last executing test programs: 317.521674ms ago: executing program 3 (id=4): syz_mount_image$erofs(&(0x7f0000000400), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x201, &(0x7f0000000d00)="$eJzsmbGLE0EUxr+Z3eydhyg2CjYWHniit9ndqFxzxQmWgnCKWgazHqd7F9lb4e5ASEhjY2kh2NpYWljYaOFfYKuFCoKFKe2UkZmd3Z0km5hIMMW9H2T229037828DV9gA4IgDixfv/z8/OTyyvXzAA5jEXP6+ncrPYqjvfGfnj0893T1yvNXH1+83z7y6E1/PibniPHrOwDerVlIwGxdsWf2YpE207gBjrNa3wSDm8pfQiFlCyEYbuuYe4ZuHtIiCt07zahxdzMKPTn4cgjkUDPry0V12wwNAPNqdUIw4/7O3v79ehSFcb+oiKzOwK1Jxaj+qfWtcawi654QHMCtx522PNe9gQee988Hh691DQzrWq9gDq7rFi0x9n/SLvJb4+x/tuKlEseW/1dR8LQdYwWz6XwtJhLx2xONWT8UU/wWQkw+qzKV6qz/inwg+ZXj3cwDzZhvM+/YvwtlXAAGbn1YiKKr5bP43zLLjjkljcpF4U/S2c8Y/mTDzv2jmmw9qO7s7S9vbtU3wo1wOwhql7wLnncxqCojSscR/jev/GnByF8ZEuswB7v1JIn9XSCJ/fw8SEfDcddfN3+oOVz5H8fS6TQH079ZnSE1mP5wdZRqySqPbA3dE0EQBEEQBEEQBEEQBEEQRDmnwJD+EyaYfiFaRnBNvaH8EwAA///zPWcb") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_all\x00', 0x275a, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0) fadvise64(r1, 0xe0ffff, 0x4101, 0x3) 0s ago: executing program 3 (id=5): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)='\x00', 0x1}], 0x1}}], 0x1, 0x400c404) r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x200, 0xa, 0x2}) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.120' (ED25519) to the list of known hosts. [ 57.208525][ T5754] cgroup: Unknown subsys name 'net' [ 57.368388][ T5754] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.693241][ T5754] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.672225][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.680621][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.688373][ T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.696650][ T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.705423][ T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.712825][ T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.721567][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.735875][ T5086] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.749381][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.753679][ T5086] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 60.762340][ T5777] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.772099][ T5086] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.772102][ T5777] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 60.772561][ T5086] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 60.779456][ T5777] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.787775][ T5086] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 60.794263][ T5777] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.800621][ T5086] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 60.807922][ T5777] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 60.815571][ T5086] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 60.821652][ T5777] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.829149][ T5086] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 60.850831][ T5086] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 60.858250][ T5086] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.291053][ T5765] chnl_net:caif_netlink_parms(): no params data found [ 61.318412][ T5764] chnl_net:caif_netlink_parms(): no params data found [ 61.385681][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 61.443902][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 61.521840][ T5765] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.529240][ T5765] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.537120][ T5765] bridge_slave_0: entered allmulticast mode [ 61.544447][ T5765] bridge_slave_0: entered promiscuous mode [ 61.551870][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.559254][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.566570][ T5764] bridge_slave_0: entered allmulticast mode [ 61.573407][ T5764] bridge_slave_0: entered promiscuous mode [ 61.602314][ T5765] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.609758][ T5765] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.617022][ T5765] bridge_slave_1: entered allmulticast mode [ 61.623661][ T5765] bridge_slave_1: entered promiscuous mode [ 61.630493][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.637761][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.644930][ T5764] bridge_slave_1: entered allmulticast mode [ 61.651487][ T5764] bridge_slave_1: entered promiscuous mode [ 61.661103][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.668329][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.675516][ T5768] bridge_slave_0: entered allmulticast mode [ 61.682092][ T5768] bridge_slave_0: entered promiscuous mode [ 61.713379][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.720502][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.727684][ T5768] bridge_slave_1: entered allmulticast mode [ 61.734436][ T5768] bridge_slave_1: entered promiscuous mode [ 61.783824][ T5765] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.796179][ T5765] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.807162][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.849050][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.858295][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.865955][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.873133][ T5770] bridge_slave_0: entered allmulticast mode [ 61.879686][ T5770] bridge_slave_0: entered promiscuous mode [ 61.889374][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.901336][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.940151][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.947316][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.955424][ T5770] bridge_slave_1: entered allmulticast mode [ 61.962027][ T5770] bridge_slave_1: entered promiscuous mode [ 61.983654][ T5765] team0: Port device team_slave_0 added [ 61.991021][ T5765] team0: Port device team_slave_1 added [ 61.999505][ T5764] team0: Port device team_slave_0 added [ 62.039036][ T5764] team0: Port device team_slave_1 added [ 62.056350][ T5768] team0: Port device team_slave_0 added [ 62.065175][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.093280][ T5768] team0: Port device team_slave_1 added [ 62.111353][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.121530][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.129276][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.155238][ T5765] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.168447][ T5765] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.175457][ T5765] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.201822][ T5765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.221821][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.228963][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.255013][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.298698][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.305658][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.331841][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.361206][ T5770] team0: Port device team_slave_0 added [ 62.370012][ T5770] team0: Port device team_slave_1 added [ 62.376657][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.383653][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.410200][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.422808][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.429748][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.455946][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.517361][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.524574][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.550571][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.587798][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.594977][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.621067][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.647430][ T5764] hsr_slave_0: entered promiscuous mode [ 62.653904][ T5764] hsr_slave_1: entered promiscuous mode [ 62.663838][ T5768] hsr_slave_0: entered promiscuous mode [ 62.670462][ T5768] hsr_slave_1: entered promiscuous mode [ 62.676897][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.685221][ T5768] Cannot create hsr debugfs directory [ 62.695086][ T5765] hsr_slave_0: entered promiscuous mode [ 62.702092][ T5765] hsr_slave_1: entered promiscuous mode [ 62.708150][ T5765] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.716505][ T5765] Cannot create hsr debugfs directory [ 62.763157][ T5086] Bluetooth: hci0: command tx timeout [ 62.829725][ T5770] hsr_slave_0: entered promiscuous mode [ 62.836398][ T5770] hsr_slave_1: entered promiscuous mode [ 62.842506][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.850056][ T5770] Cannot create hsr debugfs directory [ 62.912997][ T5086] Bluetooth: hci2: command tx timeout [ 62.917058][ T5771] Bluetooth: hci1: command tx timeout [ 62.918516][ T5777] Bluetooth: hci3: command tx timeout [ 63.151321][ T5764] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.161764][ T5764] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.178978][ T5764] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.191570][ T5764] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.253902][ T5768] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.285709][ T5768] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.296228][ T5768] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.330924][ T5768] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.359975][ T5765] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.369437][ T5765] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.396722][ T5765] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.416396][ T5765] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.461484][ T5770] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.499630][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.508868][ T5770] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.518980][ T5770] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.531343][ T5770] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.586334][ T5764] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.610584][ T78] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.617823][ T78] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.645604][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.652908][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.699923][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.740585][ T5765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.769001][ T5765] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.800716][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.811925][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.819063][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.846337][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.853464][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.876362][ T1133] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.883529][ T1133] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.915106][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.922221][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.017496][ T5765] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.046731][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.074359][ T5768] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.107221][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.144894][ T76] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.152000][ T76] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.214940][ T76] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.222046][ T76] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.311968][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.409246][ T5764] veth0_vlan: entered promiscuous mode [ 64.426429][ T5765] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.450318][ T5764] veth1_vlan: entered promiscuous mode [ 64.567719][ T5764] veth0_macvtap: entered promiscuous mode [ 64.588664][ T5765] veth0_vlan: entered promiscuous mode [ 64.608341][ T5764] veth1_macvtap: entered promiscuous mode [ 64.629022][ T5765] veth1_vlan: entered promiscuous mode [ 64.656880][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.680302][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.716943][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.737843][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.756150][ T5764] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.765960][ T5764] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.774953][ T5764] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.783973][ T5764] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.810864][ T5765] veth0_macvtap: entered promiscuous mode [ 64.828057][ T5768] veth0_vlan: entered promiscuous mode [ 64.834227][ T5777] Bluetooth: hci0: command tx timeout [ 64.857122][ T5765] veth1_macvtap: entered promiscuous mode [ 64.878068][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.889201][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.900434][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.911892][ T5768] veth1_vlan: entered promiscuous mode [ 64.944733][ T5765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.956757][ T5765] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.968062][ T5765] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.993443][ T5086] Bluetooth: hci1: command tx timeout [ 64.993451][ T5771] Bluetooth: hci2: command tx timeout [ 64.998891][ T5777] Bluetooth: hci3: command tx timeout [ 65.024052][ T5765] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.033041][ T5765] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.041741][ T5765] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.050944][ T5765] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.078802][ T5770] veth0_vlan: entered promiscuous mode [ 65.117915][ T5770] veth1_vlan: entered promiscuous mode [ 65.145970][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.154844][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.202353][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.209710][ T5768] veth0_macvtap: entered promiscuous mode [ 65.227863][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.247242][ T5768] veth1_macvtap: entered promiscuous mode [ 65.258571][ T5770] veth0_macvtap: entered promiscuous mode [ 65.297176][ T5770] veth1_macvtap: entered promiscuous mode [ 65.310953][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.322937][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.332884][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.343384][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.356073][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.424245][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.442530][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.448448][ T5852] syz.3.4[5852]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 65.452331][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.479736][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.491396][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.498739][ T5852] loop3: detected capacity change from 0 to 16 [ 65.505986][ T5852] erofs: (device loop3): mounted with root inode @ nid 36. [ 65.537023][ T5852] syz.3.4: attempt to access beyond end of device [ 65.537023][ T5852] loop3: rw=0, sector=8, nr_sectors = 16 limit=16 [ 65.550882][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.570846][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.579583][ T5852] syz.3.4: attempt to access beyond end of device [ 65.579583][ T5852] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 65.582029][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.605454][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.615452][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.626159][ T5852] syz.3.4: attempt to access beyond end of device [ 65.626159][ T5852] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 65.626466][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.651518][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.674092][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.687690][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.698834][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.707054][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.719966][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.730609][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.741137][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.751634][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.763356][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.763922][ T5764] BUG: Bad page state in process syz-executor pfn:5d92f [ 65.778017][ T5764] page:ffffea0001764bc0 refcount:0 mapcount:0 mapping:ffff88805e0487c8 index:0x2 pfn:0x5d92f [ 65.788321][ T5764] aops:z_erofs_cache_aops ino:0 [ 65.793368][ T5764] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 65.801093][ T5764] page_type: 0xffffffff() [ 65.805602][ T5764] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805e0487c8 [ 65.814243][ T5764] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 65.822972][ T5764] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 65.830255][ T5764] page_owner tracks the page as allocated [ 65.836086][ T5764] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5852, tgid 5851 (syz.3.4), ts 65536827806, free_ts 14961971953 [ 65.857926][ T5764] post_alloc_hook+0x1cd/0x210 [ 65.862792][ T5764] get_page_from_freelist+0x195c/0x19f0 [ 65.868345][ T5764] __alloc_pages+0x1e3/0x460 [ 65.873437][ T5764] z_erofs_do_read_page+0x20c0/0x3680 [ 65.878821][ T5764] z_erofs_pcluster_readmore+0x2cf/0x450 [ 65.884514][ T5764] z_erofs_read_folio+0x208/0x540 [ 65.889552][ T5764] filemap_read_folio+0x167/0x760 [ 65.894641][ T5764] do_read_cache_folio+0x470/0x7e0 [ 65.899762][ T5764] erofs_bread+0x16f/0x630 [ 65.904250][ T5764] erofs_namei+0x28c/0xf00 [ 65.908672][ T5764] erofs_lookup+0x135/0x310 [ 65.913211][ T5764] path_openat+0x10b8/0x3190 [ 65.917814][ T5764] do_filp_open+0x1c5/0x3d0 [ 65.922302][ T5764] do_sys_openat2+0x12c/0x1c0 [ 65.927054][ T5764] __x64_sys_openat+0x139/0x160 [ 65.931921][ T5764] do_syscall_64+0x55/0xb0 [ 65.936420][ T5764] page last free stack trace: [ 65.941102][ T5764] free_unref_page_prepare+0x7ce/0x8e0 [ 65.946604][ T5764] free_unref_page+0x32/0x2e0 [ 65.951287][ T5764] free_contig_range+0xa1/0x160 [ 65.956391][ T5764] destroy_args+0x87/0x770 [ 65.960818][ T5764] debug_vm_pgtable+0x3cc/0x410 [ 65.965694][ T5764] do_one_initcall+0x1fd/0x750 [ 65.970466][ T5764] do_initcall_level+0x137/0x1f0 [ 65.975448][ T5764] do_initcalls+0x69/0xd0 [ 65.979785][ T5764] kernel_init_freeable+0x3d2/0x570 [ 65.985013][ T5764] kernel_init+0x1d/0x1c0 [ 65.989352][ T5764] ret_from_fork+0x48/0x80 [ 65.993807][ T5764] ret_from_fork_asm+0x11/0x20 [ 65.998581][ T5764] Modules linked in: [ 66.002581][ T5764] CPU: 1 PID: 5764 Comm: syz-executor Not tainted 6.6.94-syzkaller #0 [ 66.010733][ T5764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 66.020782][ T5764] Call Trace: [ 66.024050][ T5764] [ 66.026976][ T5764] dump_stack_lvl+0x16c/0x230 [ 66.031646][ T5764] ? show_regs_print_info+0x20/0x20 [ 66.036835][ T5764] ? swiotlb_print_info+0x70/0x70 [ 66.041856][ T5764] bad_page+0x14b/0x170 [ 66.046005][ T5764] free_unref_page_prepare+0x887/0x8e0 [ 66.051452][ T5764] free_unref_page+0x32/0x2e0 [ 66.056115][ T5764] ? __folio_put+0xef/0x210 [ 66.060613][ T5764] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 66.067022][ T5764] erofs_shrink_workstation+0x118/0x290 [ 66.072560][ T5764] ? erofs_shrinker_unregister+0x170/0x170 [ 66.078352][ T5764] ? io_schedule+0xd0/0xd0 [ 66.082764][ T5764] ? kobject_put+0x43c/0x470 [ 66.087346][ T5764] erofs_shrinker_unregister+0x5d/0x170 [ 66.092884][ T5764] erofs_put_super+0x4e/0x150 [ 66.097549][ T5764] ? erofs_free_inode+0xb0/0xb0 [ 66.102388][ T5764] generic_shutdown_super+0x134/0x2b0 [ 66.107760][ T5764] kill_block_super+0x44/0x90 [ 66.112432][ T5764] erofs_kill_sb+0x4c/0x140 [ 66.116929][ T5764] deactivate_locked_super+0x97/0x100 [ 66.122287][ T5764] cleanup_mnt+0x429/0x4c0 [ 66.126699][ T5764] task_work_run+0x1ce/0x250 [ 66.131282][ T5764] ? task_work_cancel+0x240/0x240 [ 66.136307][ T5764] ? exit_to_user_mode_loop+0x3b/0x110 [ 66.141760][ T5764] exit_to_user_mode_loop+0xe6/0x110 [ 66.147034][ T5764] exit_to_user_mode_prepare+0xb1/0x140 [ 66.152576][ T5764] syscall_exit_to_user_mode+0x1a/0x50 [ 66.158022][ T5764] do_syscall_64+0x61/0xb0 [ 66.162432][ T5764] ? clear_bhb_loop+0x40/0x90 [ 66.167093][ T5764] ? clear_bhb_loop+0x40/0x90 [ 66.171758][ T5764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.177641][ T5764] RIP: 0033:0x7f7fdd18fc57 [ 66.182057][ T5764] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 66.201651][ T5764] RSP: 002b:00007fffab2bd8b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 66.210058][ T5764] RAX: 0000000000000000 RBX: 00007f7fdd210925 RCX: 00007f7fdd18fc57 [ 66.218016][ T5764] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffab2bd970 [ 66.225973][ T5764] RBP: 00007fffab2bd970 R08: 0000000000000000 R09: 0000000000000000 [ 66.233928][ T5764] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffab2bea00 [ 66.241881][ T5764] R13: 00007f7fdd210925 R14: 000000000001005b R15: 00007fffab2bea40 [ 66.249853][ T5764] [ 66.254234][ T5764] Disabling lock debugging due to kernel taint [ 66.294835][ T5770] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.308074][ T5770] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.316828][ T5770] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.326793][ T5770] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.337607][ T5768] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.348070][ T5768] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.359497][ T5768] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.372327][ T5768] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.912449][ T5777] Bluetooth: hci0: command tx timeout [ 67.072481][ T5777] Bluetooth: hci2: command tx timeout [ 67.077924][ T5771] Bluetooth: hci3: command tx timeout [ 67.077939][ T5086] Bluetooth: hci1: command tx timeout [ 68.993426][ T5086] Bluetooth: hci0: command tx timeout [ 69.154583][ T5771] Bluetooth: hci3: command tx timeout [ 69.160013][ T5777] Bluetooth: hci1: command tx timeout [ 69.165423][ T5086] Bluetooth: hci2: command tx timeout [ 71.480737][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.487153][ T1280] ieee802154 phy1 wpan1: encryption failed: -22