Warning: Permanently added '10.128.1.25' (ED25519) to the list of known hosts.
2025/04/11 12:01:15 ignoring optional flag "sandboxArg"="0"
2025/04/11 12:01:16 parsed 1 programs
[  121.098245][ T6014] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  123.419876][ T3479] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.432984][ T3479] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.459387][ T1101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  123.468346][ T1101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  123.885962][ T5155] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  123.895047][ T5155] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  123.903660][ T5155] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  123.912553][ T5155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  123.921204][ T5155] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  124.735693][ T6065] chnl_net:caif_netlink_parms(): no params data found
[  124.800374][ T6065] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.807621][ T6065] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.814753][ T6065] bridge_slave_0: entered allmulticast mode
[  124.822045][ T6065] bridge_slave_0: entered promiscuous mode
[  124.829679][ T6065] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.837126][ T6065] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.844406][ T6065] bridge_slave_1: entered allmulticast mode
[  124.852158][ T6065] bridge_slave_1: entered promiscuous mode
[  124.896080][ T6065] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.909467][ T6065] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  124.955494][ T6065] team0: Port device team_slave_0 added
[  124.964891][ T6065] team0: Port device team_slave_1 added
[  125.025294][ T6065] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.033098][ T6065] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.082624][ T6065] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  125.103397][ T6065] batman_adv: batadv0: Adding interface: batadv_slave_1
[  125.111771][ T6065] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.139052][ T6065] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  125.189097][ T6065] hsr_slave_0: entered promiscuous mode
[  125.195479][ T6065] hsr_slave_1: entered promiscuous mode
[  125.315915][ T6065] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.398407][ T6065] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.457599][ T6065] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.501194][ T6065] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.602999][ T6065] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  125.618252][ T6065] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  125.628327][ T6065] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  125.639233][ T6065] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  125.716816][ T6065] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.735301][ T6065] 8021q: adding VLAN 0 to HW filter on device team0
[  125.749817][ T1101] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.757127][ T1101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  125.773677][ T3534] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.780860][ T3534] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.934030][ T6065] 8021q: adding VLAN 0 to HW filter on device batadv0
[  125.975563][ T6065] veth0_vlan: entered promiscuous mode
[  125.990593][ T6065] veth1_vlan: entered promiscuous mode
[  126.019334][ T6065] veth0_macvtap: entered promiscuous mode
[  126.029861][ T6065] veth1_macvtap: entered promiscuous mode
[  126.044626][ T6065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  126.055921][ T6065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.068158][ T6065] batman_adv: batadv0: Interface activated: batadv_slave_0
[  126.082462][ T6065] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  126.093835][ T6065] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  126.108044][ T6065] batman_adv: batadv0: Interface activated: batadv_slave_1
[  126.120246][ T6065] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.129206][ T6065] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  126.138334][ T6065] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  126.147667][ T6065] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
2025/04/11 12:01:27 executed programs: 0
[  127.543234][ T5155] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  127.552533][ T5155] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  127.561154][ T5155] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  127.574756][ T5155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  127.582925][ T5155] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  127.734787][ T6113] chnl_net:caif_netlink_parms(): no params data found
[  127.814237][ T6113] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.821739][ T6113] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.829256][ T6113] bridge_slave_0: entered allmulticast mode
[  127.836271][ T6113] bridge_slave_0: entered promiscuous mode
[  127.848862][ T6113] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.855977][ T6113] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.863574][ T6113] bridge_slave_1: entered allmulticast mode
[  127.870794][ T6113] bridge_slave_1: entered promiscuous mode
[  127.901607][ T6113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  127.914746][ T6113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  127.945660][ T6113] team0: Port device team_slave_0 added
[  127.956052][ T6113] team0: Port device team_slave_1 added
[  127.991090][ T6113] batman_adv: batadv0: Adding interface: batadv_slave_0
[  127.998181][ T6113] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.024556][ T6113] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.036886][ T6113] batman_adv: batadv0: Adding interface: batadv_slave_1
[  128.043845][ T6113] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.070482][ T6113] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  128.113961][ T6113] hsr_slave_0: entered promiscuous mode
[  128.120264][ T6113] hsr_slave_1: entered promiscuous mode
[  128.126232][ T6113] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.134396][ T6113] Cannot create hsr debugfs directory
[  128.234600][ T6113] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.618839][ T6113] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.646850][ T5867] Bluetooth: hci0: command tx timeout
[  129.667603][ T6113] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.750099][ T6113] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.867683][ T6113] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  129.878789][ T6113] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  129.889591][ T6113] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  129.900278][ T6113] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  129.971818][ T6113] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.992903][ T6113] 8021q: adding VLAN 0 to HW filter on device team0
[  130.007361][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.014567][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.030601][ T3534] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.037784][ T3534] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.193596][ T6113] 8021q: adding VLAN 0 to HW filter on device batadv0
[  130.239636][ T6113] veth0_vlan: entered promiscuous mode
[  130.252456][ T6113] veth1_vlan: entered promiscuous mode
[  130.280431][ T6113] veth0_macvtap: entered promiscuous mode
[  130.291639][ T6113] veth1_macvtap: entered promiscuous mode
[  130.310911][ T6113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.321566][ T6113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.332217][ T6113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  130.343319][ T6113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.355476][ T6113] batman_adv: batadv0: Interface activated: batadv_slave_0
[  130.370376][ T6113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.380899][ T6113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.391585][ T6113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  130.402308][ T6113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  130.414610][ T6113] batman_adv: batadv0: Interface activated: batadv_slave_1
[  130.427076][ T6113] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  130.435811][ T6113] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  130.444696][ T6113] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  130.455153][ T6113] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  130.523063][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.536011][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.561101][ T3534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  130.569867][ T3534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  131.102626][ T6151] FAULT_INJECTION: forcing a failure.
[  131.102626][ T6151] name failslab, interval 1, probability 0, space 0, times 0
[  131.117941][ T6151] CPU: 1 UID: 0 PID: 6151 Comm: syz.0.27 Not tainted 6.15.0-rc1-syzkaller-g900241a5cc15 #0 PREEMPT(full) 
[  131.117972][ T6151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  131.117989][ T6151] Call Trace:
[  131.117997][ T6151]  <TASK>
[  131.118009][ T6151]  dump_stack_lvl+0x16c/0x1f0
[  131.118049][ T6151]  should_fail_ex+0x512/0x640
[  131.118074][ T6151]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  131.118110][ T6151]  should_failslab+0xc2/0x120
[  131.118132][ T6151]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  131.118165][ T6151]  ? mas_alloc_nodes+0x18b/0x8b0
[  131.118199][ T6151]  mas_alloc_nodes+0x18b/0x8b0
[  131.118234][ T6151]  mas_node_count_gfp+0x105/0x130
[  131.118265][ T6151]  mas_preallocate+0x53e/0xcd0
[  131.118293][ T6151]  ? __pfx_mas_preallocate+0x10/0x10
[  131.118334][ T6151]  ? __lock_acquire+0x5ca/0x1ba0
[  131.118376][ T6151]  vma_link+0x135/0x6a0
[  131.118412][ T6151]  ? __pfx_vma_link+0x10/0x10
[  131.118462][ T6151]  ? __pfx_hugetlb_vm_op_open+0x10/0x10
[  131.118494][ T6151]  copy_vma+0x68a/0xa50
[  131.118531][ T6151]  ? __pfx_copy_vma+0x10/0x10
[  131.118571][ T6151]  ? register_lock_class+0x41/0x4c0
[  131.118592][ T6151]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  131.118639][ T6151]  ? __lock_acquire+0x5ca/0x1ba0
[  131.118676][ T6151]  copy_vma_and_data+0x1cf/0x810
[  131.118713][ T6151]  ? __pfx_copy_vma_and_data+0x10/0x10
[  131.118755][ T6151]  ? __vma_enter_locked+0x163/0x3f0
[  131.118792][ T6151]  ? find_held_lock+0x2b/0x80
[  131.118820][ T6151]  ? move_vma+0x536/0x1740
[  131.118861][ T6151]  move_vma+0x548/0x1740
[  131.118900][ T6151]  ? __pfx_move_vma+0x10/0x10
[  131.118936][ T6151]  ? hugetlb_get_unmapped_area+0x1b7/0x2a0
[  131.118966][ T6151]  ? cap_mmap_addr+0x4b/0x120
[  131.118986][ T6151]  ? bpf_lsm_mmap_addr+0x9/0x10
[  131.119013][ T6151]  ? security_mmap_addr+0x6c/0x1e0
[  131.119041][ T6151]  ? __get_unmapped_area+0x26a/0x440
[  131.119072][ T6151]  ? vrm_set_new_addr+0x208/0x290
[  131.119107][ T6151]  __do_sys_mremap+0xe38/0x15d0
[  131.119146][ T6151]  ? __pfx___do_sys_mremap+0x10/0x10
[  131.119180][ T6151]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  131.119216][ T6151]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  131.119253][ T6151]  ? __fget_files+0x20e/0x3c0
[  131.119297][ T6151]  ? rcu_is_watching+0x12/0xc0
[  131.119340][ T6151]  do_syscall_64+0xcd/0x260
[  131.119374][ T6151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.119397][ T6151] RIP: 0033:0x7f1ed437dff9
[  131.119416][ T6151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  131.119440][ T6151] RSP: 002b:00007f1ed5230038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  131.119460][ T6151] RAX: ffffffffffffffda RBX: 00007f1ed4535f80 RCX: 00007f1ed437dff9
[  131.119474][ T6151] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000000000000000
[  131.119490][ T6151] RBP: 00007f1ed5230090 R08: 0000000100000000 R09: 0000000000000000
[  131.119500][ T6151] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001
[  131.119507][ T6151] R13: 0000000000000000 R14: 00007f1ed4535f80 R15: 00007ffce8f7c9d8
[  131.119525][ T6151]  </TASK>
[  131.447943][ T6151] ------------[ cut here ]------------
[  131.453471][ T6151] page_counter underflow: -512 nr_pages=512
[  131.460146][ T6151] WARNING: CPU: 0 PID: 6151 at mm/page_counter.c:60 page_counter_cancel+0x110/0x170
[  131.470506][ T6151] Modules linked in:
[  131.474559][ T6151] CPU: 0 UID: 0 PID: 6151 Comm: syz.0.27 Not tainted 6.15.0-rc1-syzkaller-g900241a5cc15 #0 PREEMPT(full) 
[  131.486540][ T6151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  131.498121][ T6151] RIP: 0010:page_counter_cancel+0x110/0x170
[  131.504069][ T6151] Code: e8 d5 9e 94 ff 45 84 ed 75 24 e8 eb a3 94 ff c6 05 78 2c 48 0e 01 90 48 c7 c7 a0 b8 9d 8b 4c 89 e2 48 89 ee e8 71 35 54 ff 90 <0f> 0b 90 90 e8 c7 a3 94 ff be 08 00 00 00 48 89 df e8 4a 19 f9 ff
[  131.524495][ T6151] RSP: 0018:ffffc90003eaf8c0 EFLAGS: 00010286
[  131.531617][ T6151] RAX: 0000000000000000 RBX: ffff88814dff1380 RCX: ffffffff817acff8
[  131.540673][ T6151] RDX: ffff8880269d8000 RSI: ffffffff817ad005 RDI: 0000000000000001
[  131.548756][ T6151] RBP: fffffffffffffe00 R08: 0000000000000001 R09: 0000000000000000
[  131.557120][ T6151] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000200
[  131.565137][ T6151] R13: 0000000000000000 R14: 0000000000000001 R15: ffff888028a86190
[  131.573918][ T6151] FS:  0000000000000000(0000) GS:ffff8881249b9000(0000) knlGS:0000000000000000
[  131.583330][ T6151] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  131.590118][ T6151] CR2: 0000001b31c5ffff CR3: 0000000035082000 CR4: 00000000003526f0
[  131.598191][ T6151] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  131.606182][ T6151] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  131.614240][ T6151] Call Trace:
[  131.617598][ T6151]  <TASK>
[  131.620544][ T6151]  page_counter_uncharge+0x32/0x70
[  131.625683][ T6151]  hugetlb_cgroup_uncharge_counter+0xd6/0x410
[  131.631839][ T6151]  hugetlb_vm_op_close+0x3eb/0x5a0
[  131.637739][ T6151]  ? __pfx_hugetlb_vm_op_close+0x10/0x10
[  131.643374][ T6151]  remove_vma+0x85/0x160
[  131.649740][ T6151]  exit_mmap+0x511/0xb90
[  131.654076][ T6151]  ? __pfx_exit_mmap+0x10/0x10
[  131.659141][ T6151]  ? __lock_acquire+0xaa4/0x1ba0
[  131.664159][ T6151]  __mmput+0x12a/0x410
[  131.668312][ T6151]  mmput+0x62/0x70
[  131.672053][ T6151]  do_exit+0x9d1/0x2c30
[  131.676233][ T6151]  ? __pfx_futex_wake_mark+0x10/0x10
[  131.681610][ T6151]  ? __pfx_do_exit+0x10/0x10
[  131.686239][ T6151]  ? do_raw_spin_lock+0x12c/0x2b0
[  131.691423][ T6151]  ? find_held_lock+0x2b/0x80
[  131.696137][ T6151]  do_group_exit+0xd3/0x2a0
[  131.700733][ T6151]  get_signal+0x2673/0x26d0
[  131.705321][ T6151]  ? __pfx_get_signal+0x10/0x10
[  131.710239][ T6151]  ? do_futex+0x122/0x350
[  131.714599][ T6151]  ? __pfx_do_futex+0x10/0x10
[  131.719366][ T6151]  arch_do_signal_or_restart+0x8f/0x7d0
[  131.724939][ T6151]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  131.731784][ T6151]  ? __pfx_fput_close_sync+0x10/0x10
[  131.737106][ T5867] Bluetooth: hci0: command tx timeout
[  131.743864][ T6151]  syscall_exit_to_user_mode+0x150/0x2a0
[  131.750562][ T6151]  do_syscall_64+0xda/0x260
[  131.755144][ T6151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  131.761089][ T6151] RIP: 0033:0x7f1ed437dff9
[  131.765514][ T6151] Code: Unable to access opcode bytes at 0x7f1ed437dfcf.
[  131.772602][ T6151] RSP: 002b:00007f1ed52300e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  131.781074][ T6151] RAX: fffffffffffffe00 RBX: 00007f1ed4535f88 RCX: 00007f1ed437dff9
[  131.789150][ T6151] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1ed4535f88
[  131.797188][ T6151] RBP: 00007f1ed4535f80 R08: 0000000000000000 R09: 0000000000000000
[  131.805335][ T6151] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ed4535f8c
[  131.813456][ T6151] R13: 0000000000000000 R14: 00007ffce8f7c8f0 R15: 00007ffce8f7c9d8
[  131.821506][ T6151]  </TASK>
[  131.824517][ T6151] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  131.831793][ T6151] CPU: 0 UID: 0 PID: 6151 Comm: syz.0.27 Not tainted 6.15.0-rc1-syzkaller-g900241a5cc15 #0 PREEMPT(full) 
[  131.843249][ T6151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  131.853304][ T6151] Call Trace:
[  131.856576][ T6151]  <TASK>
[  131.859572][ T6151]  dump_stack_lvl+0x3d/0x1f0
[  131.864171][ T6151]  panic+0x71c/0x800
[  131.868087][ T6151]  ? __pfx_panic+0x10/0x10
[  131.872586][ T6151]  ? show_trace_log_lvl+0x29b/0x3e0
[  131.877795][ T6151]  ? check_panic_on_warn+0x1f/0xb0
[  131.882905][ T6151]  ? page_counter_cancel+0x110/0x170
[  131.888200][ T6151]  check_panic_on_warn+0xab/0xb0
[  131.893154][ T6151]  __warn+0xf6/0x3c0
[  131.897057][ T6151]  ? preempt_schedule_notrace+0x62/0xe0
[  131.902610][ T6151]  ? page_counter_cancel+0x110/0x170
[  131.907899][ T6151]  report_bug+0x3c3/0x580
[  131.912232][ T6151]  ? page_counter_cancel+0x110/0x170
[  131.917520][ T6151]  handle_bug+0x184/0x210
[  131.921849][ T6151]  exc_invalid_op+0x17/0x50
[  131.926350][ T6151]  asm_exc_invalid_op+0x1a/0x20
[  131.931207][ T6151] RIP: 0010:page_counter_cancel+0x110/0x170
[  131.937208][ T6151] Code: e8 d5 9e 94 ff 45 84 ed 75 24 e8 eb a3 94 ff c6 05 78 2c 48 0e 01 90 48 c7 c7 a0 b8 9d 8b 4c 89 e2 48 89 ee e8 71 35 54 ff 90 <0f> 0b 90 90 e8 c7 a3 94 ff be 08 00 00 00 48 89 df e8 4a 19 f9 ff
[  131.956823][ T6151] RSP: 0018:ffffc90003eaf8c0 EFLAGS: 00010286
[  131.962896][ T6151] RAX: 0000000000000000 RBX: ffff88814dff1380 RCX: ffffffff817acff8
[  131.970879][ T6151] RDX: ffff8880269d8000 RSI: ffffffff817ad005 RDI: 0000000000000001
[  131.978880][ T6151] RBP: fffffffffffffe00 R08: 0000000000000001 R09: 0000000000000000
[  131.987110][ T6151] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000200
[  131.995075][ T6151] R13: 0000000000000000 R14: 0000000000000001 R15: ffff888028a86190
[  132.003052][ T6151]  ? __warn_printk+0x198/0x350
[  132.007824][ T6151]  ? __warn_printk+0x1a5/0x350
[  132.012586][ T6151]  page_counter_uncharge+0x32/0x70
[  132.017702][ T6151]  hugetlb_cgroup_uncharge_counter+0xd6/0x410
[  132.023861][ T6151]  hugetlb_vm_op_close+0x3eb/0x5a0
[  132.028982][ T6151]  ? __pfx_hugetlb_vm_op_close+0x10/0x10
[  132.034723][ T6151]  remove_vma+0x85/0x160
[  132.038974][ T6151]  exit_mmap+0x511/0xb90
[  132.043234][ T6151]  ? __pfx_exit_mmap+0x10/0x10
[  132.048009][ T6151]  ? __lock_acquire+0xaa4/0x1ba0
[  132.052975][ T6151]  __mmput+0x12a/0x410
[  132.057051][ T6151]  mmput+0x62/0x70
[  132.060775][ T6151]  do_exit+0x9d1/0x2c30
[  132.065032][ T6151]  ? __pfx_futex_wake_mark+0x10/0x10
[  132.070318][ T6151]  ? __pfx_do_exit+0x10/0x10
[  132.075025][ T6151]  ? do_raw_spin_lock+0x12c/0x2b0
[  132.080062][ T6151]  ? find_held_lock+0x2b/0x80
[  132.084750][ T6151]  do_group_exit+0xd3/0x2a0
[  132.089258][ T6151]  get_signal+0x2673/0x26d0
[  132.093904][ T6151]  ? __pfx_get_signal+0x10/0x10
[  132.098757][ T6151]  ? do_futex+0x122/0x350
[  132.103104][ T6151]  ? __pfx_do_futex+0x10/0x10
[  132.107872][ T6151]  arch_do_signal_or_restart+0x8f/0x7d0
[  132.113427][ T6151]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  132.119679][ T6151]  ? __pfx_fput_close_sync+0x10/0x10
[  132.124972][ T6151]  syscall_exit_to_user_mode+0x150/0x2a0
[  132.130613][ T6151]  do_syscall_64+0xda/0x260
[  132.135126][ T6151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.141018][ T6151] RIP: 0033:0x7f1ed437dff9
[  132.145431][ T6151] Code: Unable to access opcode bytes at 0x7f1ed437dfcf.
[  132.152443][ T6151] RSP: 002b:00007f1ed52300e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  132.160876][ T6151] RAX: fffffffffffffe00 RBX: 00007f1ed4535f88 RCX: 00007f1ed437dff9
[  132.168865][ T6151] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1ed4535f88
[  132.176838][ T6151] RBP: 00007f1ed4535f80 R08: 0000000000000000 R09: 0000000000000000
[  132.184822][ T6151] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1ed4535f8c
[  132.192820][ T6151] R13: 0000000000000000 R14: 00007ffce8f7c8f0 R15: 00007ffce8f7c9d8
[  132.200827][ T6151]  </TASK>
[  132.204133][ T6151] Kernel Offset: disabled
[  132.208462][ T6151] Rebooting in 86400 seconds..