last executing test programs: 1.373067442s ago: executing program 2 (id=3): r0 = socket(0x840000000002, 0x3, 0x100) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10) sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x40, &(0x7f00000000c0)=0x2762, 0x4) 1.19459824s ago: executing program 3 (id=5): r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) 984.406121ms ago: executing program 3 (id=6): r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x80800, 0x0) fcntl$notify(r0, 0x402, 0x20) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/stat\x00') getdents64(r1, 0x0, 0x0) 832.858978ms ago: executing program 3 (id=7): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0xb) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x84) 581.367391ms ago: executing program 0 (id=1): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r0, 0xe0ffff, 0x19, 0x3) mount$9p_fd(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x400, 0x0) 547.077123ms ago: executing program 1 (id=2): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = fsopen(&(0x7f0000000080)='iso9660\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040), 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 539.618693ms ago: executing program 3 (id=8): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000004c0)=[{{&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, &(0x7f0000000700)=[{&(0x7f0000000300)="01", 0x1}, {0x0}], 0x2}}], 0x1, 0x4000000) 525.756114ms ago: executing program 2 (id=9): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1e, 0x0, 0x8, 0xff}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000600)="63e4ed8e46080000003389f7f986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 330.103844ms ago: executing program 1 (id=10): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10) setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000100)={r1, 0x1}, 0x8) 293.062266ms ago: executing program 3 (id=11): ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000100)={[{0x4, 0x200, 0x8, 0x4f, 0x81, 0x7, 0xc0, 0x1, 0x7f, 0x6, 0x5f, 0x4, 0x3}, {0x8, 0xaff2, 0x0, 0x8, 0x8, 0xff, 0x8, 0x3, 0xfd, 0x53, 0x1, 0x6, 0xffffffffffffffff}, {0x0, 0x7, 0x0, 0x0, 0x25, 0xf, 0x0, 0xfb, 0x4, 0x15, 0x9a, 0x1, 0x40000000000002}], 0x9}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000140)=ANY=[], 0x9) 220.542509ms ago: executing program 2 (id=12): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000a00)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@resgid}, {@barrier}, {@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x400}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000280)={0x1, 0x10000, 0x4, 0x1, 0x2, 0x0, [{0x752, 0x6, 0x0, '\x00', 0x2200}, {0x401, 0x1, 0x4392, '\x00', 0x10}]}) 124.589054ms ago: executing program 1 (id=13): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000000, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) 43.380308ms ago: executing program 3 (id=14): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000001200)={[{@nodiscard}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@nobarrier}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xeb}}, {@abort}, {@user_xattr}, {@bh}, {@errors_remount}]}, 0x1, 0x55f, &(0x7f0000000580)="$eJzs3d9rU+cbAPDnpK2/v18riGxjjIIXczhT2+6Hg124y7HJhO3ehfZYpKmRJhXbCdOLebObIYMxJozdb/e7lP0D+yuETZAhZbvYTcZJT2q0SRNrtNF8PnDkfXNO+p4n73le35M3IQEMrYnsn0LEyxHxTRJxMCKSfN9o5Dsn1o9bu391NtuSqNc//StpHJfVm3+r+bz9eeWliPjtq4jjhc3tVldWF0rlcrqU1ydri5cmqyurJy4slubT+fTi9MzMqbdnpt97952+xfrG2X++/+T2h6e+Prr23S93D91M4nQcyPe1xvEErrVWJmIif03G4vQjB071obFBkuz0CbAtI3mej0U2BhyMkTzrgRfflxFRB4ZUIv9hSDXnAc17+z7dBz837n2wfgO0Of7R9fdGYk/j3mjfWvLQnVF2vzveh/azNn7989bNbIv+vQ8B0NW16xFxcnR08/iX5OPf9p3s4ZhH2zD+wbNzO5v/vNlu/lPYmP9Em/nP/ja5ux3d879wtw/NdJTN/95vO//dWLQaH8lr/2vM+caS8xfKaTa2/T8ijsXY7qy+1XrOqbU79U77Wud/2Za135wL5udxd3T3w8+ZK9VKTxJzq3vXI15pO/9NNvo/adP/2etxtsc2jqS3Xuu0r3v8T1f9p4jX2/b/gxWtZOv1ycnG9TDZvCo2+/vGkd87tb/T8Wf9v2/r+MeT1vXa6uO38eOef9NO+x6KP3q//nclnzXKu/LHrpRqtaWpiF3Jx5sfn37w3Ga9eXwW/7GjW49/7a7/vRHxeY/x3zj886s9xd+t/5/CImsW/9xj9f/jF+589MUP248/6/+3GqVj+SO9jH+9nuCTvHYAAAAAAAAwaAoRcSCSQnGjXCgUi+uf7zgc+wrlSrV2/Hxl+eJcNL4rOx5jheZK98GWz0NM5Z+HbdanH6nPRMShiPh2ZG+jXpytlOd2OngAAAAAAAAAAAAAAAAAAAAYEPs7fP8/88fITp8d8NT5yW8YXl3zvx+/9AQMJP//w/CS/zC85D8ML/kPw0v+w/CS/zC85D8ML/kPAAAAAAAAAAAAAAAAAAAAAAAAAAAAfXX2zJlsq6/dvzqb1ecurywvVC6fmEurC8XF5dnibGXpUnG+Upkvp8XZymK3v1euVC5NTcfylclaWq1NVldWzy1Wli/Wzl1YLM2n59KxZxIVAAAAAAAAAAAAAAAAAAAAPF+qK6sLpXI5XVJQ2FZhdDBOY3UhYiBO40Up7PTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/BcAAP//8NI25Q==") truncate(&(0x7f00000002c0)='./file1\x00', 0x42d9) r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x143041, 0x0) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) 0s ago: executing program 0 (id=15): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x4000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) openat2(0xffffffffffffff9c, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.157' (ED25519) to the list of known hosts. [ 56.508501][ T5749] cgroup: Unknown subsys name 'net' [ 56.642350][ T5749] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.063480][ T5749] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 59.458360][ T5769] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 59.467881][ T5769] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 59.477136][ T5775] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 59.512776][ T5772] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 59.515745][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 59.526584][ T5774] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 59.528021][ T5776] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 59.535120][ T5772] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 59.543235][ T5776] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 59.549033][ T5774] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 59.557448][ T5776] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 59.571980][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 59.572142][ T5772] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 59.587189][ T5776] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 59.588808][ T5772] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 59.601655][ T5774] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 59.610104][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 59.618040][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 59.619512][ T5776] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 59.625329][ T5774] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 59.633118][ T5776] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 59.649283][ T5772] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 59.658315][ T5772] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 59.682033][ T5772] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 59.997415][ T5761] chnl_net:caif_netlink_parms(): no params data found [ 60.138818][ T5764] chnl_net:caif_netlink_parms(): no params data found [ 60.164006][ T5762] chnl_net:caif_netlink_parms(): no params data found [ 60.185073][ T5761] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.192474][ T5761] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.199835][ T5761] bridge_slave_0: entered allmulticast mode [ 60.207399][ T5761] bridge_slave_0: entered promiscuous mode [ 60.220509][ T5761] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.227893][ T5761] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.235585][ T5761] bridge_slave_1: entered allmulticast mode [ 60.243579][ T5761] bridge_slave_1: entered promiscuous mode [ 60.326707][ T5761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.354614][ T5761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.388495][ T5763] chnl_net:caif_netlink_parms(): no params data found [ 60.443658][ T5761] team0: Port device team_slave_0 added [ 60.457958][ T5762] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.465286][ T5762] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.473135][ T5762] bridge_slave_0: entered allmulticast mode [ 60.479947][ T5762] bridge_slave_0: entered promiscuous mode [ 60.487957][ T5762] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.495211][ T5762] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.502644][ T5762] bridge_slave_1: entered allmulticast mode [ 60.509327][ T5762] bridge_slave_1: entered promiscuous mode [ 60.516321][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.524285][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.531709][ T5764] bridge_slave_0: entered allmulticast mode [ 60.538800][ T5764] bridge_slave_0: entered promiscuous mode [ 60.547221][ T5761] team0: Port device team_slave_1 added [ 60.575405][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.582826][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.589991][ T5764] bridge_slave_1: entered allmulticast mode [ 60.597256][ T5764] bridge_slave_1: entered promiscuous mode [ 60.639705][ T5762] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.664216][ T5762] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.682375][ T5761] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 60.689366][ T5761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.718052][ T5761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 60.744011][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 60.755932][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 60.765757][ T5761] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 60.773025][ T5761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 60.799343][ T5761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 60.859830][ T5762] team0: Port device team_slave_0 added [ 60.879794][ T5764] team0: Port device team_slave_0 added [ 60.888699][ T5762] team0: Port device team_slave_1 added [ 60.895190][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state [ 60.902587][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state [ 60.909747][ T5763] bridge_slave_0: entered allmulticast mode [ 60.917242][ T5763] bridge_slave_0: entered promiscuous mode [ 60.926546][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state [ 60.933863][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state [ 60.941250][ T5763] bridge_slave_1: entered allmulticast mode [ 60.948453][ T5763] bridge_slave_1: entered promiscuous mode [ 60.965077][ T5764] team0: Port device team_slave_1 added [ 60.996431][ T5761] hsr_slave_0: entered promiscuous mode [ 61.003508][ T5761] hsr_slave_1: entered promiscuous mode [ 61.039429][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.058830][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.067843][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.096196][ T5762] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.109362][ T5762] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.116631][ T5762] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.142793][ T5762] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.156796][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.175459][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.183618][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.210056][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.249299][ T5763] team0: Port device team_slave_0 added [ 61.256314][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.263737][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.289870][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.314110][ T5763] team0: Port device team_slave_1 added [ 61.340277][ T5762] hsr_slave_0: entered promiscuous mode [ 61.346617][ T5762] hsr_slave_1: entered promiscuous mode [ 61.353387][ T5762] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.361114][ T5762] Cannot create hsr debugfs directory [ 61.396736][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.403945][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.430780][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.467167][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.474283][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.501278][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.539788][ T5764] hsr_slave_0: entered promiscuous mode [ 61.546122][ T5764] hsr_slave_1: entered promiscuous mode [ 61.552881][ T5764] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.560459][ T5764] Cannot create hsr debugfs directory [ 61.623165][ T5763] hsr_slave_0: entered promiscuous mode [ 61.630220][ T5763] hsr_slave_1: entered promiscuous mode [ 61.637121][ T5763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 61.645376][ T5763] Cannot create hsr debugfs directory [ 61.663559][ T5772] Bluetooth: hci3: command tx timeout [ 61.669653][ T51] Bluetooth: hci1: command tx timeout [ 61.742088][ T51] Bluetooth: hci2: command tx timeout [ 61.748959][ T5772] Bluetooth: hci0: command tx timeout [ 61.968489][ T5761] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 61.989488][ T5761] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 61.999056][ T5761] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 62.008911][ T5761] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 62.064133][ T5762] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 62.079529][ T5762] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 62.090133][ T5762] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 62.106858][ T5762] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 62.182700][ T5763] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 62.193083][ T5763] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 62.202885][ T5763] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 62.219077][ T5763] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 62.313121][ T5764] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 62.325310][ T5764] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 62.338154][ T5764] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 62.348570][ T5764] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 62.406356][ T5761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.466013][ T5761] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.479492][ T5762] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.501098][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.508417][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.534894][ T5762] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.569729][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.576963][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.601042][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.608272][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.624469][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.648863][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.656054][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.718445][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.769398][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 62.778968][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.786095][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.801105][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.808271][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 62.897741][ T5764] 8021q: adding VLAN 0 to HW filter on device team0 [ 62.946122][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.953304][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 62.988372][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.995585][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.235713][ T5761] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.311869][ T5762] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.368859][ T5761] veth0_vlan: entered promiscuous mode [ 63.444606][ T5761] veth1_vlan: entered promiscuous mode [ 63.469543][ T5762] veth0_vlan: entered promiscuous mode [ 63.481823][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.494498][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 63.511079][ T5762] veth1_vlan: entered promiscuous mode [ 63.544403][ T5761] veth0_macvtap: entered promiscuous mode [ 63.576860][ T5761] veth1_macvtap: entered promiscuous mode [ 63.633694][ T5763] veth0_vlan: entered promiscuous mode [ 63.645855][ T5762] veth0_macvtap: entered promiscuous mode [ 63.657349][ T5762] veth1_macvtap: entered promiscuous mode [ 63.679368][ T5763] veth1_vlan: entered promiscuous mode [ 63.687160][ T5764] veth0_vlan: entered promiscuous mode [ 63.700753][ T5761] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.727306][ T5761] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.737567][ T5764] veth1_vlan: entered promiscuous mode [ 63.744539][ T5772] Bluetooth: hci1: command tx timeout [ 63.749960][ T5772] Bluetooth: hci3: command tx timeout [ 63.764801][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 63.777033][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.788578][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 63.800752][ T5761] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.810637][ T5761] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.819944][ T5761] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.829385][ T5761] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.832559][ T51] Bluetooth: hci2: command tx timeout [ 63.844048][ T5772] Bluetooth: hci0: command tx timeout [ 63.862775][ T5762] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 63.873422][ T5762] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 63.885176][ T5762] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 63.924409][ T5762] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.933975][ T5762] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.946739][ T5762] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.956932][ T5762] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.011715][ T5763] veth0_macvtap: entered promiscuous mode [ 64.056692][ T5763] veth1_macvtap: entered promiscuous mode [ 64.109144][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.120817][ T5764] veth0_macvtap: entered promiscuous mode [ 64.134667][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.138674][ T5764] veth1_macvtap: entered promiscuous mode [ 64.142977][ T4467] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.159314][ T4467] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.205076][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.218115][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.228894][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.248420][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.258299][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.268769][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.280372][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.294554][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.306746][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.316637][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.327090][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.339335][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.348367][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.360260][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.372651][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.384403][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.394443][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 64.405410][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.424205][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.436506][ T4467] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.447961][ T4467] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.458464][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.473530][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.485977][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.496717][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.507285][ T5764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 64.517857][ T5764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 64.529790][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.545963][ T5763] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.556468][ T5763] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.565859][ T5763] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.575348][ T5763] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.595104][ T5764] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.605567][ T5764] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.614514][ T5764] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.625622][ T5764] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.916283][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 64.929116][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 64.998063][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.017081][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.214085][ T3430] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.235543][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.242104][ T3430] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.292331][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.593758][ T5835] syz.0.1[5835]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 65.625776][ T5835] loop0: detected capacity change from 0 to 16 [ 65.665994][ T5835] erofs: (device loop0): mounted with root inode @ nid 36. [ 65.687447][ T5840] Driver unsupported XDP return value 0 on prog (id 2) dev N/A, expect packet loss! [ 65.745164][ T5835] syz.0.1: attempt to access beyond end of device [ 65.745164][ T5835] loop0: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 65.790191][ T5835] syz.0.1: attempt to access beyond end of device [ 65.790191][ T5835] loop0: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 65.822705][ T51] Bluetooth: hci3: command tx timeout [ 65.828164][ T51] Bluetooth: hci1: command tx timeout [ 65.896510][ T5846] syz.0.1: attempt to access beyond end of device [ 65.896510][ T5846] loop0: rw=0, sector=8, nr_sectors = 32 limit=16 [ 65.911118][ T51] Bluetooth: hci2: command tx timeout [ 65.916633][ T51] Bluetooth: hci0: command tx timeout [ 65.955250][ T5848] loop2: detected capacity change from 0 to 2048 [ 66.036840][ T5848] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 66.057750][ T5764] BUG: Bad page state in process syz-executor pfn:24d6e [ 66.066098][ T5764] page:ffffea0000935b80 refcount:0 mapcount:0 mapping:ffff88805d1e07c8 index:0x2 pfn:0x24d6e [ 66.077288][ T5764] aops:z_erofs_cache_aops ino:0 [ 66.082623][ T5764] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 66.090374][ T5764] page_type: 0xffffffff() [ 66.095400][ T5764] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805d1e07c8 [ 66.102386][ T5848] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 66.104373][ T5764] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 66.124032][ T5764] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 66.126450][ T5854] loop3: detected capacity change from 0 to 1024 [ 66.131339][ T5764] page_owner tracks the page as allocated [ 66.131385][ T5764] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5835, tgid 5834 (syz.0.1), ts 65743850260, free_ts 65721090895 [ 66.165733][ T5854] ======================================================= [ 66.165733][ T5854] WARNING: The mand mount option has been deprecated and [ 66.165733][ T5854] and is ignored by this kernel. Remove the mand [ 66.165733][ T5854] option from the mount to silence this warning. [ 66.165733][ T5854] ======================================================= [ 66.167181][ T5764] post_alloc_hook+0x1c1/0x200 [ 66.207582][ T5764] get_page_from_freelist+0x1951/0x19e0 [ 66.213386][ T5764] __alloc_pages+0x1f0/0x460 [ 66.218125][ T5764] z_erofs_do_read_page+0x2181/0x36b0 [ 66.224274][ T5764] z_erofs_readahead+0x88b/0xda0 [ 66.229344][ T5764] read_pages+0x189/0x850 [ 66.233768][ T5764] page_cache_ra_unbounded+0x68a/0x770 [ 66.239272][ T5764] force_page_cache_ra+0x2c1/0x320 [ 66.244535][ T5764] generic_fadvise+0x47e/0x780 [ 66.249374][ T5764] __x64_sys_fadvise64+0x140/0x180 [ 66.254869][ T5764] do_syscall_64+0x55/0xa0 [ 66.255435][ T5854] EXT4-fs: Ignoring removed bh option [ 66.259309][ T5764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.259336][ T5764] page last free stack trace: [ 66.259342][ T5764] free_unref_page_prepare+0x7b2/0x8c0 [ 66.259363][ T5764] free_unref_page+0x32/0x2e0 [ 66.286225][ T5764] __slab_free+0x35a/0x400 [ 66.290674][ T5764] qlist_free_all+0x75/0xd0 [ 66.295273][ T5764] kasan_quarantine_reduce+0x143/0x160 [ 66.300760][ T5764] __kasan_slab_alloc+0x22/0x80 [ 66.307102][ T5764] slab_post_alloc_hook+0x6e/0x4b0 [ 66.312304][ T5764] __kmem_cache_alloc_node+0x13a/0x250 [ 66.317803][ T5764] __kmalloc+0xa4/0x230 [ 66.322212][ T5764] tomoyo_encode+0x28b/0x540 [ 66.326844][ T5764] tomoyo_realpath_from_path+0x592/0x5d0 [ 66.332671][ T5764] tomoyo_check_open_permission+0x224/0x460 [ 66.338623][ T5764] security_file_open+0x62/0xa0 [ 66.343693][ T5764] do_dentry_open+0x380/0x1500 [ 66.348498][ T5764] path_openat+0x27f1/0x3230 [ 66.353208][ T5764] do_filp_open+0x1f5/0x430 [ 66.357781][ T5764] Modules linked in: [ 66.361725][ T5764] CPU: 1 PID: 5764 Comm: syz-executor Not tainted syzkaller #0 [ 66.369294][ T5764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 66.379387][ T5764] Call Trace: [ 66.382689][ T5764] [ 66.385623][ T5764] dump_stack_lvl+0x18c/0x250 [ 66.390308][ T5764] ? show_regs_print_info+0x20/0x20 [ 66.395560][ T5764] ? swiotlb_print_info+0x70/0x70 [ 66.400591][ T5764] bad_page+0x14b/0x170 [ 66.404744][ T5764] free_unref_page_prepare+0x85f/0x8c0 [ 66.410217][ T5764] free_unref_page+0x32/0x2e0 [ 66.414892][ T5764] ? __folio_put+0xef/0x210 [ 66.419393][ T5764] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 66.425821][ T5764] erofs_shrink_workstation+0x11f/0x290 [ 66.431435][ T5764] ? erofs_shrinker_unregister+0x170/0x170 [ 66.437267][ T5764] ? io_schedule+0xd0/0xd0 [ 66.441713][ T5764] ? kobject_put+0x428/0x460 [ 66.446411][ T5764] erofs_shrinker_unregister+0x5d/0x170 [ 66.451993][ T5764] erofs_put_super+0x4e/0x150 [ 66.456695][ T5764] ? erofs_free_inode+0xb0/0xb0 [ 66.461580][ T5764] generic_shutdown_super+0x134/0x2b0 [ 66.466972][ T5764] kill_block_super+0x44/0x90 [ 66.471709][ T5764] erofs_kill_sb+0x4c/0x140 [ 66.476253][ T5764] deactivate_locked_super+0x97/0x100 [ 66.481641][ T5764] cleanup_mnt+0x43b/0x4d0 [ 66.486062][ T5764] task_work_run+0x1d4/0x260 [ 66.490652][ T5764] ? task_work_cancel+0x220/0x220 [ 66.495678][ T5764] ? exit_to_user_mode_loop+0x3b/0x110 [ 66.501139][ T5764] exit_to_user_mode_loop+0xe6/0x110 [ 66.506450][ T5764] exit_to_user_mode_prepare+0xee/0x180 [ 66.512026][ T5764] syscall_exit_to_user_mode+0x1a/0x50 [ 66.517581][ T5764] do_syscall_64+0x61/0xa0 [ 66.522016][ T5764] ? clear_bhb_loop+0x40/0x90 [ 66.526695][ T5764] ? clear_bhb_loop+0x40/0x90 [ 66.531372][ T5764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.537299][ T5764] RIP: 0033:0x7ff8b759d9d7 [ 66.541751][ T5764] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 66.561463][ T5764] RSP: 002b:00007ffd5b989f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 66.569886][ T5764] RAX: 0000000000000000 RBX: 00007ff8b7632050 RCX: 00007ff8b759d9d7 [ 66.577854][ T5764] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd5b98a050 [ 66.585846][ T5764] RBP: 00007ffd5b98a050 R08: 00007ffd5b98b050 R09: 00000000ffffffff [ 66.593924][ T5764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd5b98b0e0 [ 66.601894][ T5764] R13: 00007ff8b7632050 R14: 0000000000010177 R15: 00007ffd5b98b120 [ 66.609902][ T5764] [ 66.615431][ T5764] Disabling lock debugging due to kernel taint [ 66.621736][ T5764] BUG: Bad page state in process syz-executor pfn:21cc4 [ 66.629205][ T5764] page:ffffea0000873100 refcount:0 mapcount:0 mapping:ffff88805d1e07c8 index:0x3 pfn:0x21cc4 [ 66.639460][ T5764] aops:z_erofs_cache_aops ino:0 [ 66.644401][ T5764] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 66.652531][ T5764] page_type: 0xffffffff() [ 66.656876][ T5764] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805d1e07c8 [ 66.665517][ T5764] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 66.674170][ T5764] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 66.681647][ T5764] page_owner tracks the page as allocated [ 66.687746][ T5764] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5835, tgid 5834 (syz.0.1), ts 65743865714, free_ts 65721069409 [ 66.710155][ T5764] post_alloc_hook+0x1c1/0x200 [ 66.715000][ T5764] get_page_from_freelist+0x1951/0x19e0 [ 66.720563][ T5764] __alloc_pages+0x1f0/0x460 [ 66.725224][ T5764] z_erofs_do_read_page+0x2181/0x36b0 [ 66.730615][ T5764] z_erofs_readahead+0x88b/0xda0 [ 66.735612][ T5764] read_pages+0x189/0x850 [ 66.739986][ T5764] page_cache_ra_unbounded+0x68a/0x770 [ 66.745510][ T5764] force_page_cache_ra+0x2c1/0x320 [ 66.750640][ T5764] generic_fadvise+0x47e/0x780 [ 66.755469][ T5764] __x64_sys_fadvise64+0x140/0x180 [ 66.760594][ T5764] do_syscall_64+0x55/0xa0 [ 66.765109][ T5764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.771030][ T5764] page last free stack trace: [ 66.775778][ T5764] free_unref_page_prepare+0x7b2/0x8c0 [ 66.781274][ T5764] free_unref_page+0x32/0x2e0 [ 66.786167][ T5764] __slab_free+0x35a/0x400 [ 66.790949][ T5764] qlist_free_all+0x75/0xd0 [ 66.795597][ T5764] kasan_quarantine_reduce+0x143/0x160 [ 66.801095][ T5764] __kasan_slab_alloc+0x22/0x80 [ 66.806137][ T5764] slab_post_alloc_hook+0x6e/0x4b0 [ 66.811282][ T5764] __kmem_cache_alloc_node+0x13a/0x250 [ 66.816903][ T5764] __kmalloc+0xa4/0x230 [ 66.821098][ T5764] tomoyo_encode+0x28b/0x540 [ 66.825778][ T5764] tomoyo_realpath_from_path+0x592/0x5d0 [ 66.831521][ T5764] tomoyo_check_open_permission+0x224/0x460 [ 66.832265][ T5851] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 66.837471][ T5764] security_file_open+0x62/0xa0 [ 66.856818][ T5764] do_dentry_open+0x380/0x1500 [ 66.861604][ T5764] path_openat+0x27f1/0x3230 [ 66.866821][ T5764] do_filp_open+0x1f5/0x430 [ 66.871355][ T5764] Modules linked in: [ 66.875335][ T5764] CPU: 1 PID: 5764 Comm: syz-executor Tainted: G B syzkaller #0 [ 66.880717][ T5851] EXT4-fs (loop2): Remounting filesystem read-only [ 66.884349][ T5764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 66.884360][ T5764] Call Trace: [ 66.884365][ T5764] [ 66.884372][ T5764] dump_stack_lvl+0x18c/0x250 [ 66.884400][ T5764] ? show_regs_print_info+0x20/0x20 [ 66.884419][ T5764] ? swiotlb_print_info+0x70/0x70 [ 66.884443][ T5764] bad_page+0x14b/0x170 [ 66.884459][ T5764] free_unref_page_prepare+0x85f/0x8c0 [ 66.884481][ T5764] free_unref_page+0x32/0x2e0 [ 66.936770][ T5764] ? __folio_put+0xef/0x210 [ 66.941301][ T5764] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 66.947745][ T5764] erofs_shrink_workstation+0x11f/0x290 [ 66.953318][ T5764] ? erofs_shrinker_unregister+0x170/0x170 [ 66.959142][ T5764] ? io_schedule+0xd0/0xd0 [ 66.963589][ T5764] ? kobject_put+0x428/0x460 [ 66.968215][ T5764] erofs_shrinker_unregister+0x5d/0x170 [ 66.973790][ T5764] erofs_put_super+0x4e/0x150 [ 66.978497][ T5764] ? erofs_free_inode+0xb0/0xb0 [ 66.983378][ T5764] generic_shutdown_super+0x134/0x2b0 [ 66.988770][ T5764] kill_block_super+0x44/0x90 [ 66.993446][ T5764] erofs_kill_sb+0x4c/0x140 [ 66.997952][ T5764] deactivate_locked_super+0x97/0x100 [ 67.003326][ T5764] cleanup_mnt+0x43b/0x4d0 [ 67.007731][ T5764] task_work_run+0x1d4/0x260 [ 67.012313][ T5764] ? task_work_cancel+0x220/0x220 [ 67.017328][ T5764] ? exit_to_user_mode_loop+0x3b/0x110 [ 67.022795][ T5764] exit_to_user_mode_loop+0xe6/0x110 [ 67.028187][ T5764] exit_to_user_mode_prepare+0xee/0x180 [ 67.033761][ T5764] syscall_exit_to_user_mode+0x1a/0x50 [ 67.039231][ T5764] do_syscall_64+0x61/0xa0 [ 67.043813][ T5764] ? clear_bhb_loop+0x40/0x90 [ 67.048499][ T5764] ? clear_bhb_loop+0x40/0x90 [ 67.053200][ T5764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.059097][ T5764] RIP: 0033:0x7ff8b759d9d7 [ 67.063509][ T5764] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 67.083146][ T5764] RSP: 002b:00007ffd5b989f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 67.091572][ T5764] RAX: 0000000000000000 RBX: 00007ff8b7632050 RCX: 00007ff8b759d9d7 [ 67.099718][ T5764] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd5b98a050 [ 67.107700][ T5764] RBP: 00007ffd5b98a050 R08: 00007ffd5b98b050 R09: 00000000ffffffff [ 67.115764][ T5764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd5b98b0e0 [ 67.123912][ T5764] R13: 00007ff8b7632050 R14: 0000000000010177 R15: 00007ffd5b98b120 [ 67.131976][ T5764] [ 67.136313][ T5764] BUG: Bad page state in process syz-executor pfn:1eb9d [ 67.143623][ T5764] page:ffffea00007ae740 refcount:0 mapcount:0 mapping:ffff88805d1e07c8 index:0x4 pfn:0x1eb9d [ 67.154105][ T5764] aops:z_erofs_cache_aops ino:0 [ 67.158998][ T5764] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 67.167053][ T5764] page_type: 0xffffffff() [ 67.171411][ T5764] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff88805d1e07c8 [ 67.180148][ T5764] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 67.188868][ T5764] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 67.196253][ T5764] page_owner tracks the page as allocated [ 67.202338][ T5764] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5835, tgid 5834 (syz.0.1), ts 65743881383, free_ts 65721053775 [ 67.220415][ T5854] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 67.224033][ T5764] post_alloc_hook+0x1c1/0x200 [ 67.224063][ T5764] get_page_from_freelist+0x1951/0x19e0 [ 67.224077][ T5764] __alloc_pages+0x1f0/0x460 [ 67.224088][ T5764] z_erofs_do_read_page+0x2181/0x36b0 [ 67.256781][ T5764] z_erofs_readahead+0x88b/0xda0 [ 67.261748][ T5764] read_pages+0x189/0x850 [ 67.266140][ T5764] page_cache_ra_unbounded+0x68a/0x770 [ 67.271621][ T5764] force_page_cache_ra+0x2c1/0x320 [ 67.276807][ T5764] generic_fadvise+0x47e/0x780 [ 67.281591][ T5764] __x64_sys_fadvise64+0x140/0x180 [ 67.286791][ T5764] do_syscall_64+0x55/0xa0 [ 67.291223][ T5764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.297226][ T5764] page last free stack trace: [ 67.302314][ T5764] free_unref_page_prepare+0x7b2/0x8c0 [ 67.307796][ T5764] free_unref_page+0x32/0x2e0 [ 67.312595][ T5764] __slab_free+0x35a/0x400 [ 67.317027][ T5764] qlist_free_all+0x75/0xd0 [ 67.321544][ T5764] kasan_quarantine_reduce+0x143/0x160 [ 67.327083][ T5764] __kasan_slab_alloc+0x22/0x80 [ 67.331979][ T5764] slab_post_alloc_hook+0x6e/0x4b0 [ 67.337115][ T5764] __kmem_cache_alloc_node+0x13a/0x250 [ 67.342700][ T5764] __kmalloc+0xa4/0x230 [ 67.346883][ T5764] tomoyo_encode+0x28b/0x540 [ 67.351596][ T5764] tomoyo_realpath_from_path+0x592/0x5d0 [ 67.357707][ T5764] tomoyo_check_open_permission+0x224/0x460 [ 67.363879][ T5764] security_file_open+0x62/0xa0 [ 67.368885][ T5764] do_dentry_open+0x380/0x1500 [ 67.373815][ T5764] path_openat+0x27f1/0x3230 [ 67.378975][ T5764] do_filp_open+0x1f5/0x430 [ 67.383579][ T5764] Modules linked in: [ 67.387501][ T5764] CPU: 1 PID: 5764 Comm: syz-executor Tainted: G B syzkaller #0 [ 67.396620][ T5764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 67.406698][ T5764] Call Trace: [ 67.409988][ T5764] [ 67.413104][ T5764] dump_stack_lvl+0x18c/0x250 [ 67.417851][ T5764] ? show_regs_print_info+0x20/0x20 [ 67.423241][ T5764] ? swiotlb_print_info+0x70/0x70 [ 67.428759][ T5764] bad_page+0x14b/0x170 [ 67.433461][ T5764] free_unref_page_prepare+0x85f/0x8c0 [ 67.439228][ T5764] free_unref_page+0x32/0x2e0 [ 67.443923][ T5764] ? __folio_put+0xef/0x210 [ 67.448458][ T5764] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 67.454972][ T5764] erofs_shrink_workstation+0x11f/0x290 [ 67.460515][ T5764] ? erofs_shrinker_unregister+0x170/0x170 [ 67.466331][ T5764] ? io_schedule+0xd0/0xd0 [ 67.470747][ T5764] ? kobject_put+0x428/0x460 [ 67.475336][ T5764] erofs_shrinker_unregister+0x5d/0x170 [ 67.480872][ T5764] erofs_put_super+0x4e/0x150 [ 67.485567][ T5764] ? erofs_free_inode+0xb0/0xb0 [ 67.490748][ T5764] generic_shutdown_super+0x134/0x2b0 [ 67.496496][ T5764] kill_block_super+0x44/0x90 [ 67.501182][ T5764] erofs_kill_sb+0x4c/0x140 [ 67.505692][ T5764] deactivate_locked_super+0x97/0x100 [ 67.511063][ T5764] cleanup_mnt+0x43b/0x4d0 [ 67.515535][ T5764] task_work_run+0x1d4/0x260 [ 67.520236][ T5764] ? task_work_cancel+0x220/0x220 [ 67.525282][ T5764] ? exit_to_user_mode_loop+0x3b/0x110 [ 67.530933][ T5764] exit_to_user_mode_loop+0xe6/0x110 [ 67.536698][ T5764] exit_to_user_mode_prepare+0xee/0x180 [ 67.542280][ T5764] syscall_exit_to_user_mode+0x1a/0x50 [ 67.548082][ T5764] do_syscall_64+0x61/0xa0 [ 67.552519][ T5764] ? clear_bhb_loop+0x40/0x90 [ 67.557316][ T5764] ? clear_bhb_loop+0x40/0x90 [ 67.561998][ T5764] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.567923][ T5764] RIP: 0033:0x7ff8b759d9d7 [ 67.572353][ T5764] Code: a2 c7 05 1c fd 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 67.592073][ T5764] RSP: 002b:00007ffd5b989f98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 67.600508][ T5764] RAX: 0000000000000000 RBX: 00007ff8b7632050 RCX: 00007ff8b759d9d7 [ 67.608485][ T5764] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd5b98a050 [ 67.616552][ T5764] RBP: 00007ffd5b98a050 R08: 00007ffd5b98b050 R09: 00000000ffffffff [ 67.624535][ T5764] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd5b98b0e0 [ 67.632498][ T5764] R13: 00007ff8b7632050 R14: 0000000000010177 R15: 00007ffd5b98b120 [ 67.640483][ T5764] [ 67.666577][ T5761] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.680137][ T5762] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 67.902047][ T51] Bluetooth: hci1: command tx timeout [ 67.902055][ T5772] Bluetooth: hci3: command tx timeout [ 67.982259][ T51] Bluetooth: hci0: command tx timeout [ 67.982571][ T5772] Bluetooth: hci2: command tx timeout [ 71.666387][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.672920][ T1280] ieee802154 phy1 wpan1: encryption failed: -22