last executing test programs: 1.910662837s ago: executing program 0 (id=1): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@newtaction={0x1fc, 0x30, 0xc96f2b0dc02612b1, 0x71bd2b, 0x25dfdbff, {}, [{0x1e8, 0x1, [@m_csum={0x68, 0x19, 0x0, 0x0, {{0x9}, {0x4}, {0x39, 0x6, "99599a989bd1b1fba50a4a29ffa7c682e6cfa07125a1335f6cc53bfcbdd0cec4b739e8072ad58b5153a6189bec7e227f7f9f2cb5c1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_skbedit={0x38, 0xa, 0x0, 0x0, {{0xc}, {0xc, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xb0e}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_skbmod={0xf4, 0x1, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [@TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}]}, {0xb9, 0x6, "6924a3156352d4cb671a82481f27291343a36577586e5138f9b60a47ff29c9048eb534a11a1a6e4068a3f14dbbb6f779cad02630f9c416662a272922c0177770deb39f4690d4395dd3771d99f9aae01ac5b8b77c9ea5267b51cceebad4126c6b018ccd2424755e23161a50ec4588a35b167651bd8e886d43c7b0f2105fe0bbf48e50295c1b6016c72500582f399eea553274e9ce77781e0bd18c6dd6dfed7fc2ce76e1b76fcd7a3c44f38f1f3f7b49477ea4bce06e"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1}}}}, @m_bpf={0x50, 0x0, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0x2, 0x4, 0x6, 0x4}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4004000}, 0x50) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x8804, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000280)=""/85, 0x55}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 1.758740524s ago: executing program 0 (id=5): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={0x0, 0x0, 0x5a}, 0x28) 1.683860487s ago: executing program 0 (id=6): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) ioprio_set$uid(0x3, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4085}, 0x4000800) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x20) pwrite64(r6, 0x0, 0x0, 0x8080c61) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r7, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x4000000) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r9 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r9, 0x0, 0x30, &(0x7f0000000540)={0x0, {{0x2, 0x4e22, @broadcast}}, 0x1}, 0x90) fadvise64(r8, 0xe0ffff, 0x19, 0x3) 1.555217373s ago: executing program 1 (id=2): writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="39e8dcfa461ac09e8a722e34d7e484893ffa560200133b1b00003f210000001770faf047145bc79e0b9971bcbedac0eeaf3300000000000000000000cab0312cf6b68ced50ac2b5546216e3ce964359fa4ea", 0x52}], 0x1) setreuid(0x0, 0xee00) ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64]) 1.262378985s ago: executing program 1 (id=7): bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) r0 = socket$xdp(0x2c, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0xb, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000006c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000400850000008200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) getsockopt$sock_cred(r2, 0x1, 0x11, 0x0, &(0x7f0000000140)) setsockopt$sock_cred(r3, 0x1, 0x11, 0x0, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r6, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r7, 0x421, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc35d4f6d52288271}, 0x200048c4) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={0x0, 0x10000, 0x1000, 0x101, 0x1}, 0x20) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x200000, &(0x7f0000001c40)={[{@dioread_nolock}, {@norecovery}, {@resgid}, {@nojournal_checksum}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@errors_remount}, {@grpid}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x343}}, {@grpid}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@nombcache}], [{@subj_user={'subj_user', 0x3d, '('}}, {@obj_user={'obj_user', 0x3d, 'uid>'}}, {@uid_gt}, {@appraise_type}]}, 0xfd, 0x588, &(0x7f0000000680)="$eJzs3d9rW1UcAPDvTZP96rQdjKE+yGAPTsbStfXHBGHzUXQ40PcZ2qyMpsto0rHWgduDe/FFhiDiQPwDfN/j8B/wrxi4wZBR9EGFyk1vuq7Nj7bLTF0+H8h2Ts5Nzv3m3u/NOfcmTQAD62j6Ty7i1Yj4JokYWdeWj6zx6Opyy4+vT6W3JFZWPv09iTMbnivJ/h/OKq9ExC9fRZzIbe63trg0W6pUyvNZfaw+d2Wstrh08tJcaaY8U748MTl5+u3Jiffefadnsb55/s/vP7n34emvjy1/9/PDQ7eTOBsHs7Y0rh50cWN95Wjpn6xUiLMbFhzvQWe7SdLvFWBHhrI8L0R6DBiJoSzrgRfflxGxAgyoRP7DgGqOA5pz+x7Ng/83Hn2wOgHaHH9+9dxI7GvMjQ4sJ0/NjNL57mgP+k/7GH1w5/bdB3duR+fzEPu71AG25cbNiDiVz28+/iXZ8W/nTjVOHne2sY9Be/+BfrqXjn+SGxGb8j+3Nv6JFuOf4Ra5uxPd8z/3sAfdtJWO/95vOf5dO3SNDmW1lxpjvkJy8VKlfCoiXo6I41HYm9Y7Xc85vXx/pV1bGv/dbPyX3tL+m2PBbD0e5vc+/ZjpUr30LDGv9+hmxGstx7/J2vZPWmz/9PU4v8U+jpTvvN6urXv8z9fKTxFvtNz+T65oJZ2vT4419oex5l6x2R+3jvzarv9+x59u/wOd4x9N1l+vrW2/jx/3/VVu17bT/X9P8lmjvCe771qpXp8fj9iTfJwf3nj/xJPHNuvN5dP4jx9rnf+d9v908vX5FuO/dfhW20W7xv/3ukn6U25usffO0vint7X9t1+4/9EXP+w4/sb2f6tROp7ds5Xj31ZX8FleOwAAAAAAANhtchFxMJJcca2cyxWLhUbb4TiQq1Rr9RMXqwuXp6PxXdnRKOSaV7pH1n0eYjz7PGyzPrGhPhkRhyLi26H9jXpxqlqZ7nfwAAAAAAAAAAAAAAAAAAAAsEsMt/z+/2rbb0P9XjvguWv8sMHefq8F0A9df/K/F7/0BOxKXfMfeGFtP/+dGYAXhfd/GFzyHwaX/IfBtdX8L4w85xUB/nPe/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqfPnzqW3leXH16fS+vTVxYXZ6tWT0+XabHFuYao4VZ2/UpypVmcq5eJUda7b81Wq1SvjE7FwbaxertXHaotLF+aqC5frFy7NlWbKF8oFf2wYAAAAAAAAAAAAAAAAAAAANqktLs2WKpXyvELbwpno5RMmu++VP5Ot0o4ent8tUSj0tNDHgxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbPBvAAAA///YBDOu") lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[], 0x361, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {0x1, 0x2}, [{0x2, 0x5}, {0x2, 0x2}], {}, [], {0x10, 0x5}}, 0x34, 0x2) rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00') 0s ago: executing program 0 (id=8): writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)="39e8dcfa461ac09e8a722e34d7e484893ffa560200133b1b00003f210000001770faf047145bc79e0b9971bcbedac0eeaf3300000000000000000000cab0312cf6b68ced50ac2b5546216e3ce964359fa4ea01a34f038f38509172feed11b0fd62fd47a9d236813b4ebda3ebdd33aec5ea71251a0651345627e476fa4b9c478f296d2457c7d362ae632c70c3e21690c445f0be021cfeb01fb01d1067fd8649a829d2", 0xa2}], 0x1) r0 = syz_open_dev$sg(&(0x7f0000001bc0), 0x208, 0x2c41) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r0]) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.168' (ED25519) to the list of known hosts. [ 65.093790][ T5773] cgroup: Unknown subsys name 'net' [ 65.255633][ T5773] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 66.682269][ T5773] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 68.218881][ T5784] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 68.227230][ T5794] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 68.238782][ T5794] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 68.259141][ T5794] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 68.267048][ T5795] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 68.274965][ T5795] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 68.276149][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 68.283297][ T5795] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 68.289920][ T5794] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 68.298179][ T5795] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 68.304829][ T5794] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 68.313450][ T5795] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 68.320837][ T5794] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 68.325465][ T5795] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 68.332846][ T5794] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 68.346870][ T5796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 68.354172][ T5795] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 68.354845][ T5794] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 68.361848][ T5795] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 68.369929][ T5794] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 68.383743][ T5106] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 68.384516][ T5794] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 68.409336][ T5794] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 68.417017][ T5794] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 68.843502][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 68.981666][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 69.025518][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 69.090856][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 69.105981][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.114312][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.122025][ T5782] bridge_slave_0: entered allmulticast mode [ 69.129622][ T5782] bridge_slave_0: entered promiscuous mode [ 69.162753][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.170131][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.177291][ T5782] bridge_slave_1: entered allmulticast mode [ 69.184578][ T5782] bridge_slave_1: entered promiscuous mode [ 69.286304][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.293791][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.302079][ T5786] bridge_slave_0: entered allmulticast mode [ 69.308970][ T5786] bridge_slave_0: entered promiscuous mode [ 69.321664][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.329632][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.336832][ T5785] bridge_slave_0: entered allmulticast mode [ 69.344217][ T5785] bridge_slave_0: entered promiscuous mode [ 69.351679][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.358959][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.366643][ T5785] bridge_slave_1: entered allmulticast mode [ 69.373423][ T5785] bridge_slave_1: entered promiscuous mode [ 69.382698][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.395654][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.405074][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.413396][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.420805][ T5786] bridge_slave_1: entered allmulticast mode [ 69.427900][ T5786] bridge_slave_1: entered promiscuous mode [ 69.516309][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.530470][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.543550][ T5782] team0: Port device team_slave_0 added [ 69.554054][ T5782] team0: Port device team_slave_1 added [ 69.562366][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.575071][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.585684][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.593085][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.600434][ T5787] bridge_slave_0: entered allmulticast mode [ 69.607106][ T5787] bridge_slave_0: entered promiscuous mode [ 69.647412][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.654634][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.662747][ T5787] bridge_slave_1: entered allmulticast mode [ 69.669876][ T5787] bridge_slave_1: entered promiscuous mode [ 69.717066][ T5785] team0: Port device team_slave_0 added [ 69.726477][ T5785] team0: Port device team_slave_1 added [ 69.733327][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.741609][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.767606][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.782201][ T5786] team0: Port device team_slave_0 added [ 69.791584][ T5786] team0: Port device team_slave_1 added [ 69.826857][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.834566][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.860502][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.887689][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.900068][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.918763][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.925725][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.952213][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.964882][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.972003][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 69.998460][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.054209][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.061625][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.090825][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.115430][ T5787] team0: Port device team_slave_0 added [ 70.133664][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.140893][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.167277][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.194240][ T5787] team0: Port device team_slave_1 added [ 70.214095][ T5785] hsr_slave_0: entered promiscuous mode [ 70.220693][ T5785] hsr_slave_1: entered promiscuous mode [ 70.256070][ T5782] hsr_slave_0: entered promiscuous mode [ 70.262696][ T5782] hsr_slave_1: entered promiscuous mode [ 70.269679][ T5782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.277488][ T5782] Cannot create hsr debugfs directory [ 70.295188][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.302231][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.328203][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.344571][ T5786] hsr_slave_0: entered promiscuous mode [ 70.351191][ T5786] hsr_slave_1: entered promiscuous mode [ 70.357340][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.365036][ T5786] Cannot create hsr debugfs directory [ 70.389061][ T5790] Bluetooth: hci0: command tx timeout [ 70.392398][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.402012][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 70.428116][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.468915][ T5790] Bluetooth: hci2: command tx timeout [ 70.468929][ T51] Bluetooth: hci3: command tx timeout [ 70.552739][ T5790] Bluetooth: hci1: command tx timeout [ 70.570086][ T5787] hsr_slave_0: entered promiscuous mode [ 70.576349][ T5787] hsr_slave_1: entered promiscuous mode [ 70.582583][ T5787] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 70.591568][ T5787] Cannot create hsr debugfs directory [ 70.872870][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 70.885922][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 70.909788][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 70.919911][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 70.984134][ T5782] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.002449][ T5782] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.012665][ T5782] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.024007][ T5782] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.123255][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.143109][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.156465][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.193777][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.238326][ T5787] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.250632][ T5787] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.281407][ T5787] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.296406][ T5787] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.357521][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.409186][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.435022][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.442445][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.457542][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.491212][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.498410][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.525778][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.562310][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.569493][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.582712][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.590380][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.652301][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 71.680429][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.689849][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.696455][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.705637][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.744308][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.787833][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 71.805900][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.813148][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.851006][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.858224][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.885570][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.892791][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.941534][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.948751][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.114518][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.171568][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.314790][ T5786] veth0_vlan: entered promiscuous mode [ 72.341208][ T5782] veth0_vlan: entered promiscuous mode [ 72.381938][ T5782] veth1_vlan: entered promiscuous mode [ 72.432202][ T5786] veth1_vlan: entered promiscuous mode [ 72.469900][ T5790] Bluetooth: hci0: command tx timeout [ 72.485399][ T5786] veth0_macvtap: entered promiscuous mode [ 72.523296][ T5782] veth0_macvtap: entered promiscuous mode [ 72.539531][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.547427][ T5786] veth1_macvtap: entered promiscuous mode [ 72.555035][ T5790] Bluetooth: hci2: command tx timeout [ 72.558398][ T51] Bluetooth: hci3: command tx timeout [ 72.582298][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.591865][ T5782] veth1_macvtap: entered promiscuous mode [ 72.610973][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.621343][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.629234][ T51] Bluetooth: hci1: command tx timeout [ 72.652406][ T5786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.662413][ T5786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.671776][ T5786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.681027][ T5786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.701735][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 72.712824][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.724927][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 72.736407][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 72.747027][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 72.759245][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 72.823359][ T5782] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.832772][ T5782] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.841679][ T5782] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.851153][ T5782] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 72.887483][ T5787] veth0_vlan: entered promiscuous mode [ 72.911172][ T5785] veth0_vlan: entered promiscuous mode [ 72.943381][ T5787] veth1_vlan: entered promiscuous mode [ 72.967290][ T5785] veth1_vlan: entered promiscuous mode [ 72.996950][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.012406][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.076705][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.089261][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.112634][ T5787] veth0_macvtap: entered promiscuous mode [ 73.143828][ T5787] veth1_macvtap: entered promiscuous mode [ 73.180132][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.199244][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.202511][ T5785] veth0_macvtap: entered promiscuous mode [ 73.246179][ T5785] veth1_macvtap: entered promiscuous mode [ 73.273328][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.300356][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.300363][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.332282][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.342805][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.353888][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.366970][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.389297][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.402089][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.423443][ T5787] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.438903][ T5787] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.469901][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.521738][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.532023][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.542700][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.555849][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.559404][ T5877] syz.0.6[5877]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.577505][ T5877] loop0: detected capacity change from 0 to 16 [ 73.595194][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.616215][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.642748][ T5877] erofs: (device loop0): mounted with root inode @ nid 36. [ 73.658474][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.677470][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.690084][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.701063][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.719033][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.730109][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.741191][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.757882][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.773193][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.804102][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 73.831354][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.847077][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.935902][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.946090][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.955519][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.964509][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.599504][ T5883] syz.0.6: attempt to access beyond end of device [ 74.599504][ T5883] loop0: rw=0, sector=8, nr_sectors = 32 limit=16 [ 74.694662][ T5884] syz.0.6: attempt to access beyond end of device [ 74.694662][ T5884] loop0: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 74.709588][ T5884] syz.0.6: attempt to access beyond end of device [ 74.709588][ T5884] loop0: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 74.980189][ T51] Bluetooth: hci0: command tx timeout [ 74.985686][ T51] Bluetooth: hci2: command tx timeout [ 74.991227][ T51] Bluetooth: hci3: command tx timeout [ 74.996695][ T51] Bluetooth: hci1: command tx timeout [ 75.223229][ T5786] BUG: Bad page state in process syz-executor pfn:5c5e8 [ 75.230603][ T5786] page:ffffea0001717a00 refcount:0 mapcount:0 mapping:ffff88805d5b07c8 index:0x2 pfn:0x5c5e8 [ 75.240852][ T5786] aops:z_erofs_cache_aops ino:0 [ 75.245725][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 75.254240][ T5786] page_type: 0xffffffff() [ 75.258805][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805d5b07c8 [ 75.267408][ T5786] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 75.277069][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 75.284598][ T5786] page_owner tracks the page as allocated [ 75.290554][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5883, tgid 5876 (syz.0.6), ts 74598041513, free_ts 17327680832 [ 75.312178][ T5786] post_alloc_hook+0x1cd/0x210 [ 75.316974][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 75.322624][ T5786] __alloc_pages+0x1e3/0x460 [ 75.327231][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 75.332913][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 75.338669][ T5786] z_erofs_read_folio+0x208/0x540 [ 75.343708][ T5786] filemap_read_folio+0x167/0x760 [ 75.348787][ T5786] do_read_cache_folio+0x470/0x7e0 [ 75.355194][ T5786] erofs_bread+0x16f/0x630 [ 75.359780][ T5786] erofs_namei+0x28c/0xf00 [ 75.364218][ T5786] erofs_lookup+0x135/0x310 [ 75.368778][ T5786] path_openat+0x10b8/0x3190 [ 75.373391][ T5786] do_filp_open+0x1c5/0x3d0 [ 75.377910][ T5786] do_sys_openat2+0x12c/0x1c0 [ 75.382696][ T5786] __x64_sys_openat+0x139/0x160 [ 75.387567][ T5786] do_syscall_64+0x55/0xb0 [ 75.392106][ T5786] page last free stack trace: [ 75.396823][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 75.402405][ T5786] free_unref_page+0x32/0x2e0 [ 75.407102][ T5786] free_contig_range+0xa1/0x160 [ 75.412000][ T5786] destroy_args+0x80/0x850 [ 75.416436][ T5786] debug_vm_pgtable+0x3cc/0x410 [ 75.421356][ T5786] do_one_initcall+0x1fd/0x750 [ 75.426156][ T5786] do_initcall_level+0x137/0x1f0 [ 75.431686][ T5786] do_initcalls+0x69/0xd0 [ 75.436043][ T5786] kernel_init_freeable+0x3d2/0x570 [ 75.441338][ T5786] kernel_init+0x1d/0x1c0 [ 75.445706][ T5786] ret_from_fork+0x48/0x80 [ 75.450177][ T5786] ret_from_fork_asm+0x11/0x20 [ 75.454964][ T5786] Modules linked in: [ 75.459532][ T5786] CPU: 1 PID: 5786 Comm: syz-executor Not tainted syzkaller #0 [ 75.467101][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 75.477185][ T5786] Call Trace: [ 75.480484][ T5786] [ 75.483436][ T5786] dump_stack_lvl+0x16c/0x230 [ 75.488141][ T5786] ? show_regs_print_info+0x20/0x20 [ 75.493391][ T5786] ? swiotlb_print_info+0x70/0x70 [ 75.498442][ T5786] bad_page+0x14b/0x170 [ 75.502619][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 75.508099][ T5786] free_unref_page+0x32/0x2e0 [ 75.512799][ T5786] ? __folio_put+0xef/0x210 [ 75.517381][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 75.523824][ T5786] erofs_shrink_workstation+0x118/0x290 [ 75.529392][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 75.535213][ T5786] ? io_schedule+0xd0/0xd0 [ 75.539656][ T5786] ? kobject_put+0x43c/0x470 [ 75.544262][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 75.549831][ T5786] erofs_put_super+0x4e/0x150 [ 75.554535][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 75.559405][ T5786] generic_shutdown_super+0x134/0x2b0 [ 75.564809][ T5786] kill_block_super+0x44/0x90 [ 75.569507][ T5786] erofs_kill_sb+0x4c/0x140 [ 75.574044][ T5786] deactivate_locked_super+0x97/0x100 [ 75.579440][ T5786] cleanup_mnt+0x429/0x4c0 [ 75.583886][ T5786] task_work_run+0x1ce/0x250 [ 75.588499][ T5786] ? task_work_cancel+0x240/0x240 [ 75.593547][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 75.599040][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 75.604351][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 75.609933][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 75.615424][ T5786] do_syscall_64+0x61/0xb0 [ 75.619867][ T5786] ? clear_bhb_loop+0x40/0x90 [ 75.624566][ T5786] ? clear_bhb_loop+0x40/0x90 [ 75.629259][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.635167][ T5786] RIP: 0033:0x7f30b7190a77 [ 75.639608][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 75.659229][ T5786] RSP: 002b:00007ffcce67ec18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 75.667683][ T5786] RAX: 0000000000000000 RBX: 00007f30b7213d7d RCX: 00007f30b7190a77 [ 75.675685][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcce67ecd0 [ 75.677991][ C0] sched: RT throttling activated [ 75.688602][ T5786] RBP: 00007ffcce67ecd0 R08: 0000000000000000 R09: 0000000000000000 [ 75.696575][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcce67fd60 [ 75.704548][ T5786] R13: 00007f30b7213d7d R14: 00000000000124de R15: 00007ffcce67fda0 [ 75.712538][ T5786] [ 75.715804][ T5786] Disabling lock debugging due to kernel taint [ 75.723385][ T5786] BUG: Bad page state in process syz-executor pfn:5c5e9 [ 75.730513][ T5786] page:ffffea0001717a40 refcount:0 mapcount:0 mapping:ffff88805d5b07c8 index:0x3 pfn:0x5c5e9 [ 75.740710][ T5786] aops:z_erofs_cache_aops ino:0 [ 75.745568][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 75.753650][ T5786] page_type: 0xffffffff() [ 75.758015][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805d5b07c8 [ 75.767163][ T5786] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 75.775837][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 75.783201][ T5786] page_owner tracks the page as allocated [ 75.788949][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5883, tgid 5876 (syz.0.6), ts 74598110911, free_ts 17327687989 [ 75.810558][ T5786] post_alloc_hook+0x1cd/0x210 [ 75.815340][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 75.820934][ T5786] __alloc_pages+0x1e3/0x460 [ 75.825538][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 75.831519][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 75.837160][ T5786] z_erofs_read_folio+0x208/0x540 [ 75.842257][ T5786] filemap_read_folio+0x167/0x760 [ 75.847318][ T5786] do_read_cache_folio+0x470/0x7e0 [ 75.852477][ T5786] erofs_bread+0x16f/0x630 [ 75.856907][ T5786] erofs_namei+0x28c/0xf00 [ 75.861369][ T5786] erofs_lookup+0x135/0x310 [ 75.866468][ T5786] path_openat+0x10b8/0x3190 [ 75.871185][ T5786] do_filp_open+0x1c5/0x3d0 [ 75.875711][ T5786] do_sys_openat2+0x12c/0x1c0 [ 75.880432][ T5786] __x64_sys_openat+0x139/0x160 [ 75.885296][ T5786] do_syscall_64+0x55/0xb0 [ 75.889759][ T5786] page last free stack trace: [ 75.894436][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 75.899948][ T5786] free_unref_page+0x32/0x2e0 [ 75.904640][ T5786] free_contig_range+0xa1/0x160 [ 75.910189][ T5786] destroy_args+0x80/0x850 [ 75.914808][ T5786] debug_vm_pgtable+0x3cc/0x410 [ 75.919735][ T5786] do_one_initcall+0x1fd/0x750 [ 75.924515][ T5786] do_initcall_level+0x137/0x1f0 [ 75.929515][ T5786] do_initcalls+0x69/0xd0 [ 75.933866][ T5786] kernel_init_freeable+0x3d2/0x570 [ 75.939111][ T5786] kernel_init+0x1d/0x1c0 [ 75.943447][ T5786] ret_from_fork+0x48/0x80 [ 75.947867][ T5786] ret_from_fork_asm+0x11/0x20 [ 75.952677][ T5786] Modules linked in: [ 75.956573][ T5786] CPU: 1 PID: 5786 Comm: syz-executor Tainted: G B syzkaller #0 [ 75.965596][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 75.975660][ T5786] Call Trace: [ 75.978945][ T5786] [ 75.981882][ T5786] dump_stack_lvl+0x16c/0x230 [ 75.986571][ T5786] ? show_regs_print_info+0x20/0x20 [ 75.991780][ T5786] ? swiotlb_print_info+0x70/0x70 [ 75.996819][ T5786] bad_page+0x14b/0x170 [ 76.000985][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 76.006471][ T5786] free_unref_page+0x32/0x2e0 [ 76.011167][ T5786] ? __folio_put+0xef/0x210 [ 76.015679][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 76.022121][ T5786] erofs_shrink_workstation+0x118/0x290 [ 76.027682][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 76.033499][ T5786] ? io_schedule+0xd0/0xd0 [ 76.037936][ T5786] ? kobject_put+0x43c/0x470 [ 76.042532][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 76.048093][ T5786] erofs_put_super+0x4e/0x150 [ 76.052794][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 76.057660][ T5786] generic_shutdown_super+0x134/0x2b0 [ 76.063054][ T5786] kill_block_super+0x44/0x90 [ 76.067741][ T5786] erofs_kill_sb+0x4c/0x140 [ 76.072276][ T5786] deactivate_locked_super+0x97/0x100 [ 76.077665][ T5786] cleanup_mnt+0x429/0x4c0 [ 76.082095][ T5786] task_work_run+0x1ce/0x250 [ 76.086697][ T5786] ? task_work_cancel+0x240/0x240 [ 76.091746][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 76.097219][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 76.102516][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 76.108075][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 76.113632][ T5786] do_syscall_64+0x61/0xb0 [ 76.118054][ T5786] ? clear_bhb_loop+0x40/0x90 [ 76.122756][ T5786] ? clear_bhb_loop+0x40/0x90 [ 76.127456][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 76.133365][ T5786] RIP: 0033:0x7f30b7190a77 [ 76.137796][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 76.157420][ T5786] RSP: 002b:00007ffcce67ec18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 76.165844][ T5786] RAX: 0000000000000000 RBX: 00007f30b7213d7d RCX: 00007f30b7190a77 [ 76.173838][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcce67ecd0 [ 76.181836][ T5786] RBP: 00007ffcce67ecd0 R08: 0000000000000000 R09: 0000000000000000 [ 76.189838][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcce67fd60 [ 76.197971][ T5786] R13: 00007f30b7213d7d R14: 00000000000124de R15: 00007ffcce67fda0 [ 76.205967][ T5786] [ 76.207757][ T5886] loop1: detected capacity change from 0 to 1024 [ 76.210033][ T5786] BUG: Bad page state in process syz-executor pfn:5c5ea [ 76.222578][ T5786] page:ffffea0001717a80 refcount:0 mapcount:0 mapping:ffff88805d5b07c8 index:0x4 pfn:0x5c5ea [ 76.227949][ T5886] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 76.233280][ T5786] aops:z_erofs_cache_aops ino:0 [ 76.249073][ T5786] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 76.256805][ T5786] page_type: 0xffffffff() [ 76.261187][ T5786] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805d5b07c8 [ 76.270042][ T5786] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 76.279219][ T5786] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 76.286604][ T5786] page_owner tracks the page as allocated [ 76.292400][ T5786] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5883, tgid 5876 (syz.0.6), ts 74598133720, free_ts 17327694691 [ 76.313982][ T5786] post_alloc_hook+0x1cd/0x210 [ 76.318816][ T5786] get_page_from_freelist+0x195c/0x19f0 [ 76.324395][ T5786] __alloc_pages+0x1e3/0x460 [ 76.329059][ T5786] z_erofs_do_read_page+0x20c0/0x3680 [ 76.334450][ T5786] z_erofs_pcluster_readmore+0x2cf/0x450 [ 76.340158][ T5786] z_erofs_read_folio+0x208/0x540 [ 76.345267][ T5786] filemap_read_folio+0x167/0x760 [ 76.350351][ T5786] do_read_cache_folio+0x470/0x7e0 [ 76.355528][ T5786] erofs_bread+0x16f/0x630 [ 76.360021][ T5786] erofs_namei+0x28c/0xf00 [ 76.364459][ T5786] erofs_lookup+0x135/0x310 [ 76.369040][ T5786] path_openat+0x10b8/0x3190 [ 76.373657][ T5786] do_filp_open+0x1c5/0x3d0 [ 76.378767][ T5786] do_sys_openat2+0x12c/0x1c0 [ 76.382591][ T5886] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.383453][ T5786] __x64_sys_openat+0x139/0x160 [ 76.400791][ T5786] do_syscall_64+0x55/0xb0 [ 76.405267][ T5786] page last free stack trace: [ 76.410000][ T5786] free_unref_page_prepare+0x7ce/0x8e0 [ 76.415491][ T5786] free_unref_page+0x32/0x2e0 [ 76.420258][ T5786] free_contig_range+0xa1/0x160 [ 76.425125][ T5786] destroy_args+0x80/0x850 [ 76.429611][ T5786] debug_vm_pgtable+0x3cc/0x410 [ 76.434486][ T5786] do_one_initcall+0x1fd/0x750 [ 76.439315][ T5786] do_initcall_level+0x137/0x1f0 [ 76.444282][ T5786] do_initcalls+0x69/0xd0 [ 76.447715][ T5886] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 76.448648][ T5786] kernel_init_freeable+0x3d2/0x570 [ 76.448674][ T5786] kernel_init+0x1d/0x1c0 [ 76.448689][ T5786] ret_from_fork+0x48/0x80 [ 76.448703][ T5786] ret_from_fork_asm+0x11/0x20 [ 76.448722][ T5786] Modules linked in: [ 76.448734][ T5786] CPU: 1 PID: 5786 Comm: syz-executor Tainted: G B syzkaller #0 [ 76.466150][ T5886] EXT4-fs error (device loop1): ext4_xattr_inode_iget:444: inode #11: comm syz.1.7: missing EA_INODE flag [ 76.466842][ T5786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 76.466854][ T5786] Call Trace: [ 76.517766][ T5786] [ 76.520697][ T5786] dump_stack_lvl+0x16c/0x230 [ 76.525383][ T5786] ? show_regs_print_info+0x20/0x20 [ 76.530583][ T5786] ? swiotlb_print_info+0x70/0x70 [ 76.535619][ T5786] bad_page+0x14b/0x170 [ 76.539773][ T5786] free_unref_page_prepare+0x887/0x8e0 [ 76.545234][ T5786] free_unref_page+0x32/0x2e0 [ 76.549909][ T5786] ? __folio_put+0xef/0x210 [ 76.554405][ T5786] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 76.560822][ T5786] erofs_shrink_workstation+0x118/0x290 [ 76.566370][ T5786] ? erofs_shrinker_unregister+0x170/0x170 [ 76.572172][ T5786] ? io_schedule+0xd0/0xd0 [ 76.576682][ T5786] ? kobject_put+0x43c/0x470 [ 76.581282][ T5786] erofs_shrinker_unregister+0x5d/0x170 [ 76.586826][ T5786] erofs_put_super+0x4e/0x150 [ 76.591514][ T5786] ? erofs_free_inode+0xb0/0xb0 [ 76.596372][ T5786] generic_shutdown_super+0x134/0x2b0 [ 76.601749][ T5786] kill_block_super+0x44/0x90 [ 76.606426][ T5786] erofs_kill_sb+0x4c/0x140 [ 76.610933][ T5786] deactivate_locked_super+0x97/0x100 [ 76.616309][ T5786] cleanup_mnt+0x429/0x4c0 [ 76.620729][ T5786] task_work_run+0x1ce/0x250 [ 76.625330][ T5786] ? task_work_cancel+0x240/0x240 [ 76.630363][ T5786] ? exit_to_user_mode_loop+0x3b/0x110 [ 76.635821][ T5786] exit_to_user_mode_loop+0xe6/0x110 [ 76.641107][ T5786] exit_to_user_mode_prepare+0xf6/0x180 [ 76.646661][ T5786] syscall_exit_to_user_mode+0x1a/0x50 [ 76.652119][ T5786] do_syscall_64+0x61/0xb0 [ 76.656534][ T5786] ? clear_bhb_loop+0x40/0x90 [ 76.661294][ T5786] ? clear_bhb_loop+0x40/0x90 [ 76.665965][ T5786] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 76.671857][ T5786] RIP: 0033:0x7f30b7190a77 [ 76.676273][ T5786] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 76.695879][ T5786] RSP: 002b:00007ffcce67ec18 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 76.704290][ T5786] RAX: 0000000000000000 RBX: 00007f30b7213d7d RCX: 00007f30b7190a77 [ 76.712256][ T5786] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcce67ecd0 [ 76.720220][ T5786] RBP: 00007ffcce67ecd0 R08: 0000000000000000 R09: 0000000000000000 [ 76.728183][ T5786] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcce67fd60 [ 76.736148][ T5786] R13: 00007f30b7213d7d R14: 00000000000124de R15: 00007ffcce67fda0 [ 76.744126][ T5786] [ 76.756046][ T5886] EXT4-fs (loop1): Remounting filesystem read-only [ 76.762910][ T5886] EXT4-fs warning (device loop1): ext4_xattr_inode_dec_ref_all:1243: inode #18: comm syz.1.7: ea_inode dec ref err=-5 [ 76.775538][ T5886] EXT4-fs warning (device loop1): ext4_evict_inode:272: xattr delete (err -5) [ 76.878485][ T1205] cfg80211: failed to load regulatory.db [ 77.028562][ T5790] Bluetooth: hci1: command tx timeout [ 77.028976][ T51] Bluetooth: hci3: command tx timeout [ 77.033998][ T5796] Bluetooth: hci2: command tx timeout [ 77.039392][ T5794] Bluetooth: hci0: command tx timeout