last executing test programs: 4.46861214s ago: executing program 0 (id=1): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0b00000073790101000000000000000000000000000af7f4f0c55de8ca0000000000000000000000000000000000000000f3c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000020000000000000030000000000000000000000004119202532aeecfcdbb73887feb3"], 0x138) write$UHID_DESTROY(r0, &(0x7f0000000340), 0x4) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='kfree\x00'}, 0x18) 4.093102696s ago: executing program 2 (id=3): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) listen(0xffffffffffffffff, 0x3) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) 3.810325778s ago: executing program 0 (id=5): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$SG_IO(r0, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffe, 0x4, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000240)="4cd7f979", 0x0, 0x3, 0x10000, 0x1, 0x0}) 3.449300983s ago: executing program 1 (id=2): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) ioprio_set$uid(0x3, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4085}, 0x4000800) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x20) pwrite64(r5, 0x0, 0x0, 0x8080c61) sendmsg$nl_generic(r3, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4000000) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r8, 0x0, 0x30, &(0x7f0000000540)={0x0, {{0x2, 0x4e22, @broadcast}}, 0x1}, 0x90) fadvise64(r7, 0xe0ffff, 0x19, 0x3) 2.992031523s ago: executing program 2 (id=6): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) sched_setaffinity(r2, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) listen(r3, 0x3) accept4$bt_l2cap(r3, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) 2.834850219s ago: executing program 3 (id=4): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) sched_setaffinity(r2, 0x0, 0x0) listen(0xffffffffffffffff, 0x3) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) 2.82220055s ago: executing program 0 (id=7): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) sched_setaffinity(r2, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r3, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) accept4$bt_l2cap(r3, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) 538.406007ms ago: executing program 2 (id=8): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x358, 0x800000000000) sched_setaffinity(r2, 0x0, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) listen(r3, 0x3) accept4$bt_l2cap(r3, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) 0s ago: executing program 1 (id=9): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x800) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x43) ftruncate(r5, 0x2007ffb) r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x200) r7 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) sendfile(r7, r6, 0x0, 0x7ffff000) creat(&(0x7f0000000000)='./bus\x00', 0x48) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.156' (ED25519) to the list of known hosts. [ 67.033098][ T5771] cgroup: Unknown subsys name 'net' [ 67.207367][ T5771] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 68.525746][ T5771] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 70.058074][ T5782] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 70.066510][ T5782] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 70.076221][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 70.084992][ T5782] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 70.115631][ T5793] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 70.132951][ T5793] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 70.141936][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 70.158817][ T5792] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 70.162311][ T5793] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 70.167462][ T5792] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 70.182608][ T5795] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 70.182695][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 70.197876][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 70.204768][ T5794] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 70.206033][ T5792] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 70.212544][ T5794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 70.219957][ T5792] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 70.229450][ T5794] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 70.240841][ T5794] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 70.240994][ T5792] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 70.250800][ T5794] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 70.262772][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 70.270483][ T5794] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 70.278316][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 70.694864][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 70.813141][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 70.896963][ T5781] chnl_net:caif_netlink_parms(): no params data found [ 70.991681][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 70.998918][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.007084][ T5784] bridge_slave_0: entered allmulticast mode [ 71.014848][ T5784] bridge_slave_0: entered promiscuous mode [ 71.024479][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.032014][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.039191][ T5784] bridge_slave_1: entered allmulticast mode [ 71.047332][ T5784] bridge_slave_1: entered promiscuous mode [ 71.062084][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 71.085774][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.093113][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.100290][ T5785] bridge_slave_0: entered allmulticast mode [ 71.108157][ T5785] bridge_slave_0: entered promiscuous mode [ 71.141837][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.149022][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.156730][ T5785] bridge_slave_1: entered allmulticast mode [ 71.164335][ T5785] bridge_slave_1: entered promiscuous mode [ 71.232626][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.246021][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.255600][ T5781] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.263018][ T5781] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.270337][ T5781] bridge_slave_0: entered allmulticast mode [ 71.277618][ T5781] bridge_slave_0: entered promiscuous mode [ 71.290107][ T5781] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.297772][ T5781] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.305186][ T5781] bridge_slave_1: entered allmulticast mode [ 71.312635][ T5781] bridge_slave_1: entered promiscuous mode [ 71.329489][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.336565][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.348173][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.397248][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.420009][ T5784] team0: Port device team_slave_0 added [ 71.429573][ T5784] team0: Port device team_slave_1 added [ 71.479087][ T5781] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.494329][ T5781] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 71.506693][ T5785] team0: Port device team_slave_0 added [ 71.516420][ T5785] team0: Port device team_slave_1 added [ 71.569180][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.576357][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.602581][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.617765][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.624936][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.651294][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.676054][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.683303][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.709981][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 71.723456][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.730650][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.738039][ T5786] bridge_slave_0: entered allmulticast mode [ 71.745661][ T5786] bridge_slave_0: entered promiscuous mode [ 71.775288][ T5781] team0: Port device team_slave_0 added [ 71.783830][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 71.790805][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.817122][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 71.832096][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.839303][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.846783][ T5786] bridge_slave_1: entered allmulticast mode [ 71.854457][ T5786] bridge_slave_1: entered promiscuous mode [ 71.872479][ T5781] team0: Port device team_slave_1 added [ 71.932589][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 71.956564][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 71.963827][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 71.990037][ T5781] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.016679][ T5785] hsr_slave_0: entered promiscuous mode [ 72.023841][ T5785] hsr_slave_1: entered promiscuous mode [ 72.032993][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 72.052343][ T5781] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.059305][ T5781] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.085908][ T5781] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.115225][ T5784] hsr_slave_0: entered promiscuous mode [ 72.121601][ T5784] hsr_slave_1: entered promiscuous mode [ 72.128072][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.136133][ T5784] Cannot create hsr debugfs directory [ 72.157178][ T5786] team0: Port device team_slave_0 added [ 72.169336][ T5786] team0: Port device team_slave_1 added [ 72.199268][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 72.206362][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.232507][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 72.264565][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 72.271735][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 72.297779][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 72.302353][ T5782] Bluetooth: hci1: command tx timeout [ 72.361628][ T5790] Bluetooth: hci3: command tx timeout [ 72.361664][ T5794] Bluetooth: hci0: command tx timeout [ 72.365689][ T5781] hsr_slave_0: entered promiscuous mode [ 72.372799][ T5782] Bluetooth: hci2: command tx timeout [ 72.386691][ T5781] hsr_slave_1: entered promiscuous mode [ 72.394342][ T5781] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.402053][ T5781] Cannot create hsr debugfs directory [ 72.497895][ T5786] hsr_slave_0: entered promiscuous mode [ 72.504134][ T5786] hsr_slave_1: entered promiscuous mode [ 72.510611][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 72.519588][ T5786] Cannot create hsr debugfs directory [ 72.831660][ T5785] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 72.846782][ T5785] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 72.857413][ T5785] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 72.876671][ T5785] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 72.940609][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 72.952201][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 72.962208][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 72.986624][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 73.052676][ T5786] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 73.067952][ T5786] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 73.079793][ T5786] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 73.089237][ T5786] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 73.178503][ T5781] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 73.217113][ T5781] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 73.238580][ T5781] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 73.248152][ T5781] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 73.289588][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.358309][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.372077][ T1132] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.379655][ T1132] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.402554][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.446505][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.453689][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.480949][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.503421][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.534867][ T1128] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.542119][ T1128] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.564995][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.579076][ T1128] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.586381][ T1128] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.616215][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.623592][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.635193][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.642412][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.725701][ T5781] 8021q: adding VLAN 0 to HW filter on device bond0 [ 73.788401][ T5781] 8021q: adding VLAN 0 to HW filter on device team0 [ 73.818886][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 73.858888][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.866218][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.880394][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.887643][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.347894][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.363514][ T5782] Bluetooth: hci1: command tx timeout [ 74.402517][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.442743][ T5790] Bluetooth: hci2: command tx timeout [ 74.444725][ T5794] Bluetooth: hci3: command tx timeout [ 74.448705][ T5782] Bluetooth: hci0: command tx timeout [ 74.479024][ T5785] veth0_vlan: entered promiscuous mode [ 74.493452][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.512341][ T5785] veth1_vlan: entered promiscuous mode [ 74.550220][ T5781] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.605313][ T5785] veth0_macvtap: entered promiscuous mode [ 74.619873][ T5785] veth1_macvtap: entered promiscuous mode [ 74.658145][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.696911][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.704840][ T5784] veth0_vlan: entered promiscuous mode [ 74.719224][ T5786] veth0_vlan: entered promiscuous mode [ 74.745608][ T5785] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.756671][ T5785] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.771333][ T5785] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.781890][ T5785] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.808767][ T5781] veth0_vlan: entered promiscuous mode [ 74.824705][ T5784] veth1_vlan: entered promiscuous mode [ 74.835170][ T5786] veth1_vlan: entered promiscuous mode [ 74.855609][ T5781] veth1_vlan: entered promiscuous mode [ 74.935727][ T5786] veth0_macvtap: entered promiscuous mode [ 74.969619][ T5781] veth0_macvtap: entered promiscuous mode [ 74.979460][ T5786] veth1_macvtap: entered promiscuous mode [ 75.009352][ T5784] veth0_macvtap: entered promiscuous mode [ 75.027632][ T5781] veth1_macvtap: entered promiscuous mode [ 75.062171][ T3454] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.062702][ T5784] veth1_macvtap: entered promiscuous mode [ 75.070172][ T3454] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.092343][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.104849][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.116187][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.155889][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.167696][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.180583][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.194895][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.205605][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.215535][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.225987][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.237225][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.254619][ T5786] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.263851][ T5786] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.272879][ T5786] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.281892][ T5786] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.304741][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.316057][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.328005][ T5781] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.338645][ T5781] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.349837][ T5781] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.359409][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.370247][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.380482][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.391041][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.401138][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 75.412132][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.427617][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.447353][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.449591][ T5781] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.464886][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.469441][ T5781] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.483564][ T5781] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.492462][ T5781] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.512430][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.523287][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.533946][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.545965][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.555887][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 75.566895][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 75.580782][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.594275][ T5784] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.604089][ T5784] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.613075][ T5784] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.621858][ T5784] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.798580][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.830403][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.898190][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x4 [ 75.910720][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x2 [ 75.921321][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 75.932341][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.943627][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.951052][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 75.959980][ T3454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.975133][ T3454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.981457][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.005080][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.013390][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.021329][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.029613][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.038516][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.060807][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.068742][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.102825][ T1132] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.110861][ T1132] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.118901][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.146143][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.167529][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.199546][ T5866] hid-generic 0000:3000000:0000.0001: unknown main item tag 0x0 [ 76.224814][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.246664][ T5866] hid-generic 0000:3000000:0000.0001: hidraw0: HID v0.00 Device [sy] on syz0 [ 76.261802][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.356550][ T1141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.398220][ T1141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.524863][ T5794] Bluetooth: hci0: command tx timeout [ 76.530843][ T5790] Bluetooth: hci2: command tx timeout [ 76.532176][ T5794] Bluetooth: hci3: command tx timeout [ 76.543524][ T5782] Bluetooth: hci1: command tx timeout [ 76.561605][ T5794] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 76.577541][ T5794] CPU: 0 PID: 5794 Comm: kworker/u5:6 Not tainted syzkaller #0 [ 76.585162][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 76.595258][ T5794] Workqueue: hci3 hci_rx_work [ 76.600087][ T5794] Call Trace: [ 76.603499][ T5794] [ 76.606473][ T5794] dump_stack_lvl+0x16c/0x230 [ 76.611215][ T5794] ? show_regs_print_info+0x20/0x20 [ 76.616463][ T5794] ? load_image+0x3b0/0x3b0 [ 76.621010][ T5794] sysfs_create_dir_ns+0x256/0x280 [ 76.626149][ T5794] ? sysfs_warn_dup+0xa0/0xa0 [ 76.630849][ T5794] ? do_raw_spin_unlock+0x121/0x230 [ 76.636070][ T5794] kobject_add_internal+0x6b8/0xc70 [ 76.641293][ T5794] kobject_add+0x156/0x220 [ 76.645819][ T5794] ? kobject_init+0x1e0/0x1e0 [ 76.650510][ T5794] ? _raw_spin_unlock+0x28/0x40 [ 76.655471][ T5794] ? get_device_parent+0x366/0x390 [ 76.660693][ T5794] device_add+0x408/0xc20 [ 76.665134][ T5794] hci_conn_add_sysfs+0xd5/0x1e0 [ 76.670093][ T5794] le_conn_complete_evt+0xf36/0x1500 [ 76.675394][ T5794] ? hci_event_packet+0x4a7/0x1210 [ 76.680615][ T5794] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 76.686879][ T5794] ? __copy_skb_header+0xa7/0x550 [ 76.691930][ T5794] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 76.697582][ T5794] ? skb_pull_data+0xfb/0x200 [ 76.702274][ T5794] hci_le_conn_complete_evt+0x187/0x440 [ 76.707929][ T5794] ? hci_remote_host_features_evt+0x160/0x160 [ 76.714011][ T5794] hci_event_packet+0x795/0x1210 [ 76.718968][ T5794] ? bis_list+0x290/0x290 [ 76.723312][ T5794] ? lockdep_hardirqs_on+0x98/0x150 [ 76.728524][ T5794] ? hci_send_to_monitor+0xd7/0x4f0 [ 76.733828][ T5794] hci_rx_work+0x43a/0xd80 [ 76.738272][ T5794] ? process_scheduled_works+0x957/0x15b0 [ 76.744013][ T5794] process_scheduled_works+0xa45/0x15b0 [ 76.749616][ T5794] ? assign_work+0x400/0x400 [ 76.754348][ T5794] ? assign_work+0x39e/0x400 [ 76.758979][ T5794] worker_thread+0xa55/0xfc0 [ 76.763704][ T5794] kthread+0x2fa/0x390 [ 76.767793][ T5794] ? pr_cont_work+0x560/0x560 [ 76.772489][ T5794] ? kthread_blkcg+0xd0/0xd0 [ 76.777090][ T5794] ret_from_fork+0x48/0x80 [ 76.781523][ T5794] ? kthread_blkcg+0xd0/0xd0 [ 76.786128][ T5794] ret_from_fork_asm+0x11/0x20 [ 76.790923][ T5794] [ 76.803744][ T5794] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 76.818700][ T5794] Bluetooth: hci3: failed to register connection device [ 77.050085][ T5879] capability: warning: `syz.0.5' uses deprecated v2 capabilities in a way that may be insecure [ 77.333063][ T5874] fido_id[5874]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 77.387981][ T5884] syz.1.2[5884]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.464605][ T5884] loop1: detected capacity change from 0 to 16 [ 77.517093][ T5884] erofs: (device loop1): mounted with root inode @ nid 36. [ 77.695920][ T5794] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 78.352770][ T5782] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 78.469647][ T5902] syz.1.2: attempt to access beyond end of device [ 78.469647][ T5902] loop1: rw=0, sector=8, nr_sectors = 32 limit=16 [ 78.597182][ T5902] syz.1.2: attempt to access beyond end of device [ 78.597182][ T5902] loop1: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 78.611720][ T5902] syz.1.2: attempt to access beyond end of device [ 78.611720][ T5902] loop1: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 79.437821][ T5782] CPU: 1 PID: 5782 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 79.445898][ T5782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 79.456179][ T5782] Workqueue: hci2 hci_rx_work [ 79.460924][ T5782] Call Trace: [ 79.464245][ T5782] [ 79.467224][ T5782] dump_stack_lvl+0x16c/0x230 [ 79.471949][ T5782] ? show_regs_print_info+0x20/0x20 [ 79.477198][ T5782] ? load_image+0x3b0/0x3b0 [ 79.480412][ T5792] Bluetooth: hci0: command tx timeout [ 79.481823][ T5782] sysfs_create_dir_ns+0x256/0x280 [ 79.487277][ T5792] Bluetooth: hci3: command tx timeout [ 79.492345][ T5782] ? hci_rx_work+0x43a/0xd80 [ 79.492376][ T5782] ? sysfs_warn_dup+0xa0/0xa0 [ 79.492406][ T5782] ? do_raw_spin_unlock+0x121/0x230 [ 79.492436][ T5782] kobject_add_internal+0x6b8/0xc70 [ 79.492465][ T5782] kobject_add+0x156/0x220 [ 79.492483][ T5782] ? __rwlock_init+0x150/0x150 [ 79.492510][ T5782] ? kobject_init+0x1e0/0x1e0 [ 79.492531][ T5782] ? _raw_spin_unlock+0x28/0x40 [ 79.492558][ T5782] ? get_device_parent+0x366/0x390 [ 79.492589][ T5782] device_add+0x408/0xc20 [ 79.492624][ T5782] hci_conn_add_sysfs+0xd5/0x1e0 [ 79.492651][ T5782] le_conn_complete_evt+0xf36/0x1500 [ 79.499604][ T5794] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 79.503059][ T5782] ? hci_event_packet+0x4a7/0x1210 [ 79.503098][ T5782] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 79.503128][ T5782] ? __copy_skb_header+0xa7/0x550 [ 79.583229][ T5782] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 79.589074][ T5782] ? skb_pull_data+0xfb/0x200 [ 79.593801][ T5782] hci_le_conn_complete_evt+0x187/0x440 [ 79.599376][ T5782] ? hci_remote_host_features_evt+0x160/0x160 [ 79.605472][ T5782] hci_event_packet+0x795/0x1210 [ 79.610434][ T5782] ? bis_list+0x290/0x290 [ 79.614800][ T5782] ? lockdep_hardirqs_on+0x98/0x150 [ 79.620054][ T5782] ? hci_send_to_monitor+0xd7/0x4f0 [ 79.625304][ T5782] hci_rx_work+0x43a/0xd80 [ 79.629759][ T5782] ? process_scheduled_works+0x957/0x15b0 [ 79.635509][ T5782] process_scheduled_works+0xa45/0x15b0 [ 79.641132][ T5782] ? assign_work+0x400/0x400 [ 79.645785][ T5782] ? assign_work+0x39e/0x400 [ 79.650424][ T5782] worker_thread+0xa55/0xfc0 [ 79.655045][ T5782] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 79.660960][ T5782] ? _raw_spin_unlock+0x40/0x40 [ 79.665834][ T5782] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 79.671801][ T5782] kthread+0x2fa/0x390 [ 79.676030][ T5782] ? pr_cont_work+0x560/0x560 [ 79.680725][ T5782] ? kthread_blkcg+0xd0/0xd0 [ 79.685340][ T5782] ret_from_fork+0x48/0x80 [ 79.689775][ T5782] ? kthread_blkcg+0xd0/0xd0 [ 79.694383][ T5782] ret_from_fork_asm+0x11/0x20 [ 79.699189][ T5782] [ 79.702223][ T5794] CPU: 0 PID: 5794 Comm: kworker/u5:6 Not tainted syzkaller #0 [ 79.709834][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 79.720012][ T5794] Workqueue: hci1 hci_rx_work [ 79.724812][ T5794] Call Trace: [ 79.728136][ T5794] [ 79.731089][ T5794] dump_stack_lvl+0x16c/0x230 [ 79.735973][ T5794] ? show_regs_print_info+0x20/0x20 [ 79.741368][ T5794] ? load_image+0x3b0/0x3b0 [ 79.745909][ T5794] sysfs_create_dir_ns+0x256/0x280 [ 79.751038][ T5794] ? hci_rx_work+0x43a/0xd80 [ 79.755682][ T5794] ? sysfs_warn_dup+0xa0/0xa0 [ 79.760382][ T5794] ? do_raw_spin_unlock+0x121/0x230 [ 79.765607][ T5794] kobject_add_internal+0x6b8/0xc70 [ 79.770916][ T5794] kobject_add+0x156/0x220 [ 79.775348][ T5794] ? __rwlock_init+0x150/0x150 [ 79.780228][ T5794] ? kobject_init+0x1e0/0x1e0 [ 79.784944][ T5794] ? _raw_spin_unlock+0x28/0x40 [ 79.789814][ T5794] ? get_device_parent+0x366/0x390 [ 79.795042][ T5794] device_add+0x408/0xc20 [ 79.799482][ T5794] hci_conn_add_sysfs+0xd5/0x1e0 [ 79.804458][ T5794] le_conn_complete_evt+0xf36/0x1500 [ 79.809766][ T5794] ? hci_event_packet+0x4a7/0x1210 [ 79.814987][ T5794] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 79.821248][ T5794] ? __copy_skb_header+0xa7/0x550 [ 79.826321][ T5794] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 79.832082][ T5794] ? skb_pull_data+0xfb/0x200 [ 79.836791][ T5794] hci_le_conn_complete_evt+0x187/0x440 [ 79.842468][ T5794] ? hci_remote_host_features_evt+0x160/0x160 [ 79.848555][ T5794] hci_event_packet+0x795/0x1210 [ 79.853528][ T5794] ? bis_list+0x290/0x290 [ 79.857873][ T5794] ? kcov_remote_start+0x2b/0x7f0 [ 79.862918][ T5794] ? hci_send_to_monitor+0xd7/0x4f0 [ 79.868138][ T5794] hci_rx_work+0x43a/0xd80 [ 79.872583][ T5794] ? process_scheduled_works+0x957/0x15b0 [ 79.878323][ T5794] process_scheduled_works+0xa45/0x15b0 [ 79.884088][ T5794] ? assign_work+0x400/0x400 [ 79.888740][ T5794] ? assign_work+0x39e/0x400 [ 79.893465][ T5794] worker_thread+0xa55/0xfc0 [ 79.898095][ T5794] kthread+0x2fa/0x390 [ 79.902174][ T5794] ? pr_cont_work+0x560/0x560 [ 79.906893][ T5794] ? kthread_blkcg+0xd0/0xd0 [ 79.911515][ T5794] ret_from_fork+0x48/0x80 [ 79.916041][ T5794] ? kthread_blkcg+0xd0/0xd0 [ 79.920646][ T5794] ret_from_fork_asm+0x11/0x20 [ 79.925453][ T5794] [ 79.930971][ T5782] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 79.951754][ T5782] Bluetooth: hci2: failed to register connection device [ 79.960017][ T5782] Bluetooth: hci2: command tx timeout [ 80.045729][ T5794] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 80.059930][ T5794] Bluetooth: hci1: failed to register connection device [ 80.075652][ T5794] Bluetooth: hci1: command tx timeout [ 80.212919][ T5781] BUG: Bad page state in process syz-executor pfn:5aa8f [ 80.220246][ T5781] page:ffffea00016aa3c0 refcount:0 mapcount:0 mapping:ffff88805a4087c8 index:0x2 pfn:0x5aa8f [ 80.230632][ T5781] aops:z_erofs_cache_aops ino:0 [ 80.235687][ T5781] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 80.245210][ T5781] page_type: 0xffffffff() [ 80.250186][ T5781] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805a4087c8 [ 80.262325][ T5781] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 80.271892][ T5781] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 80.279221][ T5781] page_owner tracks the page as allocated [ 80.286134][ T5792] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 80.298195][ T5781] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5902, tgid 5883 (syz.1.2), ts 78467057168, free_ts 19169054403 [ 80.320723][ T5781] post_alloc_hook+0x1cd/0x210 [ 80.326107][ T5781] get_page_from_freelist+0x195c/0x19f0 [ 80.332187][ T5781] __alloc_pages+0x1e3/0x460 [ 80.336930][ T5781] z_erofs_do_read_page+0x20c0/0x3680 [ 80.343052][ T5781] z_erofs_pcluster_readmore+0x2cf/0x450 [ 80.348793][ T5781] z_erofs_read_folio+0x208/0x540 [ 80.354577][ T5781] filemap_read_folio+0x167/0x760 [ 80.359874][ T5781] do_read_cache_folio+0x470/0x7e0 [ 80.365610][ T5781] erofs_bread+0x16f/0x630 [ 80.370128][ T5781] erofs_namei+0x28c/0xf00 [ 80.375303][ T5781] erofs_lookup+0x135/0x310 [ 80.379954][ T5781] path_openat+0x10b8/0x3190 [ 80.384919][ T5781] do_filp_open+0x1c5/0x3d0 [ 80.390271][ T5781] do_sys_openat2+0x12c/0x1c0 [ 80.395210][ T5781] __x64_sys_openat+0x139/0x160 [ 80.400112][ T5781] do_syscall_64+0x55/0xb0 [ 80.404637][ T5781] page last free stack trace: [ 80.409355][ T5781] free_unref_page_prepare+0x7ce/0x8e0 [ 80.415000][ T5781] free_unref_page+0x32/0x2e0 [ 80.419730][ T5781] free_contig_range+0xa1/0x160 [ 80.424684][ T5781] destroy_args+0x80/0x850 [ 80.429138][ T5781] debug_vm_pgtable+0x3cc/0x410 [ 80.434122][ T5781] do_one_initcall+0x1fd/0x750 [ 80.438923][ T5781] do_initcall_level+0x137/0x1f0 [ 80.445571][ T5781] do_initcalls+0x69/0xd0 [ 80.449949][ T5781] kernel_init_freeable+0x3d2/0x570 [ 80.455822][ T5781] kernel_init+0x1d/0x1c0 [ 80.460197][ T5781] ret_from_fork+0x48/0x80 [ 80.464811][ T5781] ret_from_fork_asm+0x11/0x20 [ 80.469709][ T5781] Modules linked in: [ 80.473709][ T5781] CPU: 1 PID: 5781 Comm: syz-executor Not tainted syzkaller #0 [ 80.481293][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 80.491384][ T5781] Call Trace: [ 80.494687][ T5781] [ 80.497641][ T5781] dump_stack_lvl+0x16c/0x230 [ 80.502506][ T5781] ? show_regs_print_info+0x20/0x20 [ 80.507815][ T5781] ? swiotlb_print_info+0x70/0x70 [ 80.512955][ T5781] bad_page+0x14b/0x170 [ 80.517120][ T5781] free_unref_page_prepare+0x887/0x8e0 [ 80.522690][ T5781] free_unref_page+0x32/0x2e0 [ 80.527381][ T5781] ? __folio_put+0xef/0x210 [ 80.531984][ T5781] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 80.538419][ T5781] erofs_shrink_workstation+0x118/0x290 [ 80.543994][ T5781] ? erofs_shrinker_unregister+0x170/0x170 [ 80.549880][ T5781] ? io_schedule+0xd0/0xd0 [ 80.554328][ T5781] ? kobject_put+0x43c/0x470 [ 80.558938][ T5781] erofs_shrinker_unregister+0x5d/0x170 [ 80.564510][ T5781] erofs_put_super+0x4e/0x150 [ 80.569217][ T5781] ? erofs_free_inode+0xb0/0xb0 [ 80.574083][ T5781] generic_shutdown_super+0x134/0x2b0 [ 80.579473][ T5781] kill_block_super+0x44/0x90 [ 80.584257][ T5781] erofs_kill_sb+0x4c/0x140 [ 80.588778][ T5781] deactivate_locked_super+0x97/0x100 [ 80.594171][ T5781] cleanup_mnt+0x429/0x4c0 [ 80.598652][ T5781] task_work_run+0x1ce/0x250 [ 80.603277][ T5781] ? task_work_cancel+0x240/0x240 [ 80.608498][ T5781] ? exit_to_user_mode_loop+0x3b/0x110 [ 80.613997][ T5781] exit_to_user_mode_loop+0xe6/0x110 [ 80.619299][ T5781] exit_to_user_mode_prepare+0xf6/0x180 [ 80.625032][ T5781] syscall_exit_to_user_mode+0x1a/0x50 [ 80.630505][ T5781] do_syscall_64+0x61/0xb0 [ 80.634942][ T5781] ? clear_bhb_loop+0x40/0x90 [ 80.639721][ T5781] ? clear_bhb_loop+0x40/0x90 [ 80.644520][ T5781] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 80.650488][ T5781] RIP: 0033:0x7f60cb390a77 [ 80.655027][ T5781] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 80.674920][ T5781] RSP: 002b:00007fff38ca4a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 80.683526][ T5781] RAX: 0000000000000000 RBX: 00007f60cb413d7d RCX: 00007f60cb390a77 [ 80.691516][ T5781] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff38ca4b40 [ 80.699709][ T5781] RBP: 00007fff38ca4b40 R08: 0000000000000000 R09: 0000000000000000 [ 80.707703][ T5781] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff38ca5bd0 [ 80.715688][ T5781] R13: 00007f60cb413d7d R14: 0000000000013844 R15: 00007fff38ca5c10 [ 80.723947][ T5781] [ 80.729522][ T5781] Disabling lock debugging due to kernel taint [ 80.736242][ T5781] BUG: Bad page state in process syz-executor pfn:5aa90 [ 80.743419][ T5781] page:ffffea00016aa400 refcount:0 mapcount:0 mapping:ffff88805a4087c8 index:0x3 pfn:0x5aa90 [ 80.753715][ T5781] aops:z_erofs_cache_aops ino:0 [ 80.758683][ T5781] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 80.767513][ T5781] page_type: 0xffffffff() [ 80.772108][ T5781] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805a4087c8 [ 80.780728][ T5781] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 80.789400][ T5781] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 80.797501][ T5781] page_owner tracks the page as allocated [ 80.803383][ T5781] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5902, tgid 5883 (syz.1.2), ts 78467521803, free_ts 19169060920 [ 80.825239][ T5781] post_alloc_hook+0x1cd/0x210 [ 80.830235][ T5781] get_page_from_freelist+0x195c/0x19f0 [ 80.835893][ T5781] __alloc_pages+0x1e3/0x460 [ 80.840524][ T5781] z_erofs_do_read_page+0x20c0/0x3680 [ 80.846089][ T5781] z_erofs_pcluster_readmore+0x2cf/0x450 [ 80.851880][ T5781] z_erofs_read_folio+0x208/0x540 [ 80.856983][ T5781] filemap_read_folio+0x167/0x760 [ 80.862182][ T5781] do_read_cache_folio+0x470/0x7e0 [ 80.867333][ T5781] erofs_bread+0x16f/0x630 [ 80.871929][ T5781] erofs_namei+0x28c/0xf00 [ 80.876382][ T5781] erofs_lookup+0x135/0x310 [ 80.880920][ T5781] path_openat+0x10b8/0x3190 [ 80.885587][ T5781] do_filp_open+0x1c5/0x3d0 [ 80.890127][ T5781] do_sys_openat2+0x12c/0x1c0 [ 80.894989][ T5781] __x64_sys_openat+0x139/0x160 [ 80.900195][ T5781] do_syscall_64+0x55/0xb0 [ 80.904738][ T5781] page last free stack trace: [ 80.909410][ T5781] free_unref_page_prepare+0x7ce/0x8e0 [ 80.915113][ T5781] free_unref_page+0x32/0x2e0 [ 80.919884][ T5781] free_contig_range+0xa1/0x160 [ 80.925035][ T5781] destroy_args+0x80/0x850 [ 80.929548][ T5781] debug_vm_pgtable+0x3cc/0x410 [ 80.934604][ T5781] do_one_initcall+0x1fd/0x750 [ 80.939421][ T5781] do_initcall_level+0x137/0x1f0 [ 80.944482][ T5781] do_initcalls+0x69/0xd0 [ 80.948949][ T5781] kernel_init_freeable+0x3d2/0x570 [ 80.954305][ T5781] kernel_init+0x1d/0x1c0 [ 80.958639][ T5781] ret_from_fork+0x48/0x80 [ 80.963444][ T5781] ret_from_fork_asm+0x11/0x20 [ 80.968234][ T5781] Modules linked in: [ 80.972259][ T5781] CPU: 1 PID: 5781 Comm: syz-executor Tainted: G B syzkaller #0 [ 80.981490][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 80.991564][ T5781] Call Trace: [ 80.994859][ T5781] [ 80.997901][ T5781] dump_stack_lvl+0x16c/0x230 [ 81.002659][ T5781] ? show_regs_print_info+0x20/0x20 [ 81.007848][ T5781] ? swiotlb_print_info+0x70/0x70 [ 81.012861][ T5781] bad_page+0x14b/0x170 [ 81.017181][ T5781] free_unref_page_prepare+0x887/0x8e0 [ 81.022716][ T5781] free_unref_page+0x32/0x2e0 [ 81.027394][ T5781] ? __folio_put+0xef/0x210 [ 81.031935][ T5781] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 81.038382][ T5781] erofs_shrink_workstation+0x118/0x290 [ 81.044025][ T5781] ? erofs_shrinker_unregister+0x170/0x170 [ 81.049923][ T5781] ? io_schedule+0xd0/0xd0 [ 81.054362][ T5781] ? kobject_put+0x43c/0x470 [ 81.058957][ T5781] erofs_shrinker_unregister+0x5d/0x170 [ 81.064517][ T5781] erofs_put_super+0x4e/0x150 [ 81.069207][ T5781] ? erofs_free_inode+0xb0/0xb0 [ 81.074065][ T5781] generic_shutdown_super+0x134/0x2b0 [ 81.079448][ T5781] kill_block_super+0x44/0x90 [ 81.084139][ T5781] erofs_kill_sb+0x4c/0x140 [ 81.088658][ T5781] deactivate_locked_super+0x97/0x100 [ 81.094046][ T5781] cleanup_mnt+0x429/0x4c0 [ 81.098475][ T5781] task_work_run+0x1ce/0x250 [ 81.103085][ T5781] ? task_work_cancel+0x240/0x240 [ 81.108131][ T5781] ? exit_to_user_mode_loop+0x3b/0x110 [ 81.113690][ T5781] exit_to_user_mode_loop+0xe6/0x110 [ 81.119076][ T5781] exit_to_user_mode_prepare+0xf6/0x180 [ 81.124719][ T5781] syscall_exit_to_user_mode+0x1a/0x50 [ 81.130270][ T5781] do_syscall_64+0x61/0xb0 [ 81.134707][ T5781] ? clear_bhb_loop+0x40/0x90 [ 81.139483][ T5781] ? clear_bhb_loop+0x40/0x90 [ 81.144175][ T5781] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 81.150072][ T5781] RIP: 0033:0x7f60cb390a77 [ 81.154652][ T5781] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 81.174272][ T5781] RSP: 002b:00007fff38ca4a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 81.182699][ T5781] RAX: 0000000000000000 RBX: 00007f60cb413d7d RCX: 00007f60cb390a77 [ 81.190685][ T5781] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff38ca4b40 [ 81.198663][ T5781] RBP: 00007fff38ca4b40 R08: 0000000000000000 R09: 0000000000000000 [ 81.206731][ T5781] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff38ca5bd0 [ 81.215057][ T5781] R13: 00007f60cb413d7d R14: 0000000000013844 R15: 00007fff38ca5c10 [ 81.223157][ T5781] [ 81.228626][ T5781] BUG: Bad page state in process syz-executor pfn:5aa91 [ 81.236647][ T5781] page:ffffea00016aa440 refcount:0 mapcount:0 mapping:ffff88805a4087c8 index:0x4 pfn:0x5aa91 [ 81.247230][ T5781] aops:z_erofs_cache_aops ino:0 [ 81.252154][ T5781] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 81.260082][ T5781] page_type: 0xffffffff() [ 81.264545][ T5781] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805a4087c8 [ 81.273173][ T5781] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 81.281892][ T5781] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 81.289289][ T5781] page_owner tracks the page as allocated [ 81.295044][ T5781] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5902, tgid 5883 (syz.1.2), ts 78467684325, free_ts 19169067115 [ 81.317113][ T5781] post_alloc_hook+0x1cd/0x210 [ 81.322329][ T5781] get_page_from_freelist+0x195c/0x19f0 [ 81.327901][ T5781] __alloc_pages+0x1e3/0x460 [ 81.332530][ T5781] z_erofs_do_read_page+0x20c0/0x3680 [ 81.337916][ T5781] z_erofs_pcluster_readmore+0x2cf/0x450 [ 81.343611][ T5781] z_erofs_read_folio+0x208/0x540 [ 81.348660][ T5781] filemap_read_folio+0x167/0x760 [ 81.353711][ T5781] do_read_cache_folio+0x470/0x7e0 [ 81.358821][ T5781] erofs_bread+0x16f/0x630 [ 81.363293][ T5781] erofs_namei+0x28c/0xf00 [ 81.367745][ T5781] erofs_lookup+0x135/0x310 [ 81.372312][ T5781] path_openat+0x10b8/0x3190 [ 81.376938][ T5781] do_filp_open+0x1c5/0x3d0 [ 81.381783][ T5781] do_sys_openat2+0x12c/0x1c0 [ 81.386599][ T5781] __x64_sys_openat+0x139/0x160 [ 81.391555][ T5781] do_syscall_64+0x55/0xb0 [ 81.395973][ T5781] page last free stack trace: [ 81.400632][ T5781] free_unref_page_prepare+0x7ce/0x8e0 [ 81.406466][ T5781] free_unref_page+0x32/0x2e0 [ 81.412874][ T5781] free_contig_range+0xa1/0x160 [ 81.417938][ T5781] destroy_args+0x80/0x850 [ 81.422648][ T5781] debug_vm_pgtable+0x3cc/0x410 [ 81.427508][ T5781] do_one_initcall+0x1fd/0x750 [ 81.432291][ T5781] do_initcall_level+0x137/0x1f0 [ 81.437229][ T5781] do_initcalls+0x69/0xd0 [ 81.441636][ T5781] kernel_init_freeable+0x3d2/0x570 [ 81.446856][ T5781] kernel_init+0x1d/0x1c0 [ 81.451172][ T5781] ret_from_fork+0x48/0x80 [ 81.455794][ T5781] ret_from_fork_asm+0x11/0x20 [ 81.460762][ T5781] Modules linked in: [ 81.464704][ T5781] CPU: 1 PID: 5781 Comm: syz-executor Tainted: G B syzkaller #0 [ 81.473896][ T5781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 81.483945][ T5781] Call Trace: [ 81.487321][ T5781] [ 81.490329][ T5781] dump_stack_lvl+0x16c/0x230 [ 81.495015][ T5781] ? show_regs_print_info+0x20/0x20 [ 81.500266][ T5781] ? swiotlb_print_info+0x70/0x70 [ 81.505282][ T5781] bad_page+0x14b/0x170 [ 81.509435][ T5781] free_unref_page_prepare+0x887/0x8e0 [ 81.514994][ T5781] free_unref_page+0x32/0x2e0 [ 81.519749][ T5781] ? __folio_put+0xef/0x210 [ 81.524246][ T5781] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 81.530676][ T5781] erofs_shrink_workstation+0x118/0x290 [ 81.536232][ T5781] ? erofs_shrinker_unregister+0x170/0x170 [ 81.542066][ T5781] ? io_schedule+0xd0/0xd0 [ 81.546503][ T5781] ? kobject_put+0x43c/0x470 [ 81.551105][ T5781] erofs_shrinker_unregister+0x5d/0x170 [ 81.556747][ T5781] erofs_put_super+0x4e/0x150 [ 81.561435][ T5781] ? erofs_free_inode+0xb0/0xb0 [ 81.566304][ T5781] generic_shutdown_super+0x134/0x2b0 [ 81.571776][ T5781] kill_block_super+0x44/0x90 [ 81.576462][ T5781] erofs_kill_sb+0x4c/0x140 [ 81.581166][ T5781] deactivate_locked_super+0x97/0x100 [ 81.586625][ T5781] cleanup_mnt+0x429/0x4c0 [ 81.591059][ T5781] task_work_run+0x1ce/0x250 [ 81.595763][ T5781] ? task_work_cancel+0x240/0x240 [ 81.600975][ T5781] ? exit_to_user_mode_loop+0x3b/0x110 [ 81.606453][ T5781] exit_to_user_mode_loop+0xe6/0x110 [ 81.611944][ T5781] exit_to_user_mode_prepare+0xf6/0x180 [ 81.617600][ T5781] syscall_exit_to_user_mode+0x1a/0x50 [ 81.623072][ T5781] do_syscall_64+0x61/0xb0 [ 81.627517][ T5781] ? clear_bhb_loop+0x40/0x90 [ 81.632211][ T5781] ? clear_bhb_loop+0x40/0x90 [ 81.636895][ T5781] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 81.642971][ T5781] RIP: 0033:0x7f60cb390a77 [ 81.647406][ T5781] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 81.667193][ T5781] RSP: 002b:00007fff38ca4a88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 81.675626][ T5781] RAX: 0000000000000000 RBX: 00007f60cb413d7d RCX: 00007f60cb390a77 [ 81.683605][ T5781] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff38ca4b40 [ 81.691611][ T5781] RBP: 00007fff38ca4b40 R08: 0000000000000000 R09: 0000000000000000 [ 81.699588][ T5781] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff38ca5bd0 [ 81.707567][ T5781] R13: 00007f60cb413d7d R14: 0000000000013844 R15: 00007fff38ca5c10 [ 81.715550][ T5781] [ 82.023792][ T42] cfg80211: failed to load regulatory.db