last executing test programs:

2.143309613s ago: executing program 1 (id=1092):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0)
write$auto(0x1, 0x0, 0x80000000)
madvise$auto(0x0, 0x200007, 0x8)
madvise$auto(0x0, 0x2003f0, 0x15)

1.470072011s ago: executing program 0 (id=1099):
rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8)
r0 = getpid()
r1 = gettid()
rt_tgsigqueueinfo$auto(r0, r1, 0x21, &(0x7f0000000400)={@siginfo_0_0={0x3, 0x1c51, 0x5, @_sigsys={0x0, 0x2, 0xffffffff}}})
rt_sigtimedwait$auto(&(0x7f0000000040)={0xfffffffffffffbff}, 0x0, 0x0, 0x8)

1.27047577s ago: executing program 0 (id=1101):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
io_uring_setup$auto(0x6, 0x0)
close_range$auto(0x2, 0x8, 0x0)
clock_nanosleep$auto(0x1, 0x200, &(0x7f0000000140)={0x0, 0x2800000a}, 0x0)

1.156623404s ago: executing program 3 (id=1103):
mlockall$auto(0x7)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
move_pages$auto(0x0, 0xd0, 0x0, 0x0, 0x0, 0x2)
r0 = socket(0xa, 0x1, 0x84)
getsockopt$auto(r0, 0x84, 0x1c, 0x0, 0x0)

1.137292268s ago: executing program 1 (id=1104):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
io_uring_setup$auto(0x1fe, 0x0)
lsm_list_modules$auto(0x0, 0x0, 0x0)
r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0)
ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x403c6f2b, 0x0)

1.048000003s ago: executing program 2 (id=1105):
r0 = socket(0x2, 0x801, 0x106)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3}, 0x55)
setsockopt$auto(r0, 0x6, 0x1e, 0x0, 0xa1)

986.938138ms ago: executing program 1 (id=1106):
mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000)
madvise$auto(0x0, 0x10, 0xc)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x20000000000006, 0x2)
waitid$auto_P_PGID(0x2, 0xffffffffffffffff, 0x0, 0x101, 0x0)
mremap$auto(0x0, 0x2, 0x8, 0x3, 0x7effffffb000)

956.330304ms ago: executing program 2 (id=1107):
statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x734f, 0x7, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0xc008010}, 0x4000001)
sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x13, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8040)
r0 = socket(0x10, 0x2, 0x0)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000140), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

869.679576ms ago: executing program 3 (id=1108):
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
socket(0x2, 0x2, 0x88)
getsockopt$auto_SO_INCOMING_CPU(r0, 0x0, 0x31, &(0x7f0000000080)='//\xfd(#\x00', &(0x7f00000000c0)=0x4)

837.819813ms ago: executing program 2 (id=1109):
mknod$auto(0x0, 0x1, 0x4)
mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x1, 0x0)
r0 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r0, 0x107, 0x1, 0x0, 0x8004)

739.418835ms ago: executing program 3 (id=1110):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='d\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)

734.46293ms ago: executing program 2 (id=1111):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r0 = socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)

512.052615ms ago: executing program 3 (id=1112):
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
socket(0x1e, 0x4, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff)
sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)={0x38, r1, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x18, 0x7, 0x0, 0x1, [@nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@generic='\x00\x00\x00\x00']}]}, @typed={0x8, 0x23, 0x0, 0x0, @uid}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x8880)

463.818334ms ago: executing program 0 (id=1113):
r0 = setfsuid$auto(0xee00)
r1 = setfsuid$auto(0xee01)
setresuid$auto(r0, r1, r0)
r2 = pidfd_open$auto(0x1, 0x0)
setns(r2, 0x60020000)

390.427651ms ago: executing program 0 (id=1114):
mmap$auto(0x0, 0x1, 0x4000000000df, 0x44eb2, 0x3, 0x300000000000)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x3, 0x100)
socket(0x2a, 0x2, 0x0)
ioctl$auto(0x3, 0x541b, 0x38)

328.647371ms ago: executing program 1 (id=1115):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/net/rpc/auth.rpcsec.context/channel\x00', 0x101002, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/scsi/device_info\x00', 0x40100, 0x0)
pread64$auto(r1, 0x0, 0x10001, 0x830)
write$auto(r0, 0x0, 0x3100)

277.16312ms ago: executing program 2 (id=1116):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0)
ioctl$auto_PPPIOCNEWUNIT(r0, 0xc004743e, 0x0)
ioctl$auto_PPPIOCSPASS(r0, 0x40107447, 0x0)

238.808443ms ago: executing program 3 (id=1117):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0)
read$auto(r0, 0x0, 0x20)
r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg0\x00', 0x0, 0x0)
ioctl$auto_BLKSECTGET2(r1, 0x1267, 0x0)

231.548ms ago: executing program 0 (id=1118):
mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x1d, 0x1, 0x10001)
socket(0x2, 0x5, 0x0)
capget$auto(0x0, 0xfffffffffffffffe)
adjtimex$auto(0x0)

150.774366ms ago: executing program 1 (id=1119):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3ff, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0)
umount2$auto(&(0x7f0000000040)='.\x00', 0x4)
umount2$auto(&(0x7f0000000000)='.\x00', 0x4)

103.021459ms ago: executing program 0 (id=1120):
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000)
getgroups$auto(0xc5f1, 0x0)

73.479818ms ago: executing program 3 (id=1121):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x6, 0x0)
mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0)
setresuid$auto(0x2, 0x7, 0x0)
madvise$auto(0x0, 0x20200, 0x15)

54.545112ms ago: executing program 2 (id=1122):
mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x20000000)
mlockall$auto(0x7)
mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000)
setreuid$auto(0x3, 0x7)
mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000)

0s ago: executing program 1 (id=1123):
readv$auto(0x6, 0x0, 0x8)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x102, 0x0)
clock_settime$auto(0x0, &(0x7f0000000000)={0x100000004, 0x8})
adjtimex$auto(&(0x7f0000000280)={0xf, 0x0, 0x8, 0x100000001, 0x7f, 0x0, 0x2, 0x0, 0xe, 0x0, 0x10001, {0xf, 0x6}, 0x7fffffffffffffff, 0x3a9d, 0x5, 0xf, 0x0, 0x6, 0x1, 0x7, 0x8, 0x5, 0x1015c8})
adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xb48, 0xb, 0x6, 0x2, 0x5, 0x0, 0xd, 0x9533, 0x7, {0x1fe, 0xfffffffffffff7fb}, 0x80, 0x80, 0x6, 0x6, 0x0, 0x100000001, 0x1, 0x190, 0x8, 0xa, 0x2014})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts.
[   96.844379][ T5828] cgroup: Unknown subsys name 'net'
[   96.974958][ T5828] cgroup: Unknown subsys name 'cpuset'
[   96.984476][ T5828] cgroup: Unknown subsys name 'rlimit'
[   97.174045][  T978] cfg80211: failed to load regulatory.db
Setting up swapspace version 1, size = 127995904 bytes
[   98.812510][ T5828] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  101.259664][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  101.269889][ T5849] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  101.279187][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  101.288367][ T5849] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  101.297164][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  101.305669][ T5849] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  101.314981][ T5849] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  101.323880][ T5849] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  101.332073][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  101.341540][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  101.349114][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  101.356557][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  101.358208][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  101.365719][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  101.377929][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  101.381635][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  101.394593][ T5853] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  101.403057][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  101.403508][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  101.418434][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  102.091829][ T5846] chnl_net:caif_netlink_parms(): no params data found
[  102.105789][ T5844] chnl_net:caif_netlink_parms(): no params data found
[  102.185831][ T5838] chnl_net:caif_netlink_parms(): no params data found
[  102.245907][ T5841] chnl_net:caif_netlink_parms(): no params data found
[  102.434767][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.442114][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.449584][ T5844] bridge_slave_0: entered allmulticast mode
[  102.457588][ T5844] bridge_slave_0: entered promiscuous mode
[  102.466486][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.474160][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.481456][ T5846] bridge_slave_0: entered allmulticast mode
[  102.488808][ T5846] bridge_slave_0: entered promiscuous mode
[  102.533065][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.540423][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.547908][ T5838] bridge_slave_0: entered allmulticast mode
[  102.555556][ T5838] bridge_slave_0: entered promiscuous mode
[  102.563482][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.573358][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.580718][ T5844] bridge_slave_1: entered allmulticast mode
[  102.588083][ T5844] bridge_slave_1: entered promiscuous mode
[  102.595932][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.603212][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.610603][ T5846] bridge_slave_1: entered allmulticast mode
[  102.618026][ T5846] bridge_slave_1: entered promiscuous mode
[  102.648361][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.658199][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.665783][ T5838] bridge_slave_1: entered allmulticast mode
[  102.674137][ T5838] bridge_slave_1: entered promiscuous mode
[  102.773917][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.783262][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[  102.791895][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[  102.799173][ T5841] bridge_slave_0: entered allmulticast mode
[  102.806813][ T5841] bridge_slave_0: entered promiscuous mode
[  102.832458][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.844645][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.856535][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  102.866228][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[  102.874297][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[  102.881662][ T5841] bridge_slave_1: entered allmulticast mode
[  102.889364][ T5841] bridge_slave_1: entered promiscuous mode
[  102.912570][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  102.926116][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.013402][ T5844] team0: Port device team_slave_0 added
[  103.038211][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  103.065331][ T5844] team0: Port device team_slave_1 added
[  103.077211][ T5846] team0: Port device team_slave_0 added
[  103.086236][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  103.102178][ T5838] team0: Port device team_slave_0 added
[  103.124521][ T5846] team0: Port device team_slave_1 added
[  103.161135][ T5838] team0: Port device team_slave_1 added
[  103.225241][ T5841] team0: Port device team_slave_0 added
[  103.234845][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.242210][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.268778][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.281531][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.288525][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.315328][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.345547][ T5841] team0: Port device team_slave_1 added
[  103.352298][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.359258][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.385428][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.397295][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.404686][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.431059][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.431246][ T5840] Bluetooth: hci3: command tx timeout
[  103.452674][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.459683][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.485843][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.501033][ T5840] Bluetooth: hci0: command tx timeout
[  103.506749][ T5840] Bluetooth: hci1: command tx timeout
[  103.512387][ T5853] Bluetooth: hci2: command tx timeout
[  103.520719][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.527701][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.553815][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.622641][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[  103.629629][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.657368][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  103.715592][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[  103.722689][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  103.749877][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  103.799335][ T5838] hsr_slave_0: entered promiscuous mode
[  103.806065][ T5838] hsr_slave_1: entered promiscuous mode
[  103.826358][ T5846] hsr_slave_0: entered promiscuous mode
[  103.833687][ T5846] hsr_slave_1: entered promiscuous mode
[  103.839903][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.848263][ T5846] Cannot create hsr debugfs directory
[  103.860638][ T5844] hsr_slave_0: entered promiscuous mode
[  103.867139][ T5844] hsr_slave_1: entered promiscuous mode
[  103.873708][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  103.881472][ T5844] Cannot create hsr debugfs directory
[  104.065577][ T5841] hsr_slave_0: entered promiscuous mode
[  104.075339][ T5841] hsr_slave_1: entered promiscuous mode
[  104.082413][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  104.089999][ T5841] Cannot create hsr debugfs directory
[  104.497196][ T5844] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  104.512736][ T5844] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  104.528112][ T5844] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  104.549988][ T5844] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  104.623992][ T5846] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  104.645165][ T5846] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  104.668052][ T5846] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  104.682574][ T5846] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  104.772329][ T5838] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  104.785598][ T5838] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  104.801804][ T5838] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  104.848521][ T5838] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  104.914772][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  104.928750][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  104.947203][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  104.974428][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  105.079768][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.149071][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[  105.183911][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.198932][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.206282][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.244408][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.251649][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.337980][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[  105.381681][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.388873][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.402072][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.409271][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.433172][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.456128][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0
[  105.490565][ T5840] Bluetooth: hci3: command tx timeout
[  105.527999][ T5838] 8021q: adding VLAN 0 to HW filter on device team0
[  105.571742][ T5840] Bluetooth: hci0: command tx timeout
[  105.577389][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[  105.586230][ T5853] Bluetooth: hci2: command tx timeout
[  105.595175][ T5840] Bluetooth: hci1: command tx timeout
[  105.619528][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.626785][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.656372][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  105.663638][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  105.702705][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.709879][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.728281][ T1150] bridge0: port 2(bridge_slave_1) entered blocking state
[  105.735563][ T1150] bridge0: port 2(bridge_slave_1) entered forwarding state
[  105.903164][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.144089][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.155880][ T5844] veth0_vlan: entered promiscuous mode
[  106.190101][ T5844] veth1_vlan: entered promiscuous mode
[  106.376457][ T5846] veth0_vlan: entered promiscuous mode
[  106.416354][ T5844] veth0_macvtap: entered promiscuous mode
[  106.429000][ T5844] veth1_macvtap: entered promiscuous mode
[  106.442897][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.471563][ T5846] veth1_vlan: entered promiscuous mode
[  106.487617][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0
[  106.525701][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.555673][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.569739][ T5844] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.581083][ T5844] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.589856][ T5844] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.599516][ T5844] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.627266][ T5846] veth0_macvtap: entered promiscuous mode
[  106.664630][ T5846] veth1_macvtap: entered promiscuous mode
[  106.689813][ T5841] veth0_vlan: entered promiscuous mode
[  106.718150][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  106.729423][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.741959][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[  106.774273][ T5841] veth1_vlan: entered promiscuous mode
[  106.803980][ T5846] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.816820][ T5846] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.834354][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.857413][ T5846] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.868535][ T5846] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.877504][ T5846] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.887639][ T5846] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.946454][ T5838] veth0_vlan: entered promiscuous mode
[  106.997640][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.009056][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.049479][ T5838] veth1_vlan: entered promiscuous mode
[  107.107399][ T5841] veth0_macvtap: entered promiscuous mode
[  107.125037][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.134343][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.156312][ T5841] veth1_macvtap: entered promiscuous mode
[  107.226654][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.244264][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  107.256708][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.261294][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.281729][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  107.296246][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.314673][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.344996][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  107.369381][ T5838] veth0_macvtap: entered promiscuous mode
[  107.389975][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  107.401283][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.420517][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  107.436260][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.448637][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.472947][ T5838] veth1_macvtap: entered promiscuous mode
[  107.517438][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  107.535263][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  107.546295][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  107.549819][ T5904] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  107.555879][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  107.578653][ T5840] Bluetooth: hci3: command tx timeout
[  107.585062][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  107.598824][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.650684][ T5840] Bluetooth: hci1: command tx timeout
[  107.656212][ T5840] Bluetooth: hci2: command tx timeout
[  107.660279][ T5853] Bluetooth: hci0: command tx timeout
[  107.679118][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  107.711172][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.728943][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  107.748466][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.758959][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  107.769636][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.783122][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0
[  107.851672][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  107.878438][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.891899][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  107.903135][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.923316][ T5838] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  107.940381][ T5838] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  107.952384][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1
[  107.994071][ T5838] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.010826][ T5838] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.019718][ T5838] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.029203][ T5838] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.255706][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.267341][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.339083][ T5851] Bluetooth: hci3: Malformed Event: 0x2f
[  108.457890][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.488678][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.570393][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.596382][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.706583][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.739436][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.239759][ T5935] Zero length message leads to an empty skb
[  109.650762][ T5851] Bluetooth: hci3: command tx timeout
[  109.730615][ T5851] Bluetooth: hci2: command tx timeout
[  109.736101][ T5851] Bluetooth: hci1: command tx timeout
[  109.742037][ T5853] Bluetooth: hci0: command tx timeout
[  110.458224][ T5976] FAULT_INJECTION: forcing a failure.
[  110.458224][ T5976] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  110.497659][ T5976] CPU: 1 UID: 0 PID: 5976 Comm: syz.1.30 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) 
[  110.497699][ T5976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  110.497724][ T5976] Call Trace:
[  110.497734][ T5976]  <TASK>
[  110.497749][ T5976]  dump_stack_lvl+0x16c/0x1f0
[  110.497795][ T5976]  should_fail_ex+0x512/0x640
[  110.497832][ T5976]  should_fail_alloc_page+0xe7/0x130
[  110.497875][ T5976]  prepare_alloc_pages+0x3c2/0x610
[  110.497927][ T5976]  __alloc_frozen_pages_noprof+0x18f/0x23a0
[  110.497966][ T5976]  ? stack_trace_save+0x8e/0xc0
[  110.497998][ T5976]  ? __pfx_stack_trace_save+0x10/0x10
[  110.498031][ T5976]  ? stack_depot_save_flags+0x28/0xa50
[  110.498072][ T5976]  ? __alloc_frozen_pages_noprof+0x298/0x23a0
[  110.498117][ T5976]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  110.498157][ T5976]  ? __kasan_slab_alloc+0x89/0x90
[  110.498194][ T5976]  ? __pmd_alloc+0xc3/0x870
[  110.498253][ T5976]  ? handle_mm_fault+0x3fe/0xad0
[  110.498284][ T5976]  ? do_user_addr_fault+0x7a6/0x1370
[  110.498328][ T5976]  ? exc_page_fault+0x5c/0xc0
[  110.498373][ T5976]  ? asm_exc_page_fault+0x26/0x30
[  110.498412][ T5976]  ? __get_user_4+0x14/0x20
[  110.498445][ T5976]  ? snd_pcm_oss_ioctl+0x2ebe/0x37a0
[  110.498477][ T5976]  ? __x64_sys_ioctl+0x190/0x200
[  110.498536][ T5976]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  110.498592][ T5976]  ? policy_nodemask+0xea/0x4e0
[  110.498635][ T5976]  alloc_pages_mpol+0x1fb/0x550
[  110.498692][ T5976]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  110.498739][ T5976]  ? cgroup_rstat_updated+0x2a/0xb20
[  110.498780][ T5976]  alloc_pages_noprof+0x131/0x390
[  110.498826][ T5976]  pte_alloc_one+0x19/0x380
[  110.498865][ T5976]  do_pte_missing+0x1c0b/0x3fb0
[  110.498903][ T5976]  ? do_raw_spin_unlock+0x172/0x230
[  110.498938][ T5976]  ? __pmd_alloc+0x3c2/0x870
[  110.498987][ T5976]  ? find_held_lock+0x2b/0x80
[  110.499025][ T5976]  __handle_mm_fault+0x103d/0x2a40
[  110.499072][ T5976]  ? __pfx___handle_mm_fault+0x10/0x10
[  110.499130][ T5976]  ? find_vma+0xbf/0x140
[  110.499175][ T5976]  ? __pfx_find_vma+0x10/0x10
[  110.499229][ T5976]  handle_mm_fault+0x3fe/0xad0
[  110.499272][ T5976]  do_user_addr_fault+0x7a6/0x1370
[  110.499311][ T5976]  ? rcu_is_watching+0x12/0xc0
[  110.499348][ T5976]  exc_page_fault+0x5c/0xc0
[  110.499394][ T5976]  asm_exc_page_fault+0x26/0x30
[  110.499425][ T5976] RIP: 0010:__get_user_4+0x14/0x20
[  110.499465][ T5976] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  110.499497][ T5976] RSP: 0018:ffffc9000431fdd8 EFLAGS: 00050287
[  110.499525][ T5976] RAX: 0000000000000000 RBX: ffff888077a20420 RCX: ffffc9000b929000
[  110.499546][ T5976] RDX: 00007ffffffff000 RSI: ffffffff890bbb76 RDI: ffffffff8bf44f80
[  110.499568][ T5976] RBP: 0000000000000000 R08: 2cfb7b1ab8be5804 R09: 0000000000000001
[  110.499587][ T5976] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92000863fc3
[  110.499607][ T5976] R13: 00000000c0045005 R14: ffff88807e66b6c0 R15: 0000000000000050
[  110.499641][ T5976]  ? snd_pcm_oss_ioctl+0x2eb6/0x37a0
[  110.499688][ T5976]  snd_pcm_oss_ioctl+0x2ebe/0x37a0
[  110.499721][ T5976]  ? find_held_lock+0x2b/0x80
[  110.499762][ T5976]  ? hook_file_ioctl_common+0x145/0x410
[  110.499802][ T5976]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  110.499842][ T5976]  ? __fget_files+0x20e/0x3c0
[  110.499880][ T5976]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  110.499917][ T5976]  __x64_sys_ioctl+0x190/0x200
[  110.499992][ T5976]  do_syscall_64+0xcd/0x230
[  110.500049][ T5976]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.500079][ T5976] RIP: 0033:0x7f096db8e969
[  110.500113][ T5976] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.500144][ T5976] RSP: 002b:00007f096e96f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  110.500173][ T5976] RAX: ffffffffffffffda RBX: 00007f096ddb5fa0 RCX: 00007f096db8e969
[  110.500193][ T5976] RDX: 0000000000000000 RSI: 00000000c0045005 RDI: 0000000000000004
[  110.500212][ T5976] RBP: 00007f096dc10ab1 R08: 0000000000000000 R09: 0000000000000000
[  110.500230][ T5976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  110.500246][ T5976] R13: 0000000000000000 R14: 00007f096ddb5fa0 R15: 00007fffc82a64c8
[  110.500279][ T5976]  </TASK>
[  111.277225][   T30] audit: type=1800 audit(1745516070.594:2): pid=5988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.36" name="discovery_nqn" dev="configfs" ino=7386 res=0 errno=0
[  111.879684][ T6006] process 'syz.0.44' launched ':,' with NULL argv: empty string added
[  113.841268][ T6058] netlink: 'syz.1.68': attribute type 8 has an invalid length.
[  114.489511][ T6072] ecryptfs_parse_packet_length: Five-byte packet length not supported
[  114.509884][ T6072] ecryptfs_miscdev_write: Error parsing packet length; rc = [-22]
[  114.822416][ T6083] netlink: 342 bytes leftover after parsing attributes in process `syz.3.79'.
[  117.539477][ T6158] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  119.316878][   T30] audit: type=1804 audit(1745516078.644:3): pid=6207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.126" name="file0" dev="tmpfs" ino=169 res=1 errno=0
[  119.379212][   T30] audit: type=1800 audit(1745516078.674:4): pid=6207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.126" name="file0" dev="tmpfs" ino=169 res=0 errno=0
[  119.442271][   T30] audit: type=1800 audit(1745516078.674:5): pid=6207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.126" name="file0" dev="tmpfs" ino=169 res=0 errno=0
[  119.503138][ T5851] Bluetooth: hci3: ISO packet too small
[  119.697926][ T6212] GUP no longer grows the stack in syz.2.128 (6212): 14000-401000 (4000)
[  119.707185][ T6212] CPU: 0 UID: 0 PID: 6212 Comm: syz.2.128 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) 
[  119.707228][ T6212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  119.707256][ T6212] Call Trace:
[  119.707266][ T6212]  <TASK>
[  119.707278][ T6212]  dump_stack_lvl+0x16c/0x1f0
[  119.707341][ T6212]  gup_vma_lookup+0x1d2/0x220
[  119.707392][ T6212]  __get_user_pages+0x234/0x36f0
[  119.707434][ T6212]  ? process_vm_rw_core.constprop.0+0x1d8/0x9a0
[  119.707478][ T6212]  ? look_up_lock_class+0x59/0x150
[  119.707519][ T6212]  ? __pfx___get_user_pages+0x10/0x10
[  119.707546][ T6212]  ? process_vm_rw+0x216/0x2c0
[  119.707581][ T6212]  ? __x64_sys_process_vm_readv+0xe2/0x1c0
[  119.707621][ T6212]  ? do_syscall_64+0xcd/0x230
[  119.707676][ T6212]  __gup_longterm_locked+0x20d/0x1850
[  119.707716][ T6212]  ? __pfx___gup_longterm_locked+0x10/0x10
[  119.707773][ T6212]  pin_user_pages_remote+0xed/0x140
[  119.707807][ T6212]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  119.707837][ T6212]  ? mm_access+0x22d/0x2e0
[  119.707893][ T6212]  process_vm_rw_core.constprop.0+0x41b/0x9a0
[  119.707956][ T6212]  ? futex_wait_queue+0x14c/0x220
[  119.707999][ T6212]  ? futex_unqueue+0xba/0x140
[  119.708045][ T6212]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  119.708096][ T6212]  ? iovec_from_user+0xbb/0x140
[  119.708160][ T6212]  ? iovec_from_user+0xbb/0x140
[  119.708209][ T6212]  process_vm_rw+0x216/0x2c0
[  119.708262][ T6212]  ? __pfx_process_vm_rw+0x10/0x10
[  119.708357][ T6212]  ? xfd_validate_state+0x5d/0x180
[  119.708402][ T6212]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  119.708449][ T6212]  ? do_syscall_64+0x91/0x230
[  119.708497][ T6212]  ? lockdep_hardirqs_on+0x7c/0x110
[  119.708543][ T6212]  do_syscall_64+0xcd/0x230
[  119.708594][ T6212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.708627][ T6212] RIP: 0033:0x7f3245d8e969
[  119.708667][ T6212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.708700][ T6212] RSP: 002b:00007f3246c2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  119.708737][ T6212] RAX: ffffffffffffffda RBX: 00007f3245fb5fa0 RCX: 00007f3245d8e969
[  119.708759][ T6212] RDX: 0000000000000004 RSI: 0000200000000040 RDI: 000000000000004d
[  119.708779][ T6212] RBP: 00007f3245e10ab1 R08: 0000000000000003 R09: 0000000000000000
[  119.708799][ T6212] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[  119.708818][ T6212] R13: 0000000000000000 R14: 00007f3245fb5fa0 R15: 00007ffdeb9c9c28
[  119.708857][ T6212]  </TASK>
[  122.129331][ T6233] kexec: Could not allocate control_code_buffer
[  124.483503][ T6322] netlink: 354 bytes leftover after parsing attributes in process `syz.3.170'.
[  126.227844][ T6357] delete_channel: no stack
[  128.327917][ T6404] netlink: 'syz.0.202': attribute type 1 has an invalid length.
[  128.347759][ T6404] netlink: 206 bytes leftover after parsing attributes in process `syz.0.202'.
[  129.750321][ T6439] svc: failed to register nfsdv3 RPC service (errno 111).
[  129.783658][ T6439] svc: failed to register nfsaclv3 RPC service (errno 111).
[  130.151444][ T6442] svc: failed to register nfsdv3 RPC service (errno 111).
[  130.212591][ T6442] svc: failed to register nfsaclv3 RPC service (errno 111).
[  132.227000][   T30] audit: type=1804 audit(1745516091.554:6): pid=6513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.247" name=08 dev="tmpfs" ino=336 res=1 errno=0
[  132.362038][ T6517] random: crng reseeded on system resumption
[  132.480901][ T6521] Device name cannot be null; rc = [-22]
[  134.545499][ T6557] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  134.574447][ T6557] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  134.634880][ T6557] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  134.681550][ T6557] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  134.708458][ T6557] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  134.748568][ T6557] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  134.786885][ T6557] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  134.805350][ T6557] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  134.882577][ T6557] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  134.919137][ T6557] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  134.943122][ T6557] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  134.982130][ T6557] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  135.169506][ T6594] netlink: 'syz.1.278': attribute type 1 has an invalid length.
[  135.752361][ T6610] =======================================================
[  135.752361][ T6610] WARNING: The mand mount option has been deprecated and
[  135.752361][ T6610]          and is ignored by this kernel. Remove the mand
[  135.752361][ T6610]          option from the mount to silence this warning.
[  135.752361][ T6610] =======================================================
[  136.058292][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout
[  136.701114][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  136.854021][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  136.930355][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  137.495770][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz.2.298'.
[  137.724292][ T6651] netlink: 338 bytes leftover after parsing attributes in process `syz.3.301'.
[  138.148928][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout
[  138.150629][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  138.172218][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  138.782648][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  138.930126][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  139.020569][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  139.301227][ T6690] netlink: 342 bytes leftover after parsing attributes in process `syz.0.318'.
[  140.220190][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout
[  140.511859][ T6726] tipc: Started in network mode
[  140.537399][ T6726] tipc: Node identity ee00, cluster identity 4711
[  140.557611][ T6726] tipc: Node number set to 60928
[  140.850497][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  141.010208][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  141.099158][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  141.713656][ T6760] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  141.829026][ T6764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.352'.
[  144.374549][ T6845] netlink: 28 bytes leftover after parsing attributes in process `syz.2.384'.
[  144.391736][ T6845] team_slave_0: entered allmulticast mode
[  145.058440][ T6869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.400'.
[  145.087787][ T6869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.400'.
[  145.487701][ T6879] netlink: 28 bytes leftover after parsing attributes in process `syz.0.395'.
[  145.516898][ T6879] team_slave_0: entered allmulticast mode
[  147.569051][ T6952] netlink: 342 bytes leftover after parsing attributes in process `syz.3.428'.
[  149.714461][ T1150] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.816051][ T1150] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  149.926926][ T1150] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.051128][ T1150] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  150.532577][ T1150] bridge_slave_1: left allmulticast mode
[  150.540475][ T1150] bridge_slave_1: left promiscuous mode
[  150.553623][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  150.563663][ T1150] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.567500][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  150.578848][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  150.594450][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  150.604973][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  150.709067][ T1150] bridge_slave_0: left allmulticast mode
[  150.734379][ T1150] bridge_slave_0: left promiscuous mode
[  150.751783][ T1150] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.586873][ T1150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  151.614835][ T1150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  151.626797][ T1150] bond0 (unregistering): Released all slaves
[  151.930479][ T1150] tipc: Left network mode
[  152.153659][ T7078] netlink: 342 bytes leftover after parsing attributes in process `syz.2.480'.
[  152.690620][ T5851] Bluetooth: hci0: command tx timeout
[  153.046041][ T1150] hsr_slave_0: left promiscuous mode
[  153.075213][ T1150] hsr_slave_1: left promiscuous mode
[  153.093989][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.113268][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_0
[  153.133140][ T1150] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  153.143929][ T1150] batman_adv: batadv0: Removing interface: batadv_slave_1
[  153.205108][ T1150] veth1_macvtap: left promiscuous mode
[  153.217245][ T7063] kexec: Could not allocate control_code_buffer
[  153.229627][ T1150] veth0_macvtap: left promiscuous mode
[  153.235459][ T1150] veth1_vlan: left promiscuous mode
[  153.251450][ T1150] veth0_vlan: left promiscuous mode
[  153.775018][ T1150] team0 (unregistering): Port device team_slave_1 removed
[  153.828815][ T1150] team0 (unregistering): Port device team_slave_0 removed
[  154.308944][ T7045] chnl_net:caif_netlink_parms(): no params data found
[  154.516785][ T7045] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.527154][ T7045] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.539058][ T7045] bridge_slave_0: entered allmulticast mode
[  154.561620][ T7045] bridge_slave_0: entered promiscuous mode
[  154.586301][ T7045] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.606145][ T7045] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.633970][ T7045] bridge_slave_1: entered allmulticast mode
[  154.662306][ T7045] bridge_slave_1: entered promiscuous mode
[  154.780301][ T5851] Bluetooth: hci0: command tx timeout
[  154.823229][ T7045] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.844971][ T7045] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  155.067130][ T7045] team0: Port device team_slave_0 added
[  155.097139][ T7045] team0: Port device team_slave_1 added
[  155.171673][ T7142] sctp: [Deprecated]: syz.2.493 (pid 7142) Use of int in max_burst socket option deprecated.
[  155.171673][ T7142] Use struct sctp_assoc_value instead
[  155.312688][ T7045] batman_adv: batadv0: Adding interface: batadv_slave_0
[  155.319713][ T7045] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.394297][ T7045] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  155.473080][ T7045] batman_adv: batadv0: Adding interface: batadv_slave_1
[  155.497653][ T7045] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.576256][ T7045] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  155.993627][ T7045] hsr_slave_0: entered promiscuous mode
[  156.023621][ T7045] hsr_slave_1: entered promiscuous mode
[  156.398489][ T7171] delete_channel: no stack
[  156.850403][ T5851] Bluetooth: hci0: command tx timeout
[  157.715008][ T7045] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  157.750621][ T7217] mmap: syz.2.520 (7217) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  157.784154][ T7045] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  157.836538][ T7045] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  158.108585][ T7045] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  158.437274][ T7045] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.528582][ T7045] 8021q: adding VLAN 0 to HW filter on device team0
[  158.565265][ T3477] bridge0: port 1(bridge_slave_0) entered blocking state
[  158.572515][ T3477] bridge0: port 1(bridge_slave_0) entered forwarding state
[  158.596949][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.604186][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.930648][ T5851] Bluetooth: hci0: command tx timeout
[  159.328121][ T7045] 8021q: adding VLAN 0 to HW filter on device batadv0
[  159.476198][ T7045] veth0_vlan: entered promiscuous mode
[  159.496234][ T7045] veth1_vlan: entered promiscuous mode
[  159.612392][ T7045] veth0_macvtap: entered promiscuous mode
[  159.642686][ T7045] veth1_macvtap: entered promiscuous mode
[  159.682801][ T7045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.710129][ T7045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.730593][ T7045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.749772][ T7045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.764690][ T7045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  159.779988][ T7045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.795138][ T7045] batman_adv: batadv0: Interface activated: batadv_slave_0
[  159.844691][ T7045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.865770][ T7045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.886243][ T7045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.920148][ T7045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  159.947091][ T7045] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  159.971256][ T7045] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  160.005865][ T7045] batman_adv: batadv0: Interface activated: batadv_slave_1
[  160.063970][ T7045] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  160.094108][ T7045] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  160.109257][ T7045] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  160.119658][ T7045] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  160.493765][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.538061][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  160.633482][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  160.677080][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  161.100926][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  161.110580][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  161.200630][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  166.943036][ T7515] netlink: 28 bytes leftover after parsing attributes in process `syz.1.618'.
[  167.064839][ T7515] team0: Port device team_slave_0 removed
[  171.273426][ T7635] sock: sock_timestamping_bind_phc: sock not bind to device
[  171.777448][ T7648] nbd: socks must be embedded in a SOCK_ITEM attr
[  171.816672][ T7648] block nbd1: shutting down sockets
[  173.158633][ T7691] netlink: 186 bytes leftover after parsing attributes in process `syz.3.690'.
[  177.404757][ T7796] netlink: 28 bytes leftover after parsing attributes in process `syz.3.729'.
[  177.473299][ T7796] team0: Port device team_slave_0 removed
[  177.926612][ T7774] kexec: Could not allocate control_code_buffer
[  179.338671][ T7845] zswap: compressor  not available
[  180.699291][ T7875] zswap: compressor  not available
[  181.562795][ T7896] netlink: 'syz.2.768': attribute type 9 has an invalid length.
[  181.695536][ T7899] netlink: 28 bytes leftover after parsing attributes in process `syz.0.769'.
[  181.802423][ T7899] team0: Port device team_slave_0 removed
[  183.186587][ T7916] sg_write: data in/out 32732/16086 bytes for SCSI command 0x0-- guessing data in;
[  183.186587][ T7916]    program syz.3.775 not setting count and/or reply_len properly
[  185.318588][ T7966] capability: warning: `syz.0.797' uses 32-bit capabilities (legacy support in use)
[  185.952928][ T7971] netlink: 342 bytes leftover after parsing attributes in process `syz.3.800'.
[  185.982034][ T7971] netlink: 342 bytes leftover after parsing attributes in process `syz.3.800'.
[  187.805342][ T7985] kexec: Could not allocate control_code_buffer
[  188.100821][ T8013] netlink: 'syz.3.815': attribute type 9 has an invalid length.
[  188.156798][ T8013] netlink: 330 bytes leftover after parsing attributes in process `syz.3.815'.
[  188.212657][ T8010] zswap: compressor  not available
[  191.970230][   T30] audit: type=1800 audit(1745516151.284:7): pid=8104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.850" name="SYSV00000400" dev="tmpfs" ino=0 res=0 errno=0
[  192.176822][ T8109] sctp: [Deprecated]: syz.0.849 (pid 8109) Use of int in max_burst socket option deprecated.
[  192.176822][ T8109] Use struct sctp_assoc_value instead
[  192.200596][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[  193.645351][ T8147] netlink: 342 bytes leftover after parsing attributes in process `syz.0.869'.
[  195.627583][ T8209] device-mapper: ioctl: Unable to rename non-existent device,  to uuid „
[  195.654326][ T8211] CIFS: VFS: Unsupported security flags: 0x10
[  196.201442][ T5853] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  196.201485][ T5853] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  196.222495][ T5853] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  196.222547][ T5853] Bluetooth: hci0: adv larger than maximum supported
[  196.230519][ T5853] Bluetooth: hci0: Malformed LE Event: 0x0d
[  196.264315][ T8227] TCP: TCP_TX_DELAY enabled
[  197.259618][ T8258] netlink: 342 bytes leftover after parsing attributes in process `syz.1.918'.
[  197.411268][ T8260] netlink: 4 bytes leftover after parsing attributes in process `syz.2.919'.
[  199.349929][ T8318] netlink: 24 bytes leftover after parsing attributes in process `syz.0.946'.
[  199.576458][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  199.584930][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  199.666765][ T8330] usb usb28: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  202.499532][ T8429] netlink: 4 bytes leftover after parsing attributes in process `syz.0.992'.
[  202.679820][ T8433] netlink: 'syz.0.994': attribute type 9 has an invalid length.
[  202.687656][ T8433] netlink: 330 bytes leftover after parsing attributes in process `syz.0.994'.
[  203.862319][ T5853] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  203.862366][ T5853] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  203.878456][ T5853] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  203.878521][ T5853] Bluetooth: hci3: adv larger than maximum supported
[  203.888167][ T5853] Bluetooth: hci3: Malformed LE Event: 0x0d
[  206.078807][ T8531] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1036'.
[  206.126870][ T5853] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260
[  206.126907][ T5853] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260
[  206.142878][ T5853] Bluetooth: hci3: Unknown advertising packet type: 0x7f
[  206.142911][ T5853] Bluetooth: hci3: Unknown advertising packet type: 0x74
[  206.150086][ T5853] Bluetooth: hci3: adv larger than maximum supported
[  206.157140][ T5853] Bluetooth: hci3: Unknown advertising packet type: 0x20
[  206.163925][ T5853] Bluetooth: hci3: adv larger than maximum supported
[  206.171031][ T8531] caif0: entered promiscuous mode
[  206.182944][ T5853] Bluetooth: hci3: adv larger than maximum supported
[  206.182976][ T5853] Bluetooth: hci3: Malformed LE Event: 0x0d
[  206.814542][ T8547] qrtr: Invalid version 0
[  208.700318][ T8601] Device name cannot be null; rc = [-22]
[  210.660719][ T5853] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260
[  210.660758][ T5853] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260
[  210.675654][ T5853] Bluetooth: hci0: Unknown advertising packet type: 0x7f
[  210.675683][ T5853] Bluetooth: hci0: Unknown advertising packet type: 0x74
[  210.682843][ T5853] Bluetooth: hci0: adv larger than maximum supported
[  210.690303][ T5853] Bluetooth: hci0: Unknown advertising packet type: 0x20
[  210.699261][ T5853] Bluetooth: hci0: adv larger than maximum supported
[  210.706981][ T5853] Bluetooth: hci0: adv larger than maximum supported
[  210.713881][ T5853] Bluetooth: hci0: Malformed LE Event: 0x0d
[  211.871402][ T8691] ptrace attach of "./syz-executor exec"[5841] was attempted by ""[8691]
[  212.097734][ T8701] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1107'.
[  212.206178][ T8706] lo: entered allmulticast mode
[  212.213309][ T8705] lo: left allmulticast mode
[  212.643696][ T8714] nbd: socks must be embedded in a SOCK_ITEM attr
[  212.672715][ T8714] block nbd1: shutting down sockets
[  261.013398][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  261.019787][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  273.330307][ T5840] Bluetooth: hci0: command 0x0406 tx timeout
[  322.455699][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  322.463208][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  362.770658][   T31] INFO: task jbd2/sda1-8:5175 blocked for more than 143 seconds.
[  362.782641][   T31]       Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0
[  362.793576][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  362.806483][   T31] task:jbd2/sda1-8     state:D stack:26616 pid:5175  tgid:5175  ppid:2      task_flags:0x240040 flags:0x00004000
[  362.822169][   T31] Call Trace:
[  362.826151][   T31]  <TASK>
[  362.830964][   T31]  __schedule+0x116f/0x5de0
[  362.836469][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  362.842268][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  362.849018][   T31]  ? __pfx___schedule+0x10/0x10
[  362.854942][   T31]  ? find_held_lock+0x2b/0x80
[  362.861700][   T31]  ? schedule+0x2d7/0x3a0
[  362.866921][   T31]  schedule+0xe7/0x3a0
[  362.872602][   T31]  io_schedule+0xbf/0x130
[  362.879575][   T31]  bit_wait_io+0x15/0xe0
[  362.886255][   T31]  __wait_on_bit+0x62/0x180
[  362.894158][   T31]  ? __pfx_bit_wait_io+0x10/0x10
[  362.901982][   T31]  out_of_line_wait_on_bit+0xd9/0x110
[  362.909788][   T31]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  362.916565][   T31]  ? __pfx_wake_bit_function+0x10/0x10
[  362.922441][   T31]  ? __pfx___might_resched+0x10/0x10
[  362.928289][   T31]  __wait_on_buffer+0x64/0x70
[  362.934831][   T31]  jbd2_journal_commit_transaction+0x382e/0x6830
[  362.943283][   T31]  ? __pfx_jbd2_journal_commit_transaction+0x10/0x10
[  362.955093][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  362.961773][   T31]  ? debug_object_deactivate+0x1ec/0x3a0
[  362.969305][   T31]  ? __pfx_debug_object_deactivate+0x10/0x10
[  362.977672][   T31]  ? find_held_lock+0x2b/0x80
[  362.989545][   T31]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  362.999296][   T31]  ? rcu_is_watching+0x12/0xc0
[  363.008591][   T31]  kjournald2+0x1f4/0x760
[  363.015185][   T31]  ? __pfx_kjournald2+0x10/0x10
[  363.024228][   T31]  ? find_held_lock+0x2b/0x80
[  363.037050][   T31]  ? __pfx_autoremove_wake_function+0x10/0x10
[  363.049735][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  363.062550][   T31]  ? __kthread_parkme+0x19e/0x250
[  363.074471][   T31]  ? __pfx_kjournald2+0x10/0x10
[  363.081446][   T31]  kthread+0x3c2/0x780
[  363.086362][   T31]  ? __pfx_kthread+0x10/0x10
[  363.093459][   T31]  ? __pfx_kthread+0x10/0x10
[  363.101605][   T31]  ? __pfx_kthread+0x10/0x10
[  363.107242][   T31]  ? __pfx_kthread+0x10/0x10
[  363.115353][   T31]  ? rcu_is_watching+0x12/0xc0
[  363.123132][   T31]  ? __pfx_kthread+0x10/0x10
[  363.137210][   T31]  ret_from_fork+0x45/0x80
[  363.146809][   T31]  ? __pfx_kthread+0x10/0x10
[  363.161461][   T31]  ret_from_fork_asm+0x1a/0x30
[  363.175403][   T31]  </TASK>
[  363.183468][   T31] INFO: task syz-executor:5828 blocked for more than 143 seconds.
[  363.199640][   T31]       Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0
[  363.222174][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  363.241672][   T31] task:syz-executor    state:D stack:23432 pid:5828  tgid:5828  ppid:5826   task_flags:0x440100 flags:0x00000002
[  363.259302][   T31] Call Trace:
[  363.266702][   T31]  <TASK>
[  363.273124][   T31]  __schedule+0x116f/0x5de0
[  363.278991][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  363.288750][   T31]  ? __pfx___schedule+0x10/0x10
[  363.296613][   T31]  ? find_held_lock+0x2b/0x80
[  363.303887][   T31]  ? schedule+0x2d7/0x3a0
[  363.311613][   T31]  schedule+0xe7/0x3a0
[  363.317040][   T31]  io_schedule+0xbf/0x130
[  363.328044][   T31]  bit_wait_io+0x15/0xe0
[  363.335119][   T31]  __wait_on_bit+0x62/0x180
[  363.342609][   T31]  ? __pfx_bit_wait_io+0x10/0x10
[  363.352009][   T31]  out_of_line_wait_on_bit+0xd9/0x110
[  363.359468][   T31]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  363.368001][   T31]  ? __pfx_wake_bit_function+0x10/0x10
[  363.374684][   T31]  do_get_write_access+0x93d/0x12a0
[  363.381440][   T31]  jbd2_journal_get_write_access+0x1d6/0x280
[  363.389204][   T31]  __ext4_journal_get_write_access+0x6a/0x340
[  363.395874][   T31]  ext4_reserve_inode_write+0x1be/0x320
[  363.402083][   T31]  __ext4_mark_inode_dirty+0x197/0x870
[  363.408756][   T31]  ? trace_kmem_cache_alloc+0x28/0xc0
[  363.418273][   T31]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  363.425627][   T31]  ? rcu_is_watching+0x12/0xc0
[  363.431366][   T31]  ? trace_jbd2_handle_start+0x1a8/0x230
[  363.437779][   T31]  ? jbd2__journal_start+0xf6/0x6a0
[  363.445304][   T31]  ? __ext4_journal_start_sb+0x195/0x690
[  363.455093][   T31]  ? __ext4_journal_start_sb+0x19e/0x690
[  363.462247][   T31]  ? ext4_dirty_inode+0xa1/0x130
[  363.469082][   T31]  ? __pfx_ext4_dirty_inode+0x10/0x10
[  363.476856][   T31]  ext4_dirty_inode+0xd9/0x130
[  363.484405][   T31]  ? rcu_is_watching+0x12/0xc0
[  363.489692][   T31]  __mark_inode_dirty+0x1eb/0xe50
[  363.499278][   T31]  generic_update_time+0xcf/0xf0
[  363.509852][   T31]  file_update_time+0x17d/0x1c0
[  363.516141][   T31]  ext4_page_mkwrite+0x35e/0x1750
[  363.525988][   T31]  ? __pfx_ext4_page_mkwrite+0x10/0x10
[  363.536172][   T31]  do_page_mkwrite+0x171/0x380
[  363.542205][   T31]  do_pte_missing+0x29c/0x3fb0
[  363.548509][   T31]  ? __handle_mm_fault+0x1010/0x2a40
[  363.554573][   T31]  __handle_mm_fault+0x103d/0x2a40
[  363.562176][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  363.568699][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  363.576097][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  363.582191][   T31]  handle_mm_fault+0x3fe/0xad0
[  363.590065][   T31]  do_user_addr_fault+0x60c/0x1370
[  363.596030][   T31]  exc_page_fault+0x5c/0xc0
[  363.604892][   T31]  asm_exc_page_fault+0x26/0x30
[  363.611837][   T31] RIP: 0033:0x7f4f05677dcf
[  363.618192][   T31] RSP: 002b:00007ffced7862c0 EFLAGS: 00010246
[  363.629031][   T31] RAX: 00007f4f03944000 RBX: 00000000000000d1 RCX: 0000000000000000
[  363.643439][   T31] RDX: 1ffffffff15110f8 RSI: 000055557a7bb6a0 RDI: 0000000000000001
[  363.653213][   T31] RBP: 00007ffced7865b0 R08: 000055557a7bba58 R09: 000000000000221f
[  363.663722][   T31] R10: 00007f4f05600000 R11: 00007ffced7867c0 R12: 00007ffced786610
[  363.677145][   T31] R13: 0000000000000004 R14: 00007ffced786330 R15: 00007ffced786400
[  363.687482][   T31]  </TASK>
[  363.691389][   T31] INFO: task syz.0.1120:8727 blocked for more than 144 seconds.
[  363.704448][   T31]       Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0
[  363.717170][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  363.732114][   T31] task:syz.0.1120      state:D stack:28344 pid:8727  tgid:8727  ppid:7045   task_flags:0x440040 flags:0x00000004
[  363.747407][   T31] Call Trace:
[  363.751280][   T31]  <TASK>
[  363.754291][   T31]  __schedule+0x116f/0x5de0
[  363.758957][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  363.765183][   T31]  ? __pfx___schedule+0x10/0x10
[  363.773786][   T31]  ? find_held_lock+0x2b/0x80
[  363.782224][   T31]  ? schedule+0x2d7/0x3a0
[  363.790350][   T31]  schedule+0xe7/0x3a0
[  363.799704][   T31]  io_schedule+0xbf/0x130
[  363.807524][   T31]  bit_wait_io+0x15/0xe0
[  363.814162][   T31]  __wait_on_bit+0x62/0x180
[  363.819371][   T31]  ? __pfx_bit_wait_io+0x10/0x10
[  363.825354][   T31]  out_of_line_wait_on_bit+0xd9/0x110
[  363.835635][   T31]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  363.843554][   T31]  ? __pfx_wake_bit_function+0x10/0x10
[  363.850847][   T31]  do_get_write_access+0x93d/0x12a0
[  363.857392][   T31]  jbd2_journal_get_write_access+0x1d6/0x280
[  363.868411][   T31]  __ext4_journal_get_write_access+0x6a/0x340
[  363.881428][   T31]  ext4_reserve_inode_write+0x1be/0x320
[  363.897394][   T31]  __ext4_mark_inode_dirty+0x197/0x870
[  363.904367][   T31]  ? trace_kmem_cache_alloc+0x28/0xc0
[  363.913178][   T31]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  363.923054][   T31]  ? rcu_is_watching+0x12/0xc0
[  363.934214][   T31]  ? trace_jbd2_handle_start+0x1a8/0x230
[  363.940724][   T31]  ? jbd2__journal_start+0xf6/0x6a0
[  363.948907][   T31]  ? __ext4_journal_start_sb+0x195/0x690
[  363.960229][   T31]  ? __ext4_journal_start_sb+0x19e/0x690
[  363.972854][   T31]  ? ext4_dirty_inode+0xa1/0x130
[  363.978606][   T31]  ? __pfx_ext4_dirty_inode+0x10/0x10
[  363.987992][   T31]  ext4_dirty_inode+0xd9/0x130
[  363.995440][   T31]  ? rcu_is_watching+0x12/0xc0
[  364.001938][   T31]  __mark_inode_dirty+0x1eb/0xe50
[  364.007846][   T31]  generic_update_time+0xcf/0xf0
[  364.015495][   T31]  file_update_time+0x17d/0x1c0
[  364.023612][   T31]  ext4_page_mkwrite+0x35e/0x1750
[  364.030100][   T31]  ? __pfx_ext4_page_mkwrite+0x10/0x10
[  364.036921][   T31]  do_page_mkwrite+0x171/0x380
[  364.042982][   T31]  do_pte_missing+0x29c/0x3fb0
[  364.048777][   T31]  ? __handle_mm_fault+0x1010/0x2a40
[  364.056346][   T31]  __handle_mm_fault+0x103d/0x2a40
[  364.068212][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  364.075386][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  364.082385][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  364.091922][   T31]  handle_mm_fault+0x3fe/0xad0
[  364.098528][   T31]  do_user_addr_fault+0x60c/0x1370
[  364.106820][   T31]  exc_page_fault+0x5c/0xc0
[  364.113025][   T31]  asm_exc_page_fault+0x26/0x30
[  364.119410][   T31] RIP: 0033:0x7f64f026f282
[  364.124014][   T31] RSP: 002b:00007ffe19bf2600 EFLAGS: 00010202
[  364.132045][   T31] RAX: 0000000000005008 RBX: 00007f64f10e5720 RCX: 0000000000000000
[  364.141839][   T31] RDX: 0000001b33c1b000 RSI: 0000000000000008 RDI: 00007f64f10e5720
[  364.153152][   T31] RBP: 0000000000000014 R08: 00007f64ef9ff048 R09: 00007f64f05a2000
[  364.165954][   T31] R10: 00007f64ef9ff008 R11: 0000000000000001 R12: ffffffff847f23df
[  364.178295][   T31] R13: 00007f64f05b6038 R14: 0000000000000008 R15: ffffffffffffb000
[  364.194041][   T31]  ? cap_task_prctl+0x2af/0xa80
[  364.199788][   T31]  </TASK>
[  364.203832][   T31] INFO: task syz.3.1121:8729 blocked for more than 144 seconds.
[  364.218582][   T31]       Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0
[  364.232631][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  364.247479][   T31] task:syz.3.1121      state:D stack:28632 pid:8729  tgid:8729  ppid:5844   task_flags:0x440040 flags:0x00000004
[  364.271230][   T31] Call Trace:
[  364.275009][   T31]  <TASK>
[  364.278392][   T31]  __schedule+0x116f/0x5de0
[  364.283847][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  364.290947][   T31]  ? __pfx___schedule+0x10/0x10
[  364.305817][   T31]  ? find_held_lock+0x2b/0x80
[  364.313197][   T31]  ? schedule+0x2d7/0x3a0
[  364.320744][   T31]  schedule+0xe7/0x3a0
[  364.326916][   T31]  io_schedule+0xbf/0x130
[  364.334181][   T31]  bit_wait_io+0x15/0xe0
[  364.339352][   T31]  __wait_on_bit+0x62/0x180
[  364.347978][   T31]  ? __pfx_bit_wait_io+0x10/0x10
[  364.356133][   T31]  out_of_line_wait_on_bit+0xd9/0x110
[  364.364514][   T31]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  364.375268][   T31]  ? __pfx_wake_bit_function+0x10/0x10
[  364.384038][   T31]  do_get_write_access+0x93d/0x12a0
[  364.398351][   T31]  jbd2_journal_get_write_access+0x1d6/0x280
[  364.406064][   T31]  __ext4_journal_get_write_access+0x6a/0x340
[  364.414688][   T31]  ext4_reserve_inode_write+0x1be/0x320
[  364.430440][   T31]  __ext4_mark_inode_dirty+0x197/0x870
[  364.438973][   T31]  ? trace_kmem_cache_alloc+0x28/0xc0
[  364.451241][   T31]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  364.464242][   T31]  ? rcu_is_watching+0x12/0xc0
[  364.470777][   T31]  ? trace_jbd2_handle_start+0x1a8/0x230
[  364.481322][   T31]  ? jbd2__journal_start+0xf6/0x6a0
[  364.487759][   T31]  ? __ext4_journal_start_sb+0x195/0x690
[  364.495971][   T31]  ? __ext4_journal_start_sb+0x19e/0x690
[  364.504974][   T31]  ? ext4_dirty_inode+0xa1/0x130
[  364.512430][   T31]  ? __pfx_ext4_dirty_inode+0x10/0x10
[  364.519572][   T31]  ext4_dirty_inode+0xd9/0x130
[  364.528092][   T31]  ? rcu_is_watching+0x12/0xc0
[  364.535865][   T31]  __mark_inode_dirty+0x1eb/0xe50
[  364.546421][   T31]  generic_update_time+0xcf/0xf0
[  364.556889][   T31]  file_update_time+0x17d/0x1c0
[  364.563481][   T31]  ext4_page_mkwrite+0x35e/0x1750
[  364.569833][   T31]  ? __pfx_ext4_page_mkwrite+0x10/0x10
[  364.578331][   T31]  ? __pfx_filemap_map_pages+0x10/0x10
[  364.584172][   T31]  ? pte_alloc_one+0x2b1/0x380
[  364.589204][   T31]  do_page_mkwrite+0x171/0x380
[  364.595623][   T31]  do_pte_missing+0x29c/0x3fb0
[  364.607695][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  364.613993][   T31]  ? __pmd_alloc+0x3c2/0x870
[  364.619333][   T31]  __handle_mm_fault+0x103d/0x2a40
[  364.626698][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  364.633186][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  364.639619][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  364.645700][   T31]  handle_mm_fault+0x3fe/0xad0
[  364.650973][   T31]  do_user_addr_fault+0x60c/0x1370
[  364.656185][   T31]  exc_page_fault+0x5c/0xc0
[  364.661000][   T31]  asm_exc_page_fault+0x26/0x30
[  364.665943][   T31] RIP: 0033:0x7fd35b26547b
[  364.672016][   T31] RSP: 002b:00007ffe38480990 EFLAGS: 00010246
[  364.678882][   T31] RAX: 00000000003ffde8 RBX: 0000000000000000 RCX: 0000000000000000
[  364.687961][   T31] RDX: 0000001b30920000 RSI: 0000000000400000 RDI: 00007fd35b498d50
[  364.697620][   T31] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000040000
[  364.707041][   T31] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  364.715675][   T31] R13: 00000000000927c0 R14: 0000000000033f53 R15: 00007ffe38480c40
[  364.724956][   T31]  </TASK>
[  364.728129][   T31] INFO: task syz.2.1122:8730 blocked for more than 145 seconds.
[  364.736248][   T31]       Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0
[  364.744142][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  364.752982][   T31] task:syz.2.1122      state:D stack:27752 pid:8730  tgid:8730  ppid:5841   task_flags:0x440040 flags:0x00004004
[  364.765421][   T31] Call Trace:
[  364.769688][   T31]  <TASK>
[  364.773021][   T31]  __schedule+0x116f/0x5de0
[  364.777887][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  364.783189][   T31]  ? __pfx___schedule+0x10/0x10
[  364.788223][   T31]  ? find_held_lock+0x2b/0x80
[  364.794303][   T31]  ? schedule+0x2d7/0x3a0
[  364.799216][   T31]  schedule+0xe7/0x3a0
[  364.804378][   T31]  io_schedule+0xbf/0x130
[  364.809781][   T31]  bit_wait_io+0x15/0xe0
[  364.814631][   T31]  __wait_on_bit+0x62/0x180
[  364.819699][   T31]  ? __pfx_bit_wait_io+0x10/0x10
[  364.824842][   T31]  out_of_line_wait_on_bit+0xd9/0x110
[  364.830847][   T31]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  364.837054][   T31]  ? __pfx_wake_bit_function+0x10/0x10
[  364.842847][   T31]  do_get_write_access+0x93d/0x12a0
[  364.849153][   T31]  jbd2_journal_get_write_access+0x1d6/0x280
[  364.855391][   T31]  __ext4_journal_get_write_access+0x6a/0x340
[  364.862611][   T31]  ext4_reserve_inode_write+0x1be/0x320
[  364.868243][   T31]  __ext4_mark_inode_dirty+0x197/0x870
[  364.873965][   T31]  ? trace_kmem_cache_alloc+0x28/0xc0
[  364.879527][   T31]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  364.886084][   T31]  ? rcu_is_watching+0x12/0xc0
[  364.891863][   T31]  ? trace_jbd2_handle_start+0x1a8/0x230
[  364.897779][   T31]  ? jbd2__journal_start+0xf6/0x6a0
[  364.903184][   T31]  ? __ext4_journal_start_sb+0x195/0x690
[  364.909352][   T31]  ? __ext4_journal_start_sb+0x19e/0x690
[  364.915667][   T31]  ? ext4_dirty_inode+0xa1/0x130
[  364.922983][   T31]  ? __pfx_ext4_dirty_inode+0x10/0x10
[  364.928543][   T31]  ext4_dirty_inode+0xd9/0x130
[  364.933820][   T31]  ? rcu_is_watching+0x12/0xc0
[  364.938953][   T31]  __mark_inode_dirty+0x1eb/0xe50
[  364.945899][   T31]  generic_update_time+0xcf/0xf0
[  364.954753][   T31]  file_update_time+0x17d/0x1c0
[  364.962499][   T31]  ext4_page_mkwrite+0x35e/0x1750
[  364.971054][   T31]  ? __pfx_ext4_page_mkwrite+0x10/0x10
[  364.980552][   T31]  ? __pfx_filemap_map_pages+0x10/0x10
[  364.990497][   T31]  ? pte_alloc_one+0x2b1/0x380
[  364.998750][   T31]  do_page_mkwrite+0x171/0x380
[  365.005829][   T31]  do_pte_missing+0x29c/0x3fb0
[  365.012340][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  365.019112][   T31]  ? __pmd_alloc+0x3c2/0x870
[  365.026230][   T31]  __handle_mm_fault+0x103d/0x2a40
[  365.034316][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  365.043447][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  365.053603][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  365.061103][   T31]  handle_mm_fault+0x3fe/0xad0
[  365.068246][   T31]  do_user_addr_fault+0x60c/0x1370
[  365.075013][   T31]  exc_page_fault+0x5c/0xc0
[  365.080682][   T31]  asm_exc_page_fault+0x26/0x30
[  365.087078][   T31] RIP: 0033:0x7f3245c6547b
[  365.092582][   T31] RSP: 002b:00007ffdeb9c9d90 EFLAGS: 00010246
[  365.100641][   T31] RAX: 00000000003ffde8 RBX: 0000000000000000 RCX: 0000000000000000
[  365.113081][   T31] RDX: 0000001b30820000 RSI: 0000000000400000 RDI: 00007f3245e98d50
[  365.123457][   T31] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000040000
[  365.139206][   T31] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  365.150414][   T31] R13: 00000000000927c0 R14: 0000000000033f3f R15: 00007ffdeb9ca040
[  365.160126][   T31]  </TASK>
[  365.164194][   T31] INFO: task syz.1.1123:8731 blocked for more than 145 seconds.
[  365.176325][   T31]       Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0
[  365.188563][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  365.201483][   T31] task:syz.1.1123      state:D stack:28632 pid:8731  tgid:8731  ppid:5846   task_flags:0x440040 flags:0x00000004
[  365.221002][   T31] Call Trace:
[  365.224555][   T31]  <TASK>
[  365.228495][   T31]  __schedule+0x116f/0x5de0
[  365.234189][   T31]  ? __lock_acquire+0x5ca/0x1ba0
[  365.240518][   T31]  ? __pfx___schedule+0x10/0x10
[  365.245566][   T31]  ? find_held_lock+0x2b/0x80
[  365.251161][   T31]  ? schedule+0x2d7/0x3a0
[  365.256775][   T31]  schedule+0xe7/0x3a0
[  365.262100][   T31]  io_schedule+0xbf/0x130
[  365.267806][   T31]  bit_wait_io+0x15/0xe0
[  365.273532][   T31]  __wait_on_bit+0x62/0x180
[  365.280324][   T31]  ? __pfx_bit_wait_io+0x10/0x10
[  365.286616][   T31]  out_of_line_wait_on_bit+0xd9/0x110
[  365.292724][   T31]  ? __pfx_out_of_line_wait_on_bit+0x10/0x10
[  365.300971][   T31]  ? __pfx_wake_bit_function+0x10/0x10
[  365.311048][   T31]  do_get_write_access+0x93d/0x12a0
[  365.319243][   T31]  jbd2_journal_get_write_access+0x1d6/0x280
[  365.326833][   T31]  __ext4_journal_get_write_access+0x6a/0x340
[  365.337644][   T31]  ext4_reserve_inode_write+0x1be/0x320
[  365.344253][   T31]  __ext4_mark_inode_dirty+0x197/0x870
[  365.351534][   T31]  ? trace_kmem_cache_alloc+0x28/0xc0
[  365.357792][   T31]  ? __pfx___ext4_mark_inode_dirty+0x10/0x10
[  365.364785][   T31]  ? rcu_is_watching+0x12/0xc0
[  365.373201][   T31]  ? trace_jbd2_handle_start+0x1a8/0x230
[  365.392046][   T31]  ? jbd2__journal_start+0xf6/0x6a0
[  365.397897][   T31]  ? __ext4_journal_start_sb+0x195/0x690
[  365.405791][   T31]  ? __ext4_journal_start_sb+0x19e/0x690
[  365.414551][   T31]  ? ext4_dirty_inode+0xa1/0x130
[  365.420067][   T31]  ? __pfx_ext4_dirty_inode+0x10/0x10
[  365.429044][   T31]  ext4_dirty_inode+0xd9/0x130
[  365.434539][   T31]  ? rcu_is_watching+0x12/0xc0
[  365.441713][   T31]  __mark_inode_dirty+0x1eb/0xe50
[  365.448496][   T31]  generic_update_time+0xcf/0xf0
[  365.454377][   T31]  file_update_time+0x17d/0x1c0
[  365.462980][   T31]  ext4_page_mkwrite+0x35e/0x1750
[  365.470389][   T31]  ? __pfx_ext4_page_mkwrite+0x10/0x10
[  365.481415][   T31]  ? __pfx_filemap_map_pages+0x10/0x10
[  365.489450][   T31]  ? pte_alloc_one+0x2b1/0x380
[  365.497436][   T31]  do_page_mkwrite+0x171/0x380
[  365.503673][   T31]  do_pte_missing+0x29c/0x3fb0
[  365.510785][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  365.519484][   T31]  ? __pmd_alloc+0x3c2/0x870
[  365.529280][   T31]  __handle_mm_fault+0x103d/0x2a40
[  365.539475][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  365.548468][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  365.558295][   T31]  ? lock_vma_under_rcu+0x47d/0x970
[  365.565176][   T31]  handle_mm_fault+0x3fe/0xad0
[  365.571587][   T31]  do_user_addr_fault+0x60c/0x1370
[  365.578303][   T31]  exc_page_fault+0x5c/0xc0
[  365.583439][   T31]  asm_exc_page_fault+0x26/0x30
[  365.589079][   T31] RIP: 0033:0x7f096da6547b
[  365.597077][   T31] RSP: 002b:00007fffc82a6630 EFLAGS: 00010246
[  365.607113][   T31] RAX: 00000000003ffde8 RBX: 0000000000000000 RCX: 0000000000000000
[  365.619212][   T31] RDX: 0000001b30720000 RSI: 0000000000400000 RDI: 00007f096dc98d50
[  365.632770][   T31] RBP: 0000000000000000 R08: 0000000000000004 R09: 0000000000040000
[  365.648399][   T31] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  365.660291][   T31] R13: 00000000000927c0 R14: 0000000000033f91 R15: 00007fffc82a68e0
[  365.677399][   T31]  </TASK>
[  365.680912][   T31] 
[  365.680912][   T31] Showing all locks held in the system:
[  365.692506][   T31] 3 locks held by kworker/u8:0/12:
[  365.699850][   T31]  #0: ffff8880b8539f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130
[  365.711273][   T31]  #1: ffff8880b8523c48 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x2c1/0x8e0
[  365.725145][   T31]  #2: ffffffff9adacbf8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x135/0x3a0
[  365.737091][   T31] 1 lock held by khungtaskd/31:
[  365.746660][   T31]  #0: ffffffff8e3bf440 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  365.766375][   T31] 6 locks held by kworker/u8:8/3477:
[  365.772179][   T31]  #0: ffff888021af5148 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  365.787889][   T31]  #1: ffffc9000c607d18 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  365.802982][   T31]  #2: ffff8880354d80e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0
[  365.820788][   T31]  #3: ffff8880354dab98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x1b2/0x820
[  365.837127][   T31]  #4: ffff8880354dc950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410
[  365.849393][   T31]  #5: ffff888078ec65d8 (&ei->i_data_sem){++++}-{4:4}, at: ext4_map_blocks+0x355/0x1390
[  365.863879][   T31] 1 lock held by klogd/5202:
[  365.871653][   T31]  #0: ffff8880b8539f18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x29/0x130
[  365.889027][   T31] 2 locks held by getty/5597:
[  365.895622][   T31]  #0: ffff8880358da0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  365.911564][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  365.927098][   T31] 3 locks held by syz-executor/5828:
[  365.936378][   T31]  #0: ffff888078419e48 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370
[  365.957902][   T31]  #1: ffff8880354d8518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380
[  365.976906][   T31]  #2: ffff8880354dc950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410
[  365.990927][   T31] 2 locks held by kworker/u9:6/5851:
[  365.997333][   T31]  #0: ffff888025df3148 ((wq_completion)nbd0-recv){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  366.009615][   T31]  #1: ffffc90003f2fd18 ((work_completion)(&args->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  366.023991][   T31] 3 locks held by syz.0.1120/8727:
[  366.033387][   T31]  #0: ffff888033a18bc8 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370
[  366.045179][   T31]  #1: ffff8880354d8518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380
[  366.057498][   T31]  #2: ffff8880354dc950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410
[  366.069706][   T31] 3 locks held by syz.3.1121/8729:
[  366.075800][   T31]  #0: ffff8880780a3e48 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370
[  366.091233][   T31]  #1: ffff8880354d8518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380
[  366.106553][   T31]  #2: ffff8880354dc950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410
[  366.120826][   T31] 3 locks held by syz.2.1122/8730:
[  366.130780][   T31]  #0: ffff88806cf91448 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370
[  366.146402][   T31]  #1: ffff8880354d8518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380
[  366.161462][   T31]  #2: ffff8880354dc950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410
[  366.173258][   T31] 3 locks held by syz.1.1123/8731:
[  366.178681][   T31]  #0: ffff88803032b588 (vm_lock){++++}-{0:0}, at: do_user_addr_fault+0x452/0x1370
[  366.189351][   T31]  #1: ffff8880354d8518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x171/0x380
[  366.202167][   T31]  #2: ffff8880354dc950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x5e4/0x1410
[  366.217723][   T31] 
[  366.221781][   T31] =============================================
[  366.221781][   T31] 
[  366.233462][   T31] NMI backtrace for cpu 0
[  366.233486][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) 
[  366.233523][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  366.233540][   T31] Call Trace:
[  366.233549][   T31]  <TASK>
[  366.233560][   T31]  dump_stack_lvl+0x116/0x1f0
[  366.233614][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  366.233651][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  366.233686][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  366.233729][   T31]  watchdog+0xf70/0x12c0
[  366.233784][   T31]  ? __pfx_watchdog+0x10/0x10
[  366.233827][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  366.233875][   T31]  ? __kthread_parkme+0x19e/0x250
[  366.233920][   T31]  ? __pfx_watchdog+0x10/0x10
[  366.233965][   T31]  kthread+0x3c2/0x780
[  366.234016][   T31]  ? __pfx_kthread+0x10/0x10
[  366.234082][   T31]  ? __pfx_kthread+0x10/0x10
[  366.234130][   T31]  ? __pfx_kthread+0x10/0x10
[  366.234178][   T31]  ? __pfx_kthread+0x10/0x10
[  366.234225][   T31]  ? rcu_is_watching+0x12/0xc0
[  366.234261][   T31]  ? __pfx_kthread+0x10/0x10
[  366.234335][   T31]  ret_from_fork+0x45/0x80
[  366.234364][   T31]  ? __pfx_kthread+0x10/0x10
[  366.234410][   T31]  ret_from_fork_asm+0x1a/0x30
[  366.234480][   T31]  </TASK>
[  366.234491][   T31] Sending NMI from CPU 0 to CPUs 1:
[  366.402578][    C1] NMI backtrace for cpu 1
[  366.402611][    C1] CPU: 1 UID: 0 PID: 1150 Comm: kworker/u8:7 Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) 
[  366.402648][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  366.402666][    C1] Workqueue:  0x0 (events_unbound)
[  366.402703][    C1] RIP: 0010:__list_del_entry_valid_or_report+0xc3/0x200
[  366.402749][    C1] Code: 0f 85 2d 01 00 00 48 39 5d 00 0f 85 97 00 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 6c 24 08 48 89 ea 48 c1 ea 03 80 3c 02 00 <0f> 85 10 01 00 00 49 3b 5c 24 08 0f 85 a8 00 00 00 5b b8 01 00 00
[  366.402786][    C1] RSP: 0018:ffffc90003fbfd70 EFLAGS: 00000046
[  366.402804][    C1] RAX: dffffc0000000000 RBX: ffff8880275a9c00 RCX: ffffffff8182a7b9
[  366.402825][    C1] RDX: 1ffff110041d81c1 RSI: ffffffff8182a647 RDI: ffff8880275a9c08
[  366.402842][    C1] RBP: ffff888020ec0e08 R08: 0000000000000005 R09: 0000000000000000
[  366.402858][    C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff888020ec0e00
[  366.402873][    C1] R13: ffff8880275a9c78 R14: 0000000000000001 R15: ffff8880275a9c40
[  366.402894][    C1] FS:  0000000000000000(0000) GS:ffff888124abf000(0000) knlGS:0000000000000000
[  366.402917][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  366.402933][    C1] CR2: 00007ffe29464248 CR3: 000000000e180000 CR4: 00000000003526f0
[  366.402949][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  366.402969][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  366.402984][    C1] Call Trace:
[  366.402994][    C1]  <TASK>
[  366.403004][    C1]  worker_leave_idle+0x12f/0x350
[  366.403048][    C1]  ? worker_thread+0x28b/0xf10
[  366.403071][    C1]  worker_thread+0x347/0xf10
[  366.403100][    C1]  ? __kthread_parkme+0x19e/0x250
[  366.403135][    C1]  ? __pfx_worker_thread+0x10/0x10
[  366.403158][    C1]  kthread+0x3c2/0x780
[  366.403214][    C1]  ? __pfx_kthread+0x10/0x10
[  366.403250][    C1]  ? __pfx_kthread+0x10/0x10
[  366.403286][    C1]  ? __pfx_kthread+0x10/0x10
[  366.403322][    C1]  ? __pfx_kthread+0x10/0x10
[  366.403358][    C1]  ? rcu_is_watching+0x12/0xc0
[  366.403387][    C1]  ? __pfx_kthread+0x10/0x10
[  366.403430][    C1]  ret_from_fork+0x45/0x80
[  366.403456][    C1]  ? __pfx_kthread+0x10/0x10
[  366.403493][    C1]  ret_from_fork_asm+0x1a/0x30
[  366.403543][    C1]  </TASK>
[  366.403760][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  366.403784][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00076-ge72e9e693307 #0 PREEMPT(full) 
[  366.403826][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  366.403847][   T31] Call Trace:
[  366.403860][   T31]  <TASK>
[  366.403873][   T31]  dump_stack_lvl+0x3d/0x1f0
[  366.403930][   T31]  panic+0x71c/0x800
[  366.404102][   T31]  ? __pfx_panic+0x10/0x10
[  366.404165][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  366.404210][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  366.404479][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  366.404516][   T31]  ? watchdog+0xdda/0x12c0
[  366.404565][   T31]  ? watchdog+0xdcd/0x12c0
[  366.404618][   T31]  watchdog+0xdeb/0x12c0
[  366.404675][   T31]  ? __pfx_watchdog+0x10/0x10
[  366.404721][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  366.404773][   T31]  ? __kthread_parkme+0x19e/0x250
[  366.404822][   T31]  ? __pfx_watchdog+0x10/0x10
[  366.404869][   T31]  kthread+0x3c2/0x780
[  366.404923][   T31]  ? __pfx_kthread+0x10/0x10
[  366.404971][   T31]  ? __pfx_kthread+0x10/0x10
[  366.405021][   T31]  ? __pfx_kthread+0x10/0x10
[  366.405070][   T31]  ? __pfx_kthread+0x10/0x10
[  366.405119][   T31]  ? rcu_is_watching+0x12/0xc0
[  366.405156][   T31]  ? __pfx_kthread+0x10/0x10
[  366.405208][   T31]  ret_from_fork+0x45/0x80
[  366.405550][   T31]  ? __pfx_kthread+0x10/0x10
[  366.405607][   T31]  ret_from_fork_asm+0x1a/0x30
[  366.405707][   T31]  </TASK>
[  366.926552][   T31] Kernel Offset: disabled
[  366.933617][   T31] Rebooting in 86400 seconds..