program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)=0x3) (async) ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)=0x3) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb43, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0xf9c, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}}) (async) ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb43, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0xf9c, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}}) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x20, r2, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}}, 0x0) (async) sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x20, r2, 0x6a98047402e98331, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000700)=@req={0x10000, 0x5, 0x80, 0xa00}, 0x10) setsockopt$packet_int(r4, 0x107, 0x13, &(0x7f0000000740), 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00'}) (async) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) (async) r6 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz0\x00', 0x200002, 0x0) r7 = openat$cgroup_ro(r6, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r7, 0x40305839, &(0x7f0000000000)={0x0, 0x2, 0x0, 0xfa64}) ioctl$VIDIOC_S_SELECTION(r7, 0xc040565f, &(0x7f0000000140)={0x7, 0x101, 0x2, {0x2, 0x3, 0x200, 0x9}}) openat$cgroup_procs(r6, &(0x7f0000000180)='cgroup.threads\x00', 0x2, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) (async) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(r7, r7, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000340)=[@text16={0x10, &(0x7f00000002c0)="0fa4e251bad10466b80af94cdd66ef0f01cb0f06f26ef7715766f0ff0166b93306000066b80000010066ba000000000f30baf80c66b8bc7fb88966efbafc0c66b80000010066ef650f01b00a00", 0x4d}], 0x1, 0x0, &(0x7f0000000380)=[@cr0={0x0, 0x20000000}, @cr0={0x0, 0x20000000}], 0x2) [ 79.470506][ T5101] Bluetooth: hci0: command tx timeout [ 80.623502][ T5117] ------------[ cut here ]------------ [ 80.625824][ T5117] WARNING: CPU: 0 PID: 5117 at mm/util.c:670 __kvmalloc_node_noprof+0x17a/0x190 [ 80.629684][ T5117] Modules linked in: [ 80.631583][ T5117] CPU: 0 UID: 0 PID: 5117 Comm: syz.0.0 Not tainted 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 [ 80.636223][ T5117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.641557][ T5117] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190 [ 80.644223][ T5117] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 9f ed b9 ff 41 81 e7 00 20 00 00 74 0a e8 51 e9 b9 ff e9 3b ff ff ff e8 47 e9 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 [ 80.651819][ T5117] RSP: 0018:ffffc9000b32f930 EFLAGS: 00010293 [ 80.654399][ T5117] RAX: ffffffff81dafe09 RBX: 0000000098c14400 RCX: ffff88801fa44880 [ 80.658342][ T5117] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 80.661724][ T5117] RBP: 0000000000000000 R08: ffffffff81dafdf1 R09: 00000000ffffffff [ 80.664799][ T5117] R10: ffffc9000b32f7a0 R11: fffff52001665ef9 R12: 0000000098c14400 [ 80.667939][ T5117] R13: ffffc9000b32fa60 R14: 00000000ffffffff R15: 0000000000000000 [ 80.671247][ T5117] FS: 00007fb89eacb6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 80.677652][ T5117] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 80.680109][ T5117] CR2: 00007fb89deafe48 CR3: 0000000011bae000 CR4: 0000000000352ef0 [ 80.683164][ T5117] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 80.686236][ T5117] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 80.689348][ T5117] Call Trace: [ 80.690689][ T5117] [ 80.691937][ T5117] ? __warn+0x168/0x4e0 [ 80.693957][ T5117] ? __kvmalloc_node_noprof+0x17a/0x190 [ 80.699402][ T5117] ? report_bug+0x2b3/0x500 [ 80.701264][ T5117] ? __kvmalloc_node_noprof+0x17a/0x190 [ 80.703446][ T5117] ? handle_bug+0x60/0x90 [ 80.705128][ T5117] ? exc_invalid_op+0x1a/0x50 [ 80.707841][ T5117] ? asm_exc_invalid_op+0x1a/0x20 [ 80.710703][ T5117] ? __kvmalloc_node_noprof+0x161/0x190 [ 80.713854][ T5117] ? __kvmalloc_node_noprof+0x179/0x190 [ 80.716592][ T5117] ? __kvmalloc_node_noprof+0x17a/0x190 [ 80.718643][ T5117] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 80.720940][ T5117] ? tpg_update_mv_step+0x361/0x4f0 [ 80.722897][ T5117] vivid_update_format_cap+0x133c/0x2090 [ 80.725032][ T5117] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 80.727520][ T5117] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 80.730272][ T5117] __video_do_ioctl+0xc23/0xdd0 [ 80.733503][ T5117] ? __pfx___video_do_ioctl+0x10/0x10 [ 80.736031][ T5117] ? __might_fault+0xc6/0x120 [ 80.738245][ T5117] video_usercopy+0x89b/0x1180 [ 80.740143][ T5117] ? __pfx___video_do_ioctl+0x10/0x10 [ 80.742184][ T5117] ? __pfx_video_usercopy+0x10/0x10 [ 80.744255][ T5117] ? __fget_files+0x29/0x470 [ 80.745964][ T5117] ? __fget_files+0x3f3/0x470 [ 80.748077][ T5117] v4l2_ioctl+0x189/0x1e0 [ 80.749932][ T5117] ? __pfx_v4l2_ioctl+0x10/0x10 [ 80.752359][ T5117] __se_sys_ioctl+0xf9/0x170 [ 80.754816][ T5117] do_syscall_64+0xf3/0x230 [ 80.756905][ T5117] ? clear_bhb_loop+0x35/0x90 [ 80.758902][ T5117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.761337][ T5117] RIP: 0033:0x7fb89dd7dff9 [ 80.763205][ T5117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.771079][ T5117] RSP: 002b:00007fb89eacb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.774669][ T5117] RAX: ffffffffffffffda RBX: 00007fb89df36058 RCX: 00007fb89dd7dff9 [ 80.779181][ T5117] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000004 [ 80.783048][ T5117] RBP: 00007fb89ddf0296 R08: 0000000000000000 R09: 0000000000000000 [ 80.786226][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.789509][ T5117] R13: 0000000000000000 R14: 00007fb89df36058 R15: 00007ffef04e8688 [ 80.792880][ T5117] [ 80.794133][ T5117] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 80.797284][ T5117] CPU: 0 UID: 0 PID: 5117 Comm: syz.0.0 Not tainted 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 [ 80.802067][ T5117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 80.806299][ T5117] Call Trace: [ 80.807614][ T5117] [ 80.808752][ T5117] dump_stack_lvl+0x241/0x360 [ 80.810590][ T5117] ? __pfx_dump_stack_lvl+0x10/0x10 [ 80.813150][ T5117] ? __pfx__printk+0x10/0x10 [ 80.815681][ T5117] ? _printk+0xd5/0x120 [ 80.817627][ T5117] ? __init_begin+0x41000/0x41000 [ 80.819899][ T5117] ? vscnprintf+0x5d/0x90 [ 80.821623][ T5117] panic+0x349/0x880 [ 80.823307][ T5117] ? __warn+0x177/0x4e0 [ 80.825028][ T5117] ? __pfx_panic+0x10/0x10 [ 80.826933][ T5117] ? show_trace_log_lvl+0x3b2/0x410 [ 80.829123][ T5117] __warn+0x34b/0x4e0 [ 80.830688][ T5117] ? __kvmalloc_node_noprof+0x17a/0x190 [ 80.832857][ T5117] report_bug+0x2b3/0x500 [ 80.834511][ T5117] ? __kvmalloc_node_noprof+0x17a/0x190 [ 80.836569][ T5117] handle_bug+0x60/0x90 [ 80.838232][ T5117] exc_invalid_op+0x1a/0x50 [ 80.840059][ T5117] asm_exc_invalid_op+0x1a/0x20 [ 80.841965][ T5117] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190 [ 80.844150][ T5117] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 9f ed b9 ff 41 81 e7 00 20 00 00 74 0a e8 51 e9 b9 ff e9 3b ff ff ff e8 47 e9 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 [ 80.851019][ T5117] RSP: 0018:ffffc9000b32f930 EFLAGS: 00010293 [ 80.853254][ T5117] RAX: ffffffff81dafe09 RBX: 0000000098c14400 RCX: ffff88801fa44880 [ 80.856295][ T5117] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 80.859337][ T5117] RBP: 0000000000000000 R08: ffffffff81dafdf1 R09: 00000000ffffffff [ 80.862457][ T5117] R10: ffffc9000b32f7a0 R11: fffff52001665ef9 R12: 0000000098c14400 [ 80.865275][ T5117] R13: ffffc9000b32fa60 R14: 00000000ffffffff R15: 0000000000000000 [ 80.868097][ T5117] ? __kvmalloc_node_noprof+0x161/0x190 [ 80.870001][ T5117] ? __kvmalloc_node_noprof+0x179/0x190 [ 80.871995][ T5117] __v4l2_ctrl_modify_dimensions+0x43b/0xb60 [ 80.874129][ T5117] ? tpg_update_mv_step+0x361/0x4f0 [ 80.876096][ T5117] vivid_update_format_cap+0x133c/0x2090 [ 80.878151][ T5117] ? __pfx_vivid_update_format_cap+0x10/0x10 [ 80.880367][ T5117] vivid_vid_cap_s_dv_timings+0x535/0x1230 [ 80.882543][ T5117] __video_do_ioctl+0xc23/0xdd0 [ 80.884696][ T5117] ? __pfx___video_do_ioctl+0x10/0x10 [ 80.887209][ T5117] ? __might_fault+0xc6/0x120 [ 80.889421][ T5117] video_usercopy+0x89b/0x1180 [ 80.891545][ T5117] ? __pfx___video_do_ioctl+0x10/0x10 [ 80.893526][ T5117] ? __pfx_video_usercopy+0x10/0x10 [ 80.895343][ T5117] ? __fget_files+0x29/0x470 [ 80.896968][ T5117] ? __fget_files+0x3f3/0x470 [ 80.898661][ T5117] v4l2_ioctl+0x189/0x1e0 [ 80.900410][ T5117] ? __pfx_v4l2_ioctl+0x10/0x10 [ 80.902569][ T5117] __se_sys_ioctl+0xf9/0x170 [ 80.904951][ T5117] do_syscall_64+0xf3/0x230 [ 80.906971][ T5117] ? clear_bhb_loop+0x35/0x90 [ 80.908832][ T5117] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 80.911073][ T5117] RIP: 0033:0x7fb89dd7dff9 [ 80.912758][ T5117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 80.920592][ T5117] RSP: 002b:00007fb89eacb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 80.924555][ T5117] RAX: ffffffffffffffda RBX: 00007fb89df36058 RCX: 00007fb89dd7dff9 [ 80.927698][ T5117] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 0000000000000004 [ 80.930633][ T5117] RBP: 00007fb89ddf0296 R08: 0000000000000000 R09: 0000000000000000 [ 80.933605][ T5117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 80.936614][ T5117] R13: 0000000000000000 R14: 00007fb89df36058 R15: 00007ffef04e8688 [ 80.939894][ T5117] [ 80.941669][ T5117] Kernel Offset: disabled [ 80.943813][ T5117] Rebooting in 86400 seconds..