last executing test programs: 2m21.087783733s ago: executing program 0 (id=130): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000740)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$packet(r1, &(0x7f00000002c0)="48357e0287af48ffa745b497a54e0eec1bf2c69011f35b48339d15afaef1bd7efe075ff441b16e244b8b05fe09e29583ad142567826dfa5cbc6f979b050015bde8c4441cd0fa6be0", 0x48, 0x0, 0x0, 0x0) 2m20.867091885s ago: executing program 0 (id=133): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003c00)=[{0x0, 0x0, &(0x7f0000001240)=[{&(0x7f0000000680)="ac534b193eca155f865c511dfc94ffb8e19820fa23bdca0742c4f06f24b9ad89a7e31a5a37251b", 0x27}, {&(0x7f0000000340)="fa6d6e944bf8b063c9303ee3355c793f5f", 0x11}], 0x2}], 0x1, 0x0) 2m20.574297542s ago: executing program 0 (id=135): r0 = socket$inet6(0xa, 0x3, 0x5) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1}, 0x1c) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @ipv4={'\x00', '\xff\xff', @empty=0x18}}, 0x1c) 2m20.247360741s ago: executing program 0 (id=138): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x17f, &(0x7f0000000380)="$eJzskr1OOkEUxc/sLh//f5RoYkUDBfGjUJZFjZ2W2NvZSGBF4qLCkiiEYo0xFBbG0ifgNUx8AS2MD0BNQazNmtm5OxnwEZxfsWfumTt35l4489t+CsD3dFDDASJMZPDOGCwAOSa8iSH0ifSD9FEI3ijvkPw70qzf6ycpJ49lYZxXPc/t5AF8RZ60/P1bA5Oo1Od0UOOLEwBhGIbcqwM8HQtKjgmgreRkLWAlaiKUObwRHqwBKHZbV0W/199stqoNt+FeOGZ519627R2neNr0XFt8mXIFtQKuGwBSaUj4fgLAPcX/MQtTnkb77B+O5dlkPMMMwzyGcjZWhhf5rhTi3ws4wir4s64DpriFqIqFqKUKGEwKSpbyPnFXOtrYql169SEYWHxsBEvWKI2RkIGjBuW9AIui1JBKFkgrpCPSMWlu7i9jBfz7QNF6ACRxU+12OyU+JLFi8cqRnrMUqAPjtz4bs829Gr9mq9FoNBqNRqPRaDR/jZ8AAAD//8JqdgE=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000040)='./file0\x00') getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB='tr5ft'], 0x0, 0x0) 2m19.644063225s ago: executing program 0 (id=145): syz_mount_image$hfs(&(0x7f0000001600), &(0x7f0000000000)='./bus\x00', 0x2000000, &(0x7f00000002c0)={[{@file_umask={'file_umask', 0x3d, 0x1}}, {@part={'part', 0x3d, 0x2}}, {@codepage={'codepage', 0x3d, 'cp866'}}, {@file_umask={'file_umask', 0x3d, 0x1}}, {@iocharset={'iocharset', 0x3d, 'cp936'}}]}, 0x1, 0x30e, &(0x7f0000000740)="$eJzs3b9u00AcB/DvnZ02pVExbRESC6hQCZaKAgNiCUJZ2ZkQkKRShFVEWyRgIVSMiAdgYuEVeAgWEC8ALExsLNmM7nx27PjiJGocp+X7kRo55/vzu/jP3VkCg4j+W3cbPz7d+K3+BODAAXAbkACqgAvgLM5Vn+8edA78diuvIkeXUH8CYUmRydPcbduKqnK6hOGpby5qyTQqRhAEd36WHQSVTl/9FhJYNNeh3l+dcVzTMti5LnChpFBKk/wNRA89vMBKieEQEdEcMOO/NMNETScJSAlsmmF/nsf/7FpjhF4xcZTlpp9JCnILJMZ/PbsLhDq+p/Wu/npP/6xqv4xWieMEUxn4voDwzErNwYR9VfkrCJlY5NJOx8VW8w1aEoeoG4kC6/qzFZ66kRHRbkx2vgyvrYJ7p8LeqBnl0uDuKKSdjt9eVBuW+Ncma/HoxBfxTTwQHj6gFc//3ECow6SPlDdwpGRFxX9teI3LupTKBXMp1ut1mcpyRjdy3rRgjOhl1b4iSdYZPSDoxhFY4jyMNnTbq0g/Vgh7t21rQPQrX7OV8uJv2bK6rfVUKcecCVvNp37uo5RiRF0U78V9sYE/+IxGYv4vVXybSFyZebd6oXOaMyPsz4I9p6tzepmRoxtvXYwjMBYn7hsBEz4te4fHuIWV/Zevnji+395TG48sG89qe8KkVN4C1jzFbzjIyYNuP0UPHq+DYNyag3TKx7/AUUJVQ18/5epUfwR1/4hT1OVjy6yusjhFFn10ohFvWhV6mP2plb/hwrar8RV5J2ShG9HUZSoVqonWkF1Tvz/RHNoX0UE3CZlJLJ1wat4lwvWfnsmbWZ2+z6gPL2eenr/IRKrG7XgFl54KrtrmLiPWBsvDV3CJFq8PWTPqNdelK8DlRKJAbouejvPEEA18x0M+/yciIiIiIiIiIiIiIiIiIiIiIiIiOm5m8S8Wyu4jEREREREREREREREREREREREREREREdFxN/77f5f6b2qy/R/x+v2/3sj3/6ZeAGxeFMX3/xKV418AAAD///k/d1Y=") mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)={[{@dyn}]}) chdir(&(0x7f00000000c0)='./file0\x00') mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}]}) 2m18.891248489s ago: executing program 0 (id=150): r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x1, 0x1019, r1, 0x0) fanotify_mark(r0, 0x261, 0x48001013, r1, 0x0) 2m18.106850772s ago: executing program 32 (id=150): r0 = fanotify_init(0x4, 0x101000) r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_mark(r0, 0x1, 0x1019, r1, 0x0) fanotify_mark(r0, 0x261, 0x48001013, r1, 0x0) 1m8.834132967s ago: executing program 2 (id=714): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000080000000d"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000020000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200000000ed00850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10) 1m8.61100848s ago: executing program 2 (id=717): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)={0x34, r1, 0x101, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0x5, 0x34, @random="c4"}, @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}, 0x1, 0x0, 0x0, 0x200000d0}, 0x0) 1m7.956840035s ago: executing program 2 (id=721): socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = epoll_create1(0x0) epoll_pwait(r0, &(0x7f0000000c80)=[{}], 0x1, 0x0, 0x0, 0x0) 1m7.69614884s ago: executing program 2 (id=724): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000001880)={[{@noadinicb}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x400}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@longad}]}, 0xfd, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file1\x00', 0x4000, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000ac0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}]}) 1m7.314935848s ago: executing program 4 (id=726): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000080), 0x12) 1m7.144562558s ago: executing program 2 (id=727): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="1f003300d000000008021100000108021100000050505050505000000f"], 0x3c}}, 0x10) 1m6.960030702s ago: executing program 4 (id=730): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r0, 0x0, 0xfffffffffffffffe}, 0x18) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 1m6.338781132s ago: executing program 4 (id=733): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x5, 0x2, 0xfffff010}, {0x28, 0x7, 0x0, 0xa56e}, {0x6, 0x0, 0x0, 0xa1a}]}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2000000004"], 0x20}}, 0x24040810) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) 1m6.323600414s ago: executing program 2 (id=735): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0x0, 0x0, @remote}}]}, 0x190) syz_emit_ethernet(0x66, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "003a04", 0x4, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}}, 0x0) 1m5.692156561s ago: executing program 33 (id=735): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000b00)={0xb, {{0xa, 0x0, 0x0, @mcast2}}, 0x0, 0x2, [{{0xa, 0x0, 0x0, @remote}}, {{0xa, 0x0, 0x0, @remote}}]}, 0x190) syz_emit_ethernet(0x66, &(0x7f0000000080)={@multicast, @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "003a04", 0x4, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}}}}}, 0x0) 1m5.68582728s ago: executing program 4 (id=740): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x3810082, &(0x7f0000001880)={[{@noadinicb}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x400}}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@gid_forget}, {@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@longad}]}, 0xfd, 0xc32, &(0x7f0000001a40)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=") syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file1\x00', 0x4000, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000ac0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}]}) 1m5.022555052s ago: executing program 4 (id=744): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000010c0)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000018c0)={0x1c, &(0x7f0000001800)=ANY=[@ANYBLOB="100b4a0000008eae2c3f287ca2df9ec3c655dcf71eff826603921928c255362f6c75398b6968f2ad827591a74d4bb98dbef63a567844642b79cb25f96d1dd40637e0d4175f3f54"], 0x0, 0x0}) 1m4.570662488s ago: executing program 4 (id=745): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[], 0x1, 0x1fc, &(0x7f0000000540)="$eJzsmb1rFEEYxp+Z/UgMothY2FgYMKLZ293TkCZFBEtBiKKWh1lDdJOTywpJQPSw0cLSQrC1sbSwsLLwL7DVQgXBwpR2wsi8O7s7XjbHnYp3kPcH996zM+987u0zsAeGYfYtXz7/+PTk/PzlMwAOYhoTpvybU+VIK//js7unny5ceP7qw4t364fuventTwBQavDxfQBvFx1kEC4VPMZvracpPrA0cAUSp4y+CoGAlPtTEXl5AoHrJueWpdsHjEiT4EY7Xb65miahDpEOsQ5Ne3w9qZ2uwDKASVqbUsKq39javt1K06TTKzxVjLOraljRb/9ofosSC+Zaz0/fr2uPHnZh3cMQsty/CBKR0U0ILBk9jwkEQVBtibX+Y27VvzPI+kcrXpI4Mvu/Bi2ekXFYe504PB7T+Fvh/ZN+hBH6J01CFELnHN0pPNBu9XUES57zhmmFPavIuADsqno/laYX8xJ1/w+eZb9mo6r5lP6knf2k5U8u3NI/GtnancbG1vbs6lprJVlJ1uO4OReeDcNzcYOMKI99/G+S/GnK6t/bI9cXPjZbWdaJNoGsE5XXcR4tx1163f5ObST5n8TMCbrswpxZ5UHZgzAfSd9azTg1aao40xiGYRiGYRiGYRiGYRiGYQbnOATyf8KUMC9E64gv0RvKXwEAAP//7QJj9Q==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x74) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f00000000c0)={0x2, 0x4, 0x1}) 1m4.201664122s ago: executing program 34 (id=745): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[], 0x1, 0x1fc, &(0x7f0000000540)="$eJzsmb1rFEEYxp+Z/UgMothY2FgYMKLZ293TkCZFBEtBiKKWh1lDdJOTywpJQPSw0cLSQrC1sbSwsLLwL7DVQgXBwpR2wsi8O7s7XjbHnYp3kPcH996zM+987u0zsAeGYfYtXz7/+PTk/PzlMwAOYhoTpvybU+VIK//js7unny5ceP7qw4t364fuventTwBQavDxfQBvFx1kEC4VPMZvracpPrA0cAUSp4y+CoGAlPtTEXl5AoHrJueWpdsHjEiT4EY7Xb65miahDpEOsQ5Ne3w9qZ2uwDKASVqbUsKq39javt1K06TTKzxVjLOraljRb/9ofosSC+Zaz0/fr2uPHnZh3cMQsty/CBKR0U0ILBk9jwkEQVBtibX+Y27VvzPI+kcrXpI4Mvu/Bi2ekXFYe504PB7T+Fvh/ZN+hBH6J01CFELnHN0pPNBu9XUES57zhmmFPavIuADsqno/laYX8xJ1/w+eZb9mo6r5lP6knf2k5U8u3NI/GtnancbG1vbs6lprJVlJ1uO4OReeDcNzcYOMKI99/G+S/GnK6t/bI9cXPjZbWdaJNoGsE5XXcR4tx1163f5ObST5n8TMCbrswpxZ5UHZgzAfSd9azTg1aao40xiGYRiGYRiGYRiGYRiGYQbnOATyf8KUMC9E64gv0RvKXwEAAP//7QJj9Q==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) creat(&(0x7f0000000100)='./bus\x00', 0x74) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f00000000c0)={0x2, 0x4, 0x1}) 7.133753698s ago: executing program 8 (id=1220): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000140)={0xa, 0x4e20, 0x9, @dev={0xfe, 0x80, '\x00', 0xe}, 0x5}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000340)="f2", 0x1}], 0x1}}, {{&(0x7f0000000180)={0xa, 0x4e24, 0xff, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, 0x1c, &(0x7f0000000400)=[{&(0x7f00000001c0)='f', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000200), 0x4) 6.68662978s ago: executing program 8 (id=1223): r0 = shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil) r1 = shmat(r0, &(0x7f0000ffc000/0x2000)=nil, 0x4000) shmat(r0, &(0x7f0000ff9000/0x1000)=nil, 0x5000) shmdt(r1) 6.403567457s ago: executing program 8 (id=1224): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x370, 0xffffffff, 0xb0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2d8, 0x2d8, 0x2d8, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0xb0, 0x0, {0x100000000000000}}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x9}}}, {{@uncond, 0x0, 0xc8, 0x128, 0x0, {}, [@common=@inet=@socket3={{0x28, 'socket\x00', 0x2}}, @common=@unspec=@cluster={{0x30}, {0x4, 0x4, 0x183e, 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0x4ca, 0xb, [0x10, 0x2a, 0x36, 0xe, 0x7, 0xf, 0xb, 0x22, 0x39, 0x12, 0x17, 0x36, 0x6, 0xe, 0xa, 0x10], 0x0, 0xb, 0x681}}}, {{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'wlan1\x00', 'pim6reg1\x00', {0xff}}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x4, 0x4, 0x4, 0x1, 0x4, 0x7], 0x0, 0x2}}}, @common=@ttl={{0x28}, {0x0, 0x40}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3d0) getsockopt$inet_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f00000004c0)) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 5.41603615s ago: executing program 8 (id=1236): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000140)={[{@nodecompose}, {@nobarrier}, {@nodecompose}, {@force}, {@nobarrier}, {@type={'type', 0x3d, "aff0aae8"}}, {@nls={'nls', 0x3d, 'iso8859-9'}}]}, 0x44, 0x6ff, &(0x7f0000000500)="$eJzs3U1sHGf5APBn1uu1N5XcbZu0/f+FFKsRETSQ2F5KgoREqBDyoUKRuPS6JE5jee1GtoucCBEXKBzhhHLooQiZQ0+oB6QiDohyRkLiinKPxD3iwKKZnVnvh73ebfyRhN9Pmp13Zt6PZ57OvN6dbbQB/M9afDsmtyOJxQtvbaXbD3bqzQc79dWiHBFTEVGKKLdXkaxFJJ9FXI32Ev+X7sy7S/Yb542Hn354/v7H9fZWOV+y+qVh7Xa1hoywnS8xGxET+XpM5f36ux5vDvR3b6yuk07cacLOFYmDk9YasD1O8xHuW+BJdy9iYnKP/bWIUxExnb8PiHx2KB1zeIdurFkOAAAAnkwTB1V4/lE8iq2YOZ5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NmQtH8zMMmXUlGejaT4/f9Kvi9VqZxwvMN95YDjH9w8pkAAAAAAAAAA4Eh8kn9xf/ZRPIqtmCn2t5LsO//Xso3T2etz8V5sxFKsx8XYikZsxmasx3zE5ExXh5Wtxubm+vxgy19H2rLVat3LWy5ERG2g5cI+gZYO+cQBAAAAAAAA4Nn0k1iMmZMOAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuiURE+1VtpwuyrUolSNiOiIqab3tiD8V5afZn086AAAAADh61Xw9k/ynXWgl2Wf+l7PP/dPxXqzFZizHZjRjKW5kzwLan/pLf9+uNx/s1FfTZbDjb/9rrDiyHiNiIt7fZ+S5rMaZTovF+G58Py7EbFyL9ViOH0YjNmMpZqOankQ0Iolatf30olbEuXe8V3u2rvXHdrZv+9UskmrcjOUstotxvRLtxybZOaRjvto12h8qEX0jvp9mJ/lWbsQc3ej67/Wr/LlMrvX8iH0cjVp25pOdjMyluc+z8cLw3I95nfSPNB+lzjOo07ujpJv9IxU5/8E4OT/VXk2nLz/vzflhG/NRWn8mFqKUX30RL/fm/PYX77/Y2/jL//jLtVultZVbNzcuHOEpPY7ZgypMFoX+TNS7MvHK8Ksvz0QzzcT26JmY7N8xPWrLo1XJs5FNRSPOlt/JSo14resSfDduxFJcjrmYjysxF9+Ihah3rrB0OdOT13J9tTcn2b1WGpzfqkOCP/elrkq/OKDy8Urz8kJXXrtnulp2LN9z9Zcx13X1vTj86hv7r0A6/v/n5XSMn3b+4jwJejKRz81FdC8Nz8RvWunrRnNtZf1W4/aI453P1+lt+0Hv3Pzb0aPu/+t+GNLrJZ1xy9lWlpNqcb2kx17qRNubr0r+jUu7XWng2JnOsVrMxHJ8b987tZK/hxvsqX3sle5j/9ydOSv5+5viWM+7nHg3mtm7kD4HTtUAHLNTr5+qVB9W/1b9qPqz6q3qW9NvTl2Z+kIlJv9a/uPE70u/K30zeT0+ih/HzElHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4KNO3dXGs3m0nqnENP9ex63UNl3rOGFKB1YZ+e50TqMWsTwsZK8UDncc38aC9Xo21P8wtLj9vxJRAypU3ns4JOxr7GxC2keDqXDVqud1GxPa2KM5uWi1d51yrExHSuNpLzHHTe1exdEbaXR/Herp3k1um4Z4Bl3aXP19qWNO3e/urzaeGfpnaW1hSuXr1yuf33+a5duLjeX5tqvJx0lcBQ27tyd2GP3wC/dAgAAAAAAAAAAAE+O/P/+3/zc/5ihfECdyvrG3iOfPe5TBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5Si2/H5HYkMT93cS7dfrBTb6ZLUd6tWY6IUkQkP4pIPou4Gu0lal3dJfuN88bDTz88f//j+m5f5aJ+aVi70WznS8xGxES+PtjUHt0M9ne9q7/tzxVe0jnDNGHnisTBSftvAAAA//9u//cB") mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000)='tracefs\x00', 0x800, 0x0) mount$bpf(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x5006d, 0x0) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1002c, &(0x7f0000000200)={[{@mode={'mode', 0x3d, 0xf18c}}]}) 4.958378215s ago: executing program 8 (id=1244): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010100}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000000300)=[{&(0x7f0000002640)=""/102389, 0x18ff5}], 0x1, 0x1903d}}], 0x48}, 0x0) 4.374837888s ago: executing program 8 (id=1252): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000140)={0x1000200, 0x0, 0x6, 0xfbff, 0xfe, "42e23ae179d88f00000000000000000400", 0x0, 0x9}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000480)=0x9) 3.971254472s ago: executing program 35 (id=1252): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000140)={0x1000200, 0x0, 0x6, 0xfbff, 0xfe, "42e23ae179d88f00000000000000000400", 0x0, 0x9}) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x4) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000480)=0x9) 3.724268643s ago: executing program 7 (id=1259): syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x66, &(0x7f0000000040)=0x6, 0x4) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) 3.471578256s ago: executing program 5 (id=1262): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000019c0)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x34}}, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e23, 0x100, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}], 0x3c) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000019c0)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x34}}], 0x10) 3.32142591s ago: executing program 7 (id=1265): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x1, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000180)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r0, 0x1, 0x0, 0x41, 0x2}) io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0) 3.177118368s ago: executing program 5 (id=1266): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x6}]}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x44, &(0x7f0000000000)={0x0, 0x0}, 0x10) 2.943129142s ago: executing program 1 (id=1268): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000100000000000000e9ff000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) r1 = inotify_init() inotify_add_watch(r1, &(0x7f00000000c0)='.\x00', 0x5000009) 2.942388111s ago: executing program 5 (id=1269): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @any, 0x805}, 0xe) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000040)) 2.877168111s ago: executing program 7 (id=1272): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 2.591193758s ago: executing program 7 (id=1273): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='illinois\x00', 0x9) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r0, &(0x7f0000000080), 0x76e5467) 2.536990681s ago: executing program 1 (id=1275): r0 = socket$unix(0x1, 0x5, 0x0) bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r0, 0xb) listen(r0, 0x10001) 2.536514994s ago: executing program 3 (id=1276): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='fdinfo/4\x00') preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0xb6, 0x0) 2.343535886s ago: executing program 3 (id=1277): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)={0x2c, r1, 0xb97534d5fe9704cf, 0x4, 0x25dfdbff, {{0x12}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x6}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4030}, 0x20000000) 2.342884238s ago: executing program 1 (id=1278): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) poll(0x0, 0x0, 0xffffffffffbffff8) dup2(0xffffffffffffffff, 0xffffffffffffffff) 1.90684908s ago: executing program 5 (id=1280): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$int_in(r0, 0x5452, &(0x7f00000001c0)=0x7fffffffffffffff) poll(&(0x7f0000003440)=[{r0, 0x10}], 0x1, 0xbd9) syz_genetlink_get_family_id$devlink(&(0x7f00000034c0), r0) 1.709385282s ago: executing program 7 (id=1281): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={0x0}}, 0x40) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000da5ef908030410600005fdff00010902127765000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000100)={0x20, 0x7, 0x3, "b4f3b6"}, 0x0, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x18}, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.531695729s ago: executing program 3 (id=1282): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0) r2 = dup3(r0, r1, 0x0) read$ptp(r2, 0x0, 0x0) 1.442450272s ago: executing program 6 (id=1283): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000200)={0xc, r1}) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000002"]) 1.29477799s ago: executing program 3 (id=1284): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f0000000380)={0x1c, r1, 0xf21, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000) 1.294208625s ago: executing program 1 (id=1285): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3}]}]}, 0xfc}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=@migrate={0xec, 0x21, 0x1, 0x0, 0x0, {{@in6=@private2, @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}}, [@migrate={0x9c, 0x11, [{@in=@dev={0xac, 0x14, 0x14, 0xc}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@local, 0x32, 0x0, 0x0, 0x2, 0x2, 0xa}, {@in6=@ipv4={'\x00', '\xff\xff', @loopback}, @in6=@private2, @in=@rand_addr=0x64010102, @in6=@private2, 0x3c, 0x0, 0x0, 0x0, 0x8, 0x2}]}]}, 0xec}}, 0x0) 1.265489479s ago: executing program 3 (id=1286): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xc8, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x400]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000001}]}]}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x16, 0x5, 0x1, 0x5, 0x0, 0xffffffff, 0x7fffffff}}, {0x4}}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.23718823s ago: executing program 6 (id=1287): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x68, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}, @TCA_STAB={0x20, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x68}}, 0x0) 1.0629262s ago: executing program 1 (id=1288): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x1c, r1, 0x5, 0x70bd27, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40488c0) 971.323862ms ago: executing program 5 (id=1289): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000340)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000480)={0x3, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @multicast2}}}, 0x108) getsockopt$inet_buf(r0, 0x0, 0x30, &(0x7f0000000340)=""/225, &(0x7f0000000180)=0xe1) 859.403651ms ago: executing program 3 (id=1290): r0 = socket$kcm(0x2, 0x200000000000001, 0x106) r1 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000000)={0x40000000}) sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001) 843.883933ms ago: executing program 1 (id=1291): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc, 0xc}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffb}]}, &(0x7f0000000140)=0x10) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, 0x0, 0x0) 833.355571ms ago: executing program 6 (id=1292): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==") rename(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)='./file0/file0\x00') membarrier(0x2, 0x0) 601.562277ms ago: executing program 5 (id=1293): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) write$UHID_CREATE(r0, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b, 0xffff, 0xfffffffc, 0x20000001, 0xa069, 0x7ffffffe}}, 0x120) 508.916007ms ago: executing program 6 (id=1294): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000080)=0xffff7b6e, 0x4) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x2, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000001500)=""/19, &(0x7f0000000240)=0x13) 264.031423ms ago: executing program 6 (id=1295): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_update={'update ', 'default', 0x20, 'user:', 'user\x00'}, 0x1a, 0xfffffffffffffffc) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) 90.266817ms ago: executing program 6 (id=1296): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x3, 0x10004, 0x5, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000008000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) 0s ago: executing program 7 (id=1297): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000009c0)=ANY=[@ANYBLOB="38010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000700000008000300", @ANYRES32=r2, @ANYBLOB="0c009900000000003e000000140004006e69637666300000000000000000000008000500060000000c001780040005000400040014000400766c616e30000000000000000000000005005300000000000a00180003030303030300000a00e80008021100000000001c001780040001"], 0x138}}, 0x0) kernel console output (not intermixed with test programs): file(s) when stopping log writer [ 195.848729][ T8292] team0: Port device team_slave_1 added [ 195.885384][ T8315] bridge0: port 2(bridge_slave_1) entered blocking state [ 195.892566][ T8315] bridge0: port 2(bridge_slave_1) entered disabled state [ 195.925094][ T8315] bridge_slave_1: entered allmulticast mode [ 195.933008][ T8315] bridge_slave_1: entered promiscuous mode [ 196.077180][ T8292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.103886][ T8292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.135298][ T5843] Bluetooth: hci0: command tx timeout [ 196.152341][ T8292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.442652][ T139] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.495484][ T8292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.506960][ T8292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 196.571499][ T8292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 196.613091][ T8315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.638196][ T8315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.712782][ T139] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.986441][ T30] audit: type=1326 audit(1750407951.031:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.074277][ T30] audit: type=1326 audit(1750407951.081:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.108547][ T139] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.154741][ T30] audit: type=1326 audit(1750407951.081:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.217573][ T8315] team0: Port device team_slave_0 added [ 197.244391][ T30] audit: type=1326 audit(1750407951.081:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.327277][ T8292] hsr_slave_0: entered promiscuous mode [ 197.333948][ T8292] hsr_slave_1: entered promiscuous mode [ 197.340321][ T8292] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 197.347940][ T8292] Cannot create hsr debugfs directory [ 197.354848][ T30] audit: type=1326 audit(1750407951.091:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.379467][ T8315] team0: Port device team_slave_1 added [ 197.382362][ T30] audit: type=1326 audit(1750407951.091:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.414910][ T30] audit: type=1326 audit(1750407951.091:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.418137][ T5845] Bluetooth: hci4: command tx timeout [ 197.437117][ T30] audit: type=1326 audit(1750407951.091:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.437171][ T30] audit: type=1326 audit(1750407951.091:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 197.437222][ T30] audit: type=1326 audit(1750407951.091:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.437272][ T30] audit: type=1326 audit(1750407951.091:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8464 comm="syz.3.803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff501d8e929 code=0x7ffc0000 [ 197.646362][ T139] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.836420][ T8315] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.853639][ T8315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.924323][ T8315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.040630][ T8315] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.203293][ T8466] loop6: detected capacity change from 0 to 32768 [ 198.224489][ T5845] Bluetooth: hci0: command tx timeout [ 198.232844][ T8466] XFS: attr2 mount option is deprecated. [ 198.354571][ T8315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.393101][ T8315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.441707][ T8466] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 198.587133][ T8466] XFS (loop6): Ending clean mount [ 198.646607][ T8466] XFS (loop6): Quotacheck needed: Please wait. [ 198.696207][ T8466] XFS (loop6): Quotacheck: Done. [ 198.909997][ T8315] hsr_slave_0: entered promiscuous mode [ 198.923731][ T8315] hsr_slave_1: entered promiscuous mode [ 198.931529][ T8315] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.940768][ T8315] Cannot create hsr debugfs directory [ 198.958521][ T6479] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 198.959064][ T8494] loop1: detected capacity change from 0 to 256 [ 199.023941][ T139] bridge_slave_1: left allmulticast mode [ 199.034120][ T8494] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 199.046267][ T139] bridge_slave_1: left promiscuous mode [ 199.046514][ T139] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.077888][ T8496] loop3: detected capacity change from 0 to 1024 [ 199.096441][ T139] bridge_slave_0: left allmulticast mode [ 199.134042][ T139] bridge_slave_0: left promiscuous mode [ 199.174956][ T139] bridge0: port 1(bridge_slave_0) entered disabled state [ 199.307988][ T3487] hfsplus: b-tree write err: -5, ino 4 [ 199.325728][ T5845] Bluetooth: hci6: command 0xfc11 tx timeout [ 199.332680][ T5843] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 199.492893][ T5843] Bluetooth: hci4: command tx timeout [ 199.769999][ T8507] loop1: detected capacity change from 0 to 128 [ 199.826786][ T8507] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 199.857292][ T8507] ext4 filesystem being mounted at /138/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 199.987008][ T8507] fscrypt (loop1, inode 12): Unsupported encryption flags (0x29) [ 200.056863][ T8520] loop9: detected capacity change from 0 to 8 [ 200.086195][ T8520] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 200.106595][ T8520] loop9: partition table partially beyond EOD, truncated [ 200.117725][ T8520] loop9: p1 size 81768186 extends beyond EOD, truncated [ 200.130225][ T5826] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 200.191640][ T8522] loop3: detected capacity change from 0 to 512 [ 200.209734][ T8522] EXT4-fs: Ignoring removed orlov option [ 200.245812][ T8522] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 200.301966][ T8522] EXT4-fs (loop3): orphan cleanup on readonly fs [ 200.329650][ T8522] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.826: bg 0: block 248: padding at end of block bitmap is not set [ 200.353576][ T8522] Quota error (device loop3): write_blk: dquota write failed [ 200.366315][ T8522] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.826: Failed to acquire dquot type 1 [ 200.413382][ T8522] EXT4-fs (loop3): 1 truncate cleaned up [ 200.429828][ T8522] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 200.646383][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.779864][ T139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 200.793803][ T139] bond_slave_0: left promiscuous mode [ 200.799459][ T139] bond_slave_0: left allmulticast mode [ 200.826892][ T139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 200.841551][ T139] bond_slave_1: left promiscuous mode [ 200.847238][ T139] bond_slave_1: left allmulticast mode [ 200.866661][ T139] bond0 (unregistering): Released all slaves [ 200.890072][ T8529] loop1: detected capacity change from 0 to 40427 [ 200.913131][ T8529] F2FS-fs (loop1): invalid crc value [ 201.200782][ T8529] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 201.424601][ T5826] syz-executor: attempt to access beyond end of device [ 201.424601][ T5826] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 201.454331][ T5826] CPU: 1 UID: 0 PID: 5826 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 201.454368][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.454383][ T5826] Call Trace: [ 201.454393][ T5826] [ 201.454403][ T5826] dump_stack_lvl+0x189/0x250 [ 201.454454][ T5826] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.454490][ T5826] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 201.454528][ T5826] ? __pfx_queue_work_on+0x10/0x10 [ 201.454553][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.454580][ T5826] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 201.454615][ T5826] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 201.454652][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.454679][ T5826] ? f2fs_hw_is_readonly+0x39b/0x470 [ 201.454716][ T5826] f2fs_handle_critical_error+0x37c/0x540 [ 201.454760][ T5826] f2fs_write_end_io+0x495/0x810 [ 201.454809][ T5826] ? blkg_put+0x22/0x240 [ 201.454858][ T5826] __submit_merged_bio+0x27a/0x6a0 [ 201.454897][ T5826] __submit_merged_write_cond+0x255/0x530 [ 201.454937][ T5826] f2fs_write_data_pages+0x261d/0x3000 [ 201.454971][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455051][ T5826] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 201.455102][ T5826] ? arch_stack_walk+0xfc/0x150 [ 201.455166][ T5826] ? __mod_zone_page_state+0xd7/0x140 [ 201.455219][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455245][ T5826] ? folios_put_refs+0x560/0x640 [ 201.455296][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455323][ T5826] ? __lock_acquire+0xab9/0xd20 [ 201.455370][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455398][ T5826] ? do_raw_spin_lock+0x121/0x290 [ 201.455435][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455468][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455495][ T5826] ? do_raw_spin_unlock+0x122/0x240 [ 201.455525][ T5826] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 201.455561][ T5826] do_writepages+0x32e/0x550 [ 201.455607][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455640][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455668][ T5826] ? do_raw_spin_unlock+0x122/0x240 [ 201.455703][ T5826] filemap_fdatawrite+0x191/0x230 [ 201.455727][ T5826] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 201.455811][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.455845][ T5826] ? do_raw_spin_unlock+0x122/0x240 [ 201.455881][ T5826] f2fs_sync_dirty_inodes+0x31f/0x830 [ 201.455938][ T5826] f2fs_write_checkpoint+0x94a/0x1de0 [ 201.456009][ T5826] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 201.456111][ T5826] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 201.456146][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.456173][ T5826] ? kfree+0x18e/0x440 [ 201.456213][ T5826] ? kill_f2fs_super+0x298/0x6c0 [ 201.456257][ T5826] kill_f2fs_super+0x2c3/0x6c0 [ 201.456302][ T5826] ? __pfx_kill_f2fs_super+0x10/0x10 [ 201.456335][ T5826] ? radix_tree_delete_item+0x2b6/0x400 [ 201.456382][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.456408][ T5826] ? shrinker_free+0x2ce/0x3e0 [ 201.456444][ T5826] deactivate_locked_super+0xbc/0x130 [ 201.456483][ T5826] cleanup_mnt+0x425/0x4c0 [ 201.456517][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.456544][ T5826] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.456586][ T5826] task_work_run+0x1d4/0x260 [ 201.456623][ T5826] ? __pfx_task_work_run+0x10/0x10 [ 201.456651][ T5826] ? __x64_sys_umount+0x122/0x160 [ 201.456682][ T5826] ? exit_to_user_mode_loop+0x40/0x110 [ 201.456723][ T5826] exit_to_user_mode_loop+0xec/0x110 [ 201.456760][ T5826] do_syscall_64+0x2bd/0x3b0 [ 201.456783][ T5826] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.456819][ T5826] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.456842][ T5826] ? srso_alias_return_thunk+0x5/0xfbef5 [ 201.456870][ T5826] ? exc_page_fault+0x9f/0xf0 [ 201.456910][ T5826] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.456933][ T5826] RIP: 0033:0x7f7c3d98fc57 [ 201.456955][ T5826] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 201.456975][ T5826] RSP: 002b:00007ffd1934c7d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 201.457001][ T5826] RAX: 0000000000000000 RBX: 00007f7c3da10925 RCX: 00007f7c3d98fc57 [ 201.457018][ T5826] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd1934c890 [ 201.457039][ T5826] RBP: 00007ffd1934c890 R08: 0000000000000000 R09: 0000000000000000 [ 201.457055][ T5826] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd1934d920 [ 201.457071][ T5826] R13: 00007f7c3da10925 R14: 000000000003126e R15: 00007ffd1934d960 [ 201.457114][ T5826] [ 201.457360][ T5826] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 202.113716][ T8540] loop3: detected capacity change from 0 to 32768 [ 202.128572][ T8540] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.834 (8540) [ 202.162614][ T8540] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 202.185089][ T8540] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 202.195834][ T139] hsr_slave_0: left promiscuous mode [ 202.207412][ T139] hsr_slave_1: left promiscuous mode [ 202.211779][ T8540] BTRFS info (device loop3): using free-space-tree [ 202.220222][ T139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 202.248916][ T139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 202.269008][ T139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.285463][ T139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.337372][ T139] veth1_macvtap: left promiscuous mode [ 202.350928][ T139] veth0_macvtap: left promiscuous mode [ 202.362402][ T139] veth1_vlan: left promiscuous mode [ 202.375639][ T139] veth0_vlan: left promiscuous mode [ 202.386494][ T8540] BTRFS info (device loop3): rebuilding free space tree [ 202.545533][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 202.576194][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 202.584807][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 202.600597][ T4596] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared) [ 202.615219][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 202.629951][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 202.671642][ T5828] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 202.833252][ T8566] loop6: detected capacity change from 0 to 256 [ 202.859707][ T8566] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 203.279514][ T8576] netlink: 8 bytes leftover after parsing attributes in process `syz.6.844'. [ 203.611494][ T8588] loop1: detected capacity change from 0 to 1024 [ 203.717734][ T139] team0 (unregistering): Port device team_slave_1 removed [ 203.788917][ T4596] hfsplus: b-tree write err: -5, ino 4 [ 203.790667][ T139] team0 (unregistering): Port device team_slave_0 removed [ 204.173289][ T8574] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 204.193659][ T8292] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 204.242948][ T8292] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 204.334295][ T8292] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 204.363351][ T8292] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 204.684358][ T5843] Bluetooth: hci5: command tx timeout [ 204.919588][ T8315] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 204.981881][ T8315] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 205.009730][ T8315] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 205.043974][ T8315] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 205.072968][ T139] IPVS: stop unused estimator thread 0... [ 205.281666][ T8617] loop6: detected capacity change from 0 to 32768 [ 205.298486][ T8617] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.861 (8617) [ 205.356976][ T8617] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 205.385822][ T8617] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm [ 205.400037][ T3487] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.406889][ T8617] BTRFS info (device loop6): using free-space-tree [ 205.446065][ T8561] chnl_net:caif_netlink_parms(): no params data found [ 205.508937][ T3487] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.687993][ T3487] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 205.772712][ T8628] loop1: detected capacity change from 0 to 32768 [ 205.854838][ T8628] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 205.907121][ T6479] BTRFS info (device loop6): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 205.935440][ T8628] XFS (loop1): Ending clean mount [ 205.953681][ T3487] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.013929][ T8292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.162569][ T8561] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.180146][ T8561] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.215061][ T8561] bridge_slave_0: entered allmulticast mode [ 206.222971][ T8561] bridge_slave_0: entered promiscuous mode [ 206.270658][ T5826] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 206.342394][ T8561] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.351669][ T8561] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.360419][ T8561] bridge_slave_1: entered allmulticast mode [ 206.368527][ T8561] bridge_slave_1: entered promiscuous mode [ 206.483021][ T8315] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.711967][ T8561] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.737769][ T8292] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.764671][ T5843] Bluetooth: hci5: command tx timeout [ 206.827306][ T139] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.834528][ T139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.907222][ T139] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.914437][ T139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.962536][ T8561] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.992504][ T8315] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.998237][ T8683] loop3: detected capacity change from 0 to 256 [ 207.070490][ T10] kernel write not supported for file /input/mice (pid: 10 comm: kworker/0:1) [ 207.079840][ T8683] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 207.103706][ T8683] exFAT-fs (loop3): error, data size is invalid(10) [ 207.148786][ T8683] exFAT-fs (loop3): Filesystem has been set read-only [ 207.168566][ T8683] exFAT-fs (loop3): error, data size is invalid(10) [ 207.208819][ T8561] team0: Port device team_slave_0 added [ 207.237740][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.245013][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.296306][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.303497][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.381455][ T8561] team0: Port device team_slave_1 added [ 207.492205][ T8561] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.499670][ T8561] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.527922][ T8561] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.563506][ T8561] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.576816][ T8561] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.604745][ T5917] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 207.611566][ T8561] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.720728][ T3487] erspan0: left allmulticast mode [ 207.732077][ T3487] erspan0: left promiscuous mode [ 207.746826][ T3487] bridge0: port 3(erspan0) entered disabled state [ 207.756258][ T3487] bridge_slave_1: left allmulticast mode [ 207.761910][ T3487] bridge_slave_1: left promiscuous mode [ 207.768079][ T5917] usb 2-1: Using ep0 maxpacket: 32 [ 207.776583][ T3487] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.787435][ T5917] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 207.797647][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.809745][ T5917] usb 2-1: config 0 descriptor?? [ 207.815893][ T3487] bridge_slave_0: left allmulticast mode [ 207.824484][ T3487] bridge_slave_0: left promiscuous mode [ 207.830297][ T3487] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.070065][ T5917] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 208.097261][ T5917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 208.116075][ T5917] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 208.128850][ T5917] usb 2-1: media controller created [ 208.180274][ T5917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 208.269657][ T5917] az6027: usb out operation failed. (-71) [ 208.312262][ T5917] az6027: usb out operation failed. (-71) [ 208.326668][ T5917] stb0899_attach: Driver disabled by Kconfig [ 208.332799][ T5917] az6027: no front-end attached [ 208.332799][ T5917] [ 208.346203][ T5917] az6027: usb out operation failed. (-71) [ 208.351973][ T5917] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 208.371809][ T5917] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input8 [ 208.409517][ T5917] dvb-usb: schedule remote query interval to 400 msecs. [ 208.416808][ T5917] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 208.427042][ T5917] usb 2-1: USB disconnect, device number 8 [ 208.458303][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 208.458323][ T30] audit: type=1326 audit(1750407962.511:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8707 comm="syz.3.885" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff501d8e929 code=0x0 [ 208.598274][ T5917] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 208.656016][ T8714] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 208.675775][ T3487] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 208.690452][ T3487] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 208.702409][ T3487] bond0 (unregistering): Released all slaves [ 208.818941][ T8716] loop6: detected capacity change from 0 to 4096 [ 208.837866][ T8716] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512). [ 208.847179][ T5843] Bluetooth: hci5: command tx timeout [ 208.923284][ T8561] hsr_slave_0: entered promiscuous mode [ 208.970582][ T8561] hsr_slave_1: entered promiscuous mode [ 208.991562][ T8561] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 209.010087][ T8561] Cannot create hsr debugfs directory [ 209.041832][ T8292] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.101679][ T8315] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 209.148243][ T8315] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.356391][ T8724] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 209.415641][ T8729] loop1: detected capacity change from 0 to 256 [ 209.604507][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 209.774316][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 209.796988][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.814210][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 209.825985][ T8733] loop6: detected capacity change from 0 to 8192 [ 209.839983][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 209.854827][ T8738] loop1: detected capacity change from 0 to 16 [ 209.884717][ T8738] erofs (device loop1): mounted with root inode @ nid 36. [ 209.898754][ T10] usb 4-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00 [ 209.925942][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.971612][ T10] usb 4-1: config 0 descriptor?? [ 210.137324][ T3487] hsr_slave_0: left promiscuous mode [ 210.166267][ T3487] hsr_slave_1: left promiscuous mode [ 210.172400][ T3487] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 210.206150][ T3487] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 210.233191][ T3487] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 210.263330][ T3487] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 210.278012][ T8744] loop1: detected capacity change from 0 to 128 [ 210.311479][ T8744] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 210.323348][ T3487] veth1_macvtap: left promiscuous mode [ 210.333567][ T3487] veth0_macvtap: left promiscuous mode [ 210.339581][ T3487] veth1_vlan: left promiscuous mode [ 210.341781][ T8744] ext4 filesystem being mounted at /163/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 210.351806][ T3487] veth0_vlan: left promiscuous mode [ 210.381621][ T5843] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 210.392835][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: kworker/u9:4 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 210.392869][ T5843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 210.392886][ T5843] Workqueue: hci3 hci_rx_work [ 210.392927][ T5843] Call Trace: [ 210.392938][ T5843] [ 210.392948][ T5843] dump_stack_lvl+0x189/0x250 [ 210.392990][ T5843] ? kernfs_path_from_node+0x2c/0x260 [ 210.393023][ T5843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 210.393062][ T5843] ? __pfx__printk+0x10/0x10 [ 210.393092][ T5843] ? kernfs_path_from_node+0x2c/0x260 [ 210.393120][ T5843] ? kernfs_path_from_node+0x2c/0x260 [ 210.393151][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.393179][ T5843] ? kernfs_path_from_node+0x22c/0x260 [ 210.393207][ T5843] ? kernfs_path_from_node+0x2c/0x260 [ 210.393240][ T5843] sysfs_create_dir_ns+0x259/0x280 [ 210.393273][ T5843] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 210.393304][ T5843] ? do_raw_spin_unlock+0x122/0x240 [ 210.393339][ T5843] kobject_add_internal+0x59f/0xb40 [ 210.393377][ T5843] kobject_add+0x155/0x220 [ 210.393401][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.393436][ T5843] ? __pfx_kobject_add+0x10/0x10 [ 210.393461][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.393489][ T5843] ? _raw_spin_unlock+0x28/0x50 [ 210.393522][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.393554][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.393581][ T5843] ? get_device_parent+0x366/0x3a0 [ 210.393614][ T5843] device_add+0x408/0xb50 [ 210.393646][ T5843] hci_conn_add_sysfs+0xd5/0x1e0 [ 210.393686][ T5843] le_conn_complete_evt+0xc3a/0x1220 [ 210.393732][ T5843] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 210.393761][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.393789][ T5843] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 210.393815][ T5843] ? __asan_memcpy+0x40/0x70 [ 210.393853][ T5843] ? __pfx___mutex_lock+0x10/0x10 [ 210.393877][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.393904][ T5843] ? skb_pull_data+0xfb/0x200 [ 210.393948][ T5843] hci_le_conn_complete_evt+0x187/0x450 [ 210.393985][ T5843] hci_event_packet+0x78f/0x1200 [ 210.394027][ T5843] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 210.394058][ T5843] ? __pfx_hci_event_packet+0x10/0x10 [ 210.394099][ T5843] ? kcov_remote_start+0x4d3/0x7f0 [ 210.394131][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.394161][ T5843] ? lockdep_hardirqs_on+0x20/0x150 [ 210.394202][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.394230][ T5843] ? hci_send_to_monitor+0xe2/0x570 [ 210.394263][ T5843] hci_rx_work+0x46a/0xe80 [ 210.394313][ T5843] ? process_scheduled_works+0x9ef/0x17b0 [ 210.394355][ T5843] process_scheduled_works+0xae1/0x17b0 [ 210.394428][ T5843] ? __pfx_process_scheduled_works+0x10/0x10 [ 210.394476][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.394514][ T5843] worker_thread+0x8a0/0xda0 [ 210.394571][ T5843] kthread+0x711/0x8a0 [ 210.394604][ T5843] ? __pfx_worker_thread+0x10/0x10 [ 210.394643][ T5843] ? __pfx_kthread+0x10/0x10 [ 210.394667][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.394700][ T5843] ? _raw_spin_unlock_irq+0x23/0x50 [ 210.394733][ T5843] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.394761][ T5843] ? lockdep_hardirqs_on+0x9c/0x150 [ 210.394820][ T5843] ? __pfx_kthread+0x10/0x10 [ 210.394850][ T5843] ret_from_fork+0x3fc/0x770 [ 210.394890][ T5843] ? __pfx_ret_from_fork+0x10/0x10 [ 210.394933][ T5843] ? __switch_to_asm+0x39/0x70 [ 210.394957][ T5843] ? __switch_to_asm+0x33/0x70 [ 210.394981][ T5843] ? __pfx_kthread+0x10/0x10 [ 210.395011][ T5843] ret_from_fork_asm+0x1a/0x30 [ 210.395056][ T5843] [ 210.746922][ T5843] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 210.761516][ T5843] Bluetooth: hci3: failed to register connection device [ 210.924397][ T5843] Bluetooth: hci5: command tx timeout [ 210.936393][ T5826] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 210.947553][ T10] nintendo 0003:057E:2019.0007: hidraw0: USB HID v80.05 Device [HID 057e:2019] on usb-dummy_hcd.3-1/input0 [ 211.007641][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 211.198828][ T10] nintendo 0003:057E:2019.0007: Failed to get joycon info; ret=-71 [ 211.220252][ T10] nintendo 0003:057E:2019.0007: Failed to retrieve controller info; ret=-71 [ 211.254244][ T10] nintendo 0003:057E:2019.0007: Failed to initialize controller; ret=-71 [ 211.267996][ T10] nintendo 0003:057E:2019.0007: probe - fail = -71 [ 211.286450][ T10] nintendo 0003:057E:2019.0007: probe with driver nintendo failed with error -71 [ 211.307229][ T10] usb 4-1: USB disconnect, device number 9 [ 211.470560][ T8755] loop6: detected capacity change from 0 to 128 [ 211.524086][ T5917] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 211.696560][ T5917] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 211.713442][ T5917] usb 2-1: config 1 interface 0 altsetting 1 endpoint 0x81 has invalid maxpacket 1536, setting to 64 [ 211.725571][ T5917] usb 2-1: config 1 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 211.739957][ T5917] usb 2-1: config 1 interface 0 has no altsetting 0 [ 211.785826][ T5917] usb 2-1: New USB device found, idVendor=056a, idProduct=00d8, bcdDevice= 0.40 [ 211.792415][ T3487] team0 (unregistering): Port device team_slave_1 removed [ 211.795208][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.816070][ T5917] usb 2-1: Product: syz [ 211.820921][ T5917] usb 2-1: Manufacturer: syz [ 211.841599][ T5917] usb 2-1: SerialNumber: syz [ 211.863269][ T8753] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 211.895911][ T3487] team0 (unregistering): Port device team_slave_0 removed [ 212.106515][ T5917] usbhid 2-1:1.0: can't add hid device: -71 [ 212.113071][ T5917] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 212.128049][ T5917] usb 2-1: USB disconnect, device number 9 [ 212.567858][ T8292] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.626476][ T8766] netlink: 'syz.3.907': attribute type 1 has an invalid length. [ 212.695798][ T8766] netlink: 4 bytes leftover after parsing attributes in process `syz.3.907'. [ 212.712047][ T8315] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.843779][ T8770] vlan2: entered allmulticast mode [ 212.912333][ T8770] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode [ 213.143677][ T8782] loop3: detected capacity change from 0 to 128 [ 213.239168][ T8782] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 213.306565][ T8782] ext4 filesystem being mounted at /172/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 213.528020][ T5828] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 213.757894][ T8292] veth0_vlan: entered promiscuous mode [ 213.768216][ T8801] netlink: 20 bytes leftover after parsing attributes in process `syz.6.917'. [ 213.810692][ T8561] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 213.856845][ T8561] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 213.878143][ T8803] netlink: 12 bytes leftover after parsing attributes in process `syz.1.918'. [ 213.921933][ T8561] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 213.948638][ T8292] veth1_vlan: entered promiscuous mode [ 213.998300][ T8561] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 214.141724][ T8315] veth0_vlan: entered promiscuous mode [ 214.193490][ T8315] veth1_vlan: entered promiscuous mode [ 214.242334][ T8292] veth0_macvtap: entered promiscuous mode [ 214.271857][ T8292] veth1_macvtap: entered promiscuous mode [ 214.386107][ T8292] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.449264][ T8292] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.507533][ T8292] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.534388][ T8292] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.553523][ T8292] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.579575][ T8292] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.626121][ T8315] veth0_macvtap: entered promiscuous mode [ 214.697375][ T8315] veth1_macvtap: entered promiscuous mode [ 214.710871][ T8824] loop3: detected capacity change from 0 to 512 [ 214.751463][ T8824] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 214.786411][ T8561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.791688][ T8824] EXT4-fs (loop3): invalid journal inode [ 214.818172][ T8824] EXT4-fs (loop3): can't get journal size [ 214.843315][ T8315] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 214.855090][ T8561] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.886151][ T8824] EXT4-fs (loop3): 1 truncate cleaned up [ 214.893648][ T8824] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.902929][ T8315] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 214.922637][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.929849][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.973915][ T8315] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 214.991667][ T8315] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.001143][ T8315] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.024337][ T8315] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 215.042009][ T61] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.049303][ T61] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.091431][ T8816] loop1: detected capacity change from 0 to 32768 [ 215.098577][ T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.098604][ T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.114113][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.264108][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.267442][ T8829] find_entry called with index >= next_index [ 215.279061][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.313391][ T8829] find_entry called with index >= next_index [ 215.321641][ T8829] find_entry called with index >= next_index [ 215.344362][ T8831] netlink: 8 bytes leftover after parsing attributes in process `syz.6.927'. [ 215.561936][ T6568] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.594259][ T6568] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.703805][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 215.731483][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 215.931364][ T8847] loop7: detected capacity change from 0 to 256 [ 216.195934][ T8561] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.845253][ T5918] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 216.909710][ T8871] Bluetooth: MGMT ver 1.23 [ 216.923019][ T8852] loop1: detected capacity change from 0 to 32768 [ 216.990225][ T8852] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.930 (8852) [ 217.028431][ T5918] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.048500][ T8852] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 217.069415][ T5918] usb 8-1: New USB device found, idVendor=056a, idProduct=032b, bcdDevice= 0.00 [ 217.090336][ T8852] BTRFS info (device loop1): using sha256 (sha256-x86_64) checksum algorithm [ 217.095365][ T5918] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.134558][ T8852] BTRFS info (device loop1): using free-space-tree [ 217.148856][ T5918] usb 8-1: config 0 descriptor?? [ 217.157249][ T8873] loop3: detected capacity change from 0 to 1024 [ 217.162523][ T8561] veth0_vlan: entered promiscuous mode [ 217.224938][ T8561] veth1_vlan: entered promiscuous mode [ 217.303266][ T8561] veth0_macvtap: entered promiscuous mode [ 217.312436][ T8852] BTRFS info (device loop1): rebuilding free space tree [ 217.355786][ T8561] veth1_macvtap: entered promiscuous mode [ 217.438491][ T8561] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 217.452465][ T4598] hfsplus: b-tree write err: -5, ino 4 [ 217.489409][ T8561] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 217.551826][ T8561] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.574611][ T8561] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.595873][ T36] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 217.605927][ T8561] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.615272][ T8561] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 217.639527][ T5918] wacom 0003:056A:032B.0008: unbalanced collection at end of report description [ 217.682057][ T5826] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 217.693350][ T5918] wacom 0003:056A:032B.0008: parse failed [ 217.716024][ T5918] wacom 0003:056A:032B.0008: probe with driver wacom failed with error -22 [ 217.860669][ T5945] usb 8-1: USB disconnect, device number 2 [ 217.913496][ T3487] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 217.951293][ T3487] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.012226][ T4598] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.036594][ T4598] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.351127][ T8911] loop1: detected capacity change from 0 to 1024 [ 218.379290][ T8911] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 218.478896][ T8917] loop7: detected capacity change from 0 to 1024 [ 218.495232][ T8917] hfsplus: Unknown parameter 'no”à -͉ãÓbarrier' [ 218.774281][ T972] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 218.937725][ T972] usb 6-1: Using ep0 maxpacket: 32 [ 218.963787][ T8936] loop3: detected capacity change from 0 to 1024 [ 218.980641][ T972] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 219.000427][ T972] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.072981][ T972] usb 6-1: config 0 descriptor?? [ 219.293719][ T972] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 219.339685][ T972] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 219.379318][ T972] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 219.394301][ T972] usb 6-1: media controller created [ 219.421972][ T8951] loop6: detected capacity change from 0 to 164 [ 219.469754][ T972] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 219.574923][ T972] az6027: usb out operation failed. (-71) [ 219.584312][ T972] az6027: usb out operation failed. (-71) [ 219.590085][ T972] stb0899_attach: Driver disabled by Kconfig [ 219.624077][ T8915] loop8: detected capacity change from 0 to 32768 [ 219.631236][ T972] az6027: no front-end attached [ 219.631236][ T972] [ 219.650937][ T972] az6027: usb out operation failed. (-71) [ 219.666089][ T972] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 219.695095][ T972] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input9 [ 219.745758][ T972] dvb-usb: schedule remote query interval to 400 msecs. [ 219.760954][ T972] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 219.766307][ T8915] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 219.814475][ T972] usb 6-1: USB disconnect, device number 5 [ 219.871672][ T8915] XFS (loop8): Ending clean mount [ 219.916036][ T972] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 220.030034][ T8971] overlayfs: missing 'workdir' [ 220.151571][ T8315] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 220.688382][ T8947] loop3: detected capacity change from 0 to 40427 [ 220.759385][ T8947] F2FS-fs (loop3): build fault injection rate: 771 [ 220.830716][ T8947] F2FS-fs (loop3): invalid crc value [ 220.882031][ T8987] loop1: detected capacity change from 0 to 8 [ 220.975905][ T8987] SQUASHFS error: Failed to read block 0x260685: -5 [ 220.996142][ T8987] SQUASHFS error: Unable to read metadata cache entry [260685] [ 221.003750][ T8987] SQUASHFS error: Unable to read directory block [260685:0] [ 221.215018][ T8947] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 221.331734][ T5828] syz-executor: attempt to access beyond end of device [ 221.331734][ T5828] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 221.395822][ T5828] CPU: 1 UID: 0 PID: 5828 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 221.395861][ T5828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 221.395876][ T5828] Call Trace: [ 221.395885][ T5828] [ 221.395896][ T5828] dump_stack_lvl+0x189/0x250 [ 221.395944][ T5828] ? __pfx_dump_stack_lvl+0x10/0x10 [ 221.395981][ T5828] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 221.396018][ T5828] ? __pfx_queue_work_on+0x10/0x10 [ 221.396043][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396071][ T5828] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 221.396106][ T5828] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 221.396143][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396170][ T5828] ? f2fs_hw_is_readonly+0x39b/0x470 [ 221.396205][ T5828] f2fs_handle_critical_error+0x37c/0x540 [ 221.396242][ T5828] f2fs_write_end_io+0x495/0x810 [ 221.396275][ T5828] ? blkg_put+0x22/0x240 [ 221.396319][ T5828] __submit_merged_bio+0x27a/0x6a0 [ 221.396355][ T5828] __submit_merged_write_cond+0x255/0x530 [ 221.396392][ T5828] f2fs_write_data_pages+0x261d/0x3000 [ 221.396426][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396491][ T5828] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 221.396538][ T5828] ? arch_stack_walk+0xfc/0x150 [ 221.396593][ T5828] ? __mod_zone_page_state+0xd7/0x140 [ 221.396643][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396671][ T5828] ? folios_put_refs+0x560/0x640 [ 221.396717][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396744][ T5828] ? __lock_acquire+0xab9/0xd20 [ 221.396794][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396822][ T5828] ? do_raw_spin_lock+0x121/0x290 [ 221.396857][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396890][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.396918][ T5828] ? do_raw_spin_unlock+0x122/0x240 [ 221.396946][ T5828] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 221.396981][ T5828] do_writepages+0x32e/0x550 [ 221.397025][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.397058][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.397085][ T5828] ? do_raw_spin_unlock+0x122/0x240 [ 221.397119][ T5828] filemap_fdatawrite+0x191/0x230 [ 221.397143][ T5828] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 221.397214][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.397247][ T5828] ? do_raw_spin_unlock+0x122/0x240 [ 221.397281][ T5828] f2fs_sync_dirty_inodes+0x31f/0x830 [ 221.397334][ T5828] f2fs_write_checkpoint+0x94a/0x1de0 [ 221.397397][ T5828] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 221.397480][ T5828] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 221.397515][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.397542][ T5828] ? kfree+0x18e/0x440 [ 221.397581][ T5828] ? kill_f2fs_super+0x298/0x6c0 [ 221.397622][ T5828] kill_f2fs_super+0x2c3/0x6c0 [ 221.397665][ T5828] ? __pfx_kill_f2fs_super+0x10/0x10 [ 221.397697][ T5828] ? radix_tree_delete_item+0x2b6/0x400 [ 221.397742][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.397770][ T5828] ? shrinker_free+0x2ce/0x3e0 [ 221.397812][ T5828] deactivate_locked_super+0xbc/0x130 [ 221.397851][ T5828] cleanup_mnt+0x425/0x4c0 [ 221.397884][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.397912][ T5828] ? lockdep_hardirqs_on+0x9c/0x150 [ 221.397953][ T5828] task_work_run+0x1d4/0x260 [ 221.397989][ T5828] ? __pfx_task_work_run+0x10/0x10 [ 221.398017][ T5828] ? __x64_sys_umount+0x122/0x160 [ 221.398047][ T5828] ? exit_to_user_mode_loop+0x40/0x110 [ 221.398087][ T5828] exit_to_user_mode_loop+0xec/0x110 [ 221.398123][ T5828] do_syscall_64+0x2bd/0x3b0 [ 221.398144][ T5828] ? lockdep_hardirqs_on+0x9c/0x150 [ 221.398181][ T5828] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.398204][ T5828] ? srso_alias_return_thunk+0x5/0xfbef5 [ 221.398231][ T5828] ? exc_page_fault+0x9f/0xf0 [ 221.398270][ T5828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 221.398294][ T5828] RIP: 0033:0x7ff501d8fc57 [ 221.398316][ T5828] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 221.398337][ T5828] RSP: 002b:00007ffe8fced4f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 221.398362][ T5828] RAX: 0000000000000000 RBX: 00007ff501e10925 RCX: 00007ff501d8fc57 [ 221.398380][ T5828] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe8fced5b0 [ 221.398395][ T5828] RBP: 00007ffe8fced5b0 R08: 0000000000000000 R09: 0000000000000000 [ 221.398411][ T5828] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe8fcee640 [ 221.398427][ T5828] R13: 00007ff501e10925 R14: 000000000003602c R15: 00007ffe8fcee680 [ 221.398466][ T5828] [ 221.398475][ T5828] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 221.429522][ T8995] loop8: detected capacity change from 0 to 2048 [ 221.698840][ T8997] loop1: detected capacity change from 0 to 4096 [ 221.866769][ T8995] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 221.904228][ T8997] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 222.039147][ T8997] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 222.900127][ T9027] loop1: detected capacity change from 0 to 1024 [ 222.933787][ T9027] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.003028][ T2146] kernel read not supported for file /dsp (pid: 2146 comm: kworker/1:2) [ 223.035210][ T9027] EXT4-fs (loop1): shut down requested (1) [ 223.213547][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.342054][ T9036] loop8: detected capacity change from 0 to 2048 [ 223.429767][ T9036] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 223.544110][ T9024] loop5: detected capacity change from 0 to 40427 [ 223.632019][ T9024] F2FS-fs (loop5): invalid crc value [ 223.961114][ T9024] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 224.172287][ T8561] syz-executor: attempt to access beyond end of device [ 224.172287][ T8561] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 224.224345][ T8561] CPU: 0 UID: 0 PID: 8561 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 224.224385][ T8561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 224.224401][ T8561] Call Trace: [ 224.224410][ T8561] [ 224.224425][ T8561] dump_stack_lvl+0x189/0x250 [ 224.224474][ T8561] ? __pfx_dump_stack_lvl+0x10/0x10 [ 224.224512][ T8561] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 224.224550][ T8561] ? __pfx_queue_work_on+0x10/0x10 [ 224.224576][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.224606][ T8561] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 224.224643][ T8561] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 224.224679][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.224707][ T8561] ? f2fs_hw_is_readonly+0x39b/0x470 [ 224.224742][ T8561] f2fs_handle_critical_error+0x37c/0x540 [ 224.224780][ T8561] f2fs_write_end_io+0x495/0x810 [ 224.224820][ T8561] ? blkg_put+0x22/0x240 [ 224.224864][ T8561] __submit_merged_bio+0x27a/0x6a0 [ 224.224901][ T8561] __submit_merged_write_cond+0x255/0x530 [ 224.224938][ T8561] f2fs_write_data_pages+0x261d/0x3000 [ 224.225010][ T8561] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 224.225057][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225085][ T8561] ? is_bpf_text_address+0x292/0x2b0 [ 224.225155][ T8561] ? __mod_zone_page_state+0xd7/0x140 [ 224.225206][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225234][ T8561] ? folios_put_refs+0x560/0x640 [ 224.225279][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225307][ T8561] ? __lock_acquire+0xab9/0xd20 [ 224.225353][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225380][ T8561] ? do_raw_spin_lock+0x121/0x290 [ 224.225415][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225448][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225475][ T8561] ? do_raw_spin_unlock+0x122/0x240 [ 224.225504][ T8561] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 224.225537][ T8561] do_writepages+0x32e/0x550 [ 224.225582][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225614][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225641][ T8561] ? do_raw_spin_unlock+0x122/0x240 [ 224.225675][ T8561] filemap_fdatawrite+0x191/0x230 [ 224.225700][ T8561] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 224.225771][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.225809][ T8561] ? do_raw_spin_unlock+0x122/0x240 [ 224.225843][ T8561] f2fs_sync_dirty_inodes+0x31f/0x830 [ 224.225896][ T8561] f2fs_write_checkpoint+0x94a/0x1de0 [ 224.225959][ T8561] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 224.226047][ T8561] ? kill_f2fs_super+0x298/0x6c0 [ 224.226088][ T8561] kill_f2fs_super+0x2c3/0x6c0 [ 224.226129][ T8561] ? __pfx_kill_f2fs_super+0x10/0x10 [ 224.226161][ T8561] ? radix_tree_delete_item+0x2b6/0x400 [ 224.226204][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.226231][ T8561] ? shrinker_free+0x2ce/0x3e0 [ 224.226265][ T8561] deactivate_locked_super+0xbc/0x130 [ 224.226304][ T8561] cleanup_mnt+0x425/0x4c0 [ 224.226337][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.226364][ T8561] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.226404][ T8561] task_work_run+0x1d4/0x260 [ 224.226439][ T8561] ? __pfx_task_work_run+0x10/0x10 [ 224.226467][ T8561] ? __x64_sys_umount+0x122/0x160 [ 224.226496][ T8561] ? exit_to_user_mode_loop+0x40/0x110 [ 224.226536][ T8561] exit_to_user_mode_loop+0xec/0x110 [ 224.226571][ T8561] do_syscall_64+0x2bd/0x3b0 [ 224.226593][ T8561] ? lockdep_hardirqs_on+0x9c/0x150 [ 224.226629][ T8561] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.226652][ T8561] ? srso_alias_return_thunk+0x5/0xfbef5 [ 224.226679][ T8561] ? exc_page_fault+0x9f/0xf0 [ 224.226717][ T8561] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 224.226740][ T8561] RIP: 0033:0x7fd4ead8fc57 [ 224.226761][ T8561] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 224.226783][ T8561] RSP: 002b:00007fff3abbb618 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 224.226817][ T8561] RAX: 0000000000000000 RBX: 00007fd4eae10925 RCX: 00007fd4ead8fc57 [ 224.226834][ T8561] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff3abbb6d0 [ 224.226850][ T8561] RBP: 00007fff3abbb6d0 R08: 0000000000000000 R09: 0000000000000000 [ 224.226865][ T8561] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff3abbc760 [ 224.226882][ T8561] R13: 00007fd4eae10925 R14: 0000000000036b25 R15: 00007fff3abbc7a0 [ 224.226919][ T8561] [ 224.233383][ T8561] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 224.245298][ T9034] loop3: detected capacity change from 0 to 32768 [ 224.333299][ T9038] loop6: detected capacity change from 0 to 32768 [ 224.414557][ T9034] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1001 (9034) [ 224.485716][ T9055] netlink: 44 bytes leftover after parsing attributes in process `syz.8.1010'. [ 224.593824][ T9050] loop7: detected capacity change from 0 to 32768 [ 224.763467][ T9034] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 224.803660][ T9050] BTRFS: device /dev/loop7 (7:7) using temp-fsid 855cba7b-b3eb-4b23-a65c-d2751c16a85a [ 224.808888][ T9034] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 224.827726][ T9034] BTRFS info (device loop3): using free-space-tree [ 224.836894][ T9050] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1007 (9050) [ 224.875760][ T9050] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 224.893709][ T9050] BTRFS info (device loop7): using sha256 (sha256-x86_64) checksum algorithm [ 224.913055][ T9049] loop1: detected capacity change from 0 to 32768 [ 224.920609][ T9049] btrfs: Deprecated parameter 'usebackuproot' [ 224.928108][ T9049] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 224.939564][ T9050] BTRFS info (device loop7): using free-space-tree [ 224.948335][ T9049] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1006 (9049) [ 224.980923][ T9049] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 225.010390][ T9049] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 225.019946][ T9049] BTRFS info (device loop1): using free-space-tree [ 225.072605][ T9034] BTRFS info (device loop3): rebuilding free space tree [ 225.153416][ T9049] BTRFS info (device loop1): rebuilding free space tree [ 225.160805][ T9050] BTRFS info (device loop7): rebuilding free space tree [ 225.203779][ T30] audit: type=1800 audit(1750407979.251:133): pid=9034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1001" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 225.304560][ T5918] usb 9-1: new full-speed USB device number 2 using dummy_hcd [ 225.382840][ T5828] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 225.450970][ T8292] BTRFS info (device loop7): last unmount of filesystem 855cba7b-b3eb-4b23-a65c-d2751c16a85a [ 225.451286][ T5826] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 225.485885][ T5918] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 225.503403][ T9106] loop6: detected capacity change from 0 to 512 [ 225.527118][ T5918] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 225.541540][ T5918] usb 9-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 225.543182][ T9106] EXT4-fs (loop6): warning: checktime reached, running e2fsck is recommended [ 225.552678][ T5918] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.595882][ T9106] EXT4-fs error (device loop6): ext4_orphan_get:1393: inode #17: comm syz.6.1011: iget: bogus i_mode (0) [ 225.607434][ T5918] usb 9-1: config 0 descriptor?? [ 225.648138][ T9106] EXT4-fs error (device loop6): ext4_orphan_get:1398: comm syz.6.1011: couldn't read orphan inode 17 (err -117) [ 225.721337][ T9106] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.922285][ T6479] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.980737][ T9112] loop5: detected capacity change from 0 to 256 [ 225.990321][ T9112] exfat: Deprecated parameter 'utf8' [ 226.007912][ T9112] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xd9b3646f, utbl_chksum : 0xe619d30d) [ 226.074578][ T5918] isku 0003:1E7D:319C.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.8-1/input0 [ 226.138995][ T9115] netem: incorrect ge model size [ 226.464360][ T43] usb 9-1: USB disconnect, device number 2 [ 226.470972][ T9126] loop3: detected capacity change from 0 to 16 [ 226.530925][ T9126] erofs (device loop3): mounted with root inode @ nid 36. [ 226.541483][ T9127] loop5: detected capacity change from 0 to 1024 [ 226.612790][ T9126] erofs (device loop3): read error -117 @ 0 of nid 36 [ 226.620505][ T9126] erofs (device loop3): failed to readdir of logical block 0 of nid 36 [ 226.904730][ T61] hfsplus: found bad thread record in catalog [ 227.130787][ T9140] loop3: detected capacity change from 0 to 1024 [ 227.141253][ T9140] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 227.181311][ T9140] hfsplus: invalid extent max_key_len 7 [ 227.216454][ T9140] hfsplus: failed to load extents file [ 227.267296][ T9128] loop1: detected capacity change from 0 to 32768 [ 227.283251][ T9128] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1022 (9128) [ 227.323395][ T9128] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 227.347479][ T9128] BTRFS info (device loop1): using crc32c (crc32c-x86_64) checksum algorithm [ 227.367857][ T9128] BTRFS info (device loop1): using free-space-tree [ 227.495452][ T972] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 227.573027][ T9174] loop6: detected capacity change from 0 to 256 [ 227.672032][ T972] usb 4-1: config 0 has an invalid descriptor of length 114, skipping remainder of the config [ 227.702619][ T9174] FAT-fs (loop6): Directory bread(block 64) failed [ 227.718572][ T972] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 227.721670][ T5826] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 227.732042][ T9174] FAT-fs (loop6): Directory bread(block 65) failed [ 227.732206][ T9174] FAT-fs (loop6): Directory bread(block 66) failed [ 227.732237][ T9174] FAT-fs (loop6): Directory bread(block 67) failed [ 227.732430][ T9174] FAT-fs (loop6): Directory bread(block 68) failed [ 227.774332][ T972] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 25970, setting to 64 [ 227.799729][ T972] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 227.824329][ T9174] FAT-fs (loop6): Directory bread(block 69) failed [ 227.832513][ T9174] FAT-fs (loop6): Directory bread(block 70) failed [ 227.851874][ T9174] FAT-fs (loop6): Directory bread(block 71) failed [ 227.854679][ T972] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 227.863085][ T9174] FAT-fs (loop6): Directory bread(block 72) failed [ 227.883915][ T9174] FAT-fs (loop6): Directory bread(block 73) failed [ 227.895407][ T972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 227.935024][ T972] usb 4-1: Product: syz [ 227.939252][ T972] usb 4-1: Manufacturer: syz [ 227.944055][ T972] usb 4-1: SerialNumber: syz [ 228.013134][ T972] usb 4-1: config 0 descriptor?? [ 228.032103][ T9140] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 228.040970][ T30] audit: type=1800 audit(1750407982.101:134): pid=9174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1037" name="file0" dev="loop6" ino=1048647 res=0 errno=0 [ 228.074534][ T9182] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1041'. [ 228.123934][ T9184] syz.6.1037: attempt to access beyond end of device [ 228.123934][ T9184] loop6: rw=2049, sector=1160, nr_sectors = 8 limit=256 [ 228.272793][ T972] radio-si470x 4-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 228.292080][ T972] radio-si470x 4-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 228.473044][ T972] radio-si470x 4-1:0.0: software version 0, hardware version 0 [ 228.493896][ T972] radio-si470x 4-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0. [ 228.524673][ T9120] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 228.567105][ T972] radio-si470x 4-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 228.606725][ T12] kworker/u8:0: attempt to access beyond end of device [ 228.606725][ T12] loop6: rw=1, sector=1168, nr_sectors = 24 limit=256 [ 228.675836][ T972] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 228.685377][ T12] kworker/u8:0: attempt to access beyond end of device [ 228.685377][ T12] loop6: rw=1, sector=1224, nr_sectors = 544 limit=256 [ 228.699703][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.706637][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.713265][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.719926][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.726841][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.734988][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.741620][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.748300][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.755063][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.755729][ T12] kworker/u8:0: attempt to access beyond end of device [ 228.755729][ T12] loop6: rw=1, sector=1800, nr_sectors = 128 limit=256 [ 228.761842][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.784086][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.790896][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.797846][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.804462][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.811094][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.817728][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.824458][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.831077][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.839265][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.845998][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.852779][ T12] kworker/u8:0: attempt to access beyond end of device [ 228.852779][ T12] loop6: rw=1, sector=1960, nr_sectors = 11352 limit=256 [ 228.852929][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.873177][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.879844][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.886554][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.893181][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.899871][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.906770][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.913408][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.920207][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.927026][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.933644][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.941856][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.948490][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.955064][ T972] radio-si470x 4-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 228.963943][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.970519][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.977101][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.983884][ C0] radio-si470x 4-1:0.0: non-zero urb status (-71) [ 228.990925][ T972] radio-si470x 4-1:0.0: probe with driver radio-si470x failed with error -22 [ 229.024706][ T972] usb 4-1: USB disconnect, device number 10 [ 229.234102][ T9203] loop7: detected capacity change from 0 to 128 [ 229.263408][ T9203] FAT-fs (loop7): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 229.323228][ T9205] loop5: detected capacity change from 0 to 256 [ 229.490701][ T9208] Driver unsupported XDP return value 0 on prog (id 85) dev N/A, expect packet loss! [ 229.508927][ T9205] FAT-fs (loop5): Directory bread(block 64) failed [ 229.524665][ T9205] FAT-fs (loop5): Directory bread(block 65) failed [ 229.559487][ T9205] FAT-fs (loop5): Directory bread(block 66) failed [ 229.577153][ T9205] FAT-fs (loop5): Directory bread(block 67) failed [ 229.583794][ T9205] FAT-fs (loop5): Directory bread(block 68) failed [ 229.611087][ T9205] FAT-fs (loop5): Directory bread(block 69) failed [ 229.650739][ T9205] FAT-fs (loop5): Directory bread(block 70) failed [ 229.689895][ T9191] loop8: detected capacity change from 0 to 40427 [ 229.690625][ T9205] FAT-fs (loop5): Directory bread(block 71) failed [ 229.709187][ T9205] FAT-fs (loop5): Directory bread(block 72) failed [ 229.738791][ T9205] FAT-fs (loop5): Directory bread(block 73) failed [ 229.758601][ T9191] F2FS-fs (loop8): build fault injection type: 0x7 [ 229.780170][ T9191] F2FS-fs (loop8): invalid crc value [ 229.865178][ T972] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 229.979116][ T9224] loop6: detected capacity change from 0 to 256 [ 229.992607][ T9205] syz.5.1051: attempt to access beyond end of device [ 229.992607][ T9205] loop5: rw=2049, sector=1256, nr_sectors = 32 limit=256 [ 230.016583][ T9205] syz.5.1051: attempt to access beyond end of device [ 230.016583][ T9205] loop5: rw=2049, sector=1320, nr_sectors = 32 limit=256 [ 230.030873][ T9191] F2FS-fs (loop8): Start checkpoint disabled! [ 230.035653][ T9205] syz.5.1051: attempt to access beyond end of device [ 230.035653][ T9205] loop5: rw=2049, sector=1384, nr_sectors = 32 limit=256 [ 230.051500][ T972] usb 4-1: Using ep0 maxpacket: 16 [ 230.053580][ T972] usb 4-1: unable to get BOS descriptor or descriptor too short [ 230.054685][ T972] usb 4-1: config 1 interface 0 altsetting 127 endpoint 0x81 has an invalid bInterval 39, changing to 9 [ 230.078416][ T9205] syz.5.1051: attempt to access beyond end of device [ 230.078416][ T9205] loop5: rw=2049, sector=1448, nr_sectors = 32 limit=256 [ 230.136121][ T9191] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6 [ 230.174210][ T30] audit: type=1800 audit(1750407984.221:135): pid=9224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1058" name="file1" dev="loop6" ino=1048650 res=0 errno=0 [ 230.176407][ T972] usb 4-1: config 1 interface 0 altsetting 127 endpoint 0x81 has invalid maxpacket 1536, setting to 1024 [ 230.239646][ T9227] loop1: detected capacity change from 0 to 512 [ 230.282162][ T972] usb 4-1: config 1 interface 0 altsetting 127 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 230.327914][ T972] usb 4-1: config 1 interface 0 has no altsetting 0 [ 230.328124][ T9227] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 230.354317][ T9227] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 230.368898][ T972] usb 4-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 230.394518][ T9227] EXT4-fs (loop1): warning: maximal mount count reached, running e2fsck is recommended [ 230.397685][ T3487] kworker/u8:6: attempt to access beyond end of device [ 230.397685][ T3487] loop8: rw=1, sector=45096, nr_sectors = 128 limit=40427 [ 230.414275][ T972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.440645][ T9227] EXT4-fs error (device loop1): ext4_orphan_get:1393: comm syz.1.1059: inode #15: comm syz.1.1059: iget: illegal inode # [ 230.464229][ T972] usb 4-1: Product: syz [ 230.468509][ T972] usb 4-1: Manufacturer: syz [ 230.491397][ T61] CPU: 0 UID: 0 PID: 61 Comm: kworker/u8:4 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 230.491430][ T61] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.491447][ T61] Workqueue: writeback wb_workfn (flush-7:8) [ 230.491488][ T61] Call Trace: [ 230.491498][ T61] [ 230.491509][ T61] dump_stack_lvl+0x189/0x250 [ 230.491556][ T61] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.491591][ T61] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 230.491627][ T61] ? __pfx_queue_work_on+0x10/0x10 [ 230.491653][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.491681][ T61] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 230.491717][ T61] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 230.491754][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.491782][ T61] ? f2fs_hw_is_readonly+0x39b/0x470 [ 230.491819][ T61] f2fs_handle_critical_error+0x37c/0x540 [ 230.491859][ T61] f2fs_write_end_io+0x495/0x810 [ 230.491891][ T61] ? blkg_put+0x22/0x240 [ 230.491938][ T61] __submit_merged_bio+0x27a/0x6a0 [ 230.491977][ T61] __submit_merged_write_cond+0x255/0x530 [ 230.492017][ T61] f2fs_write_data_pages+0x261d/0x3000 [ 230.492105][ T61] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 230.492136][ T61] ? __local_bh_enable_ip+0x12d/0x1c0 [ 230.492193][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.492220][ T61] ? rcu_is_watching+0x15/0xb0 [ 230.492311][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.492398][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.492426][ T61] ? unwind_next_frame+0x19ae/0x2390 [ 230.492469][ T61] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 230.492505][ T61] do_writepages+0x32e/0x550 [ 230.492550][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.492578][ T61] ? reacquire_held_locks+0x127/0x1d0 [ 230.492601][ T61] ? writeback_sb_inodes+0x372/0x1000 [ 230.492653][ T61] __writeback_single_inode+0x145/0xff0 [ 230.492692][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.492720][ T61] ? do_raw_spin_unlock+0x122/0x240 [ 230.492756][ T61] writeback_sb_inodes+0x6b5/0x1000 [ 230.492812][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.492858][ T61] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 230.492957][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.492986][ T61] ? rcu_is_watching+0x15/0xb0 [ 230.493024][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.493071][ T61] wb_writeback+0x43b/0xaf0 [ 230.493122][ T61] ? queue_io+0x301/0x590 [ 230.493166][ T61] ? __pfx_wb_writeback+0x10/0x10 [ 230.493216][ T61] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.493259][ T61] wb_workfn+0x409/0xef0 [ 230.493315][ T61] ? __pfx_wb_workfn+0x10/0x10 [ 230.493354][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.493382][ T61] ? __lock_acquire+0xab9/0xd20 [ 230.493433][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.493466][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.493500][ T61] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.493533][ T61] ? process_scheduled_works+0x9ef/0x17b0 [ 230.493570][ T61] ? process_scheduled_works+0x9ef/0x17b0 [ 230.493612][ T61] process_scheduled_works+0xae1/0x17b0 [ 230.493694][ T61] ? __pfx_process_scheduled_works+0x10/0x10 [ 230.493743][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.493784][ T61] worker_thread+0x8a0/0xda0 [ 230.493846][ T61] kthread+0x711/0x8a0 [ 230.493880][ T61] ? __pfx_worker_thread+0x10/0x10 [ 230.493919][ T61] ? __pfx_kthread+0x10/0x10 [ 230.493943][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.493976][ T61] ? _raw_spin_unlock_irq+0x23/0x50 [ 230.494009][ T61] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.494037][ T61] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.494076][ T61] ? __pfx_kthread+0x10/0x10 [ 230.494107][ T61] ret_from_fork+0x3fc/0x770 [ 230.494152][ T61] ? __pfx_ret_from_fork+0x10/0x10 [ 230.494198][ T61] ? __switch_to_asm+0x39/0x70 [ 230.494223][ T61] ? __switch_to_asm+0x33/0x70 [ 230.494247][ T61] ? __pfx_kthread+0x10/0x10 [ 230.494278][ T61] ret_from_fork_asm+0x1a/0x30 [ 230.494328][ T61] [ 230.900008][ T61] F2FS-fs (loop8): Stopped filesystem due to reason: 3 [ 230.908649][ T972] usb 4-1: SerialNumber: syz [ 230.924071][ T9213] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 230.941554][ T9227] EXT4-fs (loop1): Remounting filesystem read-only [ 230.957134][ T9227] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 231.178711][ T972] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input12 [ 231.402433][ T9227] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 231.556614][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.687278][ C0] bcm5974 4-1:1.0: trackpad urb failed: -1 [ 231.846601][ T9264] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1063'. [ 231.856921][ T9262] loop7: detected capacity change from 0 to 512 [ 231.864135][ T9262] EXT4-fs: Ignoring removed nobh option [ 231.872589][ T5945] usb 4-1: USB disconnect, device number 11 [ 231.880260][ T5182] bcm5974 4-1:1.0: could not read from device [ 231.902602][ T9262] EXT4-fs error (device loop7): ext4_orphan_get:1393: inode #15: comm syz.7.1076: iget: bad i_size value: 38620345925642 [ 231.941266][ T9262] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.1076: couldn't read orphan inode 15 (err -117) [ 231.986797][ T5182] bcm5974 4-1:1.0: could not read from device [ 232.006794][ T9262] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.197529][ T6568] EXT4-fs error (device loop7): ext4_validate_block_bitmap:432: comm kworker/u8:9: bg 0: block 5: invalid block bitmap [ 232.251865][ T6568] EXT4-fs (loop7): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 232.490404][ T9273] loop8: detected capacity change from 0 to 512 [ 232.563084][ T9273] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 232.580959][ T9253] loop5: detected capacity change from 0 to 40427 [ 232.648483][ T9253] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504) [ 232.659622][ T9273] EXT4-fs warning (device loop8): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 232.695119][ T9253] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 232.750844][ T9253] F2FS-fs (loop5): heap/no_heap options were deprecated [ 232.768503][ T9273] EXT4-fs (loop8): 1 truncate cleaned up [ 232.791014][ T9273] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.833656][ T9253] F2FS-fs (loop5): invalid crc value [ 232.903417][ T9282] loop1: detected capacity change from 0 to 512 [ 232.980383][ T9282] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1084: bg 0: block 5: invalid block bitmap [ 233.066433][ T9282] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 233.126483][ T8315] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.136990][ T9282] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1084: invalid indirect mapped block 3 (level 2) [ 233.227668][ T9282] EXT4-fs (loop1): 2 truncates cleaned up [ 233.239917][ T6568] EXT4-fs (loop7): This should not happen!! Data will be lost [ 233.239917][ T6568] [ 233.250961][ T6568] EXT4-fs (loop7): Total free blocks count 0 [ 233.257038][ T6568] EXT4-fs (loop7): Free/Dirty block details [ 233.263275][ T6568] EXT4-fs (loop7): free_blocks=0 [ 233.268645][ T6568] EXT4-fs (loop7): dirty_blocks=1 [ 233.270875][ T9282] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.273654][ T6568] EXT4-fs (loop7): Block reservation details [ 233.292307][ T6568] EXT4-fs (loop7): i_reserved_data_blocks=1 [ 233.301202][ T9253] F2FS-fs (loop5): Start checkpoint disabled! [ 233.357093][ T8292] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.368787][ T9253] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 233.404426][ T9253] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 233.415656][ T9271] loop6: detected capacity change from 0 to 131072 [ 233.423772][ T9271] F2FS-fs (loop6): Wrong CP boundary, start(512) end(1536) blocks(0) [ 233.432054][ T9271] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 233.468982][ T9282] EXT4-fs (loop1): shut down requested (1) [ 233.570876][ T30] audit: type=1800 audit(1750407987.621:136): pid=9253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1072" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 233.594493][ T9271] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 233.601544][ T9271] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 233.671843][ T5826] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.798473][ T3487] bio_check_eod: 1 callbacks suppressed [ 233.798494][ T3487] kworker/u8:6: attempt to access beyond end of device [ 233.798494][ T3487] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 233.826373][ T9288] loop8: detected capacity change from 0 to 8192 [ 233.846935][ T3487] CPU: 0 UID: 0 PID: 3487 Comm: kworker/u8:6 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 233.846969][ T3487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 233.846986][ T3487] Workqueue: writeback wb_workfn (flush-7:5) [ 233.847027][ T3487] Call Trace: [ 233.847036][ T3487] [ 233.847047][ T3487] dump_stack_lvl+0x189/0x250 [ 233.847094][ T3487] ? __pfx_dump_stack_lvl+0x10/0x10 [ 233.847129][ T3487] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 233.847169][ T3487] ? __pfx_queue_work_on+0x10/0x10 [ 233.847194][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.847223][ T3487] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 233.847257][ T3487] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 233.847294][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.847322][ T3487] ? f2fs_hw_is_readonly+0x39b/0x470 [ 233.847358][ T3487] f2fs_handle_critical_error+0x37c/0x540 [ 233.847398][ T3487] f2fs_write_end_io+0x495/0x810 [ 233.847431][ T3487] ? blkg_put+0x22/0x240 [ 233.847477][ T3487] __submit_merged_bio+0x27a/0x6a0 [ 233.847516][ T3487] __submit_merged_write_cond+0x255/0x530 [ 233.847556][ T3487] f2fs_write_data_pages+0x261d/0x3000 [ 233.847637][ T3487] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 233.847693][ T3487] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 233.847780][ T3487] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 233.847817][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.847844][ T3487] ? look_up_lock_class+0x74/0x170 [ 233.847896][ T3487] ? trace_f2fs_writepages+0x7f/0x200 [ 233.847932][ T3487] ? f2fs_write_node_pages+0x478/0x6e0 [ 233.847969][ T3487] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 233.848008][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.848045][ T3487] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 233.848080][ T3487] do_writepages+0x32e/0x550 [ 233.848129][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.848155][ T3487] ? reacquire_held_locks+0x127/0x1d0 [ 233.848178][ T3487] ? writeback_sb_inodes+0x372/0x1000 [ 233.848234][ T3487] __writeback_single_inode+0x145/0xff0 [ 233.848273][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.848301][ T3487] ? do_raw_spin_unlock+0x122/0x240 [ 233.848337][ T3487] writeback_sb_inodes+0x6b5/0x1000 [ 233.848395][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.848441][ T3487] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 233.848541][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.848569][ T3487] ? rcu_is_watching+0x15/0xb0 [ 233.848608][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.848650][ T3487] wb_writeback+0x43b/0xaf0 [ 233.848699][ T3487] ? queue_io+0x301/0x590 [ 233.848740][ T3487] ? __pfx_wb_writeback+0x10/0x10 [ 233.848803][ T3487] ? _raw_spin_unlock_irq+0x23/0x50 [ 233.848846][ T3487] wb_workfn+0x409/0xef0 [ 233.848902][ T3487] ? __pfx_wb_workfn+0x10/0x10 [ 233.848941][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.848968][ T3487] ? __lock_acquire+0xab9/0xd20 [ 233.849020][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.849051][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.849084][ T3487] ? _raw_spin_unlock_irq+0x23/0x50 [ 233.849117][ T3487] ? process_scheduled_works+0x9ef/0x17b0 [ 233.849154][ T3487] ? process_scheduled_works+0x9ef/0x17b0 [ 233.849195][ T3487] process_scheduled_works+0xae1/0x17b0 [ 233.849278][ T3487] ? __pfx_process_scheduled_works+0x10/0x10 [ 233.849328][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.849369][ T3487] worker_thread+0x8a0/0xda0 [ 233.849397][ T3487] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 233.849445][ T3487] ? __kthread_parkme+0x7b/0x200 [ 233.849484][ T3487] kthread+0x711/0x8a0 [ 233.849518][ T3487] ? __pfx_worker_thread+0x10/0x10 [ 233.849557][ T3487] ? __pfx_kthread+0x10/0x10 [ 233.849581][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.849614][ T3487] ? _raw_spin_unlock_irq+0x23/0x50 [ 233.849647][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 233.849673][ T3487] ? lockdep_hardirqs_on+0x9c/0x150 [ 233.849708][ T3487] ? __pfx_kthread+0x10/0x10 [ 233.849739][ T3487] ret_from_fork+0x3fc/0x770 [ 233.849780][ T3487] ? __pfx_ret_from_fork+0x10/0x10 [ 233.849830][ T3487] ? __switch_to_asm+0x39/0x70 [ 233.849854][ T3487] ? __switch_to_asm+0x33/0x70 [ 233.849878][ T3487] ? __pfx_kthread+0x10/0x10 [ 233.849908][ T3487] ret_from_fork_asm+0x1a/0x30 [ 233.849959][ T3487] [ 234.273551][ T3487] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 234.283732][ T3487] CPU: 0 UID: 0 PID: 3487 Comm: kworker/u8:6 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 234.283764][ T3487] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 234.283782][ T3487] Workqueue: writeback wb_workfn (flush-7:5) [ 234.283830][ T3487] Call Trace: [ 234.283840][ T3487] [ 234.283849][ T3487] dump_stack_lvl+0x189/0x250 [ 234.283898][ T3487] ? __pfx_dump_stack_lvl+0x10/0x10 [ 234.283933][ T3487] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 234.283970][ T3487] ? __pfx_queue_work_on+0x10/0x10 [ 234.283993][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.284022][ T3487] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 234.284056][ T3487] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 234.284091][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.284118][ T3487] ? f2fs_hw_is_readonly+0x39b/0x470 [ 234.284159][ T3487] f2fs_handle_critical_error+0x37c/0x540 [ 234.284196][ T3487] f2fs_write_end_io+0x495/0x810 [ 234.284230][ T3487] ? blkg_put+0x22/0x240 [ 234.284272][ T3487] __submit_merged_bio+0x27a/0x6a0 [ 234.284309][ T3487] __submit_merged_write_cond+0x255/0x530 [ 234.284345][ T3487] f2fs_write_data_pages+0x261d/0x3000 [ 234.284417][ T3487] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 234.284464][ T3487] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 234.284543][ T3487] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 234.284574][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.284602][ T3487] ? look_up_lock_class+0x74/0x170 [ 234.284653][ T3487] ? trace_f2fs_writepages+0x7f/0x200 [ 234.284684][ T3487] ? f2fs_write_node_pages+0x478/0x6e0 [ 234.284718][ T3487] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 234.284752][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.284787][ T3487] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 234.284825][ T3487] do_writepages+0x32e/0x550 [ 234.284871][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.284898][ T3487] ? reacquire_held_locks+0x127/0x1d0 [ 234.284920][ T3487] ? writeback_sb_inodes+0x372/0x1000 [ 234.284971][ T3487] __writeback_single_inode+0x145/0xff0 [ 234.285007][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.285032][ T3487] ? do_raw_spin_unlock+0x122/0x240 [ 234.285065][ T3487] writeback_sb_inodes+0x6b5/0x1000 [ 234.285117][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.285159][ T3487] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 234.285247][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.285274][ T3487] ? rcu_is_watching+0x15/0xb0 [ 234.285311][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.285347][ T3487] wb_writeback+0x43b/0xaf0 [ 234.285393][ T3487] ? queue_io+0x301/0x590 [ 234.285432][ T3487] ? __pfx_wb_writeback+0x10/0x10 [ 234.285480][ T3487] ? _raw_spin_unlock_irq+0x23/0x50 [ 234.285520][ T3487] wb_workfn+0x409/0xef0 [ 234.285570][ T3487] ? __pfx_wb_workfn+0x10/0x10 [ 234.285606][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.285633][ T3487] ? __lock_acquire+0xab9/0xd20 [ 234.285681][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.285711][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.285743][ T3487] ? _raw_spin_unlock_irq+0x23/0x50 [ 234.285775][ T3487] ? process_scheduled_works+0x9ef/0x17b0 [ 234.285823][ T3487] ? process_scheduled_works+0x9ef/0x17b0 [ 234.285862][ T3487] process_scheduled_works+0xae1/0x17b0 [ 234.285934][ T3487] ? __pfx_process_scheduled_works+0x10/0x10 [ 234.285981][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.286019][ T3487] worker_thread+0x8a0/0xda0 [ 234.286044][ T3487] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 234.286088][ T3487] ? __kthread_parkme+0x7b/0x200 [ 234.286124][ T3487] kthread+0x711/0x8a0 [ 234.286156][ T3487] ? __pfx_worker_thread+0x10/0x10 [ 234.286193][ T3487] ? __pfx_kthread+0x10/0x10 [ 234.286216][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.286248][ T3487] ? _raw_spin_unlock_irq+0x23/0x50 [ 234.286281][ T3487] ? srso_alias_return_thunk+0x5/0xfbef5 [ 234.286307][ T3487] ? lockdep_hardirqs_on+0x9c/0x150 [ 234.286342][ T3487] ? __pfx_kthread+0x10/0x10 [ 234.286370][ T3487] ret_from_fork+0x3fc/0x770 [ 234.286410][ T3487] ? __pfx_ret_from_fork+0x10/0x10 [ 234.286452][ T3487] ? __switch_to_asm+0x39/0x70 [ 234.286477][ T3487] ? __switch_to_asm+0x33/0x70 [ 234.286500][ T3487] ? __pfx_kthread+0x10/0x10 [ 234.286530][ T3487] ret_from_fork_asm+0x1a/0x30 [ 234.286574][ T3487] [ 234.703556][ T3487] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 234.803993][ T9285] loop3: detected capacity change from 0 to 32768 [ 234.813319][ T9285] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1085 (9285) [ 234.829358][ T9285] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 234.842572][ T9285] BTRFS info (device loop3): using sha256 (sha256-x86_64) checksum algorithm [ 234.852206][ T9285] BTRFS info (device loop3): disk space caching is enabled [ 234.859837][ T9285] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 235.004310][ T972] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 235.013900][ T9285] BTRFS info (device loop3): rebuilding free space tree [ 235.085800][ T9285] BTRFS info (device loop3): disabling free space tree [ 235.105524][ T9285] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 235.119328][ T9285] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 235.156087][ T972] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 235.172035][ T972] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.206983][ T972] usb 2-1: config 0 descriptor?? [ 235.230990][ T972] gspca_main: spca508-2.14.0 probing 8086:0110 [ 235.381715][ T5828] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 235.402425][ T9325] loop7: detected capacity change from 0 to 1024 [ 235.423333][ T972] gspca_spca508: reg_read err -32 [ 235.439330][ T972] gspca_spca508: reg_read err -32 [ 235.668075][ T972] gspca_spca508: reg_read err -71 [ 235.673737][ T972] gspca_spca508: reg_read err -71 [ 235.712254][ T972] gspca_spca508: reg write: error -71 [ 235.720083][ T972] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 235.765839][ T972] usb 2-1: USB disconnect, device number 10 [ 236.549049][ T9323] loop8: detected capacity change from 0 to 32768 [ 236.564831][ T9337] loop7: detected capacity change from 0 to 32768 [ 236.610616][ T9323] XFS (loop8): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 236.697711][ T9337] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 236.723981][ T9337] OCFS2: ERROR (device loop7): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #32 has bad chain 3966 [ 236.742358][ T9337] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 236.752239][ T9337] OCFS2: File system is now read-only. [ 236.757772][ T9337] (syz.7.1100,9337,1):ocfs2_search_chain:1817 ERROR: status = -30 [ 236.766031][ T9337] (syz.7.1100,9337,1):ocfs2_search_chain:1940 ERROR: status = -30 [ 236.773875][ T9337] (syz.7.1100,9337,1):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30 [ 236.779954][ T9323] XFS (loop8): Ending clean mount [ 236.782380][ T9337] (syz.7.1100,9337,1):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30 [ 236.796025][ T9337] (syz.7.1100,9337,1):__ocfs2_claim_clusters:2438 ERROR: status = -30 [ 236.804266][ T9337] (syz.7.1100,9337,1):__ocfs2_claim_clusters:2446 ERROR: status = -30 [ 236.812435][ T9337] (syz.7.1100,9337,1):ocfs2_block_group_alloc_contig:437 ERROR: status = -30 [ 236.823185][ T9337] (syz.7.1100,9337,1):ocfs2_block_group_alloc:711 ERROR: status = -30 [ 236.831443][ T9337] (syz.7.1100,9337,1):ocfs2_block_group_alloc:764 ERROR: status = -30 [ 236.840119][ T9337] (syz.7.1100,9337,1):ocfs2_reserve_suballoc_bits:839 ERROR: status = -30 [ 236.848945][ T9337] (syz.7.1100,9337,1):ocfs2_reserve_suballoc_bits:856 ERROR: status = -30 [ 236.857524][ T9337] (syz.7.1100,9337,1):ocfs2_reserve_new_metadata_blocks:996 ERROR: status = -30 [ 236.866823][ T9337] (syz.7.1100,9337,1):ocfs2_reserve_new_metadata_blocks:1019 ERROR: status = -30 [ 236.873312][ T9323] XFS (loop8): Quotacheck needed: Please wait. [ 236.876205][ T9337] (syz.7.1100,9337,1):ocfs2_expand_inline_dir:2839 ERROR: status = -30 [ 236.876260][ T9337] (syz.7.1100,9337,1):ocfs2_extend_dir:3203 ERROR: status = -30 [ 236.876322][ T9337] (syz.7.1100,9337,1):ocfs2_prepare_dir_for_insert:4308 ERROR: status = -30 [ 236.876349][ T9337] (syz.7.1100,9337,1):ocfs2_mknod:298 ERROR: status = -30 [ 236.876377][ T9337] (syz.7.1100,9337,1):ocfs2_mknod:502 ERROR: status = -30 [ 236.876403][ T9337] (syz.7.1100,9337,1):ocfs2_mkdir:658 ERROR: status = -30 [ 237.033798][ T8292] ocfs2: Unmounting device (7,7) on (node local) [ 237.081141][ T9323] XFS (loop8): Quotacheck: Done. [ 237.421233][ T9367] loop6: detected capacity change from 0 to 2048 [ 237.480628][ T8315] XFS (loop8): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 237.506853][ T9367] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.566860][ T9367] ext4 filesystem being mounted at /150/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 237.715208][ T9367] fs-verity (loop6, inode 13): Unknown hash algorithm number: 3 [ 237.728779][ T9385] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1116'. [ 237.756601][ T9385] openvswitch: netlink: Missing key (keys=40, expected=80) [ 237.970190][ T6479] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 238.525312][ T9410] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1128'. [ 238.620996][ T9412] loop3: detected capacity change from 0 to 512 [ 238.681176][ T9412] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 238.783443][ T9412] EXT4-fs (loop3): 1 truncate cleaned up [ 238.869072][ T9420] loop6: detected capacity change from 0 to 512 [ 238.889006][ T9412] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.028591][ T9420] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 239.060835][ T9420] EXT4-fs (loop6): orphan cleanup on readonly fs [ 239.101281][ T9420] EXT4-fs error (device loop6): ext4_quota_enable:7124: inode #15: comm syz.6.1131: iget: bad i_size value: 360287970189639690 [ 239.187057][ T9420] EXT4-fs error (device loop6): ext4_quota_enable:7127: comm syz.6.1131: Bad quota inode: 15, type: 2 [ 239.236155][ T9420] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix. [ 239.286477][ T9420] EXT4-fs (loop6): Cannot turn on quotas: error -117 [ 239.321977][ T9420] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 239.388041][ T9420] EXT4-fs error (device loop6): ext4_lookup:1787: comm syz.6.1131: inode #15: comm syz.6.1131: iget: illegal inode # [ 239.420984][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.437637][ T9428] loop1: detected capacity change from 0 to 4096 [ 239.454302][ T9420] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended [ 239.471363][ T9428] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 239.471938][ T9420] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 239.542575][ T9438] netlink: 20 bytes leftover after parsing attributes in process `syz.8.1140'. [ 239.554394][ T9420] EXT4-fs error (device loop6): ext4_quota_enable:7124: inode #15: comm syz.6.1131: iget: bad i_size value: 360287970189639690 [ 239.599758][ T9428] ntfs3(loop1): ino=19, mi_enum_attr [ 239.611253][ T9428] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 239.621686][ T9420] EXT4-fs error (device loop6): ext4_quota_enable:7127: comm syz.6.1131: Bad quota inode: 15, type: 2 [ 239.678000][ T9420] EXT4-fs warning (device loop6): ext4_enable_quotas:7168: Failed to enable quota tracking (type=2, err=-117, ino=15). Please run e2fsck to fix. [ 239.773602][ T9445] loop3: detected capacity change from 0 to 128 [ 239.870217][ T9445] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 239.891802][ T6479] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.984272][ T5918] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 239.994535][ T9445] ext4 filesystem being mounted at /205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 240.154254][ T5918] usb 8-1: Using ep0 maxpacket: 8 [ 240.169669][ T5918] usb 8-1: config 3 has an invalid interface number: 222 but max is 0 [ 240.195030][ T5918] usb 8-1: config 3 has no interface number 0 [ 240.223261][ T5918] usb 8-1: config 3 interface 222 has no altsetting 0 [ 240.251662][ T5918] usb 8-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice=5c.3c [ 240.264210][ T5918] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 240.291477][ T5918] usb 8-1: Product: syz [ 240.304905][ T5918] usb 8-1: Manufacturer: syz [ 240.322457][ T5918] usb 8-1: SerialNumber: syz [ 240.420701][ T5828] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 240.566216][ T5918] input: bcm5974 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:3.222/input/input13 [ 240.600344][ T5182] bcm5974 8-1:3.222: could not read from device [ 240.668908][ T5182] bcm5974 8-1:3.222: could not read from device [ 240.703479][ T5182] bcm5974 8-1:3.222: could not read from device [ 240.717564][ T5918] usb 8-1: USB disconnect, device number 3 [ 240.878130][ T9478] loop3: detected capacity change from 0 to 2048 [ 241.023995][ T9478] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 241.139059][ T9478] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 241.150140][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1160'. [ 241.190862][ T9478] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 17 with error 28 [ 241.211035][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1160'. [ 241.240849][ T9478] EXT4-fs (loop3): This should not happen!! Data will be lost [ 241.240849][ T9478] [ 241.304521][ T9478] EXT4-fs (loop3): Total free blocks count 0 [ 241.332965][ T9478] EXT4-fs (loop3): Free/Dirty block details [ 241.339955][ T9489] loop7: detected capacity change from 0 to 1024 [ 241.383522][ T9478] EXT4-fs (loop3): free_blocks=2415919104 [ 241.409299][ T9489] hfsplus: request for non-existent node 16777216 in B*Tree [ 241.445102][ T9489] hfsplus: request for non-existent node 16777216 in B*Tree [ 241.453512][ T9489] hfsplus: request for non-existent node 16777216 in B*Tree [ 241.460987][ T9478] EXT4-fs (loop3): dirty_blocks=32 [ 241.498913][ T9478] EXT4-fs (loop3): Block reservation details [ 241.514469][ T9489] hfsplus: request for non-existent node 16777216 in B*Tree [ 241.579260][ T9478] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 241.579711][ T9470] loop6: detected capacity change from 0 to 40427 [ 241.602425][ T9470] F2FS-fs (loop6): Invalid segment/section count (24 != 1 * 1) [ 241.610054][ T9470] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 241.646553][ T9470] F2FS-fs (loop6): invalid crc value [ 241.677737][ T9485] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 16 with error 28 [ 241.685536][ T6568] hfsplus: request for non-existent node 16777216 in B*Tree [ 241.731187][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 241.741210][ T9496] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.770696][ T6568] hfsplus: request for non-existent node 16777216 in B*Tree [ 241.821586][ T9470] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 241.834256][ T9470] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 242.018335][ T6479] syz-executor: attempt to access beyond end of device [ 242.018335][ T6479] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 242.094308][ T6479] CPU: 0 UID: 0 PID: 6479 Comm: syz-executor Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 242.094346][ T6479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.094362][ T6479] Call Trace: [ 242.094371][ T6479] [ 242.094381][ T6479] dump_stack_lvl+0x189/0x250 [ 242.094428][ T6479] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.094464][ T6479] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 242.094502][ T6479] ? __pfx_queue_work_on+0x10/0x10 [ 242.094526][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.094554][ T6479] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 242.094589][ T6479] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 242.094626][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.094653][ T6479] ? f2fs_hw_is_readonly+0x39b/0x470 [ 242.094688][ T6479] f2fs_handle_critical_error+0x37c/0x540 [ 242.094726][ T6479] f2fs_write_end_io+0x495/0x810 [ 242.094757][ T6479] ? blkg_put+0x22/0x240 [ 242.094821][ T6479] __submit_merged_bio+0x27a/0x6a0 [ 242.094881][ T6479] __submit_merged_write_cond+0x255/0x530 [ 242.094918][ T6479] f2fs_write_data_pages+0x261d/0x3000 [ 242.094951][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095017][ T6479] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 242.095063][ T6479] ? arch_stack_walk+0xfc/0x150 [ 242.095119][ T6479] ? __mod_zone_page_state+0xd7/0x140 [ 242.095168][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095196][ T6479] ? folios_put_refs+0x560/0x640 [ 242.095240][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095267][ T6479] ? __lock_acquire+0xab9/0xd20 [ 242.095311][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095337][ T6479] ? do_raw_spin_lock+0x121/0x290 [ 242.095371][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095402][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095428][ T6479] ? do_raw_spin_unlock+0x122/0x240 [ 242.095456][ T6479] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 242.095489][ T6479] do_writepages+0x32e/0x550 [ 242.095533][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095564][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095590][ T6479] ? do_raw_spin_unlock+0x122/0x240 [ 242.095623][ T6479] filemap_fdatawrite+0x191/0x230 [ 242.095647][ T6479] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 242.095717][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.095749][ T6479] ? do_raw_spin_unlock+0x122/0x240 [ 242.095782][ T6479] f2fs_sync_dirty_inodes+0x31f/0x830 [ 242.095839][ T6479] f2fs_write_checkpoint+0x94a/0x1de0 [ 242.095899][ T6479] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 242.095984][ T6479] ? kill_f2fs_super+0x298/0x6c0 [ 242.096022][ T6479] kill_f2fs_super+0x2c3/0x6c0 [ 242.096062][ T6479] ? __pfx_kill_f2fs_super+0x10/0x10 [ 242.096092][ T6479] ? radix_tree_delete_item+0x2b6/0x400 [ 242.096135][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.096160][ T6479] ? shrinker_free+0x2ce/0x3e0 [ 242.096194][ T6479] deactivate_locked_super+0xbc/0x130 [ 242.096231][ T6479] cleanup_mnt+0x425/0x4c0 [ 242.096263][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.096290][ T6479] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.096329][ T6479] task_work_run+0x1d4/0x260 [ 242.096364][ T6479] ? __pfx_task_work_run+0x10/0x10 [ 242.096391][ T6479] ? __x64_sys_umount+0x122/0x160 [ 242.096420][ T6479] ? exit_to_user_mode_loop+0x40/0x110 [ 242.096459][ T6479] exit_to_user_mode_loop+0xec/0x110 [ 242.096495][ T6479] do_syscall_64+0x2bd/0x3b0 [ 242.096517][ T6479] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.096552][ T6479] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.096575][ T6479] ? srso_alias_return_thunk+0x5/0xfbef5 [ 242.096603][ T6479] ? exc_page_fault+0x9f/0xf0 [ 242.096642][ T6479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.096665][ T6479] RIP: 0033:0x7f2065d8fc57 [ 242.096686][ T6479] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 242.096707][ T6479] RSP: 002b:00007ffcbb2420c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 242.096732][ T6479] RAX: 0000000000000000 RBX: 00007f2065e10925 RCX: 00007f2065d8fc57 [ 242.096749][ T6479] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcbb242180 [ 242.096765][ T6479] RBP: 00007ffcbb242180 R08: 0000000000000000 R09: 0000000000000000 [ 242.096781][ T6479] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcbb243210 [ 242.096797][ T6479] R13: 00007f2065e10925 R14: 000000000003b114 R15: 00007ffcbb243250 [ 242.096840][ T6479] [ 242.096850][ T6479] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 242.720496][ T9491] loop8: detected capacity change from 0 to 32768 [ 242.774956][ T9491] [ 242.774956][ T9491] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.774956][ T9491] [ 242.826894][ T9491] find_entry called with index = 0 [ 242.833164][ T9491] read_mapping_page failed! [ 242.876227][ T9515] [ 242.876227][ T9515] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.876227][ T9515] [ 242.894763][ T9491] ERROR: (device loop8): txCommit: [ 242.894763][ T9491] [ 242.919831][ T9515] [ 242.919831][ T9515] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 242.919831][ T9515] [ 242.995340][ T9491] ERROR: (device loop8): remounting filesystem as read-only [ 243.002941][ T9491] [ 243.002941][ T9491] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 243.002941][ T9491] [ 243.235835][ T9506] loop7: detected capacity change from 0 to 32768 [ 243.265585][ T9506] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.1166 (9506) [ 243.341271][ T9506] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 243.398315][ T9506] BTRFS info (device loop7): using sha256 (sha256-x86_64) checksum algorithm [ 243.425358][ T9506] BTRFS info (device loop7): using free-space-tree [ 243.513265][ T9512] loop1: detected capacity change from 0 to 32768 [ 243.569884][ T9512] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 243.584593][ T9506] BTRFS info (device loop7): rebuilding free space tree [ 243.677676][ T9512] XFS (loop1): Ending clean mount [ 243.706625][ T9512] XFS (loop1): Quotacheck needed: Please wait. [ 243.791732][ T9512] XFS (loop1): Quotacheck: Done. [ 243.904813][ T36] BTRFS info (device loop7): qgroup scan completed (inconsistency flag cleared) [ 243.969204][ T9512] XFS (loop1): User initiated shutdown received. [ 243.986536][ T9512] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x105/0x150 (fs/xfs/xfs_fsops.c:466). Shutting down filesystem. [ 244.052264][ T9512] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 244.077038][ T8292] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 244.077270][ T9562] loop8: detected capacity change from 0 to 8 [ 244.140848][ T9565] loop6: detected capacity change from 0 to 256 [ 244.239816][ T9559] xt_CT: No such helper "snmp" [ 244.263334][ T9565] FAT-fs (loop6): Directory bread(block 64) failed [ 244.273028][ T5826] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 244.294086][ T9565] FAT-fs (loop6): Directory bread(block 65) failed [ 244.329680][ T9565] FAT-fs (loop6): Directory bread(block 66) failed [ 244.357234][ T9565] FAT-fs (loop6): Directory bread(block 67) failed [ 244.364094][ T9565] FAT-fs (loop6): Directory bread(block 68) failed [ 244.413104][ T9565] FAT-fs (loop6): Directory bread(block 69) failed [ 244.439757][ T9565] FAT-fs (loop6): Directory bread(block 70) failed [ 244.469690][ T9565] FAT-fs (loop6): Directory bread(block 71) failed [ 244.504450][ T9565] FAT-fs (loop6): Directory bread(block 72) failed [ 244.524686][ T9565] FAT-fs (loop6): Directory bread(block 73) failed [ 244.868585][ T9565] syz.6.1184: attempt to access beyond end of device [ 244.868585][ T9565] loop6: rw=2049, sector=1256, nr_sectors = 32 limit=256 [ 244.964587][ T9565] syz.6.1184: attempt to access beyond end of device [ 244.964587][ T9565] loop6: rw=2049, sector=1320, nr_sectors = 32 limit=256 [ 245.074567][ T9565] syz.6.1184: attempt to access beyond end of device [ 245.074567][ T9565] loop6: rw=2049, sector=1384, nr_sectors = 32 limit=256 [ 245.143783][ T9565] syz.6.1184: attempt to access beyond end of device [ 245.143783][ T9565] loop6: rw=2049, sector=1448, nr_sectors = 32 limit=256 [ 245.287905][ T9586] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.297259][ T9586] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.306679][ T9586] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.315781][ T9586] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 245.355273][ T9582] loop8: detected capacity change from 0 to 8192 [ 245.507594][ T9592] loop5: detected capacity change from 0 to 64 [ 245.847985][ T9597] bridge0: entered promiscuous mode [ 245.862500][ T9597] macvlan2: entered promiscuous mode [ 246.175703][ T9603] loop7: detected capacity change from 0 to 512 [ 246.202757][ T9603] EXT4-fs (loop7): feature flags set on rev 0 fs, running e2fsck is recommended [ 246.238329][ T9603] EXT4-fs (loop7): mounting ext2 file system using the ext4 subsystem [ 246.308915][ T9603] EXT4-fs (loop7): warning: mounting unchecked fs, running e2fsck is recommended [ 246.414709][ T9603] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 246.422921][ T9603] System zones: 0-2, 18-18, 34-35 [ 246.487051][ T9603] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.503190][ T9613] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1204'. [ 246.627907][ T9588] loop1: detected capacity change from 0 to 40427 [ 246.693713][ T8292] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.703130][ T9588] F2FS-fs (loop1): invalid crc value [ 246.726543][ T9599] loop3: detected capacity change from 0 to 32768 [ 246.741395][ T9599] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1199 (9599) [ 246.830455][ T9599] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 246.854343][ T9599] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 246.897303][ T9599] BTRFS info (device loop3): using free-space-tree [ 247.044595][ T9588] F2FS-fs (loop1): Start checkpoint disabled! [ 247.079657][ T9588] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 247.126651][ T9599] BTRFS info (device loop3): rebuilding free space tree [ 247.301387][ T9654] netlink: 16 bytes leftover after parsing attributes in process `syz.8.1213'. [ 247.469256][ T5828] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 247.509040][ T9662] netlink: 'syz.6.1218': attribute type 39 has an invalid length. [ 248.147788][ T9675] loop3: detected capacity change from 0 to 16 [ 248.189433][ T9675] erofs (device loop3): mounted with root inode @ nid 36. [ 248.222963][ T9675] erofs (device loop3): readahead error at folio 23 @ nid 36 [ 248.264257][ T9675] erofs (device loop3): readahead error at folio 22 @ nid 36 [ 248.335760][ T9675] erofs (device loop3): readahead error at folio 19 @ nid 36 [ 248.358029][ T9658] loop7: detected capacity change from 0 to 32768 [ 248.373819][ T9675] erofs (device loop3): readahead error at folio 18 @ nid 36 [ 248.402182][ T9675] syz.3.1219: attempt to access beyond end of device [ 248.402182][ T9675] loop3: rw=524288, sector=67108872, nr_sectors = 8 limit=16 [ 248.448354][ T9658] JBD2: Ignoring recovery information on journal [ 248.633977][ T9658] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 248.661645][ T9668] loop5: detected capacity change from 0 to 32768 [ 248.702095][ T9668] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1221 (9668) [ 248.763210][ T9668] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 248.784811][ T9668] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 248.851271][ T9668] BTRFS info (device loop5): disk space caching is enabled [ 248.875695][ T9668] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 248.939194][ T8292] ocfs2: Unmounting device (7,7) on (node local) [ 249.019415][ T9712] input: syz0 as /devices/virtual/input/input14 [ 249.148025][ T9668] BTRFS info (device loop5): rebuilding free space tree [ 249.199918][ T9668] BTRFS info (device loop5): disabling free space tree [ 249.237139][ T9725] loop3: detected capacity change from 0 to 16 [ 249.238460][ T9668] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 249.266891][ T9725] erofs (device loop3): mounted with root inode @ nid 36. [ 249.288031][ T9668] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 249.451594][ T9733] loop8: detected capacity change from 0 to 1024 [ 249.643689][ T8315] hfsplus: bad catalog entry type [ 249.676617][ T8561] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 249.781854][ T9739] netem: change failed [ 250.117628][ T4596] hfsplus: b-tree write err: -5, ino 4 [ 250.271342][ T9757] loop3: detected capacity change from 0 to 128 [ 250.310643][ T9757] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 250.374132][ T9757] ext4 filesystem being mounted at /216/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 250.437528][ T9757] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:375: inode #2: comm syz.3.1251: No space for directory leaf checksum. Please run e2fsck -D. [ 250.513408][ T9757] EXT4-fs error (device loop3): htree_dirblock_to_tree:1051: inode #2: comm syz.3.1251: Directory block failed checksum [ 250.554369][ T9762] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:375: inode #2: comm syz.3.1251: No space for directory leaf checksum. Please run e2fsck -D. [ 250.585583][ T9762] EXT4-fs error (device loop3): __ext4_find_entry:1626: inode #2: comm syz.3.1251: checksumming directory block 0 [ 250.671941][ T5828] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 250.716664][ T9766] loop5: detected capacity change from 0 to 64 [ 250.758385][ T9766] syz.5.1258: attempt to access beyond end of device [ 250.758385][ T9766] loop5: rw=0, sector=268435468, nr_sectors = 2 limit=64 [ 250.794406][ T9766] Buffer I/O error on dev loop5, logical block 134217734, async page read [ 250.829364][ T9767] loop1: detected capacity change from 0 to 1764 [ 250.841911][ T9772] overlayfs: failed to create directory ./file0/work (errno: 2); mounting read-only [ 250.878985][ T9772] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 250.925584][ T9772] overlayfs: failed to get uuid (/file0, err=-95); falling back to uuid=null. [ 250.963596][ T9772] Trying to free block not in datazone [ 251.039364][ T9777] loop3: detected capacity change from 0 to 64 [ 251.053222][ T4596] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.073500][ T9775] loop7: detected capacity change from 0 to 2048 [ 251.139196][ T9777] syz.3.1260: attempt to access beyond end of device [ 251.139196][ T9777] loop3: rw=0, sector=234881062, nr_sectors = 2 limit=64 [ 251.174045][ T9775] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 251.194272][ T9777] Buffer I/O error on dev loop3, logical block 117440531, async page read [ 251.203302][ T9777] syz.3.1260: attempt to access beyond end of device [ 251.203302][ T9777] loop3: rw=0, sector=8548515840, nr_sectors = 2 limit=64 [ 251.306699][ T9777] Buffer I/O error on dev loop3, logical block 4274257920, async page read [ 251.369734][ T9777] syz.3.1260: attempt to access beyond end of device [ 251.369734][ T9777] loop3: rw=0, sector=301989888, nr_sectors = 2 limit=64 [ 251.385708][ T4596] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.413710][ T9786] loop1: detected capacity change from 0 to 64 [ 251.426733][ T9777] Buffer I/O error on dev loop3, logical block 150994944, async page read [ 251.460438][ T9777] syz.3.1260: attempt to access beyond end of device [ 251.460438][ T9777] loop3: rw=0, sector=234881062, nr_sectors = 2 limit=64 [ 251.513730][ T9777] Buffer I/O error on dev loop3, logical block 117440531, async page read [ 251.574294][ T30] audit: type=1800 audit(1750408005.621:137): pid=9777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1260" name="file2" dev="loop3" ino=6 res=0 errno=0 [ 251.615441][ T4596] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.890948][ T4596] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 251.906459][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 251.919318][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 251.929868][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 251.958369][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 251.968107][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 252.160699][ T9809] loop6: detected capacity change from 0 to 256 [ 252.223018][ T9809] exfat: Deprecated parameter 'namecase' [ 252.242770][ T4596] bridge_slave_1: left allmulticast mode [ 252.250876][ T4596] bridge_slave_1: left promiscuous mode [ 252.258908][ T9809] exfat: Deprecated parameter 'utf8' [ 252.270725][ T4596] bridge0: port 2(bridge_slave_1) entered disabled state [ 252.296628][ T9809] exFAT-fs (loop6): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6d3f72e, utbl_chksum : 0xe619d30d) [ 252.296864][ T4596] bridge_slave_0: left allmulticast mode [ 252.321265][ T4596] bridge_slave_0: left promiscuous mode [ 252.329056][ T4596] bridge0: port 1(bridge_slave_0) entered disabled state [ 252.971100][ T4596] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 252.985366][ T4596] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 252.997971][ T4596] bond0 (unregistering): Released all slaves [ 253.208834][ T5955] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 253.394325][ T5955] usb 8-1: Using ep0 maxpacket: 8 [ 253.417410][ T5955] usb 8-1: config index 0 descriptor too short (expected 30482, got 18) [ 253.441232][ T5955] usb 8-1: config 0 has too many interfaces: 101, using maximum allowed: 32 [ 253.468021][ T5955] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 101 [ 253.510342][ T5955] usb 8-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice= 5.00 [ 253.525988][ T5955] usb 8-1: New USB device strings: Mfr=253, Product=255, SerialNumber=0 [ 253.534933][ T5955] usb 8-1: Product: syz [ 253.539416][ T5955] usb 8-1: Manufacturer: syz [ 253.548213][ T5955] usb 8-1: config 0 descriptor?? [ 253.563770][ T5955] ftdi_sio 8-1:0.0: FTDI USB Serial Device converter detected [ 253.595247][ T5955] usb 8-1: Detected FT2232C/D [ 253.869852][ T9799] chnl_net:caif_netlink_parms(): no params data found [ 253.870636][ T9855] loop6: detected capacity change from 0 to 512 [ 253.937869][ T9855] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.951823][ T9855] ext4 filesystem being mounted at /184/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 253.970009][ T5955] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 253.985725][ T5955] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 254.034559][ T5955] usb 8-1: USB disconnect, device number 4 [ 254.045059][ T5845] Bluetooth: hci4: command tx timeout [ 254.058962][ T5955] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 254.087291][ T5955] ftdi_sio 8-1:0.0: device disconnected [ 254.101293][ T6479] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.115019][ T4596] hsr_slave_0: left promiscuous mode [ 254.130748][ T4596] hsr_slave_1: left promiscuous mode [ 254.139462][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.140373][ T4596] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 254.156298][ T4596] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.174266][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.182369][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.192097][ T4596] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 254.199963][ T4596] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.231719][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.233133][ T4596] veth1_macvtap: left promiscuous mode [ 254.245872][ T4596] veth0_macvtap: left promiscuous mode [ 254.251677][ T4596] veth1_vlan: left promiscuous mode [ 254.252442][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.261971][ T4596] veth0_vlan: left promiscuous mode [ 254.273534][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.290233][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.298579][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.316878][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.329059][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.343037][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.359859][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.369675][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.386581][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.397839][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.408456][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.439413][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.451340][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.462948][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.478786][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.490672][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.503630][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.513038][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.562667][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.592362][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.610682][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.622383][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.641974][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.652422][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.663939][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.726729][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 254.743143][ T972] hid-generic FFFF:FFFFFFFC:20000001.000A: unknown main item tag 0x0 [ 359.724110][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 359.731102][ C0] rcu: 1-...!: (1 ticks this GP) idle=dd8c/1/0x4000000000000000 softirq=42521/42521 fqs=2 [ 359.742697][ C0] rcu: (detected by 0, t=10502 jiffies, g=33837, q=311 ncpus=2) [ 359.750418][ C0] Sending NMI from CPU 0 to CPUs 1: [ 359.750448][ C1] NMI backtrace for cpu 1 [ 359.750463][ C1] CPU: 1 UID: 0 PID: 9851 Comm: syz.1.1291 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 359.750489][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 359.750502][ C1] RIP: 0010:lock_acquire+0x10a/0x360 [ 359.750537][ C1] Code: 99 8d e8 69 50 c8 09 65 ff 05 e2 fd fe 10 45 31 c9 4c 89 7c 24 08 41 f7 c7 00 02 00 00 41 0f 94 c1 4c 89 ef 89 de 8b 54 24 04 <44> 89 e1 45 89 f0 6a 00 6a 00 6a 00 55 ff 74 24 30 e8 e0 02 00 00 [ 359.750556][ C1] RSP: 0018:ffffc90000a08b40 EFLAGS: 00000046 [ 359.750576][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 6853ac0f9467aa00 [ 359.750590][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff99c9e3d0 [ 359.750604][ C1] RBP: ffffffff84c7a30b R08: 0000000000000001 R09: 0000000000000001 [ 359.750618][ C1] R10: dffffc0000000000 R11: fffff52000141196 R12: 0000000000000000 [ 359.750633][ C1] R13: ffffffff99c9e3d0 R14: 0000000000000001 R15: 0000000000000046 [ 359.750651][ C1] FS: 00007f7c3e88b6c0(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 359.750670][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 359.750685][ C1] CR2: 00005555643f3588 CR3: 00000000652cb000 CR4: 0000000000350ef0 [ 359.750701][ C1] Call Trace: [ 359.750710][ C1] [ 359.750721][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.750747][ C1] ? __lock_acquire+0xab9/0xd20 [ 359.750781][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 359.750811][ C1] ? debug_object_activate+0xbb/0x420 [ 359.750836][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 359.750867][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 359.750896][ C1] debug_object_activate+0xbb/0x420 [ 359.750926][ C1] enqueue_hrtimer+0x30/0x3a0 [ 359.750949][ C1] __hrtimer_run_queues+0x656/0xc60 [ 359.750982][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.751017][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 359.751050][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.751081][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 359.751132][ C1] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 359.751169][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 359.751202][ C1] [ 359.751209][ C1] [ 359.751217][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 359.751239][ C1] RIP: 0010:__genradix_ptr+0x1da/0x220 [ 359.751263][ C1] Code: 75 14 e8 09 d5 fe fc 45 31 f6 eb 28 e8 ff d4 fe fc 40 84 ed 74 ec bf 01 02 00 00 48 89 de e8 cd d9 fe fc 48 81 fb 00 02 00 00 <77> 25 e8 df d4 fe fc 49 01 de 4c 89 f0 5b 41 5c 41 5d 41 5e 41 5f [ 359.751280][ C1] RSP: 0018:ffffc90005157538 EFLAGS: 00000283 [ 359.751297][ C1] RAX: ffffffff84c18763 RBX: 00000000000001c8 RCX: ffff88802f390000 [ 359.751313][ C1] RDX: 0000000000000002 RSI: 00000000000001c8 RDI: 0000000000000201 [ 359.751326][ C1] RBP: 0000000000000001 R08: ffff88802f390000 R09: 0000000000000042 [ 359.751341][ C1] R10: 0000000000000041 R11: ffffffff8aaecff0 R12: 0000000000000007 [ 359.751355][ C1] R13: dffffc0000000000 R14: ffff888044885c00 R15: 0000000000000009 [ 359.751373][ C1] ? __pfx_sctp_sched_fcfs_unsched_all+0x10/0x10 [ 359.751401][ C1] ? __genradix_ptr+0x1d3/0x220 [ 359.751427][ C1] ? __genradix_ptr+0x1d3/0x220 [ 359.751451][ C1] sctp_stream_free_ext+0x5b/0x130 [ 359.751486][ C1] sctp_stream_free+0x8f/0x110 [ 359.751521][ C1] sctp_association_free+0x26d/0x7f0 [ 359.751552][ C1] sctp_do_sm+0x3eba/0x5a20 [ 359.751590][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.751614][ C1] ? look_up_lock_class+0x74/0x170 [ 359.751649][ C1] ? __pfx_sctp_do_sm+0x10/0x10 [ 359.751702][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 359.751731][ C1] ? __local_bh_enable_ip+0x12d/0x1c0 [ 359.751764][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.751788][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 359.751825][ C1] sctp_primitive_SHUTDOWN+0x98/0xc0 [ 359.751856][ C1] sctp_close+0x409/0x900 [ 359.751889][ C1] ? __pfx_sctp_close+0x10/0x10 [ 359.751913][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.751940][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.751965][ C1] ? down_write+0x162/0x1f0 [ 359.751986][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.752011][ C1] ? ip_mc_drop_socket+0x25a/0x270 [ 359.752042][ C1] inet_release+0x187/0x210 [ 359.752077][ C1] sock_close+0xc3/0x240 [ 359.752113][ C1] ? __pfx_sock_close+0x10/0x10 [ 359.752145][ C1] __fput+0x44c/0xa70 [ 359.752179][ C1] task_work_run+0x1d4/0x260 [ 359.752209][ C1] ? __pfx_task_work_run+0x10/0x10 [ 359.752242][ C1] get_signal+0x11ed/0x1340 [ 359.752287][ C1] arch_do_signal_or_restart+0x9a/0x750 [ 359.752316][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.752340][ C1] ? bpf_trace_run2+0x322/0x4b0 [ 359.752368][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 359.752401][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.752429][ C1] ? exit_to_user_mode_loop+0x40/0x110 [ 359.752461][ C1] exit_to_user_mode_loop+0x75/0x110 [ 359.752492][ C1] do_syscall_64+0x2bd/0x3b0 [ 359.752511][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 359.752543][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.752564][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 359.752588][ C1] ? exc_page_fault+0x9f/0xf0 [ 359.752620][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.752641][ C1] RIP: 0033:0x7f7c3d98e929 [ 359.752659][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.752677][ C1] RSP: 002b:00007f7c3e88b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 359.752697][ C1] RAX: fffffffffffffe00 RBX: 00007f7c3dbb5fa0 RCX: 00007f7c3d98e929 [ 359.752713][ C1] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 359.752726][ C1] RBP: 00007f7c3da10b39 R08: 0000200000000140 R09: 0000000000000000 [ 359.752740][ C1] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 359.752754][ C1] R13: 0000000000000000 R14: 00007f7c3dbb5fa0 R15: 00007ffd1934d548 [ 359.752779][ C1] [ 359.753441][ C0] rcu: rcu_preempt kthread starved for 10498 jiffies! g33837 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 360.350526][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 360.360503][ C0] rcu: RCU grace-period kthread stack dump: [ 360.366383][ C0] task:rcu_preempt state:R running task stack:27128 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 360.379899][ C0] Call Trace: [ 360.383176][ C0] [ 360.386113][ C0] __schedule+0x16f5/0x4d00 [ 360.390646][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 360.395862][ C0] ? schedule+0x165/0x360 [ 360.400223][ C0] ? __lock_acquire+0xab9/0xd20 [ 360.405092][ C0] ? __pfx___schedule+0x10/0x10 [ 360.409973][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.415639][ C0] ? schedule+0x91/0x360 [ 360.419897][ C0] schedule+0x165/0x360 [ 360.424073][ C0] schedule_timeout+0x12b/0x270 [ 360.428936][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 360.434316][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 360.440225][ C0] ? __pfx_process_timeout+0x10/0x10 [ 360.445527][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.451167][ C0] ? prepare_to_swait_event+0x341/0x380 [ 360.456729][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 360.461608][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 360.467777][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 360.473071][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 360.478288][ C0] ? finish_swait+0xcd/0x1f0 [ 360.482894][ C0] rcu_gp_kthread+0x99/0x390 [ 360.487498][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 360.492709][ C0] ? __kthread_parkme+0x7b/0x200 [ 360.497647][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.503285][ C0] ? __kthread_parkme+0x1a1/0x200 [ 360.508319][ C0] kthread+0x711/0x8a0 [ 360.512397][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 360.517606][ C0] ? __pfx_kthread+0x10/0x10 [ 360.522201][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.527842][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 360.533053][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.538688][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 360.543897][ C0] ? __pfx_kthread+0x10/0x10 [ 360.548494][ C0] ret_from_fork+0x3fc/0x770 [ 360.553101][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 360.558232][ C0] ? __switch_to_asm+0x39/0x70 [ 360.562997][ C0] ? __switch_to_asm+0x33/0x70 [ 360.567762][ C0] ? __pfx_kthread+0x10/0x10 [ 360.572356][ C0] ret_from_fork_asm+0x1a/0x30 [ 360.577140][ C0] [ 360.580155][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 360.586471][ C0] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) [ 360.598450][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 360.608508][ C0] Workqueue: events_unbound toggle_allocation_gate [ 360.615021][ C0] RIP: 0010:smp_call_function_many_cond+0xf6e/0x12d0 [ 360.621712][ C0] Code: 89 ee 83 e6 01 31 ff e8 70 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 1b 74 0b 00 eb 37 f3 90 43 0f b6 04 2c <84> c0 75 10 41 f7 07 01 00 00 00 74 1e e8 00 74 0b 00 eb e5 44 89 [ 360.641320][ C0] RSP: 0018:ffffc90000ac76a0 EFLAGS: 00000293 [ 360.647398][ C0] RAX: 0000000000000000 RBX: ffff8880b863b1c0 RCX: ffff8881404b1e00 [ 360.655371][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 360.663336][ C0] RBP: ffffc90000ac7800 R08: ffffffff8fa10ff7 R09: 1ffffffff1f421fe [ 360.671307][ C0] R10: dffffc0000000000 R11: fffffbfff1f421ff R12: 1ffff110170e7f5d [ 360.679278][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b873fae8 [ 360.687249][ C0] FS: 0000000000000000(0000) GS:ffff888125c51000(0000) knlGS:0000000000000000 [ 360.696175][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 360.702753][ C0] CR2: 0000001b2fa1eff8 CR3: 000000000df38000 CR4: 0000000000350ef0 [ 360.710724][ C0] Call Trace: [ 360.714001][ C0] [ 360.716962][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 360.723307][ C0] ? __pfx_text_poke_memcpy+0x10/0x10 [ 360.728685][ C0] ? kmem_cache_alloc_bulk_noprof+0x148/0x790 [ 360.734754][ C0] ? __pfx___text_poke+0x10/0x10 [ 360.739692][ C0] ? rcu_is_watching+0x15/0xb0 [ 360.744474][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.750111][ C0] ? trace_contention_end+0x39/0x120 [ 360.755397][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.761042][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 360.766070][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 360.771202][ C0] smp_text_poke_batch_finish+0x5e0/0x1100 [ 360.777016][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 360.782040][ C0] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 360.788285][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.793928][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.799564][ C0] ? arch_jump_label_transform_queue+0x97/0x110 [ 360.805818][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.811471][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 360.817460][ C0] static_key_enable_cpuslocked+0x128/0x250 [ 360.823358][ C0] static_key_enable+0x1a/0x20 [ 360.828122][ C0] toggle_allocation_gate+0xad/0x240 [ 360.833411][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 360.839304][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.844948][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.850592][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 360.856325][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 360.862056][ C0] process_scheduled_works+0xae1/0x17b0 [ 360.867648][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 360.873650][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.879296][ C0] worker_thread+0x8a0/0xda0 [ 360.883891][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 360.890238][ C0] ? __kthread_parkme+0x7b/0x200 [ 360.895187][ C0] kthread+0x711/0x8a0 [ 360.899263][ C0] ? __pfx_worker_thread+0x10/0x10 [ 360.904388][ C0] ? __pfx_kthread+0x10/0x10 [ 360.908981][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.914709][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 360.919918][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 360.925553][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 360.930766][ C0] ? __pfx_kthread+0x10/0x10 [ 360.935369][ C0] ret_from_fork+0x3fc/0x770 [ 360.939981][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 360.945114][ C0] ? __switch_to_asm+0x39/0x70 [ 360.949882][ C0] ? __switch_to_asm+0x33/0x70 [ 360.954647][ C0] ? __pfx_kthread+0x10/0x10 [ 360.959245][ C0] ret_from_fork_asm+0x1a/0x30 [ 360.964032][ C0]