][ T5326] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000009 [ 70.676619][ T5326] RBP: 00007f03353f132e R08: 0000000000000000 R09: 0000000000000000 [ 70.679467][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.682458][ T5326] R13: 0000000000000000 R14: 00007f0335535f80 R15: 00007ffffa23ecc8 [ 70.685354][ T5326] [ 70.686794][ T5326] Kernel Offset: disabled [ 70.688566][ T5326] Rebooting in 86400 seconds..