program:
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/snmp6\x00')
r1 = syz_open_dev$evdev(&(0x7f0000001200), 0xb, 0x80902)
ioctl$EVIOCGKEYCODE(r1, 0x80084504, 0x0)
getdents64(r0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000080)=0x17, 0x4)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'poly1305\x00'}, 0x58)
r5 = accept4(r4, 0x0, 0x0, 0x0)
sendmmsg$unix(r5, &(0x7f0000003a40)=[{{0x0, 0x0, &(0x7f0000002440)=[{&(0x7f00000011c0)="11", 0x1}, {&(0x7f0000000000)="5345093ce86a4f3cb9cec7e3372cb331d6ebb225a7af1f81992a425b1804c9", 0x1f}], 0x2}}], 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x10020f58, 0x0, [{0x6}, {}, {}, {0x0, 0x35}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xff}, {0x1, 0x0, 0x1}, {}, {0x0, 0x4}, {0x0, 0x3c}]}})
r7 = dup2(r3, r6)
ioctl$KVM_IRQ_LINE(r7, 0x4008ae61, &(0x7f0000000080)={0x9, 0x2})
r8 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r8, 0xc0045627, &(0x7f0000000100)=0x3)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x5c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}]}, 0x5c}}, 0x0)
sendmsg$IPSET_CMD_DESTROY(r9, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
r10 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
unshare(0x22020400)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xa60a, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r11, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001740)={r11, 0x0, &(0x7f0000001700)=""/53}, 0x20)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r10, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb43, 0x870, 0x1, 0x1, 0xd59f80, 0x19f2, 0x3f, 0x19eb, 0xd9f, 0x3, 0x2800, 0x2800, 0x440, 0xd1, 0xc, 0x30, {0x8, 0x4}, 0xd0, 0x9}})
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r8, 0xc0845657, &(0x7f0000000200)={0x0, @bt={0xb43, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x3f, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x440, 0xd1, 0xc, 0x30, {0x8, 0xffffffff}, 0xd0, 0x9}})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2})

[   72.688470][ T4669] Bluetooth: hci0: command tx timeout
[   72.916643][ T5323] ------------[ cut here ]------------
[   72.919273][ T5323] WARNING: CPU: 0 PID: 5323 at mm/util.c:670 __kvmalloc_node_noprof+0x17a/0x190
[   72.922850][ T5323] Modules linked in:
[   72.924388][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0
[   72.928307][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.932564][ T5323] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190
[   72.934908][ T5323] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 ff e5 b9 ff 41 81 e7 00 20 00 00 74 0a e8 b1 e1 b9 ff e9 3b ff ff ff e8 a7 e1 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[   72.942387][ T5323] RSP: 0018:ffffc90001797930 EFLAGS: 00010283
[   72.944761][ T5323] RAX: ffffffff81daf879 RBX: 000000009f613c00 RCX: 0000000000040000
[   72.947608][ T5323] RDX: ffffc9000d51a000 RSI: 00000000000007ad RDI: 00000000000007ae
[   72.950575][ T5323] RBP: 0000000000000000 R08: ffffffff81daf861 R09: 00000000ffffffff
[   72.953653][ T5323] R10: ffffc900017977a0 R11: fffff520002f2ef9 R12: 000000009f613c00
[   72.956573][ T5323] R13: ffffc90001797a60 R14: 00000000ffffffff R15: 0000000000000000
[   72.959514][ T5323] FS:  00007fe7edf666c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   72.962946][ T5323] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   72.965432][ T5323] CR2: 000000002000b000 CR3: 0000000043236000 CR4: 0000000000352ef0
[   72.968488][ T5323] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   72.971654][ T5323] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   72.974750][ T5323] Call Trace:
[   72.976066][ T5323]  <TASK>
[   72.978022][ T5323]  ? __warn+0x168/0x4e0
[   72.979695][ T5323]  ? __kvmalloc_node_noprof+0x17a/0x190
[   72.982153][ T5323]  ? report_bug+0x2b3/0x500
[   72.983875][ T5323]  ? __kvmalloc_node_noprof+0x17a/0x190
[   72.985934][ T5323]  ? handle_bug+0x60/0x90
[   72.987570][ T5323]  ? exc_invalid_op+0x1a/0x50
[   72.989416][ T5323]  ? asm_exc_invalid_op+0x1a/0x20
[   72.991523][ T5323]  ? __kvmalloc_node_noprof+0x161/0x190
[   72.993727][ T5323]  ? __kvmalloc_node_noprof+0x179/0x190
[   72.995635][ T5323]  ? __kvmalloc_node_noprof+0x17a/0x190
[   72.997791][ T5323]  __v4l2_ctrl_modify_dimensions+0x43b/0xb60
[   73.000013][ T5323]  ? tpg_update_mv_step+0x361/0x4f0
[   73.002050][ T5323]  vivid_update_format_cap+0x133c/0x2090
[   73.004209][ T5323]  ? __pfx_vivid_update_format_cap+0x10/0x10
[   73.006553][ T5323]  vivid_vid_cap_s_dv_timings+0x535/0x1230
[   73.008802][ T5323]  __video_do_ioctl+0xc23/0xdd0
[   73.010735][ T5323]  ? __pfx___video_do_ioctl+0x10/0x10
[   73.013110][ T5323]  ? __might_fault+0xc6/0x120
[   73.014957][ T5323]  video_usercopy+0x89b/0x1180
[   73.016860][ T5323]  ? __pfx___video_do_ioctl+0x10/0x10
[   73.018945][ T5323]  ? __pfx_video_usercopy+0x10/0x10
[   73.021073][ T5323]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   73.023426][ T5323]  v4l2_ioctl+0x189/0x1e0
[   73.025146][ T5323]  ? __pfx_v4l2_ioctl+0x10/0x10
[   73.026959][ T5323]  __se_sys_ioctl+0xf9/0x170
[   73.028768][ T5323]  do_syscall_64+0xf3/0x230
[   73.030514][ T5323]  ? clear_bhb_loop+0x35/0x90
[   73.032641][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.034918][ T5323] RIP: 0033:0x7fe7ed17e719
[   73.036732][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.044187][ T5323] RSP: 002b:00007fe7edf66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.047207][ T5323] RAX: ffffffffffffffda RBX: 00007fe7ed335f80 RCX: 00007fe7ed17e719
[   73.050081][ T5323] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 000000000000000c
[   73.053338][ T5323] RBP: 00007fe7ed1f132e R08: 0000000000000000 R09: 0000000000000000
[   73.056286][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.059393][ T5323] R13: 0000000000000000 R14: 00007fe7ed335f80 R15: 00007fff56a87128
[   73.062547][ T5323]  </TASK>
[   73.063730][ T5323] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   73.066321][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.12.0-rc5-syzkaller-00044-gc1e939a21eb1 #0
[   73.070278][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.074331][ T5323] Call Trace:
[   73.075617][ T5323]  <TASK>
[   73.076837][ T5323]  dump_stack_lvl+0x241/0x360
[   73.078587][ T5323]  ? __pfx_dump_stack_lvl+0x10/0x10
[   73.080657][ T5323]  ? __pfx__printk+0x10/0x10
[   73.082394][ T5323]  ? _printk+0xd5/0x120
[   73.083987][ T5323]  ? __init_begin+0x41000/0x41000
[   73.085925][ T5323]  ? vscnprintf+0x5d/0x90
[   73.087619][ T5323]  panic+0x349/0x880
[   73.089159][ T5323]  ? __warn+0x177/0x4e0
[   73.090701][ T5323]  ? __pfx_panic+0x10/0x10
[   73.092399][ T5323]  ? show_trace_log_lvl+0x3b2/0x410
[   73.094401][ T5323]  __warn+0x34b/0x4e0
[   73.095991][ T5323]  ? __kvmalloc_node_noprof+0x17a/0x190
[   73.098054][ T5323]  report_bug+0x2b3/0x500
[   73.099747][ T5323]  ? __kvmalloc_node_noprof+0x17a/0x190
[   73.101949][ T5323]  handle_bug+0x60/0x90
[   73.103505][ T5323]  exc_invalid_op+0x1a/0x50
[   73.105224][ T5323]  asm_exc_invalid_op+0x1a/0x20
[   73.107005][ T5323] RIP: 0010:__kvmalloc_node_noprof+0x17a/0x190
[   73.109333][ T5323] Code: cc 44 89 fe 81 e6 00 20 00 00 31 ff e8 ff e5 b9 ff 41 81 e7 00 20 00 00 74 0a e8 b1 e1 b9 ff e9 3b ff ff ff e8 a7 e1 b9 ff 90 <0f> 0b 90 e9 2d ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[   73.116415][ T5323] RSP: 0018:ffffc90001797930 EFLAGS: 00010283
[   73.118573][ T5323] RAX: ffffffff81daf879 RBX: 000000009f613c00 RCX: 0000000000040000
[   73.121519][ T5323] RDX: ffffc9000d51a000 RSI: 00000000000007ad RDI: 00000000000007ae
[   73.124354][ T5323] RBP: 0000000000000000 R08: ffffffff81daf861 R09: 00000000ffffffff
[   73.127127][ T5323] R10: ffffc900017977a0 R11: fffff520002f2ef9 R12: 000000009f613c00
[   73.129958][ T5323] R13: ffffc90001797a60 R14: 00000000ffffffff R15: 0000000000000000
[   73.132906][ T5323]  ? __kvmalloc_node_noprof+0x161/0x190
[   73.134977][ T5323]  ? __kvmalloc_node_noprof+0x179/0x190
[   73.137078][ T5323]  __v4l2_ctrl_modify_dimensions+0x43b/0xb60
[   73.139363][ T5323]  ? tpg_update_mv_step+0x361/0x4f0
[   73.141384][ T5323]  vivid_update_format_cap+0x133c/0x2090
[   73.143483][ T5323]  ? __pfx_vivid_update_format_cap+0x10/0x10
[   73.145898][ T5323]  vivid_vid_cap_s_dv_timings+0x535/0x1230
[   73.148145][ T5323]  __video_do_ioctl+0xc23/0xdd0
[   73.149940][ T5323]  ? __pfx___video_do_ioctl+0x10/0x10
[   73.151929][ T5323]  ? __might_fault+0xc6/0x120
[   73.153804][ T5323]  video_usercopy+0x89b/0x1180
[   73.155703][ T5323]  ? __pfx___video_do_ioctl+0x10/0x10
[   73.157798][ T5323]  ? __pfx_video_usercopy+0x10/0x10
[   73.159710][ T5323]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   73.162104][ T5323]  v4l2_ioctl+0x189/0x1e0
[   73.163759][ T5323]  ? __pfx_v4l2_ioctl+0x10/0x10
[   73.165671][ T5323]  __se_sys_ioctl+0xf9/0x170
[   73.167482][ T5323]  do_syscall_64+0xf3/0x230
[   73.169297][ T5323]  ? clear_bhb_loop+0x35/0x90
[   73.171020][ T5323]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.173257][ T5323] RIP: 0033:0x7fe7ed17e719
[   73.174912][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.181978][ T5323] RSP: 002b:00007fe7edf66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   73.184994][ T5323] RAX: ffffffffffffffda RBX: 00007fe7ed335f80 RCX: 00007fe7ed17e719
[   73.188111][ T5323] RDX: 0000000020000200 RSI: 00000000c0845657 RDI: 000000000000000c
[   73.191011][ T5323] RBP: 00007fe7ed1f132e R08: 0000000000000000 R09: 0000000000000000
[   73.193555][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   73.196139][ T5323] R13: 0000000000000000 R14: 00007fe7ed335f80 R15: 00007fff56a87128
[   73.199070][ T5323]  </TASK>
[   73.200511][ T5323] Kernel Offset: disabled
[   73.202131][ T5323] Rebooting in 86400 seconds..