last executing test programs: 3.912635928s ago: executing program 2 (id=145): sched_getaffinity(0x0, 0x0, &(0x7f0000000000)) 3.792256598s ago: executing program 2 (id=150): socket$inet6_sctp(0xa, 0x1, 0x84) 3.698538615s ago: executing program 2 (id=154): rmdir(&(0x7f0000000000)) 3.59348234s ago: executing program 2 (id=158): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log', 0x0, 0x0) 3.466655375s ago: executing program 2 (id=163): listxattr(&(0x7f0000000000), &(0x7f0000000000), 0x0) 3.374393894s ago: executing program 2 (id=167): rt_sigreturn() 2.054045332s ago: executing program 4 (id=215): remap_file_pages(0x0, 0x0, 0x0, 0x0, 0x0) 1.906187194s ago: executing program 4 (id=219): pkey_mprotect(0x0, 0x0, 0x0, 0xffffffffffffffff) 1.837377705s ago: executing program 0 (id=222): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/load', 0x2, 0x0) 1.802643856s ago: executing program 4 (id=224): setns(0xffffffffffffffff, 0x0) 1.73645616s ago: executing program 0 (id=226): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools', 0x1, 0x0) 1.715407285s ago: executing program 3 (id=227): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/member', 0x2, 0x0) 1.670362053s ago: executing program 4 (id=228): socket$nl_sock_diag(0x10, 0x3, 0x4) 1.632131257s ago: executing program 0 (id=230): rename(&(0x7f0000000000), &(0x7f0000000000)) 1.562069962s ago: executing program 3 (id=231): syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x1) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x2) syz_open_dev$cec(&(0x7f0000000100), 0x0, 0x800) 1.561988583s ago: executing program 4 (id=232): epoll_create(0x0) 1.525947422s ago: executing program 0 (id=234): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_threshold', 0x2, 0x0) 1.459457741s ago: executing program 3 (id=236): landlock_create_ruleset(&(0x7f0000000000), 0x0, 0x0) 1.424273028s ago: executing program 1 (id=237): pidfd_open(0x0, 0x0) 1.362465343s ago: executing program 0 (id=238): syz_init_net_socket$x25(0x9, 0x5, 0x0) 1.289912079s ago: executing program 3 (id=239): setresuid(0x0, 0x0, 0x0) 1.289562179s ago: executing program 1 (id=240): openat(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/relabel', 0x2, 0x0) 1.223750896s ago: executing program 0 (id=241): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uinput', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput', 0x800, 0x0) 1.200984895s ago: executing program 3 (id=242): openat(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/damon/mk_contexts', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/damon/mk_contexts', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/damon/mk_contexts', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/damon/mk_contexts', 0x800, 0x0) 1.137012411s ago: executing program 1 (id=243): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bsg', 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bsg', 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bsg', 0x2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bsg', 0x800, 0x0) 1.1321794s ago: executing program 1 (id=244): socket$nl_rdma(0x10, 0x3, 0x14) 904.250325ms ago: executing program 1 (id=247): finit_module(0xffffffffffffffff, &(0x7f0000000000), 0x0) 786.411101ms ago: executing program 1 (id=248): openat(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2', 0x2, 0x0) 339.802122ms ago: executing program 3 (id=245): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 0s ago: executing program 4 (id=235): mmap(&(0x7efffffff000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x1000000)=nil, 0x1000000, 0x7, 0x32, 0xffffffffffffffff, 0x0) mmap(&(0x7f0001000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.107' (ED25519) to the list of known hosts. [ 172.443416][ T5770] cgroup: Unknown subsys name 'net' [ 172.572130][ T5770] cgroup: Unknown subsys name 'cpuset' [ 172.588782][ T5770] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 217.754773][ T5770] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 224.377153][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 224.384030][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 224.520158][ T5930] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 226.072539][ T5992] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 226.613788][ T6011] mmap: syz.4.215 (6011) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 227.988384][ T6038] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 228.934687][ T6062] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 228.945365][ T6062] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 228.954632][ T6062] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 228.975420][ T6062] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 229.059604][ T6062] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 229.092818][ T6062] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 229.203827][ T6062] slab kmalloc-192 start ffff88811a55b180 pointer offset 0 size 192 [ 229.212476][ T6062] list_add corruption. next->prev should be prev (ffff88810315c040), but was 0000000000000000. (next=ffff88811a55b180). [ 229.226899][ T6062] ------------[ cut here ]------------ [ 229.232523][ T6062] kernel BUG at lib/list_debug.c:31! [ 229.238042][ T6062] Oops: invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 229.245037][ T6062] CPU: 1 UID: 0 PID: 6062 Comm: kworker/u9:2 Not tainted 6.13.0-syzkaller-09196-gcd45f362fc1f #0 [ 229.255792][ T6062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 229.266110][ T6062] Workqueue: 0x0 (hci0) [ 229.270716][ T6062] RIP: 0010:__list_add_valid_or_report+0x211/0x2a0 [ 229.277558][ T6062] Code: c7 83 20 03 00 00 00 00 00 00 4d 85 db 74 05 e8 35 46 51 01 48 c7 c7 0d 2a 39 91 4c 89 ee 4c 89 e2 4c 89 f1 e8 10 90 fc ff 90 <0f> 0b 4c 89 ef e8 d5 de 1a 01 4d 8b 7d 00 4c 89 ef e8 d9 3a 51 01 [ 229.297446][ T6062] RSP: 0018:ffff888012477c78 EFLAGS: 00010086 [ 229.303771][ T6062] RAX: 0000000000000075 RBX: ffff88812f4dccc8 RCX: 0000000000000000 [ 229.311965][ T6062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 229.320164][ T6062] RBP: ffff888012477ce8 R08: ffffffff81a6e036 R09: 0000000000000000 [ 229.328464][ T6062] R10: ffff88823fc64a90 R11: 0000000000000004 R12: 0000000000000000 [ 229.336652][ T6062] R13: ffff88810315c040 R14: ffff88811a55b180 R15: 0000000000000000 [ 229.344849][ T6062] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 229.354016][ T6062] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 229.360815][ T6062] CR2: 00000000ff846b34 CR3: 000000012f796000 CR4: 00000000003526f0 [ 229.369014][ T6062] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 229.377211][ T6062] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 229.385426][ T6062] Call Trace: [ 229.388894][ T6062] [ 229.392008][ T6062] ? show_trace_log_lvl+0x268/0x3d0 [ 229.397521][ T6062] ? worker_enter_idle+0x5d3/0x870 [ 229.402905][ T6062] ? __die_body+0xce/0x1a0 [ 229.407629][ T6062] ? die+0x255/0x320 [ 229.411806][ T6062] ? do_trap+0x1d3/0x590 [ 229.416332][ T6062] ? kmsan_get_metadata+0x13e/0x1c0 [ 229.421829][ T6062] ? handle_invalid_op+0x190/0x230 [ 229.427314][ T6062] ? __list_add_valid_or_report+0x211/0x2a0 [ 229.433510][ T6062] ? __list_add_valid_or_report+0x211/0x2a0 [ 229.439721][ T6062] ? exc_invalid_op+0x37/0x50 [ 229.445010][ T6062] ? asm_exc_invalid_op+0x1f/0x30 [ 229.450313][ T6062] ? vprintk_emit+0xcf6/0xea0 [ 229.455213][ T6062] ? __list_add_valid_or_report+0x211/0x2a0 [ 229.461381][ T6062] ? __list_add_valid_or_report+0x210/0x2a0 [ 229.467554][ T6062] worker_enter_idle+0x5d3/0x870 [ 229.472737][ T6062] worker_thread+0x1261/0x14f0 [ 229.477747][ T6062] ? kmsan_get_shadow_origin_ptr+0x4d/0xb0 [ 229.483846][ T6062] kthread+0x6b9/0xef0 [ 229.488159][ T6062] ? __pfx_worker_thread+0x10/0x10 [ 229.493537][ T6062] ? __pfx_kthread+0x10/0x10 [ 229.498372][ T6062] ret_from_fork+0x6d/0x90 [ 229.503046][ T6062] ? __pfx_kthread+0x10/0x10 [ 229.507897][ T6062] ret_from_fork_asm+0x1a/0x30 [ 229.512908][ T6062] [ 229.516084][ T6062] Modules linked in: [ 229.520184][ T6062] ---[ end trace 0000000000000000 ]--- [ 229.525816][ T6062] RIP: 0010:__list_add_valid_or_report+0x211/0x2a0 [ 229.532613][ T6062] Code: c7 83 20 03 00 00 00 00 00 00 4d 85 db 74 05 e8 35 46 51 01 48 c7 c7 0d 2a 39 91 4c 89 ee 4c 89 e2 4c 89 f1 e8 10 90 fc ff 90 <0f> 0b 4c 89 ef e8 d5 de 1a 01 4d 8b 7d 00 4c 89 ef e8 d9 3a 51 01 [ 229.552466][ T6062] RSP: 0018:ffff888012477c78 EFLAGS: 00010086 [ 229.558770][ T6062] RAX: 0000000000000075 RBX: ffff88812f4dccc8 RCX: 0000000000000000 [ 229.566940][ T6062] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 229.575094][ T6062] RBP: ffff888012477ce8 R08: ffffffff81a6e036 R09: 0000000000000000 [ 229.583268][ T6062] R10: ffff88823fc64a90 R11: 0000000000000004 R12: 0000000000000000 [ 229.591437][ T6062] R13: ffff88810315c040 R14: ffff88811a55b180 R15: 0000000000000000 [ 229.599608][ T6062] FS: 0000000000000000(0000) GS:ffff88813fd00000(0000) knlGS:0000000000000000 [ 229.608752][ T6062] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 229.615527][ T6062] CR2: 00000000ff846b34 CR3: 000000012f796000 CR4: 00000000003526f0 [ 229.623697][ T6062] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 229.631857][ T6062] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 229.640034][ T6062] Kernel panic - not syncing: Fatal exception [ 231.073349][ T6062] Shutting down cpus with NMI [ 231.078545][ T6062] Kernel Offset: disabled [ 231.082987][ T6062] Rebooting in 86400 seconds..