last executing test programs: 3.032364671s ago: executing program 1 (id=2): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000327bd7000fedbdf251300000008000100706369303a30303a31302e3000000000080003000000000008000b00d009000006001100070000000800010070636900110002"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48050) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() r2 = fsopen(&(0x7f0000000000)='debugfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000180)='rootcontext', &(0x7f0000000040)='E\xe1\x85\x00', 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$iso9660(&(0x7f0000000dc0), &(0x7f0000002380)='./file1\x00', 0x3a0cc0a, &(0x7f00000023c0)=ANY=[@ANYBLOB='hide,dmode=0x0000000000000005,map=normal,map=normal,session=0x000000000000000e,overriderockperm,showassoc,nocompress,utf8,map=normal,session=0x0000000000000006,map=acorn,mode=0x0000000000000086,uid=', @ANYRESDEC=0x0, @ANYBLOB='\x00\x00', @ANYRESDEC, @ANYRESDEC, @ANYRES8, @ANYRESDEC], 0x43, 0xa02, &(0x7f0000003640)="$eJzs3U9sXdWdB/DvfbYTj4lCgAyTQUBewgQMZBzbGcJEbCaxnxMz/jOyHYloNCIMSaooVqmgSIAqNZWqroraRdUF3SF10xUSG9hU2bXbbrqoVLHuDnUVddFX3fueYzv283MSxzbh87Ge3/3zu+f8zrv33SNfv3dP+CZrNpvV4x7nL/xmO5Nl9zk7/tWnn31cPn50I3vSk1eKL5L+JPWkN8mhJGPjc7PTXQq6nlxKcjMpkuxN63lTLqX4WfYtz99M8auq3tKFe2wYm9LkW22njz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANiNirHx4eGRIlOTMxfeqHdWDQHeaWVtubwvq1G/iy+71psU5SP9/UtDfR86uLz6yfLX0Tzdmnu6GpA8/fnokScPvPZEb21p+w0Svht/bw+GfNcbvvfhR9ffWly88m6H9T3t5tx3hrvUucbM5Pzs5PSZc4365Pxs/fSpU8Mnzk/M1ycmpxrzF+cXGtP1sbnGmYXZufrg2Iv1kdOnT9YbQxdnL8ycGx+aaiwtfPXfR4eHT9VfH/qfxpm5+dmZE68PzY+dn5yampw5V8WUq8uYV8sD8b8nF+oLjTPT9frVa4tXTq7KaJ2Xugwa6daSMmi0W9Do8OjoyMjo6MipV06/8urwcO/ygp5UC4bvkDWb3D5os+/hPS6+hT6pbSKoPDnWt/DsDfen1u7/M5XJzORC3kh93Z+xjGcus5nusL5tqf8/dqKxYb0r+/+lXv7Q8uqnUvX/z7bmnu3U/3fIZft+3suH+SjX81YWs5greXfV2r33UGKzuX6rfv2H1mux0y1e/XMujcxkMvOZzWSmc6ZaUm8vqed0TuVUhvNmzmci86lnIpOZSiPzuZj5LKRRHVFjmUsjZ7LQ22rjYMbyYuoZyemczsnU08hQLmY2FzKTcxnPmaqUq7lWve4nN8jxdtDIZoJGNwjaoP9vL7iL/p9vqa0+hcM9a7b7/z13LK+tDR0c266kAAAAgC31r7/P/oOP/+7PSV+eqa6xAwAAAA+b6uN6T5dPfeXUMykmJqcaw2sD39/+3AAAAICtUVTfsSuSDORwa2rpm1DrXAQAAAAAvomq//8/Wz4NlFOHU/j7HwAAAB423e+x3zWiOJ56bpSr6pdbkZfbEe37/A5MTE41hsZmp14byfPVXQaqbxqsKa0nB5Lq6wcv5Ugr6shA63lgdYn9ZdTI0Gsj6c/RdkMGnyufnhtcJ3K0jHwpL7QiX1iK7M+ayJNlJAA87I5u0B9vtv9/KcdbEcefqm7f3vvUOn3wcKtn/eEOtRMAWNZ9jJ2uEcV/LA3/0+Hv/55cPdz6SMFQ3s47WczlHK++bVB94qBdam4WWS51YMXHEI53uRowsGKEl+NL1wMO71v3esDAioFejq+5ItAp9uS6r12x5XsDALbH0TX98Ab9f7PZmlpz/X/jv/8HfKQQAHaV2yPYP8CJO+vs25mmAgBtnXvpDfQ8wIQAAAAAAAAAAAAAAAAAAAAAAAAAAADgIfAg7/9fS/JgRxa4j4kbSXZBGts88Zf2bl+zqr38xo5nuGJib+6/nP5tGeHiw//bs4sP9Xub2MGTEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANumSHrWW15L9ia9w0lObH9WD86NnU5ghxW3cisfZP9O5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8LBp3/+/ltbzI61F6a0lx5JcSvK/O53jVrq10wnssBX3/y/3eZpFelu7PUXf2Pjc7HS5+7O3XP/Vp599XD7upZ6ygLKGVYNLtGvovNVj1VYD41feu/79d75XHz9bJXl2YWJqfPrc3H8tBz5ZfJ7U03osWcr3B0X7KF7d8s/Llnavt6xloqp3fG29/7Le1rfrPfbbn3du27LlNK4tXhkta1povLHw/nevfbAi6PEcSZ4bTAZX1/Sd8tGhpiPp26je4uviJ8X+/DKXqv1fplE0i3IXPZrsSe2frl5bvDL09juLlzvkdCCHk1xO+jef0+G1e2JJddTV+spah6ug8tfBLuVt6JGe/c1mq8SRDm14rDpkBu6qDfXObah0ed3bbTzZIaMn8vxd7+nnu9TY9rdmS2uu+Lr4U3E+f8yPV4z/USv3/7Fs5t1ZxlSRK46Uzm0+ttzy0ZUr3rwzsuO7kgfgp/n//Oft/V9bcf5v76vtOR+tqPGBvS+KVi/UVk0fvKNHap99OmXZzvNgK6pDnv+cl9du1yXPl7ucUbbo/b9a8XXxSTGYv+aG8X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdr0h61lteS44lOZDk0XK+njS3or7aQLEVxWzSnjVLbmxj7btH7fZUcSu38kH272g6AAAAAAAAAGyZs+NfffrZx+Wj+n98T/6t+CLpb/2nvzfJgeIXfWPjc7PTXQrqSy4luVlO999dDuV22bc8f7OcO3T3bQEANucfAQAA//+INm5i") 2.82288737s ago: executing program 1 (id=5): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x800) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r3 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) fchdir(r4) open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x43) r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x200) r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) sendfile(r6, r5, 0x0, 0x7ffff000) creat(&(0x7f0000000000)='./bus\x00', 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c"], 0x1c}, 0x1, 0x0, 0x0, 0x4048010}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x27, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) 1.973725366s ago: executing program 3 (id=4): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1c916, &(0x7f0000000040)={[{@nobarrier}, {@noblock_validity}, {@nombcache}, {@acl}, {@barrier_val={'barrier', 0x3d, 0xc}}, {@noacl}, {@nodiscard}, {@nodelalloc}, {@resgid, 0x32}]}, 0x9b, 0x4d8, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMRtsGuetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir5Sx5H8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LPORMTFiHhcqVTOR8RgY3vaWO4fi4j1+nGPHt6Zqi5JVCrXP00iaWyrHj+y4X82nlLzp99H/C15Nm5pdW1+slDILzfWc+WFpVxpde3C3MLkbH42vzg+PnZ54srEpYnRjtRzICKu/vbD//zr5d9dff1nt9678fHI36tp/bKxv1mPTqtXPROHN2zrj4jlvQjWBX2N+mS6nQgAADvSPM//cUScj8Hoq53NAQAAAAdJ5VcD8VUSUQEAAAAOrLQ2NzZJs415AAORptlsfQ7v9+NoWiiWyj+dKa4sTtfn0A5FJp2ZK+RHG3OFhyKTVNfHauVv1y9uWh+PiBMRcW/wSG09O1UsTHd78AMAAAB6xLFN/f8vBuv9fwAAAOCAGep2AgAAAMCe0/8HAACAg69F//8v3cgDAAAA2BN/uHatulSa97+evrm6Ml+8eWE6X5rPLqxMZaeKy0vZ2WJxtvabfQvb/b9Csbj081hcuZ0r50vlXGl17cZCcWWxfGPuqVtgAwAAAPvoxI/uv5tExPovjtSWqkPdTgrYF/27OfiDvcsD2H993U4A6Jpdff8DB0qm2wkAXZdss7/t5J03O58LAACwN4Z/0Pr6f7Lt2MB6uk8pAnvE+B/0Ltf/oXe5/g+9KxN9oSMPvW3vr/9XKrtKCAAA6LiB2pKk2YjaOMBApGk2G3G8dluATDIzV8iPRsR3I+Kdwcx3qutjtWcm2/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCgRaQfJY37fw0PnhvYPD5wKPlysPYYEbf+f/2/tyfL5eWx6vbPnmwv/6+x/WI3RjAAAACAzZr99GY/HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66dHDO1PNZT/jfvKbiBhqFb8/DtceD0cmIo5+nkT/huclEdHXgfjrdyPiZKv4STWtGGpk0Sr+kS7GTyPiWAfiQy+7X21/ft3q85fGmdpj68/f5VoL9fzat3/pk/avr037c3yHMU49eDXXNv7diFP9rdufZvykTfyzO4z/1z+vrbXbV3kpYrjl90/yVKxceWEpV1pduzC3MDmbn80vjo+PXZ64MnFpYjQ3M1fIN/62iHAo/v3D1x5vVf+jca9t+7tV/c/tsP5fP7j98Hv1YqZV/JGzrd//k23ip43vvp80ytX9w83yer280elX3jod8fYb7eo/3eb13+79H9lh/c//8Z/v7/BQAGAflFbX5icLhfxyTxee69Wonha9ELVQ2G3hHy9GGi9kobvtEgAA0HnP9oGf1olr7AAAAAAAAAAAAAAAAAAAAMDW9vPX9ZrWu1NVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtfRMAAP//lOzXow==") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x36, 0x36}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) 1.395444891s ago: executing program 1 (id=6): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) ioprio_set$uid(0x3, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4085}, 0x4000800) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x20) pwrite64(r5, 0x0, 0x0, 0x8080c61) sendmsg$nl_generic(r3, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r6, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4000000) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r8 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r8, 0x0, 0x30, &(0x7f0000000540)={0x0, {{0x2, 0x4e22, @broadcast}}, 0x1}, 0x90) fadvise64(r7, 0xe0ffff, 0x19, 0x3) 1.339889343s ago: executing program 3 (id=7): openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) sched_setaffinity(r1, 0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) accept4$bt_l2cap(r2, &(0x7f0000000200), 0x0, 0x800) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x67, 0x0, @rand_addr, @multicast1}, @time_exceeded={0x21, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x24, 0x64, 0x0, 0x0, 0x0, 0x0, @multicast2, @rand_addr=0xe0000000}, "e9c9cee4837ae0b9"}}}}}, 0x0) 209.921931ms ago: executing program 3 (id=8): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000009e00000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18) r1 = syz_io_uring_setup(0x2709, &(0x7f0000000000)={0x0, 0x7c87, 0x1000, 0x3, 0x94}, &(0x7f00000000c0), &(0x7f00000001c0)) io_uring_register$IORING_UNREGISTER_EVENTFD(r1, 0x5, 0x0, 0x0) 0s ago: executing program 1 (id=9): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1c916, &(0x7f0000000040)={[{@nobarrier}, {@noblock_validity}, {@nombcache}, {@acl}, {@barrier_val={'barrier', 0x3d, 0xc}}, {@noacl}, {@nodiscard}, {@nodelalloc}, {@resgid, 0x32}]}, 0x9b, 0x4d8, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMRtsGuetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir5Sx5H8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LPORMTFiHhcqVTOR8RgY3vaWO4fi4j1+nGPHt6Zqi5JVCrXP00iaWyrHj+y4X82nlLzp99H/C15Nm5pdW1+slDILzfWc+WFpVxpde3C3MLkbH42vzg+PnZ54srEpYnRjtRzICKu/vbD//zr5d9dff1nt9678fHI36tp/bKxv1mPTqtXPROHN2zrj4jlvQjWBX2N+mS6nQgAADvSPM//cUScj8Hoq53NAQAAAAdJ5VcD8VUSUQEAAAAOrLQ2NzZJs415AAORptlsfQ7v9+NoWiiWyj+dKa4sTtfn0A5FJp2ZK+RHG3OFhyKTVNfHauVv1y9uWh+PiBMRcW/wSG09O1UsTHd78AMAAAB6xLFN/f8vBuv9fwAAAOCAGep2AgAAAMCe0/8HAACAg69F//8v3cgDAAAA2BN/uHatulSa97+evrm6Ml+8eWE6X5rPLqxMZaeKy0vZ2WJxtvabfQvb/b9Csbj081hcuZ0r50vlXGl17cZCcWWxfGPuqVtgAwAAAPvoxI/uv5tExPovjtSWqkPdTgrYF/27OfiDvcsD2H993U4A6Jpdff8DB0qm2wkAXZdss7/t5J03O58LAACwN4Z/0Pr6f7Lt2MB6uk8pAnvE+B/0Ltf/oXe5/g+9KxN9oSMPvW3vr/9XKrtKCAAA6LiB2pKk2YjaOMBApGk2G3G8dluATDIzV8iPRsR3I+Kdwcx3qutjtWcm2/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCgRaQfJY37fw0PnhvYPD5wKPlysPYYEbf+f/2/tyfL5eWx6vbPnmwv/6+x/WI3RjAAAACAzZr99GY/HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66dHDO1PNZT/jfvKbiBhqFb8/DtceD0cmIo5+nkT/huclEdHXgfjrdyPiZKv4STWtGGpk0Sr+kS7GTyPiWAfiQy+7X21/ft3q85fGmdpj68/f5VoL9fzat3/pk/avr037c3yHMU49eDXXNv7diFP9rdufZvykTfyzO4z/1z+vrbXbV3kpYrjl90/yVKxceWEpV1pduzC3MDmbn80vjo+PXZ64MnFpYjQ3M1fIN/62iHAo/v3D1x5vVf+jca9t+7tV/c/tsP5fP7j98Hv1YqZV/JGzrd//k23ip43vvp80ytX9w83yer280elX3jod8fYb7eo/3eb13+79H9lh/c//8Z/v7/BQAGAflFbX5icLhfxyTxee69Wonha9ELVQ2G3hHy9GGi9kobvtEgAA0HnP9oGf1olr7AAAAAAAAAAAAAAAAAAAAMDW9vPX9ZrWu1NVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtfRMAAP//lOzXow==") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x36, 0x36}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_tracing={0x1a, 0x19, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a500000018330000010000000000000000000000052f0900f100000018480000ffffffff0000000000000000185400000800000000000000000000008510000003000000"], &(0x7f0000000040)='syzkaller\x00', 0x10001, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x0, 0x2}, 0x8, 0x10, &(0x7f00000004c0)={0x3, 0xd, 0x0, 0x800}, 0x10, 0x2a8fa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xcf72}, 0x94) r3 = userfaultfd(0x801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.11' (ED25519) to the list of known hosts. [ 80.604035][ T5780] cgroup: Unknown subsys name 'net' [ 80.768933][ T5780] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.628814][ T5780] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 84.381506][ T5803] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 84.382582][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 84.407900][ T5800] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 84.408105][ T5799] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 84.416698][ T5800] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 84.423417][ T5799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 84.431400][ T5800] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 84.438607][ T5799] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 84.444112][ T5800] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 84.457566][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 84.459414][ T5806] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 84.467691][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 84.474958][ T5806] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 84.480151][ T5799] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 84.489245][ T5806] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 84.493480][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 84.500619][ T5806] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 84.515183][ T5108] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 84.515459][ T5806] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 84.534301][ T5809] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 84.555016][ T5797] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 84.563493][ T5797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 84.578212][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 84.586663][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.014341][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 85.080558][ T5805] chnl_net:caif_netlink_parms(): no params data found [ 85.222090][ T5793] chnl_net:caif_netlink_parms(): no params data found [ 85.259879][ T5792] chnl_net:caif_netlink_parms(): no params data found [ 85.308531][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.315827][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.323621][ T5795] bridge_slave_0: entered allmulticast mode [ 85.331497][ T5795] bridge_slave_0: entered promiscuous mode [ 85.380353][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.387487][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.394824][ T5795] bridge_slave_1: entered allmulticast mode [ 85.402110][ T5795] bridge_slave_1: entered promiscuous mode [ 85.465349][ T5805] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.472784][ T5805] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.480903][ T5805] bridge_slave_0: entered allmulticast mode [ 85.487893][ T5805] bridge_slave_0: entered promiscuous mode [ 85.517284][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.554958][ T5805] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.562251][ T5805] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.569416][ T5805] bridge_slave_1: entered allmulticast mode [ 85.577228][ T5805] bridge_slave_1: entered promiscuous mode [ 85.598208][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.608273][ T5793] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.615993][ T5793] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.623487][ T5793] bridge_slave_0: entered allmulticast mode [ 85.631026][ T5793] bridge_slave_0: entered promiscuous mode [ 85.686487][ T5793] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.694495][ T5793] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.702140][ T5793] bridge_slave_1: entered allmulticast mode [ 85.709107][ T5793] bridge_slave_1: entered promiscuous mode [ 85.731026][ T5805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.743599][ T5805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.753123][ T5792] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.760316][ T5792] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.767847][ T5792] bridge_slave_0: entered allmulticast mode [ 85.776077][ T5792] bridge_slave_0: entered promiscuous mode [ 85.821610][ T5792] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.828848][ T5792] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.836252][ T5792] bridge_slave_1: entered allmulticast mode [ 85.844011][ T5792] bridge_slave_1: entered promiscuous mode [ 85.866132][ T5795] team0: Port device team_slave_0 added [ 85.875455][ T5795] team0: Port device team_slave_1 added [ 85.887095][ T5793] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 85.937807][ T5793] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 85.962488][ T5805] team0: Port device team_slave_0 added [ 85.984946][ T5792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.014822][ T5805] team0: Port device team_slave_1 added [ 86.037684][ T5793] team0: Port device team_slave_0 added [ 86.046393][ T5792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.069085][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.076646][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.104059][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.117819][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.125084][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.151386][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.176128][ T5793] team0: Port device team_slave_1 added [ 86.216530][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.223877][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.249951][ T5805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.263951][ T5805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.272464][ T5805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.298827][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.324408][ T5792] team0: Port device team_slave_0 added [ 86.333734][ T5792] team0: Port device team_slave_1 added [ 86.359188][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.366388][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.392541][ T5793] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.406205][ T5793] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.413270][ T5793] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.440262][ T5793] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.478028][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 86.485049][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.511197][ T5792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 86.557096][ T5792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 86.564368][ T5792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.590471][ T5803] Bluetooth: hci0: command tx timeout [ 86.590791][ T5803] Bluetooth: hci2: command tx timeout [ 86.596700][ T5792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.630526][ T5795] hsr_slave_0: entered promiscuous mode [ 86.636970][ T5795] hsr_slave_1: entered promiscuous mode [ 86.650123][ T5803] Bluetooth: hci3: command tx timeout [ 86.655843][ T5803] Bluetooth: hci1: command tx timeout [ 86.675557][ T5805] hsr_slave_0: entered promiscuous mode [ 86.681962][ T5805] hsr_slave_1: entered promiscuous mode [ 86.688254][ T5805] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.696359][ T5805] Cannot create hsr debugfs directory [ 86.804223][ T5793] hsr_slave_0: entered promiscuous mode [ 86.812178][ T5793] hsr_slave_1: entered promiscuous mode [ 86.818510][ T5793] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.826229][ T5793] Cannot create hsr debugfs directory [ 86.868168][ T5792] hsr_slave_0: entered promiscuous mode [ 86.874993][ T5792] hsr_slave_1: entered promiscuous mode [ 86.881827][ T5792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 86.889528][ T5792] Cannot create hsr debugfs directory [ 87.268347][ T5795] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 87.284214][ T5795] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 87.297170][ T5795] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 87.309522][ T5795] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 87.373000][ T5805] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 87.388195][ T5805] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 87.407870][ T5805] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 87.434920][ T5805] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 87.501994][ T5793] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.534529][ T5793] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 87.544731][ T5793] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 87.576064][ T5793] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 87.639043][ T5792] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 87.649187][ T5792] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 87.667619][ T5792] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 87.679230][ T5792] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 87.763858][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.849345][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 87.867380][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.897632][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.904912][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.919597][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 87.945118][ T2978] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.952332][ T2978] bridge0: port 1(bridge_slave_0) entered forwarding state [ 87.969208][ T2978] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.976407][ T2978] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.003398][ T5792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.022548][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.029724][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.107481][ T5792] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.119426][ T5793] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.147253][ T69] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.154445][ T69] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.177805][ T5805] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 88.223958][ T69] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.231170][ T69] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.274284][ T5793] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.302153][ T2992] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.309353][ T2992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 88.409092][ T2992] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.416484][ T2992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 88.585806][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.650461][ T5803] Bluetooth: hci2: command tx timeout [ 88.655928][ T5803] Bluetooth: hci0: command tx timeout [ 88.669383][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 88.730476][ T51] Bluetooth: hci3: command tx timeout [ 88.736000][ T5803] Bluetooth: hci1: command tx timeout [ 88.806900][ T5805] veth0_vlan: entered promiscuous mode [ 88.859801][ T5805] veth1_vlan: entered promiscuous mode [ 88.876322][ T5795] veth0_vlan: entered promiscuous mode [ 88.922049][ T5795] veth1_vlan: entered promiscuous mode [ 88.968968][ T5805] veth0_macvtap: entered promiscuous mode [ 88.998670][ T5805] veth1_macvtap: entered promiscuous mode [ 89.049806][ T5795] veth0_macvtap: entered promiscuous mode [ 89.064838][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.088308][ T5792] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.099539][ T5795] veth1_macvtap: entered promiscuous mode [ 89.112188][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.129728][ T5793] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.149100][ T5805] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.158712][ T5805] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.167586][ T5805] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.177848][ T5805] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.231883][ T5795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.244937][ T5795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.257135][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 89.296621][ T5795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 89.313316][ T5795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.325874][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.358629][ T5795] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.368006][ T5795] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.379775][ T5795] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.389820][ T5795] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.429726][ T2978] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.437929][ T2978] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.454701][ T5793] veth0_vlan: entered promiscuous mode [ 89.525113][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.525873][ T5792] veth0_vlan: entered promiscuous mode [ 89.548454][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.552817][ T5792] veth1_vlan: entered promiscuous mode [ 89.564589][ T5793] veth1_vlan: entered promiscuous mode [ 89.703985][ T5792] veth0_macvtap: entered promiscuous mode [ 89.754463][ T5793] veth0_macvtap: entered promiscuous mode [ 89.761872][ T2882] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.769727][ T2882] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.786488][ T5884] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 89.795606][ T5792] veth1_macvtap: entered promiscuous mode [ 89.813153][ T5884] syz.1.2[5884]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 89.844770][ T5884] loop1: detected capacity change from 0 to 1764 [ 89.854387][ T5793] veth1_macvtap: entered promiscuous mode [ 89.913483][ T2992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 89.927077][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.950047][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.950390][ T2992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.960114][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 89.985847][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 89.999337][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.018868][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.030245][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.042445][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.053242][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.063199][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.074973][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.092544][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.147921][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.162509][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.178654][ T5793] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.192281][ T5793] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.206787][ T5793] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.241744][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.278855][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.289672][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.300695][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.310724][ T5792] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.321620][ T5792] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.335247][ T5792] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.352373][ T5793] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.363632][ T5793] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.372521][ T5793] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.381398][ T5793] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.606851][ T5792] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.652808][ T5792] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.710787][ T5792] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.736912][ T51] Bluetooth: hci2: command tx timeout [ 90.742631][ T5803] Bluetooth: hci0: command tx timeout [ 90.756055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 90.765997][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.810336][ T5803] Bluetooth: hci1: command tx timeout [ 90.815989][ T5803] Bluetooth: hci3: command tx timeout [ 90.960736][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.960773][ T5792] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.076452][ T5890] loop3: detected capacity change from 0 to 512 [ 91.142240][ T5890] ext4: Unknown parameter 'noacl' [ 91.246158][ T5794] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 91.384000][ T2959] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.412664][ T2959] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.448371][ T5895] loop1: detected capacity change from 0 to 16 [ 91.479149][ T5895] erofs: (device loop1): mounted with root inode @ nid 36. [ 91.520901][ T69] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.528775][ T69] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.551614][ T5803] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 91.636220][ T5803] CPU: 0 PID: 5803 Comm: kworker/u5:5 Not tainted syzkaller #0 [ 91.643856][ T5803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 91.654039][ T5803] Workqueue: hci2 hci_rx_work [ 91.658805][ T5803] Call Trace: [ 91.662125][ T5803] [ 91.665096][ T5803] dump_stack_lvl+0x16c/0x230 [ 91.669825][ T5803] ? show_regs_print_info+0x20/0x20 [ 91.675072][ T5803] ? load_image+0x3b0/0x3b0 [ 91.679628][ T5803] sysfs_create_dir_ns+0x256/0x280 [ 91.684792][ T5803] ? hci_rx_work+0x43a/0xd80 [ 91.689427][ T5803] ? sysfs_warn_dup+0xa0/0xa0 [ 91.694170][ T5803] ? do_raw_spin_unlock+0x121/0x230 [ 91.699423][ T5803] kobject_add_internal+0x6b8/0xc70 [ 91.704761][ T5803] kobject_add+0x156/0x220 [ 91.709216][ T5803] ? __rwlock_init+0x150/0x150 [ 91.714029][ T5803] ? kobject_init+0x1e0/0x1e0 [ 91.718779][ T5803] ? _raw_spin_unlock+0x28/0x40 [ 91.723674][ T5803] ? get_device_parent+0x366/0x390 [ 91.728840][ T5803] device_add+0x408/0xc20 [ 91.733223][ T5803] hci_conn_add_sysfs+0xd5/0x1e0 [ 91.738213][ T5803] le_conn_complete_evt+0xf36/0x1500 [ 91.743555][ T5803] ? hci_event_packet+0x4a7/0x1210 [ 91.748714][ T5803] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 91.754999][ T5803] ? __copy_skb_header+0xa7/0x550 [ 91.760077][ T5803] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 91.765769][ T5803] ? skb_pull_data+0xfb/0x200 [ 91.770579][ T5803] hci_le_conn_complete_evt+0x187/0x440 [ 91.776181][ T5803] ? hci_remote_host_features_evt+0x160/0x160 [ 91.782301][ T5803] hci_event_packet+0x795/0x1210 [ 91.787294][ T5803] ? bis_list+0x290/0x290 [ 91.791671][ T5803] ? lockdep_hardirqs_on+0x98/0x150 [ 91.796892][ T5803] ? hci_send_to_monitor+0xd7/0x4f0 [ 91.802119][ T5803] hci_rx_work+0x43a/0xd80 [ 91.806596][ T5803] ? process_scheduled_works+0x957/0x15b0 [ 91.812335][ T5803] process_scheduled_works+0xa45/0x15b0 [ 91.817920][ T5803] ? assign_work+0x400/0x400 [ 91.822552][ T5803] ? assign_work+0x39e/0x400 [ 91.827168][ T5803] worker_thread+0xa55/0xfc0 [ 91.831801][ T5803] kthread+0x2fa/0x390 [ 91.835884][ T5803] ? pr_cont_work+0x560/0x560 [ 91.840584][ T5803] ? kthread_blkcg+0xd0/0xd0 [ 91.845194][ T5803] ret_from_fork+0x48/0x80 [ 91.849722][ T5803] ? kthread_blkcg+0xd0/0xd0 [ 91.854338][ T5803] ret_from_fork_asm+0x11/0x20 [ 91.859141][ T5803] [ 91.882943][ T5803] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 91.897530][ T5803] Bluetooth: hci2: failed to register connection device [ 91.904919][ T69] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.058318][ T5899] syz.1.6: attempt to access beyond end of device [ 92.058318][ T5899] loop1: rw=0, sector=8, nr_sectors = 32 limit=16 [ 92.288708][ T5901] syz.1.6: attempt to access beyond end of device [ 92.288708][ T5901] loop1: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 92.303182][ T5901] syz.1.6: attempt to access beyond end of device [ 92.303182][ T5901] loop1: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 92.355795][ T69] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.584136][ T788] cfg80211: failed to load regulatory.db [ 92.667048][ T2978] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.713917][ T2978] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.737747][ T5805] BUG: Bad page state in process syz-executor pfn:77736 [ 92.745180][ T5805] page:ffffea0001ddcd80 refcount:0 mapcount:0 mapping:ffff88805b5607c8 index:0x2 pfn:0x77736 [ 92.755938][ T5805] aops:z_erofs_cache_aops ino:0 [ 92.761650][ T5805] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 92.769874][ T5805] page_type: 0xffffffff() [ 92.774726][ T5805] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805b5607c8 [ 92.783754][ T5805] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 92.792820][ T5805] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 92.800564][ T5805] page_owner tracks the page as allocated [ 92.806505][ T5805] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5899, tgid 5894 (syz.1.6), ts 92056320542, free_ts 92026382668 [ 92.829181][ T5805] post_alloc_hook+0x1cd/0x210 [ 92.835231][ T5805] get_page_from_freelist+0x195c/0x19f0 [ 92.841218][ T5805] __alloc_pages+0x1e3/0x460 [ 92.845865][ T5805] z_erofs_do_read_page+0x20c0/0x3680 [ 92.851348][ T5805] z_erofs_pcluster_readmore+0x2cf/0x450 [ 92.857056][ T5805] z_erofs_read_folio+0x208/0x540 [ 92.862299][ T5805] filemap_read_folio+0x167/0x760 [ 92.867370][ T5805] do_read_cache_folio+0x470/0x7e0 [ 92.872637][ T5805] erofs_bread+0x16f/0x630 [ 92.877112][ T5805] erofs_namei+0x28c/0xf00 [ 92.881647][ T5805] erofs_lookup+0x135/0x310 [ 92.886202][ T5805] path_openat+0x10b8/0x3190 [ 92.891112][ T5805] do_filp_open+0x1c5/0x3d0 [ 92.895672][ T5805] do_sys_openat2+0x12c/0x1c0 [ 92.900457][ T5805] __x64_sys_openat+0x139/0x160 [ 92.902139][ T51] Bluetooth: hci0: command tx timeout [ 92.906008][ T5805] do_syscall_64+0x55/0xb0 [ 92.906060][ T5805] page last free stack trace: [ 92.906070][ T5805] free_unref_page_prepare+0x7ce/0x8e0 [ 92.906102][ T5805] free_unref_page+0x32/0x2e0 [ 92.906131][ T5805] __unfreeze_partials+0x1cf/0x210 [ 92.906162][ T5805] put_cpu_partial+0x17c/0x250 [ 92.906191][ T5805] __slab_free+0x31d/0x410 [ 92.906219][ T5805] qlist_free_all+0x75/0xe0 [ 92.906245][ T5805] kasan_quarantine_reduce+0x143/0x160 [ 92.906273][ T5805] __kasan_slab_alloc+0x22/0x80 [ 92.906294][ T5805] slab_post_alloc_hook+0x6e/0x4d0 [ 92.906322][ T5805] kmem_cache_alloc+0x11e/0x2e0 [ 92.906350][ T5805] vm_area_dup+0x27/0x270 [ 92.906368][ T5805] __split_vma+0x19f/0xc00 [ 92.913400][ T51] Bluetooth: hci2: command tx timeout [ 92.916361][ T5805] mprotect_fixup+0xa0f/0xc90 [ 92.921116][ T51] Bluetooth: hci3: command tx timeout [ 92.921174][ T51] Bluetooth: hci1: command tx timeout [ 93.001067][ T5805] do_mprotect_pkey+0x76e/0xc30 [ 93.006629][ T5805] __x64_sys_mprotect+0x80/0x90 [ 93.011718][ T5805] do_syscall_64+0x55/0xb0 [ 93.016193][ T5805] Modules linked in: [ 93.020240][ T5805] CPU: 1 PID: 5805 Comm: syz-executor Not tainted syzkaller #0 [ 93.027821][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 93.037923][ T5805] Call Trace: [ 93.041248][ T5805] [ 93.044220][ T5805] dump_stack_lvl+0x16c/0x230 [ 93.048959][ T5805] ? show_regs_print_info+0x20/0x20 [ 93.054209][ T5805] ? swiotlb_print_info+0x70/0x70 [ 93.059296][ T5805] bad_page+0x14b/0x170 [ 93.063507][ T5805] free_unref_page_prepare+0x887/0x8e0 [ 93.069026][ T5805] free_unref_page+0x32/0x2e0 [ 93.073765][ T5805] ? __folio_put+0xef/0x210 [ 93.078322][ T5805] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 93.084800][ T5805] erofs_shrink_workstation+0x118/0x290 [ 93.090405][ T5805] ? erofs_shrinker_unregister+0x170/0x170 [ 93.096256][ T5805] ? io_schedule+0xd0/0xd0 [ 93.100735][ T5805] ? kobject_put+0x43c/0x470 [ 93.105369][ T5805] erofs_shrinker_unregister+0x5d/0x170 [ 93.110931][ T5805] erofs_put_super+0x4e/0x150 [ 93.115624][ T5805] ? erofs_free_inode+0xb0/0xb0 [ 93.120497][ T5805] generic_shutdown_super+0x134/0x2b0 [ 93.125900][ T5805] kill_block_super+0x44/0x90 [ 93.130599][ T5805] erofs_kill_sb+0x4c/0x140 [ 93.135165][ T5805] deactivate_locked_super+0x97/0x100 [ 93.140579][ T5805] cleanup_mnt+0x429/0x4c0 [ 93.145017][ T5805] task_work_run+0x1ce/0x250 [ 93.149636][ T5805] ? task_work_cancel+0x240/0x240 [ 93.154681][ T5805] ? exit_to_user_mode_loop+0x3b/0x110 [ 93.160176][ T5805] exit_to_user_mode_loop+0xe6/0x110 [ 93.165482][ T5805] exit_to_user_mode_prepare+0xf6/0x180 [ 93.171053][ T5805] syscall_exit_to_user_mode+0x1a/0x50 [ 93.176526][ T5805] do_syscall_64+0x61/0xb0 [ 93.180973][ T5805] ? clear_bhb_loop+0x40/0x90 [ 93.185673][ T5805] ? clear_bhb_loop+0x40/0x90 [ 93.190365][ T5805] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.196267][ T5805] RIP: 0033:0x7f1ca0f90a77 [ 93.200704][ T5805] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 93.220331][ T5805] RSP: 002b:00007ffd0411ed68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 93.228770][ T5805] RAX: 0000000000000000 RBX: 00007f1ca1013d7d RCX: 00007f1ca0f90a77 [ 93.236764][ T5805] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd0411ee20 [ 93.244751][ T5805] RBP: 00007ffd0411ee20 R08: 0000000000000000 R09: 0000000000000000 [ 93.252738][ T5805] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd0411feb0 [ 93.260728][ T5805] R13: 00007f1ca1013d7d R14: 0000000000016942 R15: 00007ffd0411fef0 [ 93.268730][ T5805] [ 93.274693][ T5805] Disabling lock debugging due to kernel taint [ 93.281753][ T5805] BUG: Bad page state in process syz-executor pfn:2afe5 [ 93.288850][ T5805] page:ffffea0000abf940 refcount:0 mapcount:0 mapping:ffff88805b5607c8 index:0x3 pfn:0x2afe5 [ 93.299378][ T5805] aops:z_erofs_cache_aops ino:0 [ 93.304296][ T5805] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 93.312057][ T5805] page_type: 0xffffffff() [ 93.316800][ T5805] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805b5607c8 [ 93.325507][ T5805] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 93.334145][ T5805] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 93.341481][ T5805] page_owner tracks the page as allocated [ 93.347207][ T5805] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5899, tgid 5894 (syz.1.6), ts 92056810421, free_ts 92026280017 [ 93.368817][ T5805] post_alloc_hook+0x1cd/0x210 [ 93.373671][ T5805] get_page_from_freelist+0x195c/0x19f0 [ 93.379236][ T5805] __alloc_pages+0x1e3/0x460 [ 93.383912][ T5805] z_erofs_do_read_page+0x20c0/0x3680 [ 93.389322][ T5805] z_erofs_pcluster_readmore+0x2cf/0x450 [ 93.395007][ T5805] z_erofs_read_folio+0x208/0x540 [ 93.400208][ T5805] filemap_read_folio+0x167/0x760 [ 93.405277][ T5805] do_read_cache_folio+0x470/0x7e0 [ 93.410483][ T5805] erofs_bread+0x16f/0x630 [ 93.415614][ T5805] erofs_namei+0x28c/0xf00 [ 93.420178][ T5805] erofs_lookup+0x135/0x310 [ 93.424755][ T5805] path_openat+0x10b8/0x3190 [ 93.429376][ T5805] do_filp_open+0x1c5/0x3d0 [ 93.433975][ T5805] do_sys_openat2+0x12c/0x1c0 [ 93.438872][ T5805] __x64_sys_openat+0x139/0x160 [ 93.443813][ T5805] do_syscall_64+0x55/0xb0 [ 93.448264][ T5805] page last free stack trace: [ 93.453895][ T5805] free_unref_page_prepare+0x7ce/0x8e0 [ 93.459397][ T5805] free_unref_page+0x32/0x2e0 [ 93.464364][ T5805] __unfreeze_partials+0x1cf/0x210 [ 93.469516][ T5805] put_cpu_partial+0x17c/0x250 [ 93.474449][ T5805] __slab_free+0x31d/0x410 [ 93.478898][ T5805] qlist_free_all+0x75/0xe0 [ 93.483467][ T5805] kasan_quarantine_reduce+0x143/0x160 [ 93.488952][ T5805] __kasan_slab_alloc+0x22/0x80 [ 93.493863][ T5805] slab_post_alloc_hook+0x6e/0x4d0 [ 93.499006][ T5805] kmem_cache_alloc+0x11e/0x2e0 [ 93.503933][ T5805] vm_area_dup+0x27/0x270 [ 93.508298][ T5805] __split_vma+0x19f/0xc00 [ 93.512778][ T5805] mprotect_fixup+0xa0f/0xc90 [ 93.518061][ T5805] do_mprotect_pkey+0x76e/0xc30 [ 93.523108][ T5805] __x64_sys_mprotect+0x80/0x90 [ 93.528007][ T5805] do_syscall_64+0x55/0xb0 [ 93.532548][ T5805] Modules linked in: [ 93.536510][ T5805] CPU: 1 PID: 5805 Comm: syz-executor Tainted: G B syzkaller #0 [ 93.545543][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 93.555612][ T5805] Call Trace: [ 93.558937][ T5805] [ 93.561896][ T5805] dump_stack_lvl+0x16c/0x230 [ 93.566594][ T5805] ? show_regs_print_info+0x20/0x20 [ 93.571806][ T5805] ? swiotlb_print_info+0x70/0x70 [ 93.576850][ T5805] bad_page+0x14b/0x170 [ 93.581016][ T5805] free_unref_page_prepare+0x887/0x8e0 [ 93.586499][ T5805] free_unref_page+0x32/0x2e0 [ 93.591197][ T5805] ? __folio_put+0xef/0x210 [ 93.595708][ T5805] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 93.602138][ T5805] erofs_shrink_workstation+0x118/0x290 [ 93.607694][ T5805] ? erofs_shrinker_unregister+0x170/0x170 [ 93.613506][ T5805] ? io_schedule+0xd0/0xd0 [ 93.617935][ T5805] ? kobject_put+0x43c/0x470 [ 93.622536][ T5805] erofs_shrinker_unregister+0x5d/0x170 [ 93.628092][ T5805] erofs_put_super+0x4e/0x150 [ 93.632830][ T5805] ? erofs_free_inode+0xb0/0xb0 [ 93.637697][ T5805] generic_shutdown_super+0x134/0x2b0 [ 93.643090][ T5805] kill_block_super+0x44/0x90 [ 93.647777][ T5805] erofs_kill_sb+0x4c/0x140 [ 93.652300][ T5805] deactivate_locked_super+0x97/0x100 [ 93.657687][ T5805] cleanup_mnt+0x429/0x4c0 [ 93.662292][ T5805] task_work_run+0x1ce/0x250 [ 93.666900][ T5805] ? task_work_cancel+0x240/0x240 [ 93.671948][ T5805] ? exit_to_user_mode_loop+0x3b/0x110 [ 93.677426][ T5805] exit_to_user_mode_loop+0xe6/0x110 [ 93.682817][ T5805] exit_to_user_mode_prepare+0xf6/0x180 [ 93.688375][ T5805] syscall_exit_to_user_mode+0x1a/0x50 [ 93.693882][ T5805] do_syscall_64+0x61/0xb0 [ 93.698315][ T5805] ? clear_bhb_loop+0x40/0x90 [ 93.703003][ T5805] ? clear_bhb_loop+0x40/0x90 [ 93.707699][ T5805] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.713691][ T5805] RIP: 0033:0x7f1ca0f90a77 [ 93.718142][ T5805] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 93.737941][ T5805] RSP: 002b:00007ffd0411ed68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 93.746370][ T5805] RAX: 0000000000000000 RBX: 00007f1ca1013d7d RCX: 00007f1ca0f90a77 [ 93.754436][ T5805] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd0411ee20 [ 93.762413][ T5805] RBP: 00007ffd0411ee20 R08: 0000000000000000 R09: 0000000000000000 [ 93.770391][ T5805] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd0411feb0 [ 93.778366][ T5805] R13: 00007f1ca1013d7d R14: 0000000000016942 R15: 00007ffd0411fef0 [ 93.786438][ T5805] [ 93.791544][ T5805] BUG: Bad page state in process syz-executor pfn:26113 [ 93.798604][ T5805] page:ffffea00009844c0 refcount:0 mapcount:0 mapping:ffff88805b5607c8 index:0x4 pfn:0x26113 [ 93.809438][ T5805] aops:z_erofs_cache_aops ino:0 [ 93.814358][ T5805] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 93.822170][ T5805] page_type: 0xffffffff() [ 93.827556][ T5805] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805b5607c8 [ 93.836293][ T5805] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 93.845215][ T5805] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 93.852537][ T5805] page_owner tracks the page as allocated [ 93.858265][ T5805] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5899, tgid 5894 (syz.1.6), ts 92056970019, free_ts 92026176268 [ 93.879964][ T5805] post_alloc_hook+0x1cd/0x210 [ 93.884767][ T5805] get_page_from_freelist+0x195c/0x19f0 [ 93.890497][ T5805] __alloc_pages+0x1e3/0x460 [ 93.895117][ T5805] z_erofs_do_read_page+0x20c0/0x3680 [ 93.900541][ T5805] z_erofs_pcluster_readmore+0x2cf/0x450 [ 93.906194][ T5805] z_erofs_read_folio+0x208/0x540 [ 93.911267][ T5805] filemap_read_folio+0x167/0x760 [ 93.916319][ T5805] do_read_cache_folio+0x470/0x7e0 [ 93.921495][ T5805] erofs_bread+0x16f/0x630 [ 93.925943][ T5805] erofs_namei+0x28c/0xf00 [ 93.930891][ T5805] erofs_lookup+0x135/0x310 [ 93.935426][ T5805] path_openat+0x10b8/0x3190 [ 93.940175][ T5805] do_filp_open+0x1c5/0x3d0 [ 93.944717][ T5805] do_sys_openat2+0x12c/0x1c0 [ 93.949426][ T5805] __x64_sys_openat+0x139/0x160 [ 93.954340][ T5805] do_syscall_64+0x55/0xb0 [ 93.958781][ T5805] page last free stack trace: [ 93.963513][ T5805] free_unref_page_prepare+0x7ce/0x8e0 [ 93.969016][ T5805] free_unref_page+0x32/0x2e0 [ 93.973755][ T5805] __unfreeze_partials+0x1cf/0x210 [ 93.978959][ T5805] put_cpu_partial+0x17c/0x250 [ 93.983811][ T5805] __slab_free+0x31d/0x410 [ 93.988261][ T5805] qlist_free_all+0x75/0xe0 [ 93.992836][ T5805] kasan_quarantine_reduce+0x143/0x160 [ 93.998322][ T5805] __kasan_slab_alloc+0x22/0x80 [ 94.003220][ T5805] slab_post_alloc_hook+0x6e/0x4d0 [ 94.008353][ T5805] kmem_cache_alloc+0x11e/0x2e0 [ 94.013887][ T5805] vm_area_dup+0x27/0x270 [ 94.018228][ T5805] __split_vma+0x19f/0xc00 [ 94.023059][ T5805] mprotect_fixup+0xa0f/0xc90 [ 94.027765][ T5805] do_mprotect_pkey+0x76e/0xc30 [ 94.033298][ T5805] __x64_sys_mprotect+0x80/0x90 [ 94.038177][ T5805] do_syscall_64+0x55/0xb0 [ 94.043184][ T5805] Modules linked in: [ 94.047104][ T5805] CPU: 1 PID: 5805 Comm: syz-executor Tainted: G B syzkaller #0 [ 94.056126][ T5805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 94.066194][ T5805] Call Trace: [ 94.069484][ T5805] [ 94.072420][ T5805] dump_stack_lvl+0x16c/0x230 [ 94.077111][ T5805] ? show_regs_print_info+0x20/0x20 [ 94.082326][ T5805] ? swiotlb_print_info+0x70/0x70 [ 94.087378][ T5805] bad_page+0x14b/0x170 [ 94.091549][ T5805] free_unref_page_prepare+0x887/0x8e0 [ 94.097051][ T5805] free_unref_page+0x32/0x2e0 [ 94.101756][ T5805] ? __folio_put+0xef/0x210 [ 94.106284][ T5805] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 94.112712][ T5805] erofs_shrink_workstation+0x118/0x290 [ 94.118266][ T5805] ? erofs_shrinker_unregister+0x170/0x170 [ 94.124077][ T5805] ? io_schedule+0xd0/0xd0 [ 94.128504][ T5805] ? kobject_put+0x43c/0x470 [ 94.133120][ T5805] erofs_shrinker_unregister+0x5d/0x170 [ 94.138670][ T5805] erofs_put_super+0x4e/0x150 [ 94.143390][ T5805] ? erofs_free_inode+0xb0/0xb0 [ 94.148254][ T5805] generic_shutdown_super+0x134/0x2b0 [ 94.153641][ T5805] kill_block_super+0x44/0x90 [ 94.158321][ T5805] erofs_kill_sb+0x4c/0x140 [ 94.162858][ T5805] deactivate_locked_super+0x97/0x100 [ 94.168243][ T5805] cleanup_mnt+0x429/0x4c0 [ 94.172666][ T5805] task_work_run+0x1ce/0x250 [ 94.177271][ T5805] ? task_work_cancel+0x240/0x240 [ 94.182399][ T5805] ? exit_to_user_mode_loop+0x3b/0x110 [ 94.187872][ T5805] exit_to_user_mode_loop+0xe6/0x110 [ 94.193168][ T5805] exit_to_user_mode_prepare+0xf6/0x180 [ 94.198723][ T5805] syscall_exit_to_user_mode+0x1a/0x50 [ 94.204192][ T5805] do_syscall_64+0x61/0xb0 [ 94.208624][ T5805] ? clear_bhb_loop+0x40/0x90 [ 94.213306][ T5805] ? clear_bhb_loop+0x40/0x90 [ 94.218006][ T5805] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 94.223904][ T5805] RIP: 0033:0x7f1ca0f90a77 [ 94.228324][ T5805] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 94.247957][ T5805] RSP: 002b:00007ffd0411ed68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 94.256394][ T5805] RAX: 0000000000000000 RBX: 00007f1ca1013d7d RCX: 00007f1ca0f90a77 [ 94.264382][ T5805] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd0411ee20 [ 94.272450][ T5805] RBP: 00007ffd0411ee20 R08: 0000000000000000 R09: 0000000000000000 [ 94.280430][ T5805] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd0411feb0 [ 94.288427][ T5805] R13: 00007f1ca1013d7d R14: 0000000000016942 R15: 00007ffd0411fef0 [ 94.296587][ T5805] [ 98.010680][ T51] Bluetooth: hci2: command 0x0406 tx timeout