last executing test programs:

6.301460279s ago: executing program 0 (id=2195):
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
io_uring_setup$auto(0x1, 0x0)
r0 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r0, 0x107, 0x1, 0x0, 0x8004)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)

5.557969231s ago: executing program 0 (id=2200):
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_transactions_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x40, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/devices/platform/i8042/serio0/softraw\x00', 0x141042, 0x0)
readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7)
write$auto(0x3, 0x0, 0xfffffdef)

5.133895806s ago: executing program 0 (id=2214):
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid$auto(0x0, 0x5c5, 0x0, 0x4, 0x0)

4.337644172s ago: executing program 2 (id=2212):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x1e1180, 0x0)
r1 = ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto(r1, 0x4010ae67, r2)
close_range$auto(0x2, 0x8, 0x0)

3.767950184s ago: executing program 2 (id=2221):
close_range$auto(0x2, 0xa, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x6, 0x0)
openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev3\x00', 0x0, 0x0)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
ioctl$auto(0x3, 0xc0305602, 0x38)

3.498832523s ago: executing program 1 (id=2224):
close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="010527bd7000fbdbdf2502"], 0x34}, 0x1, 0x0, 0x0, 0x4068811}, 0x80)
ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x11b, 0xf}, 0xc, 0x0, 0x0, 0x8)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1e0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000)
sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008)

3.327183001s ago: executing program 2 (id=2226):
r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154)
close_range$auto(r0, r0, 0x0)
socket(0x2, 0x2, 0x1)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x3c, r2, 0x1, 0x70bd2d, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x58}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_FD={0x8, 0x17, r0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

3.224014504s ago: executing program 1 (id=2227):
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid})
sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80)
socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0)
sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, &(0x7f0000000040)='\'', 0x8001, 0x9}, 0x8}, 0x1, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0)

3.029901153s ago: executing program 2 (id=2228):
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
r0 = prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0)
shmctl$auto(0x4, 0x9, 0x0)
syz_clone3(&(0x7f0000000600)={0x100000, 0x0, 0x0, 0x0, {0x26}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)
prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0)

2.892175691s ago: executing program 1 (id=2231):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = socket(0x2, 0x5, 0x0)
sysfs$auto(0x2, 0x200000001d, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a)
setsockopt$auto(0x3, 0x0, 0x1, 0x0, 0x3)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311)

2.778337453s ago: executing program 0 (id=2233):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xae60, 0x10000000000402)
ioctl$auto(0x3, 0x8208ae63, 0x38)

2.413417203s ago: executing program 1 (id=2237):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
timer_create$auto(0x9, 0x0, 0x0)
timer_settime$auto(0x0, 0x8, &(0x7f00000000c0)={{0x400000000f, 0x10007}, {0x9}}, 0x0)
timer_gettime$auto(0x0, 0x0)
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r0, 0x29, 0x20, 0x0, 0x8002)

2.077116822s ago: executing program 0 (id=2241):
close_range$auto(0x0, 0xfffffffffffff001, 0x2)
socket(0x2, 0x1, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card1/pcm0p/oss\x00', 0x101000, 0x0)
r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0)
ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$auto(0x3, 0xaea3, 0x38)

1.940148787s ago: executing program 1 (id=2242):
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0)
clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid$auto(0x0, 0x5c5, 0x0, 0x4, 0x0)

1.496459621s ago: executing program 3 (id=2248):
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0)
mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000)
r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0)
read$auto(r0, 0x0, 0xb4d3)
r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0)
ioctl$auto_USB_RAW_IOCTL_EP_ENABLE(r1, 0x40095505, 0x0)

1.477459032s ago: executing program 0 (id=2249):
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
epoll_create$auto(0x6)
kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/kernel/kexec_crash_size\x00', 0x102, 0x0)
pread64$auto(r0, 0x0, 0x3ff, 0x9)
ioctl$auto_FITHAW(0xffffffffffffffff, 0xc0045878, 0xffffffffffff8001)

1.313368079s ago: executing program 3 (id=2250):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x28, 0x1, 0x0)
connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55)
setsockopt$auto(0x400000000000003, 0x28, 0x0, 0x0, 0x56b)

1.200506076s ago: executing program 3 (id=2251):
r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0)
ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999", @raw=0x3cf51fcb})
newfstatat$auto(0xffffffffffffff9c, 0x0, &(0x7f0000000380)={0x5, 0x6, 0xa9, 0x4, 0x0, 0xee01, 0x0, 0x6, 0x3, 0x0, 0x4, 0x8, 0xbc, 0x1, 0xb456, 0x9, 0x53}, 0x1)
ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8)
close_range$auto(0x2, 0x8, 0x0)

861.934814ms ago: executing program 2 (id=2252):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
timer_create$auto(0x9, 0x0, 0x0)
timer_settime$auto(0x0, 0x8, &(0x7f00000000c0)={{0x400000000f, 0x10007}, {0x9}}, 0x0)
timer_gettime$auto(0x0, 0x0)
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r0, 0x29, 0x20, 0x0, 0x8002)

861.814553ms ago: executing program 3 (id=2253):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
waitid$auto_P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000001c0)={{0xa748, 0x7}, {0x4, 0xc}, 0x5, 0x100000000, 0x9, 0x8b6e, 0xc, 0xffffffff, 0x932c, 0x8, 0x4, 0x6, 0x7fff, 0x6, 0x6, 0x3})
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
r0 = socket(0x11, 0x3, 0x9)
capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48})
sendmmsg$auto(r0, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)='L', 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100)

848.48143ms ago: executing program 1 (id=2260):
mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000)
io_uring_setup$auto(0x1, 0x0)
r0 = socket(0x11, 0x80003, 0x300)
setsockopt$auto(r0, 0x107, 0x1, 0x0, 0x8004)
unshare$auto(0x40000080)
close_range$auto(0x2, 0x8, 0x0)

778.006324ms ago: executing program 3 (id=2254):
mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0)
shutdown$auto(0x200000003, 0x2)
lstat$auto(&(0x7f0000000000)='./file0\x00', 0x0)

359.36829ms ago: executing program 2 (id=2255):
mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0x401, 0x8000)
r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0)
read$auto(r1, 0x0, 0x20)
writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3)
mremap$auto(0x200000001000, 0x4, 0x4, 0x3, 0x100000000)

0s ago: executing program 3 (id=2256):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socketpair$auto(0x3, 0x4, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$auto(0x3, 0x6f44, 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.93' (ED25519) to the list of known hosts.
[   84.872125][ T5833] cgroup: Unknown subsys name 'net'
[   85.020217][ T5833] cgroup: Unknown subsys name 'cpuset'
[   85.029297][ T5833] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   86.669727][ T5833] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   88.815908][ T5855] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   88.824227][ T5855] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   88.832655][ T5855] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   88.840445][ T5855] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   88.848732][ T5855] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   88.856522][ T5855] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   88.864010][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   88.872228][ T5858] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   88.882056][ T5859] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   88.889477][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   88.896662][ T5861] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   88.897670][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   88.907638][ T5861] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   88.911372][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   88.919429][ T5861] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   88.926026][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   88.932137][ T5861] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   88.939484][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   88.949069][ T5856] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   88.960725][ T5856] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   89.404614][ T5845] chnl_net:caif_netlink_parms(): no params data found
[   89.470715][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   89.618669][ T5845] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.625961][ T5845] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.634058][ T5845] bridge_slave_0: entered allmulticast mode
[   89.641836][ T5845] bridge_slave_0: entered promiscuous mode
[   89.692781][ T5845] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.700063][ T5845] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.707326][ T5845] bridge_slave_1: entered allmulticast mode
[   89.715139][ T5845] bridge_slave_1: entered promiscuous mode
[   89.748035][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   89.780551][ T5845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.825371][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.832598][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.841428][ T5842] bridge_slave_0: entered allmulticast mode
[   89.848829][ T5842] bridge_slave_0: entered promiscuous mode
[   89.858777][ T5845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.868048][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.875152][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.882606][ T5842] bridge_slave_1: entered allmulticast mode
[   89.890365][ T5842] bridge_slave_1: entered promiscuous mode
[   89.909335][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   89.995633][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.008204][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.042777][ T5845] team0: Port device team_slave_0 added
[   90.081688][ T5845] team0: Port device team_slave_1 added
[   90.133054][ T5842] team0: Port device team_slave_0 added
[   90.152279][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.159801][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.167371][ T5843] bridge_slave_0: entered allmulticast mode
[   90.174508][ T5843] bridge_slave_0: entered promiscuous mode
[   90.196701][ T5842] team0: Port device team_slave_1 added
[   90.203335][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.210327][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.236478][ T5845] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.260218][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.267682][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.274806][ T5843] bridge_slave_1: entered allmulticast mode
[   90.282522][ T5843] bridge_slave_1: entered promiscuous mode
[   90.301307][ T5845] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.308566][ T5845] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.334549][ T5845] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.345641][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.353009][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.360219][ T5846] bridge_slave_0: entered allmulticast mode
[   90.368619][ T5846] bridge_slave_0: entered promiscuous mode
[   90.401603][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.408632][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.434635][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.453825][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.461070][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.468971][ T5846] bridge_slave_1: entered allmulticast mode
[   90.476055][ T5846] bridge_slave_1: entered promiscuous mode
[   90.499816][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.506918][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.533114][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.567057][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.620486][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.659445][ T5845] hsr_slave_0: entered promiscuous mode
[   90.665853][ T5845] hsr_slave_1: entered promiscuous mode
[   90.676936][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.717777][ T5842] hsr_slave_0: entered promiscuous mode
[   90.724089][ T5842] hsr_slave_1: entered promiscuous mode
[   90.730922][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.738649][ T5842] Cannot create hsr debugfs directory
[   90.746659][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.758318][ T5843] team0: Port device team_slave_0 added
[   90.799033][ T5843] team0: Port device team_slave_1 added
[   90.843641][ T5846] team0: Port device team_slave_0 added
[   90.852533][ T5846] team0: Port device team_slave_1 added
[   90.925560][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.932929][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.959542][ T5856] Bluetooth: hci0: command tx timeout
[   90.964954][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.000821][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.008038][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.030767][ T5856] Bluetooth: hci1: command tx timeout
[   91.038329][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.039565][   T51] Bluetooth: hci2: command tx timeout
[   91.055602][ T5859] Bluetooth: hci3: command tx timeout
[   91.060122][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   91.069774][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.097743][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   91.128224][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   91.135192][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   91.161625][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   91.250000][ T5843] hsr_slave_0: entered promiscuous mode
[   91.256993][ T5843] hsr_slave_1: entered promiscuous mode
[   91.263096][ T5843] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.271225][ T5843] Cannot create hsr debugfs directory
[   91.329569][ T5846] hsr_slave_0: entered promiscuous mode
[   91.335970][ T5846] hsr_slave_1: entered promiscuous mode
[   91.342752][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   91.350672][ T5846] Cannot create hsr debugfs directory
[   91.587389][ T5845] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   91.614188][ T5845] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   91.641062][ T5845] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   91.672331][ T5845] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   91.761704][ T5842] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   91.787962][ T5842] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   91.803102][ T5842] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   91.834380][ T5842] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   91.892158][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   91.953474][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   91.992244][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   92.011984][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   92.084856][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   92.122866][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   92.132912][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   92.156020][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   92.189948][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.247379][ T5845] 8021q: adding VLAN 0 to HW filter on device team0
[   92.269251][ T1025] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.276484][ T1025] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.294712][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.301869][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.325835][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.376329][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   92.414502][ T3514] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.421745][ T3514] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.464172][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.512327][ T1025] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.519531][ T1025] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.542154][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   92.607924][   T78] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.615082][   T78] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.641434][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.648564][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.703276][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   92.723520][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   92.803780][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   92.852706][ T3514] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.859946][ T3514] bridge0: port 1(bridge_slave_0) entered forwarding state
[   92.871593][ T3514] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.878771][ T3514] bridge0: port 2(bridge_slave_1) entered forwarding state
[   92.990550][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.031526][ T5856] Bluetooth: hci0: command tx timeout
[   93.106855][ T5856] Bluetooth: hci1: command tx timeout
[   93.113074][ T5856] Bluetooth: hci2: command tx timeout
[   93.120645][   T51] Bluetooth: hci3: command tx timeout
[   93.137825][ T5845] veth0_vlan: entered promiscuous mode
[   93.168848][ T5845] veth1_vlan: entered promiscuous mode
[   93.272739][ T5845] veth0_macvtap: entered promiscuous mode
[   93.283107][ T5845] veth1_macvtap: entered promiscuous mode
[   93.343223][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.365989][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.404817][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.429747][ T5845] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.445356][ T5845] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.460700][ T5845] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.470717][ T5845] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.521826][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.552112][ T5842] veth0_vlan: entered promiscuous mode
[   93.582043][ T5842] veth1_vlan: entered promiscuous mode
[   93.669077][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   93.708752][ T5842] veth0_macvtap: entered promiscuous mode
[   93.722421][ T5842] veth1_macvtap: entered promiscuous mode
[   93.722669][   T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.747081][   T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.800654][ T2212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.802655][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.820462][ T2212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.831799][ T5843] veth0_vlan: entered promiscuous mode
[   93.846023][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.885512][ T5842] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.895804][ T5842] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.901885][ T5845] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   93.908442][ T5842] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.930369][ T5842] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.951682][ T5843] veth1_vlan: entered promiscuous mode
[   94.000785][ T5846] veth0_vlan: entered promiscuous mode
[   94.021992][ T5846] veth1_vlan: entered promiscuous mode
[   94.141834][ T5843] veth0_macvtap: entered promiscuous mode
[   94.183043][ T5843] veth1_macvtap: entered promiscuous mode
[   94.214720][ T5846] veth0_macvtap: entered promiscuous mode
[   94.253199][ T2212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.254926][ T5846] veth1_macvtap: entered promiscuous mode
[   94.278893][ T2212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.336939][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.361732][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.372876][ T2212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.387673][ T2212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.400671][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.413775][ T5843] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.433836][ T5843] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.445786][ T5843] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.457618][ T5843] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.494250][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   94.509833][ T5846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   94.520898][ T5846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   94.532325][ T5846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   94.566497][ T5846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   94.764372][ T3514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.804531][ T3514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.882499][ T3514] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.898961][ T3514] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.919549][ T2212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.937199][ T2212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   94.996721][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.004586][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.082423][ T5955] netlink: 342 bytes leftover after parsing attributes in process `syz.1.9'.
[   95.093311][ T5955] Zero length message leads to an empty skb
[   95.119054][   T51] Bluetooth: hci0: command tx timeout
[   95.197738][   T51] Bluetooth: hci3: command tx timeout
[   95.203204][   T51] Bluetooth: hci2: command tx timeout
[   95.208964][ T5856] Bluetooth: hci1: command tx timeout
[   96.209396][ T5989] XFS: Clearing xfsstats
[   96.384043][ T5993] netlink: 40 bytes leftover after parsing attributes in process `syz.1.25'.
[   96.800316][   T24] cfg80211: failed to load regulatory.db
[   97.194221][   T51] Bluetooth: hci0: command tx timeout
[   97.266454][   T51] Bluetooth: hci2: command tx timeout
[   97.271913][   T51] Bluetooth: hci1: command tx timeout
[   97.277686][ T5859] Bluetooth: hci3: command tx timeout
[   98.017510][ T6049] process 'syz.2.48' launched '/dev/fd/4' with NULL argv: empty string added
[  100.076445][ T6113] netlink: 19 bytes leftover after parsing attributes in process `syz.2.75'.
[  100.123663][ T6117] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  102.922626][ T6210] netlink: 8 bytes leftover after parsing attributes in process `syz.0.116'.
[  103.130147][   T30] audit: type=1800 audit(1753320365.746:2): pid=6215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.119" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[  103.149986][    C1] vkms_vblank_simulate: vblank timer overrun
[  103.302433][ T6222] capability: warning: `syz.2.122' uses 32-bit capabilities (legacy support in use)
[  104.054290][ T6245] =======================================================
[  104.054290][ T6245] WARNING: The mand mount option has been deprecated and
[  104.054290][ T6245]          and is ignored by this kernel. Remove the mand
[  104.054290][ T6245]          option from the mount to silence this warning.
[  104.054290][ T6245] =======================================================
[  105.933640][ T6306] netlink: 334 bytes leftover after parsing attributes in process `syz.2.157'.
[  106.049377][ T6311] netlink: 8 bytes leftover after parsing attributes in process `syz.1.158'.
[  106.526468][ T6329] sctp: [Deprecated]: syz.0.166 (pid 6329) Use of int in maxseg socket option.
[  106.526468][ T6329] Use struct sctp_assoc_value instead
[  106.619833][ T6331] netlink: 4 bytes leftover after parsing attributes in process `syz.1.167'.
[  107.106989][ T6349] netlink: 342 bytes leftover after parsing attributes in process `syz.2.175'.
[  107.446747][ T6362] netlink: 354 bytes leftover after parsing attributes in process `syz.3.179'.
[  107.827274][ T6374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.185'.
[  107.848393][ T6374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.185'.
[  109.056545][ T6394] netlink: 334 bytes leftover after parsing attributes in process `syz.1.193'.
[  110.969658][ T6435] netlink: 334 bytes leftover after parsing attributes in process `syz.0.205'.
[  115.680936][ T6528] netlink: 19 bytes leftover after parsing attributes in process `syz.0.246'.
[  115.994772][ T6540] sock: sock_set_timeout: `syz.3.251' (pid 6540) tries to set negative timeout
[  116.950573][ T6568] Invalid ELF header magic: != ELF
[  117.410056][ T6578] random: crng reseeded on system resumption
[  120.780375][ T6695] FAULT_INJECTION: forcing a failure.
[  120.780375][ T6695] name failslab, interval 1, probability 0, space 0, times 1
[  120.794537][ T6695] CPU: 0 UID: 0 PID: 6695 Comm: syz.2.309 Not tainted 6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  120.794573][ T6695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  120.794593][ T6695] Call Trace:
[  120.794602][ T6695]  <TASK>
[  120.794616][ T6695]  dump_stack_lvl+0x16c/0x1f0
[  120.794656][ T6695]  should_fail_ex+0x512/0x640
[  120.794685][ T6695]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  120.794741][ T6695]  should_failslab+0xc2/0x120
[  120.794774][ T6695]  __kmalloc_cache_noprof+0x6a/0x3e0
[  120.794820][ T6695]  ? copy_mount_options+0x55/0x190
[  120.794856][ T6695]  ? _copy_from_user+0x59/0xd0
[  120.794891][ T6695]  copy_mount_options+0x55/0x190
[  120.794928][ T6695]  __x64_sys_mount+0x1ac/0x310
[  120.794960][ T6695]  ? __pfx___x64_sys_mount+0x10/0x10
[  120.795003][ T6695]  do_syscall_64+0xcd/0x490
[  120.795036][ T6695]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.795065][ T6695] RIP: 0033:0x7fc995d8e9a9
[  120.795091][ T6695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.795117][ T6695] RSP: 002b:00007fc996bc2038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  120.795143][ T6695] RAX: ffffffffffffffda RBX: 00007fc995fb5fa0 RCX: 00007fc995d8e9a9
[  120.795160][ T6695] RDX: 0000200000000380 RSI: 0000000000000000 RDI: 00002000000002c0
[  120.795177][ T6695] RBP: 00007fc995e10d69 R08: 00002000000003c0 R09: 0000000000000000
[  120.795193][ T6695] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000
[  120.795208][ T6695] R13: 0000000000000000 R14: 00007fc995fb5fa0 R15: 00007ffec55e0858
[  120.795243][ T6695]  </TASK>
[  120.860220][ T6689] nvme_fabrics: missing parameter 'transport=%s'
[  121.006304][ T6689] nvme_fabrics: missing parameter 'nqn=%s'
[  122.175509][ T6732] tipc: Started in network mode
[  122.187428][ T6732] tipc: Node identity ee00, cluster identity 4711
[  122.207255][ T6732] tipc: Node number set to 60928
			

	


			

	

	
	

	
	

		
	
	
	
	

	
	



	

	
		
	
	
	
	
	
	
	

	
		

	
		

	


	
	

		
	
		
	

	



			








	

	




	

	

		
		

	
	
	
	
	






	





	






		






	

	
		
			

	


			
	

	

		
		
				
		
	
	

	


	
	

	
		
	
	
					
	
	

	

	

	

	

	
		

	
		

	


	
	

		
	
		
	

	



			








	




	





	

	









	





	







		







	
	

	

	
	

	

	
	

	

	

	
		



	
	

	

	

	
		



	
	
	
	
	
	


			


	
		

	


	
	

		
	
		
	

	



			








	



	



		
		
		
		



	


	
		






	





	







		






	
	
	
	
	
	
	
	



	

				
		




	
		

	


	
	

		
	
		
		

	

			





			








	

	
	


	




			
			
	


	
	
	

	


	


	

	

	

	

	


	

	
	


	
	


	

	


	


	
		

	


	


	









	





	







		







	

	

		
		

				
	



	


				
	



	

	

	

		
		
	


				
	



	

	

	

		
		

	
		

	


	
	

		
	
		
		

	

			





			








	





	




	





















	
	








	













	
		






	









	


	








	






	






		






	

	
	
	

	
		

	


	
	

		
	
		
		

	

			





			








	





	





	







	

	
	






	





	






		






	

	
	
	
	

	
	
	
	

	
		
	

	
	
	
		


	
	
	
	
	

	
		
	
	
	
	
	
	
	

	
		
	
	
	
	
	
	
	
	
	

	
	

	
	

	
	

	
		


	
	
	
	
	
	
	
	
	
	
	

	
		
	
				

	
		

	


	
	

		
	
		
		

	

			





			








	




	




















	
	







	




















	






	






	





		






	

	
	

	
	

	
	

	
		
	
	
	
	
	
	
	
	
	
				
	

	
		

								



	
				
	
	



	
		


	
		

	
		




	


	
	
		

	
	
	


	
		

	


	
	

		
	
		
		

	

			





			








	




	




















	
	







	




















	






	





	





		







	

	
	

	
		
	

			













	
		

	
		




	


	
	
		

	
	
	











	
				
	
		
	
	
	

	
				
	
	



				
	

	
				
	
	



	
	
	

	
		

	
				
	
	



	
	

syzkaller
syzkaller login: [  258.882785][   T30] audit: type=1804 audit(4294967302.100:8): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1429" name=2F6E6577726F6F742F3334392F22050820 dev="tmpfs" ino=1788 res=1 errno=0
[  259.176351][   T30] audit: type=1800 audit(4294967302.100:9): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1429" name=22050820 dev="tmpfs" ino=1788 res=0 errno=0
[  259.199856][ T9549] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1431'.
[  259.909108][ T5858] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  260.617647][ T9589] binder: 9588:9589 unknown command 0
[  260.623606][ T9589] binder: 9588:9589 ioctl c0306201 0 returned -22
[  260.644851][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  260.675621][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  261.124864][ T9595] FAULT_INJECTION: forcing a failure.
[  261.124864][ T9595] name failslab, interval 1, probability 0, space 0, times 0
[  261.181660][ T9595] CPU: 1 UID: 0 PID: 9595 Comm: syz.1.1450 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  261.181724][ T9595] Tainted: [I]=FIRMWARE_WORKAROUND
[  261.181732][ T9595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  261.181745][ T9595] Call Trace:
[  261.181752][ T9595]  <TASK>
[  261.181760][ T9595]  dump_stack_lvl+0x16c/0x1f0
[  261.181805][ T9595]  should_fail_ex+0x512/0x640
[  261.181828][ T9595]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  261.181856][ T9595]  should_failslab+0xc2/0x120
[  261.181883][ T9595]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  261.181907][ T9595]  ? __thp_vma_allowable_orders+0x1c5/0xb10
[  261.181939][ T9595]  ? ptlock_alloc+0x1f/0x70
[  261.181979][ T9595]  ptlock_alloc+0x1f/0x70
[  261.182014][ T9595]  pte_alloc_one+0x82/0x3a0
[  261.182036][ T9595]  __handle_mm_fault+0x3a68/0x5490
[  261.182080][ T9595]  ? __pfx___handle_mm_fault+0x10/0x10
[  261.182115][ T9595]  ? __pfx_mt_find+0x10/0x10
[  261.182157][ T9595]  ? find_vma+0xbf/0x140
[  261.182186][ T9595]  ? __pfx_find_vma+0x10/0x10
[  261.182218][ T9595]  handle_mm_fault+0x589/0xd10
[  261.182256][ T9595]  ? __pkru_allows_pkey+0x51/0xb0
[  261.182290][ T9595]  do_user_addr_fault+0x7a6/0x1370
[  261.182327][ T9595]  ? rcu_is_watching+0x12/0xc0
[  261.182355][ T9595]  exc_page_fault+0x5c/0xb0
[  261.182377][ T9595]  asm_exc_page_fault+0x26/0x30
[  261.182399][ T9595] RIP: 0010:rep_movs_alternative+0xf/0x90
[  261.182433][ T9595] Code: c4 10 e9 84 11 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 4d 11 04 00 66 66
[  261.182455][ T9595] RSP: 0018:ffffc90003307d70 EFLAGS: 00050202
[  261.182473][ T9595] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004
[  261.182487][ T9595] RDX: fffff52000660fbc RSI: 0000000000000000 RDI: ffffc90003307de0
[  261.182502][ T9595] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52000660fbc
[  261.182515][ T9595] R10: 0000000000000003 R11: 0000000000000001 R12: 0000000000000000
[  261.182529][ T9595] R13: ffffc90003307de0 R14: 0000000000000000 R15: 0000000000000000
[  261.182557][ T9595]  _copy_from_user+0x98/0xd0
[  261.182584][ T9595]  do_sock_getsockopt+0x3ca/0x440
[  261.182626][ T9595]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  261.182657][ T9595]  ? __fget_files+0x204/0x3c0
[  261.182708][ T9595]  __sys_getsockopt+0x123/0x1b0
[  261.182738][ T9595]  __x64_sys_getsockopt+0xbd/0x160
[  261.182760][ T9595]  ? do_syscall_64+0x91/0x490
[  261.182794][ T9595]  ? lockdep_hardirqs_on+0x7c/0x110
[  261.182815][ T9595]  do_syscall_64+0xcd/0x490
[  261.182839][ T9595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.182860][ T9595] RIP: 0033:0x7f3034b8e9a9
[  261.182876][ T9595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.182896][ T9595] RSP: 002b:00007f303594a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  261.182925][ T9595] RAX: ffffffffffffffda RBX: 00007f3034db5fa0 RCX: 00007f3034b8e9a9
[  261.182938][ T9595] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000003
[  261.182950][ T9595] RBP: 00007f3034c10d69 R08: 0000000000000000 R09: 0000000000000000
[  261.182962][ T9595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  261.182973][ T9595] R13: 0000000000000000 R14: 00007f3034db5fa0 R15: 00007ffd44d03b48
[  261.182998][ T9595]  </TASK>
[  264.295751][ T9641] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1477'.
[  265.381884][ T5861] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  266.687960][ T9700] binder: 9699:9700 unknown command 0
[  266.694001][ T9700] binder: 9699:9700 ioctl c0306201 0 returned -22
[  267.356256][ T5858] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[  268.945602][ T9740] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1504'.
[  271.217433][ T5861] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  272.529402][ T9831] FAULT_INJECTION: forcing a failure.
[  272.529402][ T9831] name failslab, interval 1, probability 0, space 0, times 0
[  272.630303][ T9831] CPU: 1 UID: 0 PID: 9831 Comm: syz.2.1549 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  272.630338][ T9831] Tainted: [I]=FIRMWARE_WORKAROUND
[  272.630346][ T9831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  272.630358][ T9831] Call Trace:
[  272.630365][ T9831]  <TASK>
[  272.630372][ T9831]  dump_stack_lvl+0x16c/0x1f0
[  272.630398][ T9831]  should_fail_ex+0x512/0x640
[  272.630419][ T9831]  ? fs_reclaim_acquire+0xae/0x150
[  272.630450][ T9831]  should_failslab+0xc2/0x120
[  272.630476][ T9831]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  272.630498][ T9831]  ? security_inode_alloc+0x3b/0x2b0
[  272.630530][ T9831]  security_inode_alloc+0x3b/0x2b0
[  272.630585][ T9831]  inode_init_always_gfp+0xce4/0x1030
[  272.630626][ T9831]  alloc_inode+0x86/0x240
[  272.630653][ T9831]  path_from_stashed+0x2be/0xb00
[  272.630698][ T9831]  ? __pfx_path_from_stashed+0x10/0x10
[  272.630719][ T9831]  ? find_held_lock+0x2b/0x80
[  272.630744][ T9831]  ? alloc_fd+0x471/0x7d0
[  272.630785][ T9831]  pidfs_alloc_file+0xf8/0x330
[  272.630819][ T9831]  ? __pfx_pidfs_alloc_file+0x10/0x10
[  272.630856][ T9831]  ? _raw_spin_unlock_irq+0x23/0x50
[  272.630896][ T9831]  pidfd_prepare+0x10c/0x1b0
[  272.630927][ T9831]  __x64_sys_pidfd_open+0x105/0x1a0
[  272.630975][ T9831]  ? __pfx___x64_sys_pidfd_open+0x10/0x10
[  272.631012][ T9831]  ? rcu_is_watching+0x12/0xc0
[  272.631057][ T9831]  do_syscall_64+0xcd/0x490
[  272.631083][ T9831]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.631107][ T9831] RIP: 0033:0x7fc995d8e9a9
[  272.631124][ T9831] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  272.631146][ T9831] RSP: 002b:00007fc996bc2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2
[  272.631167][ T9831] RAX: ffffffffffffffda RBX: 00007fc995fb5fa0 RCX: 00007fc995d8e9a9
[  272.631182][ T9831] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  272.631196][ T9831] RBP: 00007fc995e10d69 R08: 0000000000000000 R09: 0000000000000000
[  272.631214][ T9831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  272.631228][ T9831] R13: 0000000000000000 R14: 00007fc995fb5fa0 R15: 00007ffec55e0858
[  272.631256][ T9831]  </TASK>
[  273.470137][ T5861] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[  273.478397][ T5861] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection
[  274.242013][ T9868] FAULT_INJECTION: forcing a failure.
[  274.242013][ T9868] name failslab, interval 1, probability 0, space 0, times 0
[  274.294854][ T9868] CPU: 1 UID: 0 PID: 9868 Comm: syz.2.1565 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  274.294891][ T9868] Tainted: [I]=FIRMWARE_WORKAROUND
[  274.294899][ T9868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  274.294912][ T9868] Call Trace:
[  274.294919][ T9868]  <TASK>
[  274.294927][ T9868]  dump_stack_lvl+0x16c/0x1f0
[  274.294953][ T9868]  should_fail_ex+0x512/0x640
[  274.294974][ T9868]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  274.295012][ T9868]  should_failslab+0xc2/0x120
[  274.295038][ T9868]  __kmalloc_cache_noprof+0x6a/0x3e0
[  274.295071][ T9868]  ? find_held_lock+0x2b/0x80
[  274.295093][ T9868]  ? yama_ptracer_add+0x48/0x590
[  274.295130][ T9868]  yama_ptracer_add+0x48/0x590
[  274.295165][ T9868]  yama_task_prctl+0xf4/0x1f0
[  274.295200][ T9868]  security_task_prctl+0xbf/0x160
[  274.295227][ T9868]  __do_sys_prctl+0xaa/0x24c0
[  274.295264][ T9868]  ? __pfx___do_sys_prctl+0x10/0x10
[  274.295307][ T9868]  do_syscall_64+0xcd/0x490
[  274.295331][ T9868]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.295353][ T9868] RIP: 0033:0x7fc995d8e9a9
[  274.295369][ T9868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.295390][ T9868] RSP: 002b:00007fc996bc2038 EFLAGS: 00000246 ORIG_RAX: 000000000000009d
[  274.295409][ T9868] RAX: ffffffffffffffda RBX: 00007fc995fb5fa0 RCX: 00007fc995d8e9a9
[  274.295431][ T9868] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000059616d61
[  274.295444][ T9868] RBP: 00007fc995e10d69 R08: 0000000000000000 R09: 0000000000000000
[  274.295457][ T9868] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000
[  274.295469][ T9868] R13: 0000000000000000 R14: 00007fc995fb5fa0 R15: 00007ffec55e0858
[  274.295507][ T9868]  </TASK>
[  275.058078][ T5858] Bluetooth: hci3: ACL packet too small
[  275.421912][ T5858] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18
[  275.430493][ T5858] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  276.057791][ T9902] Device name cannot be null; rc = [-22]
[  276.089965][ T9910] nbd: socks must be embedded in a SOCK_ITEM attr
[  276.140076][ T9910] block nbd4: shutting down sockets
[  276.484059][ T9915] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1585'.
[  278.435105][ T9966] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1606'.
[  278.929532][ T5861] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18
[  278.940430][ T5861] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  279.114430][ T5858] Bluetooth: hci0: ACL packet too small
[  279.345172][ T9987] ubi0: attaching mtd0
[  279.384674][ T9987] ubi0: scanning is finished
[  279.427868][ T9987] ubi0: empty MTD device detected
[  279.794746][ T9987] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  279.827042][ T9997] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1617'.
[  279.886199][ T9987] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  279.972193][ T9987] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  280.048159][ T9987] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  280.088279][ T9987] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  280.213696][ T9987] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  280.376991][ T9987] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1547805737
[  280.509716][ T9987] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  280.563637][ T9992] ubi0: detaching mtd0
[  280.574303][ T9999] ubi0: background thread "ubi_bgt0d" started, PID 9999
[  280.620545][ T9992] ubi0: mtd0 is detached
[  281.152318][T10020] zswap: compressor 000 not available
[  283.132088][T10082] FAULT_INJECTION: forcing a failure.
[  283.132088][T10082] name failslab, interval 1, probability 0, space 0, times 0
[  283.147742][T10080] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1649'.
[  283.159897][T10082] CPU: 1 UID: 0 PID: 10082 Comm: syz.3.1652 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  283.159930][T10082] Tainted: [I]=FIRMWARE_WORKAROUND
[  283.159938][T10082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  283.159949][T10082] Call Trace:
[  283.159956][T10082]  <TASK>
[  283.159963][T10082]  dump_stack_lvl+0x16c/0x1f0
[  283.159988][T10082]  should_fail_ex+0x512/0x640
[  283.160009][T10082]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  283.160034][T10082]  should_failslab+0xc2/0x120
[  283.160058][T10082]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  283.160078][T10082]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  283.160098][T10082]  ? kmalloc_reserve+0x18b/0x2c0
[  283.160125][T10082]  ? __alloc_skb+0x2b2/0x380
[  283.160144][T10082]  ? __x64_sys_sendto+0xe0/0x1c0
[  283.160164][T10082]  __alloc_skb+0x2b2/0x380
[  283.160183][T10082]  ? __pfx___alloc_skb+0x10/0x10
[  283.160211][T10082]  netlink_ack+0x15d/0xb80
[  283.160238][T10082]  ? __lock_acquire+0x622/0x1c90
[  283.160271][T10082]  rdma_nl_rcv_skb.constprop.0.isra.0+0x330/0x430
[  283.160300][T10082]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  283.160334][T10082]  ? netlink_deliver_tap+0x1ae/0xd30
[  283.160357][T10082]  ? is_vmalloc_addr+0x86/0xa0
[  283.160380][T10082]  netlink_unicast+0x58a/0x850
[  283.160409][T10082]  ? __pfx_netlink_unicast+0x10/0x10
[  283.160441][T10082]  netlink_sendmsg+0x8d1/0xdd0
[  283.160471][T10082]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.160506][T10082]  __sys_sendto+0x4a0/0x520
[  283.160524][T10082]  ? __pfx___sys_sendto+0x10/0x10
[  283.160580][T10082]  ? xfd_validate_state+0x61/0x180
[  283.160614][T10082]  ? __pfx_ksys_write+0x10/0x10
[  283.160637][T10082]  __x64_sys_sendto+0xe0/0x1c0
[  283.160655][T10082]  ? do_syscall_64+0x91/0x490
[  283.160676][T10082]  ? lockdep_hardirqs_on+0x7c/0x110
[  283.160695][T10082]  do_syscall_64+0xcd/0x490
[  283.160718][T10082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.160739][T10082] RIP: 0033:0x7f53b819083c
[  283.160754][T10082] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  283.160774][T10082] RSP: 002b:00007f53b8fd9ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  283.160792][T10082] RAX: ffffffffffffffda RBX: 00007f53b8fd9fc0 RCX: 00007f53b819083c
[  283.160805][T10082] RDX: 0000000000000020 RSI: 00007f53b8fda010 RDI: 0000000000000005
[  283.160818][T10082] RBP: 0000000000000000 R08: 00007f53b8fd9f14 R09: 000000000000000c
[  283.160830][T10082] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000005
[  283.160842][T10082] R13: 00007f53b8fd9f68 R14: 00007f53b8fda010 R15: 0000000000000000
[  283.160867][T10082]  </TASK>
[  283.782317][T10094] ubi0: attaching mtd0
[  283.811356][T10094] ubi0: scanning is finished
[  284.154168][T10094] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  284.251808][T10094] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  284.378162][T10094] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  284.480608][T10094] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  284.656688][T10094] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  284.855821][T10094] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  284.961406][T10094] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1547805737
[  285.117233][T10094] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  285.239829][T10097] ubi0: detaching mtd0
[  285.339714][T10097] ubi0: mtd0 is detached
[  286.377036][T10158] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1679'.
[  286.526008][T10158] caif0: entered promiscuous mode
[  286.859203][T10172] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  286.865767][T10172] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  286.902816][T10172] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  286.909770][T10172] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  286.941674][T10172] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  286.948882][T10172] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  286.991009][T10172] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  286.997732][T10172] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  287.042101][T10172] CPU0 is offline.
[  287.570520][T10196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1698'.
[  288.398952][T10214] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  288.441055][T10214] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  288.488641][T10214] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  288.523079][T10214] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  288.542843][T10224] dyndbg: bad flag-op , at start of 
[  288.563188][T10214] CPU0 is offline.
[  288.587567][T10224] dyndbg: flags parse failed
[  288.935810][T10234] random: crng reseeded on system resumption
[  290.017419][T10266] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  290.057887][T10270] mtrr: base(0x100000000) is not aligned on a size(0x0000) boundary
[  290.097606][T10266] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  290.188869][T10266] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  290.279023][T10266] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  290.366083][T10266] CPU0 is offline.
[  290.394844][T10277] ubi0: attaching mtd0
[  290.404386][T10277] ubi0: scanning is finished
[  290.513120][T10277] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB)
[  290.522256][T10277] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  290.549474][T10277] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1
[  290.564642][T10277] ubi0: VID header offset: 64 (aligned 64), data offset: 128
[  290.588119][T10277] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  290.616005][T10277] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23
[  290.633596][T10277] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 1547805737
[  290.655965][T10277] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  290.686248][T10279] ubi0: detaching mtd0
[  290.722003][T10282] ubi0: background thread "ubi_bgt0d" started, PID 10282
[  290.778779][T10279] ubi0: mtd0 is detached
[  290.920229][T10288] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1728'.
[  291.006034][T10288] vlan1: entered allmulticast mode
[  291.011679][T10288] veth0_vlan: entered allmulticast mode
[  292.067681][ T5858] Bluetooth: hci0: command 0x0406 tx timeout
[  292.138728][T10319] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1744'.
[  292.154159][ T5861] Bluetooth: hci1: command 0x0406 tx timeout
[  292.230922][ T5861] Bluetooth: hci2: command 0x0406 tx timeout
[  292.253075][T10319] team0: Port device team_slave_1 removed
[  292.306304][ T5861] Bluetooth: hci3: command 0x0406 tx timeout
[  292.733756][T10334] random: crng reseeded on system resumption
[  294.014892][T10366] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1762'.
[  294.146083][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  294.225975][ T5861] Bluetooth: hci1: command 0x0406 tx timeout
[  294.306188][ T5861] Bluetooth: hci2: command 0x0406 tx timeout
[  294.388320][ T5861] Bluetooth: hci3: command 0x0406 tx timeout
[  295.083246][T10381] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1770'.
[  295.470103][T10382] svc: failed to register nfsdv3 RPC service (errno 111).
[  295.538967][T10381] team0: Port device team_slave_1 removed
[  295.588718][T10382] svc: failed to register nfsaclv3 RPC service (errno 111).
[  296.311483][T10394] random: crng reseeded on system resumption
[  297.394675][T10413] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1782'.
[  297.839469][T10428] random: crng reseeded on system resumption
[  297.891439][T10430] FAULT_INJECTION: forcing a failure.
[  297.891439][T10430] name failslab, interval 1, probability 0, space 0, times 0
[  297.925558][T10430] CPU: 1 UID: 0 PID: 10430 Comm: syz.3.1791 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  297.925592][T10430] Tainted: [I]=FIRMWARE_WORKAROUND
[  297.925600][T10430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  297.925612][T10430] Call Trace:
[  297.925618][T10430]  <TASK>
[  297.925626][T10430]  dump_stack_lvl+0x16c/0x1f0
[  297.925654][T10430]  should_fail_ex+0x512/0x640
[  297.925674][T10430]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  297.925698][T10430]  should_failslab+0xc2/0x120
[  297.925722][T10430]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  297.925742][T10430]  ? __proc_create+0xc3/0x8c0
[  297.925764][T10430]  ? __proc_create+0x2ce/0x8c0
[  297.925789][T10430]  __proc_create+0x2ce/0x8c0
[  297.925812][T10430]  ? __pfx___proc_create+0x10/0x10
[  297.925835][T10430]  ? insert_header+0xf8d/0x1480
[  297.925864][T10430]  ? __register_sysctl_table+0x736/0x1900
[  297.925890][T10430]  proc_create_reg+0x7d/0x180
[  297.925916][T10430]  proc_create_net_data+0x8e/0x1b0
[  297.925941][T10430]  ? __pfx_proc_create_net_data+0x10/0x10
[  297.925966][T10430]  ? __pfx___register_sysctl_table+0x10/0x10
[  297.925988][T10430]  ? is_module_address+0x69/0xf0
[  297.926019][T10430]  ? register_net_sysctl_sz+0x228/0x3e0
[  297.926045][T10430]  ? __pfx_nf_log_net_init+0x10/0x10
[  297.926069][T10430]  nf_log_net_init+0x69/0x450
[  297.926093][T10430]  ? __pfx_nf_log_net_init+0x10/0x10
[  297.926116][T10430]  ops_init+0x1e2/0x5f0
[  297.926142][T10430]  setup_net+0x1ff/0x510
[  297.926163][T10430]  ? lockdep_init_map_type+0x5c/0x280
[  297.926194][T10430]  ? __pfx_setup_net+0x10/0x10
[  297.926219][T10430]  ? debug_mutex_init+0x37/0x70
[  297.926242][T10430]  copy_net_ns+0x2a6/0x5f0
[  297.926276][T10430]  create_new_namespaces+0x3ea/0xa90
[  297.926306][T10430]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  297.926331][T10430]  ksys_unshare+0x45b/0xa40
[  297.926360][T10430]  ? __pfx_ksys_unshare+0x10/0x10
[  297.926389][T10430]  ? xfd_validate_state+0x61/0x180
[  297.926425][T10430]  __x64_sys_unshare+0x31/0x40
[  297.926453][T10430]  do_syscall_64+0xcd/0x490
[  297.926476][T10430]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.926497][T10430] RIP: 0033:0x7f53b818e9a9
[  297.926512][T10430] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.926532][T10430] RSP: 002b:00007f53b8fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  297.926550][T10430] RAX: ffffffffffffffda RBX: 00007f53b83b5fa0 RCX: 00007f53b818e9a9
[  297.926564][T10430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  297.926576][T10430] RBP: 00007f53b8210d69 R08: 0000000000000000 R09: 0000000000000000
[  297.926588][T10430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  297.926600][T10430] R13: 0000000000000000 R14: 00007f53b83b5fa0 R15: 00007ffdbdeabe68
[  297.926625][T10430]  </TASK>
[  299.058953][T10440] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1792'.
[  299.071378][T10445] svc: failed to register nfsdv3 RPC service (errno 111).
[  299.089387][T10445] svc: failed to register nfsaclv3 RPC service (errno 111).
[  300.148043][T10473] FAULT_INJECTION: forcing a failure.
[  300.148043][T10473] name failslab, interval 1, probability 0, space 0, times 0
[  300.218195][T10473] CPU: 1 UID: 0 PID: 10473 Comm: syz.1.1806 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  300.218230][T10473] Tainted: [I]=FIRMWARE_WORKAROUND
[  300.218237][T10473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  300.218249][T10473] Call Trace:
[  300.218256][T10473]  <TASK>
[  300.218263][T10473]  dump_stack_lvl+0x16c/0x1f0
[  300.218288][T10473]  should_fail_ex+0x512/0x640
[  300.218309][T10473]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  300.218336][T10473]  should_failslab+0xc2/0x120
[  300.218361][T10473]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  300.218383][T10473]  ? __pfx_proc_create_net_data+0x10/0x10
[  300.218408][T10473]  ? nf_log_net_init+0x9f/0x450
[  300.218432][T10473]  ? __pfx_nf_log_net_init+0x10/0x10
[  300.218456][T10473]  kmemdup_noprof+0x29/0x60
[  300.218477][T10473]  nf_log_net_init+0x9f/0x450
[  300.218501][T10473]  ? __pfx_nf_log_net_init+0x10/0x10
[  300.218524][T10473]  ops_init+0x1e2/0x5f0
[  300.218550][T10473]  setup_net+0x1ff/0x510
[  300.218571][T10473]  ? lockdep_init_map_type+0x5c/0x280
[  300.218602][T10473]  ? __pfx_setup_net+0x10/0x10
[  300.218627][T10473]  ? debug_mutex_init+0x37/0x70
[  300.218650][T10473]  copy_net_ns+0x2a6/0x5f0
[  300.218678][T10473]  create_new_namespaces+0x3ea/0xa90
[  300.218707][T10473]  unshare_nsproxy_namespaces+0xc0/0x1f0
[  300.218733][T10473]  ksys_unshare+0x45b/0xa40
[  300.218762][T10473]  ? __pfx_ksys_unshare+0x10/0x10
[  300.218791][T10473]  ? xfd_validate_state+0x61/0x180
[  300.218826][T10473]  __x64_sys_unshare+0x31/0x40
[  300.218854][T10473]  do_syscall_64+0xcd/0x490
[  300.218877][T10473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.218898][T10473] RIP: 0033:0x7f3034b8e9a9
[  300.218913][T10473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.218932][T10473] RSP: 002b:00007f303594a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  300.218950][T10473] RAX: ffffffffffffffda RBX: 00007f3034db5fa0 RCX: 00007f3034b8e9a9
[  300.218963][T10473] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[  300.218975][T10473] RBP: 00007f3034c10d69 R08: 0000000000000000 R09: 0000000000000000
[  300.218987][T10473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  300.218999][T10473] R13: 0000000000000000 R14: 00007f3034db5fa0 R15: 00007ffd44d03b48
[  300.219024][T10473]  </TASK>
[  301.735222][T10486] svc: failed to register nfsdv3 RPC service (errno 111).
[  301.836144][T10486] svc: failed to register nfsaclv3 RPC service (errno 111).
[  302.290097][T10498] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1811'.
[  302.349381][T10500] netlink: 350 bytes leftover after parsing attributes in process `syz.3.1826'.
[  302.467073][T10498] team0: Port device team_slave_1 removed
[  304.007002][T10537] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1830'.
[  304.482096][T10537] team0: Port device team_slave_1 removed
[  304.665497][T10556] cifs: Unknown parameter 'no+ 1����`��r�sFn)��a�H��ā��h`����9k�A}���1\D@��.��Z�Cg^�'
[  305.058357][T10557] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  305.236573][T10557] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  305.324933][T10557] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  305.459239][T10557] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  305.864847][T10572] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  305.960313][T10578] netlink: 206 bytes leftover after parsing attributes in process `syz.3.1848'.
[  306.042950][T10572] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  306.119935][T10572] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  306.202892][T10572] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  306.471918][T10585] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  306.635978][T10585] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  306.796365][T10585] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  306.948196][T10585] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  307.147279][T10600] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  307.154341][T10600] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  307.161794][T10600] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  307.178236][T10600] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  307.188881][T10600] CPU0 is offline.
[  307.716078][T10612] svc: failed to register nfsdv3 RPC service (errno 111).
[  307.740048][T10612] svc: failed to register nfsaclv3 RPC service (errno 111).
[  308.290457][T10625] FAULT_INJECTION: forcing a failure.
[  308.290457][T10625] name failslab, interval 1, probability 0, space 0, times 0
[  308.317375][T10625] CPU: 1 UID: 0 PID: 10625 Comm: syz.3.1865 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  308.317415][T10625] Tainted: [I]=FIRMWARE_WORKAROUND
[  308.317424][T10625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  308.317439][T10625] Call Trace:
[  308.317449][T10625]  <TASK>
[  308.317458][T10625]  dump_stack_lvl+0x16c/0x1f0
[  308.317486][T10625]  should_fail_ex+0x512/0x640
[  308.317510][T10625]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  308.317552][T10625]  should_failslab+0xc2/0x120
[  308.317581][T10625]  __kmalloc_cache_noprof+0x6a/0x3e0
[  308.317620][T10625]  ? vsnprintf+0x318/0x1160
[  308.317639][T10625]  ? __alloc_workqueue+0xda2/0x1810
[  308.317675][T10625]  __alloc_workqueue+0xda2/0x1810
[  308.317707][T10625]  ? __pfx_vsnprintf+0x10/0x10
[  308.317729][T10625]  ? lockdep_hardirqs_on+0x7c/0x110
[  308.317752][T10625]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  308.317795][T10625]  alloc_workqueue+0xd2/0x200
[  308.317827][T10625]  ? __pfx_alloc_workqueue+0x10/0x10
[  308.317866][T10625]  ? __pfx___debug_object_init+0x10/0x10
[  308.317917][T10625]  nci_register_device+0x21e/0xb80
[  308.317965][T10625]  ? __pfx_nci_register_device+0x10/0x10
[  308.318001][T10625]  ? lockdep_init_map_type+0x5c/0x280
[  308.318037][T10625]  virtual_ncidev_open+0x141/0x220
[  308.318069][T10625]  ? __pfx_virtual_ncidev_open+0x10/0x10
[  308.318100][T10625]  misc_open+0x35a/0x420
[  308.318133][T10625]  ? __pfx_misc_open+0x10/0x10
[  308.318164][T10625]  chrdev_open+0x231/0x6a0
[  308.318185][T10625]  ? __pfx_apparmor_file_open+0x10/0x10
[  308.318217][T10625]  ? __pfx_chrdev_open+0x10/0x10
[  308.318241][T10625]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  308.318279][T10625]  do_dentry_open+0x744/0x1c10
[  308.318300][T10625]  ? __pfx_chrdev_open+0x10/0x10
[  308.318335][T10625]  vfs_open+0x82/0x3f0
[  308.318365][T10625]  path_openat+0x1de4/0x2cb0
[  308.318393][T10625]  ? __pfx_path_openat+0x10/0x10
[  308.318415][T10625]  ? __lock_acquire+0xb8a/0x1c90
[  308.318446][T10625]  do_filp_open+0x20b/0x470
[  308.318466][T10625]  ? __pfx_do_filp_open+0x10/0x10
[  308.318503][T10625]  ? alloc_fd+0x471/0x7d0
[  308.318542][T10625]  do_sys_openat2+0x11b/0x1d0
[  308.318570][T10625]  ? __pfx_do_sys_openat2+0x10/0x10
[  308.318607][T10625]  __x64_sys_openat+0x174/0x210
[  308.318635][T10625]  ? __pfx___x64_sys_openat+0x10/0x10
[  308.318675][T10625]  do_syscall_64+0xcd/0x490
[  308.318699][T10625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.318719][T10625] RIP: 0033:0x7f53b818e9a9
[  308.318735][T10625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.318754][T10625] RSP: 002b:00007f53b8fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  308.318773][T10625] RAX: ffffffffffffffda RBX: 00007f53b83b5fa0 RCX: 00007f53b818e9a9
[  308.318786][T10625] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  308.318799][T10625] RBP: 00007f53b8210d69 R08: 0000000000000000 R09: 0000000000000000
[  308.318811][T10625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  308.318823][T10625] R13: 0000000000000000 R14: 00007f53b83b5fa0 R15: 00007ffdbdeabe68
[  308.318848][T10625]  </TASK>
[  309.208090][ T5861] Bluetooth: hci3: command 0x0406 tx timeout
[  309.220972][ T5861] Bluetooth: hci2: command 0x0406 tx timeout
[  309.228007][ T5861] Bluetooth: hci1: command 0x0406 tx timeout
[  309.234600][ T5861] Bluetooth: hci0: command 0x0406 tx timeout
[  309.856222][T10637] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  310.682611][T10663] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1880'.
[  311.689148][T10673] random: crng reseeded on system resumption
[  311.723766][T10673] FAULT_INJECTION: forcing a failure.
[  311.723766][T10673] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  311.788731][T10673] CPU: 1 UID: 0 PID: 10673 Comm: syz.2.1884 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  311.788771][T10673] Tainted: [I]=FIRMWARE_WORKAROUND
[  311.788779][T10673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  311.788793][T10673] Call Trace:
[  311.788800][T10673]  <TASK>
[  311.788808][T10673]  dump_stack_lvl+0x16c/0x1f0
[  311.788834][T10673]  should_fail_ex+0x512/0x640
[  311.788860][T10673]  should_fail_alloc_page+0xe7/0x130
[  311.788889][T10673]  prepare_alloc_pages+0x3c2/0x610
[  311.788921][T10673]  ? rcu_is_watching+0x12/0xc0
[  311.788947][T10673]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  311.788979][T10673]  ? stack_trace_save+0x8e/0xc0
[  311.789009][T10673]  ? __pfx_stack_trace_save+0x10/0x10
[  311.789034][T10673]  ? stack_depot_save_flags+0x28/0xa40
[  311.789058][T10673]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  311.789085][T10673]  ? kasan_save_stack+0x42/0x60
[  311.789105][T10673]  ? kasan_save_stack+0x33/0x60
[  311.789130][T10673]  ? do_dentry_open+0x744/0x1c10
[  311.789150][T10673]  ? vfs_open+0x82/0x3f0
[  311.789175][T10673]  ? path_openat+0x1de4/0x2cb0
[  311.789194][T10673]  ? do_filp_open+0x20b/0x470
[  311.789212][T10673]  ? do_sys_openat2+0x11b/0x1d0
[  311.789240][T10673]  ? __x64_sys_openat+0x174/0x210
[  311.789268][T10673]  ? do_syscall_64+0xcd/0x490
[  311.789289][T10673]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.789312][T10673]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  311.789345][T10673]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  311.789380][T10673]  ? policy_nodemask+0xea/0x4e0
[  311.789408][T10673]  alloc_pages_mpol+0x1fb/0x550
[  311.789435][T10673]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  311.789478][T10673]  alloc_pages_noprof+0x131/0x390
[  311.789503][T10673]  get_zeroed_page_noprof+0x18/0xb0
[  311.789531][T10673]  get_image_page+0x18/0x190
[  311.789552][T10673]  alloc_rtree_node+0x3c/0xb0
[  311.789574][T10673]  memory_bm_create+0x519/0x810
[  311.789605][T10673]  create_basic_memory_bitmaps+0x10b/0x320
[  311.789633][T10673]  snapshot_open+0x235/0x2b0
[  311.789658][T10673]  ? __pfx_snapshot_open+0x10/0x10
[  311.789685][T10673]  misc_open+0x35a/0x420
[  311.789717][T10673]  ? __pfx_misc_open+0x10/0x10
[  311.789747][T10673]  chrdev_open+0x231/0x6a0
[  311.789772][T10673]  ? __pfx_apparmor_file_open+0x10/0x10
[  311.789805][T10673]  ? __pfx_chrdev_open+0x10/0x10
[  311.789829][T10673]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  311.789867][T10673]  do_dentry_open+0x744/0x1c10
[  311.789889][T10673]  ? __pfx_chrdev_open+0x10/0x10
[  311.789916][T10673]  vfs_open+0x82/0x3f0
[  311.789946][T10673]  path_openat+0x1de4/0x2cb0
[  311.789973][T10673]  ? __pfx_path_openat+0x10/0x10
[  311.789998][T10673]  ? __lock_acquire+0xb8a/0x1c90
[  311.790030][T10673]  do_filp_open+0x20b/0x470
[  311.790050][T10673]  ? __pfx_do_filp_open+0x10/0x10
[  311.790088][T10673]  ? alloc_fd+0x471/0x7d0
[  311.790128][T10673]  do_sys_openat2+0x11b/0x1d0
[  311.790156][T10673]  ? __pfx_do_sys_openat2+0x10/0x10
[  311.790193][T10673]  __x64_sys_openat+0x174/0x210
[  311.790222][T10673]  ? __pfx___x64_sys_openat+0x10/0x10
[  311.790260][T10673]  do_syscall_64+0xcd/0x490
[  311.790284][T10673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.790304][T10673] RIP: 0033:0x7fc995d8e9a9
[  311.790320][T10673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.790340][T10673] RSP: 002b:00007fc996bc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  311.790358][T10673] RAX: ffffffffffffffda RBX: 00007fc995fb5fa0 RCX: 00007fc995d8e9a9
[  311.790371][T10673] RDX: 0000000000184b01 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  311.790384][T10673] RBP: 00007fc995e10d69 R08: 0000000000000000 R09: 0000000000000000
[  311.790396][T10673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  311.790409][T10673] R13: 0000000000000000 R14: 00007fc995fb5fa0 R15: 00007ffec55e0858
[  311.790434][T10673]  </TASK>
[  312.391397][T10690] cifs: Unknown parameter 'no+ 1����`��r�sFn)��a�H��ā��h`����9k�A}���1\D@��.��Z�Cg^�'
[  312.564367][T10699] FAULT_INJECTION: forcing a failure.
[  312.564367][T10699] name failslab, interval 1, probability 0, space 0, times 0
[  312.578479][T10699] CPU: 1 UID: 0 PID: 10699 Comm: syz.3.1895 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  312.578511][T10699] Tainted: [I]=FIRMWARE_WORKAROUND
[  312.578519][T10699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  312.578531][T10699] Call Trace:
[  312.578538][T10699]  <TASK>
[  312.578545][T10699]  dump_stack_lvl+0x16c/0x1f0
[  312.578570][T10699]  should_fail_ex+0x512/0x640
[  312.578591][T10699]  ? __kvmalloc_node_noprof+0x124/0x620
[  312.578629][T10699]  should_failslab+0xc2/0x120
[  312.578653][T10699]  __kvmalloc_node_noprof+0x137/0x620
[  312.578689][T10699]  ? v4l2_ctrl_new+0x97d/0x2180
[  312.578711][T10699]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  312.578748][T10699]  ? v4l2_ctrl_new+0x97d/0x2180
[  312.578769][T10699]  v4l2_ctrl_new+0x97d/0x2180
[  312.578802][T10699]  ? __pfx_v4l2_ctrl_new+0x10/0x10
[  312.578823][T10699]  ? __pfx_v4l2_ctrl_new+0x10/0x10
[  312.578853][T10699]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  312.578887][T10699]  v4l2_ctrl_new_std+0x1be/0x290
[  312.578924][T10699]  ? __pfx_v4l2_ctrl_new_std+0x10/0x10
[  312.578947][T10699]  ? __pfx_v4l2_ctrl_new_std+0x10/0x10
[  312.578973][T10699]  ? rcu_is_watching+0x12/0xc0
[  312.578996][T10699]  ? trace_kmalloc+0x2b/0xd0
[  312.579020][T10699]  ? __kvmalloc_node_noprof+0x298/0x620
[  312.579061][T10699]  ? media_request_object_init+0x100/0x180
[  312.579098][T10699]  vicodec_open+0x1f7/0xf90
[  312.579137][T10699]  v4l2_open+0x222/0x490
[  312.579156][T10699]  ? __pfx_v4l2_open+0x10/0x10
[  312.579175][T10699]  chrdev_open+0x231/0x6a0
[  312.579196][T10699]  ? __pfx_apparmor_file_open+0x10/0x10
[  312.579229][T10699]  ? __pfx_chrdev_open+0x10/0x10
[  312.579253][T10699]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  312.579290][T10699]  do_dentry_open+0x744/0x1c10
[  312.579311][T10699]  ? __pfx_chrdev_open+0x10/0x10
[  312.579338][T10699]  vfs_open+0x82/0x3f0
[  312.579368][T10699]  path_openat+0x1de4/0x2cb0
[  312.579395][T10699]  ? __pfx_path_openat+0x10/0x10
[  312.579417][T10699]  ? __lock_acquire+0xb8a/0x1c90
[  312.579448][T10699]  do_filp_open+0x20b/0x470
[  312.579468][T10699]  ? __pfx_do_filp_open+0x10/0x10
[  312.579505][T10699]  ? alloc_fd+0x471/0x7d0
[  312.579545][T10699]  do_sys_openat2+0x11b/0x1d0
[  312.579572][T10699]  ? __pfx_do_sys_openat2+0x10/0x10
[  312.579610][T10699]  __x64_sys_openat+0x174/0x210
[  312.579638][T10699]  ? __pfx___x64_sys_openat+0x10/0x10
[  312.579676][T10699]  do_syscall_64+0xcd/0x490
[  312.579700][T10699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  312.579721][T10699] RIP: 0033:0x7f53b818e9a9
[  312.579737][T10699] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  312.579756][T10699] RSP: 002b:00007f53b8fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  312.579775][T10699] RAX: ffffffffffffffda RBX: 00007f53b83b5fa0 RCX: 00007f53b818e9a9
[  312.579788][T10699] RDX: 00000000000c4400 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  312.579801][T10699] RBP: 00007f53b8210d69 R08: 0000000000000000 R09: 0000000000000000
[  312.579813][T10699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  312.579825][T10699] R13: 0000000000000000 R14: 00007f53b83b5fa0 R15: 00007ffdbdeabe68
[  312.579850][T10699]  </TASK>
[  313.527140][T10714] Process accounting resumed
[  314.144814][T10729] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1906'.
[  314.766700][T10743] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1911'.
[  315.133142][T10749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1914'.
[  315.170760][T10749] ipvlan0: entered allmulticast mode
[  315.527521][T10756] overlayfs: missing 'lowerdir'
[  316.373975][T10783] Process accounting resumed
[  317.080277][T10806] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1938'.
[  317.468933][T10816] Process accounting resumed
[  318.334214][T10845] netlink: 280 bytes leftover after parsing attributes in process `syz.3.1954'.
[  318.558487][T10854] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1957'.
[  318.759666][T10862] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1959'.
[  318.884567][T10864] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1960'.
[  318.897429][T10864] ipvlan0: entered allmulticast mode
[  318.915625][T10864] veth0_vlan: entered allmulticast mode
[  319.089921][T10870] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1963'.
[  320.192879][T10903] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1977'.
[  320.398467][T10904] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  320.514500][T10909] netlink: 280 bytes leftover after parsing attributes in process `syz.1.1978'.
[  320.535992][   T30] audit: type=1800 audit(4294967357.760:10): pid=10911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1981" name="file0" dev="tmpfs" ino=3261 res=0 errno=0
[  320.643353][T10904] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  320.814948][T10904] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  321.006016][T10904] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  321.308762][T10933] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1991'.
[  321.417414][T10929] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  321.451832][T10935] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1989'.
[  321.651298][T10929] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  321.758937][T10929] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  321.855923][T10929] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  322.071546][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  322.079877][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  322.100200][T10950] overlayfs: missing 'lowerdir'
[  322.300300][T10951] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  322.405400][T10951] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  322.473711][T10951] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  322.564883][T10951] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  322.729428][T10964] FAULT_INJECTION: forcing a failure.
[  322.729428][T10964] name failslab, interval 1, probability 0, space 0, times 0
[  322.784329][T10964] CPU: 1 UID: 0 PID: 10964 Comm: syz.2.2003 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  322.784364][T10964] Tainted: [I]=FIRMWARE_WORKAROUND
[  322.784371][T10964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  322.784383][T10964] Call Trace:
[  322.784390][T10964]  <TASK>
[  322.784397][T10964]  dump_stack_lvl+0x16c/0x1f0
[  322.784423][T10964]  should_fail_ex+0x512/0x640
[  322.784444][T10964]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  322.784480][T10964]  should_failslab+0xc2/0x120
[  322.784504][T10964]  __kmalloc_cache_noprof+0x6a/0x3e0
[  322.784537][T10964]  ? open_substream+0xec/0x9b0
[  322.784565][T10964]  ? _raw_spin_unlock_irq+0x23/0x50
[  322.784600][T10964]  open_substream+0xec/0x9b0
[  322.784630][T10964]  rawmidi_open_priv+0x543/0x6e0
[  322.784666][T10964]  snd_rawmidi_open+0x4cc/0xbf0
[  322.784702][T10964]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  322.784736][T10964]  ? __pfx_default_wake_function+0x10/0x10
[  322.784761][T10964]  ? kobject_get_unless_zero+0x156/0x1e0
[  322.784788][T10964]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  322.784819][T10964]  snd_open+0x201/0x450
[  322.784843][T10964]  ? __pfx_snd_open+0x10/0x10
[  322.784866][T10964]  chrdev_open+0x231/0x6a0
[  322.784887][T10964]  ? __pfx_apparmor_file_open+0x10/0x10
[  322.784923][T10964]  ? __pfx_chrdev_open+0x10/0x10
[  322.784947][T10964]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  322.784984][T10964]  do_dentry_open+0x744/0x1c10
[  322.785014][T10964]  ? __pfx_chrdev_open+0x10/0x10
[  322.785042][T10964]  vfs_open+0x82/0x3f0
[  322.785071][T10964]  path_openat+0x1de4/0x2cb0
[  322.785099][T10964]  ? __pfx_path_openat+0x10/0x10
[  322.785121][T10964]  ? __lock_acquire+0xb8a/0x1c90
[  322.785153][T10964]  do_filp_open+0x20b/0x470
[  322.785173][T10964]  ? __pfx_do_filp_open+0x10/0x10
[  322.785211][T10964]  ? alloc_fd+0x471/0x7d0
[  322.785250][T10964]  do_sys_openat2+0x11b/0x1d0
[  322.785277][T10964]  ? __pfx_do_sys_openat2+0x10/0x10
[  322.785314][T10964]  __x64_sys_openat+0x174/0x210
[  322.785342][T10964]  ? __pfx___x64_sys_openat+0x10/0x10
[  322.785381][T10964]  do_syscall_64+0xcd/0x490
[  322.785404][T10964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.785425][T10964] RIP: 0033:0x7fc995d8e9a9
[  322.785441][T10964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  322.785460][T10964] RSP: 002b:00007fc996bc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  322.785479][T10964] RAX: ffffffffffffffda RBX: 00007fc995fb5fa0 RCX: 00007fc995d8e9a9
[  322.785492][T10964] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  322.785505][T10964] RBP: 00007fc995e10d69 R08: 0000000000000000 R09: 0000000000000000
[  322.785518][T10964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  322.785529][T10964] R13: 0000000000000000 R14: 00007fc995fb5fa0 R15: 00007ffec55e0858
[  322.785554][T10964]  </TASK>
[  323.844100][T10984] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2010'.
[  323.874308][T10984] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  324.721076][T10992] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2015'.
[  327.046122][   T30] audit: type=1800 audit(4294967364.290:11): pid=11034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2031" name="file0" dev="tmpfs" ino=2393 res=0 errno=0
[  327.928272][T11053] netlink: 'syz.3.2048': attribute type 13 has an invalid length.
[  329.266740][T11068] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  329.465051][T11068] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  329.525945][   T30] audit: type=1800 audit(4294967366.770:12): pid=11071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2047" name="file0" dev="tmpfs" ino=2296 res=0 errno=0
[  329.679399][T11068] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  329.894177][T11068] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  329.973485][T11078] FAULT_INJECTION: forcing a failure.
[  329.973485][T11078] name failslab, interval 1, probability 0, space 0, times 0
[  330.046181][T11078] CPU: 1 UID: 0 PID: 11078 Comm: syz.3.2053 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  330.046216][T11078] Tainted: [I]=FIRMWARE_WORKAROUND
[  330.046224][T11078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  330.046236][T11078] Call Trace:
[  330.046242][T11078]  <TASK>
[  330.046249][T11078]  dump_stack_lvl+0x16c/0x1f0
[  330.046275][T11078]  should_fail_ex+0x512/0x640
[  330.046296][T11078]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  330.046339][T11078]  should_failslab+0xc2/0x120
[  330.046363][T11078]  __kmalloc_cache_noprof+0x6a/0x3e0
[  330.046396][T11078]  ? open_substream+0xec/0x9b0
[  330.046424][T11078]  ? _raw_spin_unlock_irq+0x23/0x50
[  330.046459][T11078]  open_substream+0xec/0x9b0
[  330.046490][T11078]  rawmidi_open_priv+0x543/0x6e0
[  330.046525][T11078]  snd_rawmidi_open+0x4cc/0xbf0
[  330.046561][T11078]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  330.046597][T11078]  ? __pfx_default_wake_function+0x10/0x10
[  330.046622][T11078]  ? kobject_get_unless_zero+0x156/0x1e0
[  330.046648][T11078]  ? __pfx_snd_rawmidi_open+0x10/0x10
[  330.046680][T11078]  snd_open+0x201/0x450
[  330.046705][T11078]  ? __pfx_snd_open+0x10/0x10
[  330.046727][T11078]  chrdev_open+0x231/0x6a0
[  330.046768][T11078]  ? __pfx_apparmor_file_open+0x10/0x10
[  330.046805][T11078]  ? __pfx_chrdev_open+0x10/0x10
[  330.046832][T11078]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  330.046874][T11078]  do_dentry_open+0x744/0x1c10
[  330.046897][T11078]  ? __pfx_chrdev_open+0x10/0x10
[  330.046928][T11078]  vfs_open+0x82/0x3f0
[  330.046961][T11078]  path_openat+0x1de4/0x2cb0
[  330.046993][T11078]  ? __pfx_path_openat+0x10/0x10
[  330.047017][T11078]  ? __lock_acquire+0xb8a/0x1c90
[  330.047052][T11078]  do_filp_open+0x20b/0x470
[  330.047074][T11078]  ? __pfx_do_filp_open+0x10/0x10
[  330.047117][T11078]  ? alloc_fd+0x471/0x7d0
[  330.047162][T11078]  do_sys_openat2+0x11b/0x1d0
[  330.047192][T11078]  ? __pfx_do_sys_openat2+0x10/0x10
[  330.047235][T11078]  __x64_sys_openat+0x174/0x210
[  330.047266][T11078]  ? __pfx___x64_sys_openat+0x10/0x10
[  330.047315][T11078]  do_syscall_64+0xcd/0x490
[  330.047342][T11078]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.047367][T11078] RIP: 0033:0x7f53b818e9a9
[  330.047386][T11078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.047408][T11078] RSP: 002b:00007f53b8fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  330.047430][T11078] RAX: ffffffffffffffda RBX: 00007f53b83b5fa0 RCX: 00007f53b818e9a9
[  330.047446][T11078] RDX: 0000000000080102 RSI: 0000200000000100 RDI: ffffffffffffff9c
[  330.047461][T11078] RBP: 00007f53b8210d69 R08: 0000000000000000 R09: 0000000000000000
[  330.047475][T11078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  330.047489][T11078] R13: 0000000000000000 R14: 00007f53b83b5fa0 R15: 00007ffdbdeabe68
[  330.047519][T11078]  </TASK>
[  330.559760][T11080] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2049'.
[  331.109459][T11090] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  331.199683][T11096] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2060'.
[  331.215888][T11090] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  331.268637][T11090] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  331.400851][T11090] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  331.590344][T11103] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  331.723987][T11103] EXT4-fs error (device sda1): htree_dirblock_to_tree:1051: inode #268: comm dhcpcd-run-hook: Directory block failed checksum
[  331.771283][T11103] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #268: comm dhcpcd-run-hook: No space for directory leaf checksum. Please run e2fsck -D.
[  331.792228][T11110] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  331.929057][T11103] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #268: comm dhcpcd-run-hook: checksumming directory block 0
[  332.652697][T11130] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2072'.
[  333.013219][T11138] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  333.943096][T11160] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2087'.
[  334.000957][T11162] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2085'.
[  336.457051][T11224] netlink: 'syz.2.2113': attribute type 35 has an invalid length.
[  338.207429][T11253] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2122'.
[  339.031601][T11261] netlink: 'syz.1.2126': attribute type 28 has an invalid length.
[  339.155544][T11261] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2126'.
[  340.296175][T11281] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2134'.
[  340.473732][T11287] netlink: 'syz.3.2140': attribute type 28 has an invalid length.
[  340.498079][T11287] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2140'.
[  342.031591][T11321] lo: entered allmulticast mode
[  342.133807][T11324] lo: left allmulticast mode
[  342.518999][ T5855] Bluetooth: hci3: Malformed Event: 0x2f
[  342.742969][T11341] input: jJǸ-���9�%v����l��Q�	J86�� as /devices/virtual/input/input9
[  343.617274][T11362] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2173'.
[  343.703312][T11365] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2174'.
[  343.782420][T11368] FAULT_INJECTION: forcing a failure.
[  343.782420][T11368] name failslab, interval 1, probability 0, space 0, times 0
[  343.856043][T11368] CPU: 1 UID: 0 PID: 11368 Comm: syz.1.2172 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  343.856085][T11368] Tainted: [I]=FIRMWARE_WORKAROUND
[  343.856093][T11368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  343.856105][T11368] Call Trace:
[  343.856112][T11368]  <TASK>
[  343.856120][T11368]  dump_stack_lvl+0x16c/0x1f0
[  343.856144][T11368]  should_fail_ex+0x512/0x640
[  343.856165][T11368]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  343.856201][T11368]  should_failslab+0xc2/0x120
[  343.856225][T11368]  __kmalloc_cache_noprof+0x6a/0x3e0
[  343.856257][T11368]  ? kstrdup_quotable_cmdline+0x52/0x210
[  343.856290][T11368]  kstrdup_quotable_cmdline+0x52/0x210
[  343.856321][T11368]  __report_access+0x4b/0x3c0
[  343.856350][T11368]  ? _raw_spin_unlock_irq+0x23/0x50
[  343.856385][T11368]  task_work_run+0x150/0x240
[  343.856419][T11368]  ? __pfx_task_work_run+0x10/0x10
[  343.856459][T11368]  exit_to_user_mode_loop+0xeb/0x110
[  343.856498][T11368]  do_syscall_64+0x3f6/0x490
[  343.856522][T11368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.856542][T11368] RIP: 0033:0x7f3034b8e9a9
[  343.856558][T11368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.856577][T11368] RSP: 002b:00007f303594a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000065
[  343.856596][T11368] RAX: ffffffffffffffff RBX: 00007f3034db5fa0 RCX: 00007f3034b8e9a9
[  343.856609][T11368] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000004206
[  343.856621][T11368] RBP: 00007f3034c10d69 R08: 0000000000000000 R09: 0000000000000000
[  343.856633][T11368] R10: 0000000000200005 R11: 0000000000000246 R12: 0000000000000000
[  343.856645][T11368] R13: 0000000000000000 R14: 00007f3034db5fa0 R15: 00007ffd44d03b48
[  343.856669][T11368]  </TASK>
[  343.856911][T11368] ptrace attach of "(null)"[5845] was attempted by "./syz-executor exec"[11368]
[  344.730236][T11385] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2180'.
[  345.842082][T11418] lo: entered allmulticast mode
[  345.921978][T11420] lo: left allmulticast mode
[  346.636466][T11438] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2204'.
[  346.667107][T11438] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2204'.
[  347.150466][T11451] FAULT_INJECTION: forcing a failure.
[  347.150466][T11451] name failslab, interval 1, probability 0, space 0, times 0
[  347.185981][T11451] CPU: 1 UID: 0 PID: 11451 Comm: syz.3.2208 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  347.186015][T11451] Tainted: [I]=FIRMWARE_WORKAROUND
[  347.186022][T11451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  347.186035][T11451] Call Trace:
[  347.186041][T11451]  <TASK>
[  347.186049][T11451]  dump_stack_lvl+0x16c/0x1f0
[  347.186073][T11451]  should_fail_ex+0x512/0x640
[  347.186094][T11451]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  347.186118][T11451]  should_failslab+0xc2/0x120
[  347.186143][T11451]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  347.186165][T11451]  ? vm_area_dup+0x27/0x8d0
[  347.186200][T11451]  vm_area_dup+0x27/0x8d0
[  347.186234][T11451]  __split_vma+0x18e/0x1070
[  347.186253][T11451]  ? __lock_acquire+0xb8a/0x1c90
[  347.186283][T11451]  ? __pfx___split_vma+0x10/0x10
[  347.186307][T11451]  ? lock_acquire+0x179/0x350
[  347.186335][T11451]  ? do_raw_spin_lock+0x12c/0x2b0
[  347.186371][T11451]  vms_gather_munmap_vmas+0x1c2/0x1310
[  347.186396][T11451]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  347.186430][T11451]  do_vmi_align_munmap+0x27c/0x7d0
[  347.186454][T11451]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  347.186507][T11451]  do_vmi_munmap+0x204/0x3e0
[  347.186530][T11451]  move_vma+0xb67/0x1740
[  347.186554][T11451]  ? __pfx_move_vma+0x10/0x10
[  347.186577][T11451]  ? mm_get_unmapped_area_vmflags+0x97/0xe0
[  347.186614][T11451]  ? vrm_set_new_addr+0x208/0x290
[  347.186636][T11451]  __do_sys_mremap+0xe07/0x1590
[  347.186660][T11451]  ? __pfx___do_sys_mremap+0x10/0x10
[  347.186685][T11451]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  347.186721][T11451]  ? __x64_sys_futex+0x1e0/0x4c0
[  347.186803][T11451]  do_syscall_64+0xcd/0x490
[  347.186831][T11451]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.186855][T11451] RIP: 0033:0x7f53b818e9a9
[  347.186873][T11451] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.186896][T11451] RSP: 002b:00007f53b8fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  347.186918][T11451] RAX: ffffffffffffffda RBX: 00007f53b83b5fa0 RCX: 00007f53b818e9a9
[  347.186934][T11451] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000001000
[  347.186949][T11451] RBP: 00007f53b8210d69 R08: 0000000100000000 R09: 0000000000000000
[  347.186964][T11451] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  347.186977][T11451] R13: 0000000000000000 R14: 00007f53b83b5fa0 R15: 00007ffdbdeabe68
[  347.187007][T11451]  </TASK>
[  347.752726][T11458] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  349.088072][T11495] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2230'.
[  349.494755][T11509] lo: entered allmulticast mode
[  349.561167][T11512] lo: left allmulticast mode
[  351.283833][T11554] lo: entered allmulticast mode
[  351.397150][T11560] lo: left allmulticast mode
[  351.938702][T11562] FAULT_INJECTION: forcing a failure.
[  351.938702][T11562] name failslab, interval 1, probability 0, space 0, times 0
[  352.021356][T11565] ==================================================================
[  352.030250][T11565] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0
[  352.038745][T11565] Read of size 8 at addr ffff88802a82ac18 by task syz.3.2256/11565
[  352.047417][T11565] 
[  352.049974][T11565] CPU: 1 UID: 0 PID: 11565 Comm: syz.3.2256 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  352.050006][T11565] Tainted: [I]=FIRMWARE_WORKAROUND
[  352.050014][T11565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.050026][T11565] Call Trace:
[  352.050033][T11565]  <TASK>
[  352.050040][T11565]  dump_stack_lvl+0x116/0x1f0
[  352.050062][T11565]  print_report+0xcd/0x610
[  352.050085][T11565]  ? __virt_addr_valid+0x81/0x610
[  352.050108][T11565]  ? __phys_addr+0xe8/0x180
[  352.050130][T11565]  ? dvb_device_open+0x36a/0x3b0
[  352.050152][T11565]  kasan_report+0xe0/0x110
[  352.050175][T11565]  ? dvb_device_open+0x36a/0x3b0
[  352.050200][T11565]  ? __pfx_dvb_device_open+0x10/0x10
[  352.050223][T11565]  dvb_device_open+0x36a/0x3b0
[  352.050246][T11565]  ? __pfx_dvb_device_open+0x10/0x10
[  352.050269][T11565]  chrdev_open+0x231/0x6a0
[  352.050290][T11565]  ? __pfx_apparmor_file_open+0x10/0x10
[  352.050328][T11565]  ? __pfx_chrdev_open+0x10/0x10
[  352.050350][T11565]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  352.050386][T11565]  do_dentry_open+0x744/0x1c10
[  352.050407][T11565]  ? __pfx_chrdev_open+0x10/0x10
[  352.050431][T11565]  vfs_open+0x82/0x3f0
[  352.050458][T11565]  path_openat+0x1de4/0x2cb0
[  352.050482][T11565]  ? __pfx_path_openat+0x10/0x10
[  352.050501][T11565]  ? __lock_acquire+0xb8a/0x1c90
[  352.050531][T11565]  do_filp_open+0x20b/0x470
[  352.050550][T11565]  ? __pfx_do_filp_open+0x10/0x10
[  352.050579][T11565]  ? alloc_fd+0x471/0x7d0
[  352.050614][T11565]  do_sys_openat2+0x11b/0x1d0
[  352.050641][T11565]  ? __pfx_do_sys_openat2+0x10/0x10
[  352.050667][T11565]  ? __pfx_do_sys_openat2+0x10/0x10
[  352.050699][T11565]  __x64_sys_openat+0x174/0x210
[  352.050727][T11565]  ? __pfx___x64_sys_openat+0x10/0x10
[  352.050761][T11565]  do_syscall_64+0xcd/0x490
[  352.050783][T11565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.050804][T11565] RIP: 0033:0x7f53b818e9a9
[  352.050819][T11565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.050839][T11565] RSP: 002b:00007f53b8fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  352.050857][T11565] RAX: ffffffffffffffda RBX: 00007f53b83b5fa0 RCX: 00007f53b818e9a9
[  352.050871][T11565] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  352.050884][T11565] RBP: 00007f53b8210d69 R08: 0000000000000000 R09: 0000000000000000
[  352.050896][T11565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  352.050909][T11565] R13: 0000000000000000 R14: 00007f53b83b5fa0 R15: 00007ffdbdeabe68
[  352.050928][T11565]  </TASK>
[  352.050935][T11565] 
[  352.336126][T11565] Allocated by task 1:
[  352.340592][T11565]  kasan_save_stack+0x33/0x60
[  352.345732][T11565]  kasan_save_track+0x14/0x30
[  352.350869][T11565]  __kasan_kmalloc+0xaa/0xb0
[  352.355909][T11565]  dvb_register_device+0x1e4/0x2370
[  352.361622][T11565]  dvb_register_frontend+0x5a6/0x880
[  352.367429][T11565]  vidtv_bridge_probe+0x459/0xa90
[  352.372954][T11565]  platform_probe+0xff/0x1f0
[  352.378017][T11565]  really_probe+0x241/0xa90
[  352.382964][T11565]  __driver_probe_device+0x1de/0x440
[  352.388768][T11565]  driver_probe_device+0x4c/0x1b0
[  352.394289][T11565]  __driver_attach+0x283/0x580
[  352.399530][T11565]  bus_for_each_dev+0x13b/0x1d0
[  352.404865][T11565]  bus_add_driver+0x2e9/0x690
[  352.410003][T11565]  driver_register+0x15c/0x4b0
[  352.415249][T11565]  vidtv_bridge_init+0x45/0x80
[  352.420498][T11565]  do_one_initcall+0x120/0x6e0
[  352.425761][T11565]  kernel_init_freeable+0x5c2/0x900
[  352.431484][T11565]  kernel_init+0x1c/0x2b0
[  352.436244][T11565]  ret_from_fork+0x5d4/0x6f0
[  352.441298][T11565]  ret_from_fork_asm+0x1a/0x30
[  352.446532][T11565] 
[  352.449073][T11565] Freed by task 11458:
[  352.453530][T11565]  kasan_save_stack+0x33/0x60
[  352.458665][T11565]  kasan_save_track+0x14/0x30
[  352.463812][T11565]  kasan_save_free_info+0x3b/0x60
[  352.469367][T11565]  __kasan_slab_free+0x51/0x70
[  352.474619][T11565]  kfree+0x2b4/0x4d0
[  352.478927][T11565]  dvb_device_put.part.0+0x60/0x90
[  352.484546][T11565]  dvb_device_open+0x2a4/0x3b0
[  352.489783][T11565]  chrdev_open+0x231/0x6a0
[  352.494636][T11565]  do_dentry_open+0x744/0x1c10
[  352.499875][T11565]  vfs_open+0x82/0x3f0
[  352.504354][T11565]  path_openat+0x1de4/0x2cb0
[  352.509397][T11565]  do_filp_open+0x20b/0x470
[  352.514340][T11565]  do_sys_openat2+0x11b/0x1d0
[  352.519486][T11565]  __x64_sys_openat+0x174/0x210
[  352.524822][T11565]  do_syscall_64+0xcd/0x490
[  352.529773][T11565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.536254][T11565] 
[  352.538813][T11565] The buggy address belongs to the object at ffff88802a82ac00
[  352.538813][T11565]  which belongs to the cache kmalloc-256 of size 256
[  352.554298][T11565] The buggy address is located 24 bytes inside of
[  352.554298][T11565]  freed 256-byte region [ffff88802a82ac00, ffff88802a82ad00)
[  352.569372][T11565] 
[  352.571920][T11565] The buggy address belongs to the physical page:
[  352.578961][T11565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a82a
[  352.588590][T11565] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  352.597935][T11565] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  352.606245][T11565] page_type: f5(slab)
[  352.610627][T11565] raw: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[  352.620059][T11565] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  352.629517][T11565] head: 00fff00000000040 ffff88801b841b40 dead000000000122 0000000000000000
[  352.639063][T11565] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  352.648596][T11565] head: 00fff00000000001 ffffea0000aa0a81 00000000ffffffff 00000000ffffffff
[  352.658125][T11565] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  352.667653][T11565] page dumped because: kasan: bad access detected
[  352.674705][T11565] page_owner tracks the page as allocated
[  352.680993][T11565] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 23510478590, free_ts 0
[  352.702664][T11565]  post_alloc_hook+0x1c0/0x230
[  352.707915][T11565]  get_page_from_freelist+0x1321/0x3890
[  352.714023][T11565]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  352.720499][T11565]  alloc_pages_mpol+0x1fb/0x550
[  352.725828][T11565]  new_slab+0x23b/0x330
[  352.730398][T11565]  ___slab_alloc+0xd9c/0x1940
[  352.735554][T11565]  __slab_alloc.constprop.0+0x56/0xb0
[  352.741473][T11565]  __kmalloc_cache_noprof+0xfb/0x3e0
[  352.747297][T11565]  bus_add_driver+0x92/0x690
[  352.752342][T11565]  driver_register+0x15c/0x4b0
[  352.757586][T11565]  usb_register_driver+0x216/0x4d0
[  352.763235][T11565]  pvr_init+0x8a/0x150
[  352.767722][T11565]  do_one_initcall+0x120/0x6e0
[  352.772962][T11565]  kernel_init_freeable+0x5c2/0x900
[  352.778684][T11565]  kernel_init+0x1c/0x2b0
[  352.783464][T11565]  ret_from_fork+0x5d4/0x6f0
[  352.788514][T11565] page_owner free stack trace missing
[  352.794401][T11565] 
[  352.796948][T11565] Memory state around the buggy address:
[  352.803131][T11565]  ffff88802a82ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  352.811984][T11565]  ffff88802a82ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  352.820852][T11565] >ffff88802a82ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  352.829723][T11565]                             ^
[  352.835043][T11565]  ffff88802a82ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  352.843898][T11565]  ffff88802a82ad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  352.852754][T11565] ==================================================================
[  352.885953][T11562] CPU: 1 UID: 0 PID: 11562 Comm: syz.2.2255 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  352.885988][T11562] Tainted: [I]=FIRMWARE_WORKAROUND
[  352.885995][T11562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  352.886007][T11562] Call Trace:
[  352.886013][T11562]  <TASK>
[  352.886021][T11562]  dump_stack_lvl+0x16c/0x1f0
[  352.886044][T11562]  should_fail_ex+0x512/0x640
[  352.886065][T11562]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  352.886089][T11562]  should_failslab+0xc2/0x120
[  352.886113][T11562]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  352.886134][T11562]  ? vm_area_dup+0x27/0x8d0
[  352.886170][T11562]  vm_area_dup+0x27/0x8d0
[  352.886204][T11562]  __split_vma+0x18e/0x1070
[  352.886223][T11562]  ? __lock_acquire+0xb8a/0x1c90
[  352.886277][T11562]  ? __pfx___split_vma+0x10/0x10
[  352.886304][T11562]  ? lock_acquire+0x179/0x350
[  352.886335][T11562]  ? do_raw_spin_lock+0x12c/0x2b0
[  352.886374][T11562]  vms_gather_munmap_vmas+0x1c2/0x1310
[  352.886400][T11562]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  352.886437][T11562]  do_vmi_align_munmap+0x27c/0x7d0
[  352.886473][T11562]  ? __pfx_do_vmi_align_munmap+0x10/0x10
[  352.886546][T11562]  do_vmi_munmap+0x204/0x3e0
[  352.886570][T11562]  move_vma+0xb67/0x1740
[  352.886596][T11562]  ? __pfx_move_vma+0x10/0x10
[  352.886621][T11562]  ? mm_get_unmapped_area_vmflags+0x97/0xe0
[  352.886661][T11562]  ? vrm_set_new_addr+0x208/0x290
[  352.886685][T11562]  __do_sys_mremap+0xe07/0x1590
[  352.886712][T11562]  ? __pfx___do_sys_mremap+0x10/0x10
[  352.886757][T11562]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  352.886810][T11562]  ? __x64_sys_futex+0x1e0/0x4c0
[  352.886859][T11562]  do_syscall_64+0xcd/0x490
[  352.886887][T11562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.886912][T11562] RIP: 0033:0x7fc995d8e9a9
[  352.886930][T11562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.886954][T11562] RSP: 002b:00007fc996bc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  352.886976][T11562] RAX: ffffffffffffffda RBX: 00007fc995fb5fa0 RCX: 00007fc995d8e9a9
[  352.886993][T11562] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000001000
[  352.887008][T11562] RBP: 00007fc995e10d69 R08: 0000000100000000 R09: 0000000000000000
[  352.887023][T11562] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000
[  352.887037][T11562] R13: 0000000000000000 R14: 00007fc995fb5fa0 R15: 00007ffec55e0858
[  352.887068][T11562]  </TASK>
[  353.291916][T11547] kexec: Could not allocate control_code_buffer
[  353.372959][T11565] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  353.380899][T11565] CPU: 1 UID: 0 PID: 11565 Comm: syz.3.2256 Tainted: G          I         6.16.0-rc7-syzkaller-00020-gf9af7b5d9349 #0 PREEMPT(full) 
[  353.395885][T11565] Tainted: [I]=FIRMWARE_WORKAROUND
[  353.401489][T11565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  353.412537][T11565] Call Trace:
[  353.416131][T11565]  <TASK>
[  353.419351][T11565]  dump_stack_lvl+0x3d/0x1f0
[  353.424396][T11565]  panic+0x71c/0x800
[  353.428683][T11565]  ? __pfx_panic+0x10/0x10
[  353.433542][T11565]  ? mark_held_locks+0x49/0x80
[  353.438784][T11565]  ? preempt_schedule_thunk+0x16/0x30
[  353.444691][T11565]  ? dvb_device_open+0x36a/0x3b0
[  353.450119][T11565]  ? preempt_schedule_common+0x44/0xc0
[  353.456134][T11565]  ? dvb_device_open+0x36a/0x3b0
[  353.461564][T11565]  check_panic_on_warn+0xab/0xb0
[  353.467013][T11565]  end_report+0x107/0x170
[  353.471789][T11565]  kasan_report+0xee/0x110
[  353.476643][T11565]  ? dvb_device_open+0x36a/0x3b0
[  353.482086][T11565]  ? __pfx_dvb_device_open+0x10/0x10
[  353.487956][T11565]  dvb_device_open+0x36a/0x3b0
[  353.493206][T11565]  ? __pfx_dvb_device_open+0x10/0x10
[  353.499014][T11565]  chrdev_open+0x231/0x6a0
[  353.503867][T11565]  ? __pfx_apparmor_file_open+0x10/0x10
[  353.509975][T11565]  ? __pfx_chrdev_open+0x10/0x10
[  353.515412][T11565]  ? file_set_fsnotify_mode_from_watchers+0x163/0x640
[  353.522866][T11565]  do_dentry_open+0x744/0x1c10
[  353.528101][T11565]  ? __pfx_chrdev_open+0x10/0x10
[  353.533534][T11565]  vfs_open+0x82/0x3f0
[  353.538014][T11565]  path_openat+0x1de4/0x2cb0
[  353.543063][T11565]  ? __pfx_path_openat+0x10/0x10
[  353.548492][T11565]  ? __lock_acquire+0xb8a/0x1c90
[  353.553937][T11565]  do_filp_open+0x20b/0x470
[  353.558900][T11565]  ? __pfx_do_filp_open+0x10/0x10
[  353.564429][T11565]  ? alloc_fd+0x471/0x7d0
[  353.569202][T11565]  do_sys_openat2+0x11b/0x1d0
[  353.574349][T11565]  ? __pfx_do_sys_openat2+0x10/0x10
[  353.580068][T11565]  ? __pfx_do_sys_openat2+0x10/0x10
[  353.585797][T11565]  __x64_sys_openat+0x174/0x210
[  353.591135][T11565]  ? __pfx___x64_sys_openat+0x10/0x10
[  353.597064][T11565]  do_syscall_64+0xcd/0x490
[  353.602023][T11565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  353.608500][T11565] RIP: 0033:0x7f53b818e9a9
[  353.613349][T11565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  353.634914][T11565] RSP: 002b:00007f53b8fdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  353.644170][T11565] RAX: ffffffffffffffda RBX: 00007f53b83b5fa0 RCX: 00007f53b818e9a9
[  353.652965][T11565] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  353.661739][T11565] RBP: 00007f53b8210d69 R08: 0000000000000000 R09: 0000000000000000
[  353.670503][T11565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  353.679263][T11565] R13: 0000000000000000 R14: 00007f53b83b5fa0 R15: 00007ffdbdeabe68
[  353.688034][T11565]  </TASK>
[  353.691412][T11565] Kernel Offset: disabled
[  353.696175][T11565] Rebooting in 86400 seconds..