last executing test programs: 30.281764046s ago: executing program 1 (id=2): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x1000002, &(0x7f0000000bc0)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c646973636172640061727365743d63703835322c757466383d202c6e6f6e756d7461696c3d302c6e6f6e75617461696c3d302c7574663c3d302c696f6368619615f9a9d8bc34fd234143727365743d69736f383835392d322c756e695f786c6174653d312c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c757466383d312c756e695f786c6174653d302c756e695f786c6174653d302c73686f72746e616d653d6d697865642c726f6469722c756e695f786c", @ANYRESOCT=0x0], 0x1, 0x369, &(0x7f00000041c0)="$eJzs3U1oY9UXAPCTvjRpB/7/dicKQnQnaJnOTje2SAcGu1EJfizE4HRU0iq0WGwX09aF4lJwqSt3CrpwIS5FUMSdC7eOIKPiQrsbcPDKy8vHa5J22sEqxd8Pmt7ce8875708kteQ3D63EO3Lk3Flf/96TE1VorrwyELcqMRsZNGzG6NqY/oAgLPhRkrxeyocM6RyyiUBAKes8/r/QkQ0Yrboef3Lo+Ynr/4AcOZ1//6fPmrO1GEDr5xKSQDAKRt5///eA8O1zk+1d7da+lQAAHBWPfH0M48uLkc83mhMRay9udncbMZDg/HFK/FSrMZKnI+ZuBlRXCjkN5XO7cVLy0vnG43GTvw0G82ImOgGNosrhcWsE1+P+f5I/2ojpZRd/GR5ab7RERG7O538sVbZbE7GuW7+78/FyuDCY7ZXRHRuLi0vXWh0N9Bc68XvROwN3rfI65+Lmfj2+f5mUup9gnF56er8RPfOIH6zWY/L/aNw6DsgAAAAAAAAAAAAAAAAAAAAAABwW+YafbP99XNS/rtYKWdubsx4Z32cIr67PtBesT5QqqdI6bfXHmi+lcWB9YGG1+fZtJAgAAAAAAAAAAAAAAAAAAAA9G1s1aK1urqyvrG13S43dtY3tiYiIu95+euPvpiO0Tm3aFSLFPWIfopGN+12u5Wy3uSURYyGZ3nyXs8Hn/YrLs+p9/dibBn18UP7kTf+d8+P7w6G7s56W/5zMDmL8TuYlcp4eCjp2v+Lkk5yoPqNC+We+mj2aymlUs8b5fCrz45uMCoR1ZM/cNvtiTh8TsobX11/8c7e0W99ngr33T/z5LV33v+l3VrNM0fnEaytb9xM7ValN/lkhyU/1L2eShSNSvlMqB4Vvnewp5V99+tTd739zfGyp3LPq/n5PDQnK3bn4+HwWtHIy8wbtcHZMj0In+zuxOrK5JiT/1aN23hM73jvsw9T+uHnY6co5NVPDD9rTFX+xqcgAAAAAAAAAAAAAAAAAACgq/Rd8a7ul30nj4p68LHTrwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/jmD//9fauztxlDPcRp/7IyJqq+sb0TU/u3dBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+6vAAAA//+Vx1Xq") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x22) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) truncate(&(0x7f0000000000)='./file1\x00', 0xfbb0) 30.197862317s ago: executing program 3 (id=4): syz_mount_image$cramfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x200004c, &(0x7f0000000280)=ANY=[@ANYBLOB="009c74fbdedb35410b4b39523e95fc76118b5f893831d2a69603aed32d7ed8d926063b9f40074d75df684430d7b4338a30dcd937fa4f95c2d6f0fccafe7535ed73b6a95946bbc501924a4d5d5f3b49768815e3e9061703b05b3aacbfd021e97dd21c57cd0eb981eae095faf8e832ca2776a7ee234498d7fb60323bac6950556d9752fbaa76afb0d0cc6508b9d4b242b8d3e12e082ae92c9d962e84670bd313cc143d2398b5ebd6d0524acee51dc3d3c7695c6c7364e7670401815dff78247ef207267e0914eb626ac1a7d230fb2f0ba975a612d008a813f852e8dbb91540c5a5168cda7464b5be0865f3b3e31356b42f8fc15cbf1dc096415b5b865f97bcb190f310fe569f4321b2cc0c16b7bb75fac29e5e396dc2027a26ab4ae01e6ac82331cdb9ac83d921031bf6645f6079a120c00ea3cd3a30db0f66b2c9cd2d50c3a3fde16d903d7f56e8d992c26c86097ed081b62d7374d414a7b0b4b6684ae0a1609559809d74a28a9806d483c83edf33a0986af834d37a47797885800f37a233f702ac474be501d3cd9c4a974a4fc7bb87c2e6f9086f3dad1059a306c6f1c47422ce440372068e895a140f8e43f6f46c575666559844fba4f294a9bd626c643f"], 0x0, 0x143, &(0x7f0000001580)="$eJzs0LFLAmEYx/Hf25VGZRoZ2JAFDR2JeZ7YFqGRIGQHRbugFwSakYu0NbT5J0hUQtPhEI0NZi2GB2L/RMtBUNBovPdeWFBD+/PZ3u/zvo94m2umDB8gQdgoFY+O9XJZzy/saJnU7s3t3STvbgCjP+br9v1mAniRgOYwYJ0CeQAPHmD/oKCv5EoFfrYSgAwgOS66AnF3jDe/aFGnyYtAa0Y09ZcWc5qLv/UO9vUvgSXepgb73gFUaqGG8bTdaafDy9dzEs7SoflphvPqtx7Uq2pqtj4RkLCnP14hyfi750g73I00jJ7ZyWxpGc2MqepqTIkqSrzH/3m8b38UjonfYc7RhUDQjbcT5wjDnlv3zAOgdfGhFb1uP4DXQx/QxV8TVqnlsoGRetbvG4Ik42s9IYQQQgghhBDyb58BAAD//8kVZzA=") mkdirat(0xffffffffffffff9c, &(0x7f0000000580)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x8) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000004c0), 0x3200008, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') chdir(&(0x7f0000000040)='./file0\x00') unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0) 29.493984988s ago: executing program 3 (id=8): mount$nfs(&(0x7f0000000400)='.\x03~\xf3\xf5\x95\xa01\xc3\x99\x8a\x17\x93 [ 104.042718][ T5827] dump_stack_lvl+0x189/0x250 [ 104.042763][ T5827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 104.042789][ T5827] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 104.042819][ T5827] ? __pfx_queue_work_on+0x10/0x10 [ 104.042852][ T5827] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 104.042878][ T5827] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 104.042906][ T5827] ? f2fs_hw_is_readonly+0x39b/0x470 [ 104.042937][ T5827] f2fs_handle_critical_error+0x37c/0x540 [ 104.042970][ T5827] f2fs_write_end_io+0x495/0x810 [ 104.042987][ T5827] ? blkg_put+0x22/0x240 [ 104.043023][ T5827] __submit_merged_bio+0x27a/0x6a0 [ 104.043054][ T5827] __submit_merged_write_cond+0x255/0x530 [ 104.043090][ T5827] f2fs_write_data_pages+0x261d/0x3000 [ 104.043153][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 104.043254][ T5827] ? __lock_acquire+0xab9/0xd20 [ 104.043291][ T5827] ? do_raw_spin_lock+0x121/0x290 [ 104.043326][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 104.043349][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 104.043382][ T5827] do_writepages+0x32b/0x550 [ 104.043424][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 104.043452][ T5827] filemap_fdatawrite+0x191/0x230 [ 104.043484][ T5827] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 104.043567][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 104.043595][ T5827] f2fs_sync_dirty_inodes+0x31f/0x830 [ 104.043633][ T5827] f2fs_write_checkpoint+0x94a/0x1de0 [ 104.043686][ T5827] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 104.043759][ T5827] ? kill_f2fs_super+0x298/0x6c0 [ 104.043788][ T5827] kill_f2fs_super+0x2c3/0x6c0 [ 104.043816][ T5827] ? __pfx_kill_f2fs_super+0x10/0x10 [ 104.043835][ T5827] ? radix_tree_delete_item+0x2b6/0x400 [ 104.043874][ T5827] ? shrinker_free+0x2ce/0x3e0 [ 104.043909][ T5827] deactivate_locked_super+0xbc/0x130 [ 104.043933][ T5827] cleanup_mnt+0x425/0x4c0 [ 104.043967][ T5827] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.044001][ T5827] task_work_run+0x1d1/0x260 [ 104.044030][ T5827] ? __pfx_task_work_run+0x10/0x10 [ 104.044052][ T5827] ? __x64_sys_umount+0x122/0x160 [ 104.044082][ T5827] ? exit_to_user_mode_loop+0x40/0x110 [ 104.044116][ T5827] exit_to_user_mode_loop+0xec/0x110 [ 104.044145][ T5827] do_syscall_64+0x2bd/0x3b0 [ 104.044161][ T5827] ? lockdep_hardirqs_on+0x9c/0x150 [ 104.044190][ T5827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.044211][ T5827] ? clear_bhb_loop+0x60/0xb0 [ 104.044237][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.044258][ T5827] RIP: 0033:0x7f4bc3d8fc57 [ 104.044285][ T5827] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 104.044303][ T5827] RSP: 002b:00007ffecf11f868 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 104.044325][ T5827] RAX: 0000000000000000 RBX: 00007f4bc3e10925 RCX: 00007f4bc3d8fc57 [ 104.044340][ T5827] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffecf11f920 [ 104.044353][ T5827] RBP: 00007ffecf11f920 R08: 0000000000000000 R09: 0000000000000000 [ 104.044365][ T5827] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffecf1209b0 [ 104.044379][ T5827] R13: 00007f4bc3e10925 R14: 000000000001958b R15: 00007ffecf1209f0 [ 104.044413][ T5827] [ 104.044422][ T5827] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 104.046970][ T5978] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 104.066035][ T5891] loop4: p77 start 4284289 is beyond EOD, truncated [ 104.066068][ T5891] loop4: p78 start 4284289 is beyond EOD, truncated [ 104.066088][ T5891] loop4: p79 start 4284289 is beyond EOD, truncated [ 104.066108][ T5891] loop4: p80 start 4284289 is beyond EOD, truncated [ 104.066128][ T5891] loop4: p81 start 4284289 is beyond EOD, truncated [ 104.066147][ T5891] loop4: p82 start 4284289 is beyond EOD, truncated [ 104.066166][ T5891] loop4: p83 start 4284289 is beyond EOD, truncated [ 104.066186][ T5891] loop4: p84 start 4284289 is beyond EOD, truncated [ 104.066205][ T5891] loop4: p85 start 4284289 is beyond EOD, truncated [ 104.066224][ T5891] loop4: p86 start 4284289 is beyond EOD, truncated [ 104.066243][ T5891] loop4: p87 start 4284289 is beyond EOD, truncated [ 104.066262][ T5891] loop4: p88 start 4284289 is beyond EOD, truncated [ 104.066281][ T5891] loop4: p89 start 4284289 is beyond EOD, truncated [ 104.066301][ T5891] loop4: p90 start 4284289 is beyond EOD, truncated [ 104.066320][ T5891] loop4: p91 start 4284289 is beyond EOD, truncated [ 104.066339][ T5891] loop4: p92 start 4284289 is beyond EOD, truncated [ 104.066359][ T5891] loop4: p93 start 4284289 is beyond EOD, truncated [ 104.066378][ T5891] loop4: p94 start 4284289 is beyond EOD, truncated [ 104.066418][ T5891] loop4: p95 start 4284289 is beyond EOD, truncated [ 104.066438][ T5891] loop4: p96 start 4284289 is beyond EOD, truncated [ 104.066457][ T5891] loop4: p97 start 4284289 is beyond EOD, truncated [ 104.066476][ T5891] loop4: p98 start 4284289 is beyond EOD, truncated [ 104.066496][ T5891] loop4: p99 start 4284289 is beyond EOD, truncated [ 104.066515][ T5891] loop4: p100 start 4284289 is beyond EOD, truncated [ 104.066535][ T5891] loop4: p101 start 4284289 is beyond EOD, truncated [ 104.066554][ T5891] loop4: p102 start 4284289 is beyond EOD, truncated [ 104.066573][ T5891] loop4: p103 start 4284289 is beyond EOD, truncated [ 104.066592][ T5891] loop4: p104 start 4284289 is beyond EOD, truncated [ 104.066612][ T5891] loop4: p105 start 4284289 is beyond EOD, truncated [ 104.066632][ T5891] loop4: p106 start 4284289 is beyond EOD, truncated [ 104.066651][ T5891] loop4: p107 start 4284289 is beyond EOD, truncated [ 104.066671][ T5891] loop4: p108 start 4284289 is beyond EOD, truncated [ 104.066697][ T5891] loop4: p109 start 4284289 is beyond EOD, truncated [ 104.066717][ T5891] loop4: p110 start 4284289 is beyond EOD, truncated [ 104.066736][ T5891] loop4: p111 start 4284289 is beyond EOD, truncated [ 104.066755][ T5891] loop4: p112 start 4284289 is beyond EOD, truncated [ 104.066774][ T5891] loop4: p113 start 4284289 is beyond EOD, truncated [ 104.066793][ T5891] loop4: p114 start 4284289 is beyond EOD, truncated [ 104.066813][ T5891] loop4: p115 start 4284289 is beyond EOD, truncated [ 104.066831][ T5891] loop4: p116 start 4284289 is beyond EOD, truncated [ 104.066851][ T5891] loop4: p117 start 4284289 is beyond EOD, truncated [ 104.066869][ T5891] loop4: p118 start 4284289 is beyond EOD, truncated [ 104.066887][ T5891] loop4: p119 start 4284289 is beyond EOD, truncated [ 104.066906][ T5891] loop4: p120 start 4284289 is beyond EOD, truncated [ 104.066925][ T5891] loop4: p121 start 4284289 is beyond EOD, truncated [ 104.258178][ T5978] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm [ 104.266385][ T5891] loop4: p122 start 4284289 is beyond EOD, truncated [ 104.742443][ T5891] loop4: p123 start 4284289 is beyond EOD, truncated [ 104.749798][ T5891] loop4: p124 start 4284289 is beyond EOD, truncated [ 104.756738][ T5891] loop4: p125 start 4284289 is beyond EOD, truncated [ 104.763518][ T5891] loop4: p126 start 4284289 is beyond EOD, truncated [ 104.806351][ T5891] loop4: p127 start 4284289 is beyond EOD, truncated [ 104.813154][ T5891] loop4: p128 start 4284289 is beyond EOD, truncated [ 104.835897][ T5891] loop4: p129 start 4284289 is beyond EOD, truncated [ 104.842665][ T5891] loop4: p130 start 4284289 is beyond EOD, truncated [ 104.861986][ T5891] loop4: p131 start 4284289 is beyond EOD, truncated [ 104.868999][ T5891] loop4: p132 start 4284289 is beyond EOD, truncated [ 104.875974][ T5891] loop4: p133 start 4284289 is beyond EOD, truncated [ 104.882722][ T5891] loop4: p134 start 4284289 is beyond EOD, truncated [ 104.896155][ T5891] loop4: p135 start 4284289 is beyond EOD, truncated [ 104.904974][ T5891] loop4: p136 start 4284289 is beyond EOD, truncated [ 104.912693][ T5891] loop4: p137 start 4284289 is beyond EOD, truncated [ 104.920115][ T176] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.922583][ T5891] loop4: p138 start 4284289 is beyond EOD, truncated [ 104.942473][ T5891] loop4: p139 start 4284289 is beyond EOD, truncated [ 104.952773][ T5891] loop4: p140 start 4284289 is beyond EOD, truncated [ 104.960084][ T5978] BTRFS info (device loop0): rebuilding free space tree [ 104.977393][ T5891] loop4: p141 start 4284289 is beyond EOD, truncated [ 105.018052][ T5891] loop4: p142 start 4284289 is beyond EOD, truncated [ 105.024832][ T5891] loop4: p143 start 4284289 is beyond EOD, truncated [ 105.051202][ T5978] BTRFS info (device loop0): disabling free space tree [ 105.071052][ T5891] loop4: p144 start 4284289 is beyond EOD, truncated [ 105.084196][ T5978] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 105.103753][ T5891] loop4: p145 start 4284289 is beyond EOD, truncated [ 105.122891][ T5978] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.129027][ T176] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.133398][ T5891] loop4: p146 start 4284289 is beyond EOD, truncated [ 105.186114][ T5891] loop4: p147 start 4284289 is beyond EOD, truncated [ 105.203417][ T5891] loop4: p148 start 4284289 is beyond EOD, truncated [ 105.225940][ T5891] loop4: p149 start 4284289 is beyond EOD, truncated [ 105.235976][ T5891] loop4: p150 start 4284289 is beyond EOD, truncated [ 105.255429][ T5891] loop4: p151 start 4284289 is beyond EOD, truncated [ 105.275690][ T5891] loop4: p152 start 4284289 is beyond EOD, truncated [ 105.282849][ T5891] loop4: p153 start 4284289 is beyond EOD, truncated [ 105.305488][ T5891] loop4: p154 start 4284289 is beyond EOD, truncated [ 105.328796][ T176] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.359172][ T5891] loop4: p155 start 4284289 is beyond EOD, truncated [ 105.386231][ T5891] loop4: p156 start 4284289 is beyond EOD, truncated [ 105.408549][ T5891] loop4: p157 start 4284289 is beyond EOD, truncated [ 105.431997][ T5891] loop4: p158 start 4284289 is beyond EOD, truncated [ 105.439161][ T5891] loop4: p159 start 4284289 is beyond EOD, truncated [ 105.446255][ T5891] loop4: p160 start 4284289 is beyond EOD, truncated [ 105.459081][ T5891] loop4: p161 start 4284289 is beyond EOD, truncated [ 105.514850][ T5891] loop4: p162 start 4284289 is beyond EOD, truncated [ 105.544538][ T5891] loop4: p163 start 4284289 is beyond EOD, truncated [ 105.567853][ T5891] loop4: p164 start 4284289 is beyond EOD, truncated [ 105.598882][ T5891] loop4: p165 start 4284289 is beyond EOD, truncated [ 105.605650][ T5891] loop4: p166 start 4284289 is beyond EOD, truncated [ 105.679709][ T5891] loop4: p167 start 4284289 is beyond EOD, truncated [ 105.704887][ T5891] loop4: p168 start 4284289 is beyond EOD, truncated [ 105.714666][ T5832] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 105.741451][ T5891] loop4: p169 start 4284289 is beyond EOD, truncated [ 105.756657][ T5891] loop4: p170 start 4284289 is beyond EOD, truncated [ 105.763432][ T5891] loop4: p171 start 4284289 is beyond EOD, truncated [ 105.776821][ T5891] loop4: p172 start 4284289 is beyond EOD, truncated [ 105.796840][ T5891] loop4: p173 start 4284289 is beyond EOD, truncated [ 105.803601][ T5891] loop4: p174 start 4284289 is beyond EOD, truncated [ 105.820426][ T5891] loop4: p175 start 4284289 is beyond EOD, truncated [ 105.850782][ T176] bridge_slave_1: left allmulticast mode [ 105.857719][ T5891] loop4: p176 start 4284289 is beyond EOD, truncated [ 105.864675][ T5891] loop4: p177 start 4284289 is beyond EOD, truncated [ 105.872507][ T176] bridge_slave_1: left promiscuous mode [ 105.878999][ T5891] loop4: p178 start 4284289 is beyond EOD, truncated [ 105.888505][ T176] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.914453][ T5891] loop4: p179 start 4284289 is beyond EOD, truncated [ 105.965946][ T5891] loop4: p180 start 4284289 is beyond EOD, truncated [ 105.972713][ T5891] loop4: p181 start 4284289 is beyond EOD, truncated [ 106.005888][ T5891] loop4: p182 start 4284289 is beyond EOD, truncated [ 106.012665][ T5891] loop4: p183 start 4284289 is beyond EOD, truncated [ 106.035686][ T5891] loop4: p184 start 4284289 is beyond EOD, [ 106.041402][ T176] bridge_slave_0: left allmulticast mode [ 106.066538][ T5891] truncated [ 106.069725][ T5891] loop4: p185 start 4284289 is beyond EOD, truncated [ 106.078560][ T176] bridge_slave_0: left promiscuous mode [ 106.096146][ T176] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.104706][ T5891] loop4: p186 start 4284289 is beyond EOD, truncated [ 106.133403][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 106.145543][ T5891] loop4: p187 start 4284289 is beyond EOD, truncated [ 106.156610][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 106.165016][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 106.181506][ T5891] loop4: p188 start 4284289 is beyond EOD, truncated [ 106.188705][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 106.199860][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 106.209039][ T5891] loop4: p189 start 4284289 is beyond EOD, truncated [ 106.255173][ T5891] loop4: p190 start 4284289 is beyond EOD, truncated [ 106.311664][ T5891] loop4: p191 start 4284289 is beyond EOD, truncated [ 106.322460][ T5891] loop4: p192 start 4284289 is beyond EOD, truncated [ 106.329677][ T5891] loop4: p193 start 4284289 is beyond EOD, truncated [ 106.337489][ T5891] loop4: p194 start 4284289 is beyond EOD, truncated [ 106.344242][ T5891] loop4: p195 start 4284289 is beyond EOD, truncated [ 106.351743][ T5891] loop4: p196 start 4284289 is beyond EOD, truncated [ 106.358527][ T5891] loop4: p197 start 4284289 is beyond EOD, truncated [ 106.365345][ T5891] loop4: p198 start 4284289 is beyond EOD, truncated [ 106.372127][ T5891] loop4: p199 start 4284289 is beyond EOD, truncated [ 106.379466][ T5891] loop4: p200 start 4284289 is beyond EOD, truncated [ 106.386428][ T5891] loop4: p201 start 4284289 is beyond EOD, truncated [ 106.393154][ T5891] loop4: p202 start 4284289 is beyond EOD, truncated [ 106.406433][ T5891] loop4: p203 start 4284289 is beyond EOD, truncated [ 106.413250][ T5891] loop4: p204 start 4284289 is beyond EOD, truncated [ 106.426098][ T5891] loop4: p205 start 4284289 is beyond EOD, truncated [ 106.432929][ T5891] loop4: p206 start 4284289 is beyond EOD, truncated [ 106.452156][ T5891] loop4: p207 start 4284289 is beyond EOD, truncated [ 106.469391][ T5891] loop4: p208 start 4284289 is beyond EOD, truncated [ 106.490503][ T5891] loop4: p209 start 4284289 is beyond EOD, truncated [ 106.497752][ T5891] loop4: p210 start 4284289 is beyond EOD, truncated [ 106.504494][ T5891] loop4: p211 start 4284289 is beyond EOD, truncated [ 106.530019][ T5891] loop4: p212 start 4284289 is beyond EOD, truncated [ 106.541680][ T5891] loop4: p213 start 4284289 is beyond EOD, truncated [ 106.560811][ T6013] loop0: detected capacity change from 0 to 164 [ 106.567723][ T5891] loop4: p214 start 4284289 is beyond EOD, truncated [ 106.585807][ T5891] loop4: p215 start 4284289 is beyond EOD, truncated [ 106.596140][ T5891] loop4: p216 start 4284289 is beyond EOD, truncated [ 106.602934][ T5891] loop4: p217 start 4284289 is beyond EOD, truncated [ 106.619011][ T5891] loop4: p218 start 4284289 is beyond EOD, truncated [ 106.635883][ T5891] loop4: p219 start 4284289 is beyond EOD, truncated [ 106.665074][ T6013] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet. [ 106.676433][ T5891] loop4: p220 start 4284289 is beyond EOD, truncated [ 106.676465][ T5891] loop4: p221 start 4284289 is beyond EOD, truncated [ 106.676483][ T5891] loop4: p222 start 4284289 is beyond EOD, truncated [ 106.676502][ T5891] loop4: p223 start 4284289 is beyond EOD, truncated [ 106.676520][ T5891] loop4: p224 start 4284289 is beyond EOD, truncated [ 106.676539][ T5891] loop4: p225 start 4284289 is beyond EOD, truncated [ 106.676557][ T5891] loop4: p226 start 4284289 is beyond EOD, truncated [ 106.676576][ T5891] loop4: p227 start 4284289 is beyond EOD, truncated [ 106.676596][ T5891] loop4: p228 start 4284289 is beyond EOD, truncated [ 106.676615][ T5891] loop4: p229 start 4284289 is beyond EOD, truncated [ 106.676635][ T5891] loop4: p230 start 4284289 is beyond EOD, truncated [ 106.676654][ T5891] loop4: p231 start 4284289 is beyond EOD, truncated [ 106.676674][ T5891] loop4: p232 start 4284289 is beyond EOD, truncated [ 106.676693][ T5891] loop4: p233 start 4284289 is beyond EOD, truncated [ 106.676712][ T5891] loop4: p234 start 4284289 is beyond EOD, truncated [ 106.676732][ T5891] loop4: p235 start 4284289 is beyond EOD, truncated [ 106.676750][ T5891] loop4: p236 start 4284289 is beyond EOD, truncated [ 106.676769][ T5891] loop4: p237 start 4284289 is beyond EOD, truncated [ 106.676787][ T5891] loop4: p238 start 4284289 is beyond EOD, truncated [ 106.676806][ T5891] loop4: p239 start 4284289 is beyond EOD, truncated [ 106.676825][ T5891] loop4: p240 start 4284289 is beyond EOD, truncated [ 106.676844][ T5891] loop4: p241 start 4284289 is beyond EOD, truncated [ 106.676864][ T5891] loop4: p242 start 4284289 is beyond EOD, truncated [ 106.676883][ T5891] loop4: p243 start 4284289 is beyond EOD, truncated [ 106.676903][ T5891] loop4: p244 start 4284289 is beyond EOD, truncated [ 106.676922][ T5891] loop4: p245 start 4284289 is beyond EOD, truncated [ 106.676942][ T5891] loop4: p246 start 4284289 is beyond EOD, truncated [ 106.676961][ T5891] loop4: p247 start 4284289 is beyond EOD, truncated [ 106.676981][ T5891] loop4: p248 start 4284289 is beyond EOD, truncated [ 106.677000][ T5891] loop4: p249 start 4284289 is beyond EOD, truncated [ 106.677020][ T5891] loop4: p250 start 4284289 is beyond EOD, truncated [ 106.677039][ T5891] loop4: p251 start 4284289 is beyond EOD, truncated [ 106.677058][ T5891] loop4: p252 start 4284289 is beyond EOD, truncated [ 106.677077][ T5891] loop4: p253 start 4284289 is beyond EOD, truncated [ 106.919149][ T5891] loop4: p254 start 4284289 is beyond EOD, truncated [ 106.926589][ T5891] loop4: p255 start 4284289 is beyond EOD, truncated [ 106.968926][ T5195] loop4: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p219 p220 p221 p222 p223 p224 p225 p22 [ 106.991296][ T5195] loop4: p3 start 4284289 is beyond EOD, [ 107.124693][ T6015] loop0: detected capacity change from 0 to 1024 [ 107.141653][ T5195] truncated [ 107.160502][ T5195] loop4: p5 start 4284289 is beyond EOD, truncated [ 107.170028][ T5195] loop4: p6 start 4284289 is beyond EOD, truncated [ 107.179312][ T5195] loop4: p7 start 4284289 is beyond EOD, truncated [ 107.187550][ T5195] loop4: p8 start 4284289 is beyond EOD, truncated [ 107.198541][ T5195] loop4: p9 start 4284289 is beyond EOD, truncated [ 107.217465][ T6015] hfsplus: bad catalog entry type [ 107.229491][ T5195] loop4: p10 start 4284289 is beyond EOD, truncated [ 107.236880][ T5195] loop4: p11 start 4284289 is beyond EOD, truncated [ 107.256419][ T5195] loop4: p12 start 4284289 is beyond EOD, truncated [ 107.285209][ T5195] loop4: p13 start 4284289 is beyond EOD, truncated [ 107.293417][ T5195] loop4: p14 start 4284289 is beyond EOD, truncated [ 107.303280][ T5195] loop4: p15 start 4284289 is beyond EOD, truncated [ 107.310241][ T5195] loop4: p16 start 4284289 is beyond EOD, truncated [ 107.311189][ T3442] hfsplus: b-tree write err: -5, ino 4 [ 107.320355][ T5195] loop4: p17 start 4284289 is beyond EOD, truncated [ 107.329701][ T5195] loop4: p18 start 4284289 is beyond EOD, truncated [ 107.348679][ T5195] loop4: p19 start 4284289 is beyond EOD, truncated [ 107.356904][ T5195] loop4: p20 start 4284289 is beyond EOD, truncated [ 107.365291][ T5195] loop4: p21 start 4284289 is beyond EOD, truncated [ 107.373775][ T5195] loop4: p22 start 4284289 is beyond EOD, truncated [ 107.381172][ T5195] loop4: p23 start 4284289 is beyond EOD, truncated [ 107.396284][ T5195] loop4: p24 start 4284289 is beyond EOD, truncated [ 107.408092][ T5195] loop4: p25 start 4284289 is beyond EOD, truncated [ 107.414774][ T5195] loop4: p26 start 4284289 is beyond EOD, truncated [ 107.422747][ T5195] loop4: p27 start 4284289 is beyond EOD, truncated [ 107.431181][ T5195] loop4: p28 start 4284289 is beyond EOD, truncated [ 107.438219][ T5195] loop4: p29 start 4284289 is beyond EOD, truncated [ 107.450777][ T5195] loop4: p30 start 4284289 is beyond EOD, truncated [ 107.457865][ T5195] loop4: p31 start 4284289 is beyond EOD, truncated [ 107.470882][ T5195] loop4: p32 start 4284289 is beyond EOD, truncated [ 107.481958][ T6011] loop2: detected capacity change from 0 to 40427 [ 107.484200][ T5195] loop4: p33 start 4284289 is beyond EOD, [ 107.490922][ T6011] F2FS-fs (loop2): Small segment_count (9 < 1 * 24) [ 107.501422][ T5195] truncated [ 107.520720][ T6017] loop0: detected capacity change from 0 to 512 [ 107.524386][ T5195] loop4: p34 start 4284289 is beyond EOD, truncated [ 107.538769][ T6011] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 107.541829][ T5195] loop4: p35 start 4284289 is beyond EOD, truncated [ 107.559361][ T5195] loop4: p36 start 4284289 is beyond EOD, truncated [ 107.571354][ T5195] loop4: p37 start 4284289 is beyond EOD, truncated [ 107.581673][ T5195] loop4: p38 start 4284289 is beyond EOD, truncated [ 107.593628][ T5195] loop4: p39 start 4284289 is beyond EOD, truncated [ 107.605653][ T5195] loop4: p40 start 4284289 is beyond EOD, truncated [ 107.613043][ T5195] loop4: p41 start 4284289 is beyond EOD, truncated [ 107.624935][ T5195] loop4: p42 start 4284289 is beyond EOD, truncated [ 107.632255][ T5195] loop4: p43 start 4284289 is beyond EOD, truncated [ 107.641172][ T5195] loop4: p44 start 4284289 is beyond EOD, truncated [ 107.649019][ T5195] loop4: p45 start 4284289 is beyond EOD, truncated [ 107.649379][ T176] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 107.657878][ T5195] loop4: p46 start 4284289 is beyond EOD, truncated [ 107.675588][ T6017] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.688345][ T5195] loop4: p47 start 4284289 is beyond EOD, truncated [ 107.695207][ T6017] ext4 filesystem being mounted at /6/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 107.705486][ T5195] loop4: p48 start 4284289 is beyond EOD, truncated [ 107.712532][ T5195] loop4: p49 start 4284289 is beyond EOD, truncated [ 107.713460][ T176] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 107.719239][ T5195] loop4: p50 start 4284289 is beyond EOD, truncated [ 107.719265][ T5195] loop4: p51 start 4284289 is beyond EOD, truncated [ 107.719285][ T5195] loop4: p52 start 4284289 is beyond EOD, truncated [ 107.719305][ T5195] loop4: p53 start 4284289 is beyond EOD, truncated [ 107.719324][ T5195] loop4: p54 start 4284289 is beyond EOD, truncated [ 107.719344][ T5195] loop4: p55 start 4284289 is beyond EOD, truncated [ 107.719370][ T5195] loop4: p56 start 4284289 is beyond EOD, truncated [ 107.719389][ T5195] loop4: p57 start 4284289 is beyond EOD, truncated [ 107.719406][ T5195] loop4: p58 start 4284289 is beyond EOD, truncated [ 107.719425][ T5195] loop4: p59 start 4284289 is beyond EOD, truncated [ 107.719444][ T5195] loop4: p60 start 4284289 is beyond EOD, truncated [ 107.768799][ T6017] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.25: corrupted inode contents [ 107.779085][ T5195] loop4: p61 start 4284289 is beyond EOD, [ 107.819972][ T176] bond0 (unregistering): Released all slaves [ 107.822207][ T5195] truncated [ 107.835838][ T6017] EXT4-fs error (device loop0): ext4_dirty_inode:6459: inode #2: comm syz.0.25: mark_inode_dirty error [ 107.839164][ T5195] loop4: p62 start 4284289 is beyond EOD, [ 107.848262][ T6011] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 107.854103][ T5195] truncated [ 107.854118][ T5195] loop4: p63 start 4284289 is beyond EOD, truncated [ 107.871346][ T5195] loop4: p64 start 4284289 is beyond EOD, truncated [ 107.876406][ T6011] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 107.882042][ T5195] loop4: p65 start 4284289 is beyond EOD, truncated [ 107.891544][ T6017] EXT4-fs error (device loop0): ext4_do_update_inode:5568: inode #2: comm syz.0.25: corrupted inode contents [ 107.894948][ T5195] loop4: p66 start 4284289 is beyond EOD, truncated [ 107.914145][ T5195] loop4: p67 start 4284289 is beyond EOD, truncated [ 107.921246][ T5195] loop4: p68 start 4284289 is beyond EOD, truncated [ 107.928574][ T5195] loop4: p69 start 4284289 is beyond EOD, truncated [ 107.935336][ T5195] loop4: p70 start 4284289 is beyond EOD, truncated [ 107.945183][ T5195] loop4: p71 start 4284289 is beyond EOD, truncated [ 107.952390][ T5195] loop4: p72 start 4284289 is beyond EOD, truncated [ 107.962861][ T6017] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #2: comm syz.0.25: mark_inode_dirty error [ 107.995101][ T5195] loop4: p73 start 4284289 is beyond EOD, truncated [ 108.002310][ T5195] loop4: p74 start 4284289 is beyond EOD, truncated [ 108.009529][ T5195] loop4: p75 start 4284289 is beyond EOD, truncated [ 108.021018][ T5195] loop4: p76 start 4284289 is beyond EOD, truncated [ 108.028043][ T5195] loop4: p77 start 4284289 is beyond EOD, truncated [ 108.037027][ T5195] loop4: p78 start 4284289 is beyond EOD, truncated [ 108.043696][ T5195] loop4: p79 start 4284289 is beyond EOD, truncated [ 108.050626][ T5195] loop4: p80 start 4284289 is beyond EOD, truncated [ 108.057546][ T5195] loop4: p81 start 4284289 is beyond EOD, truncated [ 108.068994][ T5195] loop4: p82 start 4284289 is beyond EOD, truncated [ 108.075877][ T5195] loop4: p83 start 4284289 is beyond EOD, truncated [ 108.084849][ T5195] loop4: p84 start 4284289 is beyond EOD, truncated [ 108.092034][ T5195] loop4: p85 start 4284289 is beyond EOD, truncated [ 108.099091][ T5195] loop4: p86 start 4284289 is beyond EOD, truncated [ 108.111112][ T5195] loop4: p87 start 4284289 is beyond EOD, truncated [ 108.118196][ T5195] loop4: p88 start 4284289 is beyond EOD, truncated [ 108.124958][ T5195] loop4: p89 start 4284289 is beyond EOD, truncated [ 108.147140][ T5195] loop4: p90 start 4284289 is beyond EOD, truncated [ 108.153832][ T5195] loop4: p91 start 4284289 is beyond EOD, truncated [ 108.177518][ T5195] loop4: p92 start 4284289 is beyond EOD, truncated [ 108.195588][ T5195] loop4: p93 start 4284289 is beyond EOD, truncated [ 108.209126][ T5195] loop4: p94 start 4284289 is beyond EOD, truncated [ 108.222961][ T5195] loop4: p95 start 4284289 is beyond EOD, truncated [ 108.224415][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.256264][ T5195] loop4: p96 start 4284289 is beyond EOD, truncated [ 108.278431][ T5827] syz-executor: attempt to access beyond end of device [ 108.278431][ T5827] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 108.293243][ T5195] loop4: p97 start 4284289 is beyond EOD, truncated [ 108.302998][ T51] Bluetooth: hci3: command tx timeout [ 108.315867][ T5195] loop4: p98 start 4284289 is beyond EOD, truncated [ 108.316108][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 108.316139][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.316153][ T5827] Call Trace: [ 108.316165][ T5827] [ 108.316174][ T5827] dump_stack_lvl+0x189/0x250 [ 108.316222][ T5827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.316257][ T5827] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 108.316301][ T5827] ? __pfx_queue_work_on+0x10/0x10 [ 108.316341][ T5827] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 108.316374][ T5827] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 108.316410][ T5827] ? f2fs_hw_is_readonly+0x39b/0x470 [ 108.316452][ T5827] f2fs_handle_critical_error+0x37c/0x540 [ 108.316495][ T5827] f2fs_write_end_io+0x495/0x810 [ 108.316516][ T5827] ? blkg_put+0x22/0x240 [ 108.316560][ T5827] __submit_merged_bio+0x27a/0x6a0 [ 108.316601][ T5827] __submit_merged_write_cond+0x255/0x530 [ 108.316644][ T5827] f2fs_write_data_pages+0x261d/0x3000 [ 108.316723][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.316758][ T5827] ? is_bpf_text_address+0x26/0x2b0 [ 108.316809][ T5827] ? arch_stack_walk+0xfc/0x150 [ 108.316927][ T5827] ? __lock_acquire+0xab9/0xd20 [ 108.316979][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.317018][ T5827] do_writepages+0x32b/0x550 [ 108.317066][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 108.317097][ T5827] filemap_fdatawrite+0x191/0x230 [ 108.317134][ T5827] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 108.317229][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 108.317260][ T5827] f2fs_sync_dirty_inodes+0x31f/0x830 [ 108.317308][ T5827] f2fs_write_checkpoint+0x94a/0x1de0 [ 108.317362][ T5827] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 108.317444][ T5827] ? call_rcu+0x6dd/0x990 [ 108.317481][ T5827] ? kill_f2fs_super+0x298/0x6c0 [ 108.317512][ T5827] kill_f2fs_super+0x2c3/0x6c0 [ 108.317546][ T5827] ? __pfx_kill_f2fs_super+0x10/0x10 [ 108.317567][ T5827] ? radix_tree_delete_item+0x2b6/0x400 [ 108.317612][ T5827] ? shrinker_free+0x2ce/0x3e0 [ 108.317651][ T5827] deactivate_locked_super+0xbc/0x130 [ 108.317678][ T5827] cleanup_mnt+0x425/0x4c0 [ 108.317718][ T5827] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.317757][ T5827] task_work_run+0x1d1/0x260 [ 108.317790][ T5827] ? __pfx_task_work_run+0x10/0x10 [ 108.317814][ T5827] ? __x64_sys_umount+0x122/0x160 [ 108.317849][ T5827] ? exit_to_user_mode_loop+0x40/0x110 [ 108.317888][ T5827] exit_to_user_mode_loop+0xec/0x110 [ 108.317920][ T5827] do_syscall_64+0x2bd/0x3b0 [ 108.317942][ T5827] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.317975][ T5827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.318000][ T5827] ? clear_bhb_loop+0x60/0xb0 [ 108.318029][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.318053][ T5827] RIP: 0033:0x7f4bc3d8fc57 [ 108.318074][ T5827] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 108.318093][ T5827] RSP: 002b:00007ffecf11f868 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.318119][ T5827] RAX: 0000000000000000 RBX: 00007f4bc3e10925 RCX: 00007f4bc3d8fc57 [ 108.318135][ T5827] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffecf11f920 [ 108.318151][ T5827] RBP: 00007ffecf11f920 R08: 0000000000000000 R09: 0000000000000000 [ 108.318164][ T5827] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffecf1209b0 [ 108.318180][ T5827] R13: 00007f4bc3e10925 R14: 000000000001a658 R15: 00007ffecf1209f0 [ 108.318218][ T5827] [ 108.318228][ T5827] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 108.322540][ T5195] loop4: p99 start 4284289 is beyond EOD, [ 108.482281][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 108.482317][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 108.482331][ T5827] Call Trace: [ 108.482341][ T5827] [ 108.482354][ T5827] dump_stack_lvl+0x189/0x250 [ 108.482403][ T5827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 108.482437][ T5827] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 108.482473][ T5827] ? __pfx_queue_work_on+0x10/0x10 [ 108.482513][ T5827] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 108.482548][ T5827] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 108.482584][ T5827] ? f2fs_hw_is_readonly+0x39b/0x470 [ 108.482625][ T5827] f2fs_handle_critical_error+0x37c/0x540 [ 108.482670][ T5827] f2fs_write_end_io+0x495/0x810 [ 108.482690][ T5827] ? blkg_put+0x22/0x240 [ 108.482738][ T5827] __submit_merged_bio+0x27a/0x6a0 [ 108.482781][ T5827] __submit_merged_write_cond+0x255/0x530 [ 108.482826][ T5827] f2fs_write_data_pages+0x261d/0x3000 [ 108.482916][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.482951][ T5827] ? is_bpf_text_address+0x26/0x2b0 [ 108.483004][ T5827] ? arch_stack_walk+0xfc/0x150 [ 108.483139][ T5827] ? __lock_acquire+0xab9/0xd20 [ 108.483195][ T5827] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 108.483235][ T5827] do_writepages+0x32b/0x550 [ 108.483296][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 108.483331][ T5827] filemap_fdatawrite+0x191/0x230 [ 108.483368][ T5827] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 108.483476][ T5827] ? do_raw_spin_unlock+0x122/0x240 [ 108.483510][ T5827] f2fs_sync_dirty_inodes+0x31f/0x830 [ 108.483557][ T5827] f2fs_write_checkpoint+0x94a/0x1de0 [ 108.483621][ T5827] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 108.483715][ T5827] ? call_rcu+0x6dd/0x990 [ 108.483751][ T5827] ? kill_f2fs_super+0x298/0x6c0 [ 108.483785][ T5827] kill_f2fs_super+0x2c3/0x6c0 [ 108.483819][ T5827] ? __pfx_kill_f2fs_super+0x10/0x10 [ 108.483841][ T5827] ? radix_tree_delete_item+0x2b6/0x400 [ 108.483888][ T5827] ? shrinker_free+0x2ce/0x3e0 [ 108.483928][ T5827] deactivate_locked_super+0xbc/0x130 [ 108.483957][ T5827] cleanup_mnt+0x425/0x4c0 [ 108.483995][ T5827] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.484035][ T5827] task_work_run+0x1d1/0x260 [ 108.484068][ T5827] ? __pfx_task_work_run+0x10/0x10 [ 108.484093][ T5827] ? __x64_sys_umount+0x122/0x160 [ 108.484130][ T5827] ? exit_to_user_mode_loop+0x40/0x110 [ 108.484227][ T5827] exit_to_user_mode_loop+0xec/0x110 [ 108.484290][ T5827] do_syscall_64+0x2bd/0x3b0 [ 108.484315][ T5827] ? lockdep_hardirqs_on+0x9c/0x150 [ 108.484351][ T5827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.484377][ T5827] ? clear_bhb_loop+0x60/0xb0 [ 108.484409][ T5827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 108.484433][ T5827] RIP: 0033:0x7f4bc3d8fc57 [ 108.484458][ T5827] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 108.484478][ T5827] RSP: 002b:00007ffecf11f868 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.484503][ T5827] RAX: 0000000000000000 RBX: 00007f4bc3e10925 RCX: 00007f4bc3d8fc57 [ 108.484521][ T5827] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffecf11f920 [ 108.484536][ T5827] RBP: 00007ffecf11f920 R08: 0000000000000000 R09: 0000000000000000 [ 108.484551][ T5827] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffecf1209b0 [ 108.484567][ T5827] R13: 00007f4bc3e10925 R14: 000000000001a658 R15: 00007ffecf1209f0 [ 108.484611][ T5827] [ 108.484622][ T5827] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 108.675867][ T5195] truncated [ 109.235935][ T5195] loop4: p100 start 4284289 is beyond EOD, truncated [ 109.242727][ T5195] loop4: p101 start 4284289 is beyond EOD, truncated [ 109.263750][ T5195] loop4: p102 start 4284289 is beyond EOD, truncated [ 109.275784][ T5195] loop4: p103 start 4284289 is beyond EOD, truncated [ 109.282558][ T5195] loop4: p104 start 4284289 is beyond EOD, truncated [ 109.314309][ T5195] loop4: p105 start 4284289 is beyond EOD, truncated [ 109.321378][ T5195] loop4: p106 start 4284289 is beyond EOD, truncated [ 109.328306][ T5195] loop4: p107 start 4284289 is beyond EOD, truncated [ 109.335039][ T5195] loop4: p108 start 4284289 is beyond EOD, truncated [ 109.342700][ T5195] loop4: p109 start 4284289 is beyond EOD, truncated [ 109.352489][ T6027] loop0: detected capacity change from 0 to 40427 [ 109.362990][ T5195] loop4: p110 start 4284289 is beyond EOD, truncated [ 109.369809][ T5195] loop4: p111 start 4284289 is beyond EOD, truncated [ 109.376575][ T5195] loop4: p112 start 4284289 is beyond EOD, truncated [ 109.383303][ T5195] loop4: p113 start 4284289 is beyond EOD, truncated [ 109.390570][ T6027] F2FS-fs (loop0): build fault injection rate: 690 [ 109.405965][ T5195] loop4: p114 start 4284289 is beyond EOD, truncated [ 109.413750][ T5195] loop4: p115 start 4284289 is beyond EOD, truncated [ 109.425798][ T5195] loop4: p116 start 4284289 is beyond EOD, truncated [ 109.431863][ T6027] F2FS-fs (loop0): Image doesn't support compression [ 109.438411][ T5195] loop4: p117 start 4284289 is beyond EOD, truncated [ 109.460475][ T5195] loop4: p118 start 4284289 is beyond EOD, truncated [ 109.474848][ T6027] F2FS-fs (loop0): invalid crc value [ 109.480121][ T5195] loop4: p119 start 4284289 is beyond EOD, truncated [ 109.522095][ T5195] loop4: p120 start 4284289 is beyond EOD, truncated [ 109.532501][ T5195] loop4: p121 start 4284289 is beyond EOD, truncated [ 109.544432][ T5195] loop4: p122 start 4284289 is beyond EOD, truncated [ 109.560316][ T5195] loop4: p123 start 4284289 is beyond EOD, truncated [ 109.567547][ T5195] loop4: p124 start 4284289 is beyond EOD, truncated [ 109.583167][ T5195] loop4: p125 start 4284289 is beyond EOD, truncated [ 109.608704][ T5195] loop4: p126 start 4284289 is beyond EOD, truncated [ 109.656040][ T5195] loop4: p127 start 4284289 is beyond EOD, truncated [ 109.688245][ T5195] loop4: p128 start 4284289 is beyond EOD, truncated [ 109.722779][ T6027] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 109.740966][ T176] hsr_slave_0: left promiscuous mode [ 109.747891][ T5195] loop4: p129 start 4284289 is beyond EOD, truncated [ 109.754652][ T5195] loop4: p130 start 4284289 is beyond EOD, truncated [ 109.787557][ T176] hsr_slave_1: left promiscuous mode [ 109.793772][ T176] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 109.807003][ T5195] loop4: p131 start 4284289 is beyond EOD, truncated [ 109.813772][ T5195] loop4: p132 start 4284289 is beyond EOD, truncated [ 109.822083][ T176] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 109.825130][ T6027] syz.0.26: attempt to access beyond end of device [ 109.825130][ T6027] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 109.847371][ T176] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 109.856058][ T5195] loop4: p133 start 4284289 is beyond EOD, truncated [ 109.859866][ T176] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 109.862781][ T5195] loop4: p134 start 4284289 is beyond EOD, truncated [ 109.880475][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.0.26 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 109.880504][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 109.880517][ T6027] Call Trace: [ 109.880526][ T6027] [ 109.880535][ T6027] dump_stack_lvl+0x189/0x250 [ 109.880577][ T6027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 109.880607][ T6027] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 109.880638][ T6027] ? __pfx_queue_work_on+0x10/0x10 [ 109.880672][ T6027] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 109.880702][ T6027] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 109.880734][ T6027] ? f2fs_hw_is_readonly+0x39b/0x470 [ 109.880770][ T6027] f2fs_handle_critical_error+0x37c/0x540 [ 109.880807][ T6027] f2fs_write_end_io+0x495/0x810 [ 109.880825][ T6027] ? blkg_put+0x22/0x240 [ 109.880864][ T6027] __submit_merged_bio+0x27a/0x6a0 [ 109.880901][ T6027] __submit_merged_write_cond+0x255/0x530 [ 109.880938][ T6027] f2fs_write_data_pages+0x261d/0x3000 [ 109.881010][ T6027] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 109.881094][ T6027] ? check_path+0x21/0x40 [ 109.881124][ T6027] ? check_noncircular+0xe0/0x160 [ 109.881220][ T6027] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 109.881257][ T6027] do_writepages+0x32b/0x550 [ 109.881302][ T6027] ? do_raw_spin_unlock+0x122/0x240 [ 109.881331][ T6027] filemap_fdatawrite+0x191/0x230 [ 109.881366][ T6027] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 109.881455][ T6027] ? do_raw_spin_unlock+0x122/0x240 [ 109.881484][ T6027] f2fs_sync_dirty_inodes+0x31f/0x830 [ 109.881523][ T6027] f2fs_write_checkpoint+0x94a/0x1de0 [ 109.881572][ T6027] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 109.881639][ T6027] ? __pfx_down_write+0x10/0x10 [ 109.881673][ T6027] f2fs_issue_checkpoint+0x3ac/0x570 [ 109.881699][ T6027] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 109.881727][ T6027] ? mnt_get_write_access+0x68/0x2a0 [ 109.881775][ T6027] ? f2fs_sync_fs+0x200/0x3d0 [ 109.881807][ T6027] __f2fs_ioctl+0x3d63/0xb610 [ 109.881860][ T6027] ? do_vfs_ioctl+0xf37/0x1990 [ 109.881886][ T6027] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 109.881917][ T6027] ? kasan_quarantine_put+0xdd/0x220 [ 109.881945][ T6027] ? __pfx___f2fs_ioctl+0x10/0x10 [ 109.881973][ T6027] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 109.882002][ T6027] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 109.882029][ T6027] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 109.882055][ T6027] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 109.882082][ T6027] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 109.882130][ T6027] ? __lock_acquire+0xab9/0xd20 [ 109.882163][ T6027] ? __asan_memset+0x22/0x50 [ 109.882191][ T6027] ? smack_file_ioctl+0x24a/0x340 [ 109.882219][ T6027] ? __pfx_smack_file_ioctl+0x10/0x10 [ 109.882257][ T6027] ? __fget_files+0x2a/0x420 [ 109.882286][ T6027] ? __fget_files+0x3a0/0x420 [ 109.882313][ T6027] ? __fget_files+0x2a/0x420 [ 109.882345][ T6027] ? f2fs_ioctl+0x135/0x250 [ 109.882368][ T6027] ? __pfx_f2fs_ioctl+0x10/0x10 [ 109.882391][ T6027] __se_sys_ioctl+0xfc/0x170 [ 109.882417][ T6027] do_syscall_64+0xfa/0x3b0 [ 109.882436][ T6027] ? lockdep_hardirqs_on+0x9c/0x150 [ 109.882467][ T6027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.882487][ T6027] ? clear_bhb_loop+0x60/0xb0 [ 109.882514][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 109.882534][ T6027] RIP: 0033:0x7fbc38b8e929 [ 109.882555][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 109.882573][ T6027] RSP: 002b:00007fbc39ab1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 109.882597][ T6027] RAX: ffffffffffffffda RBX: 00007fbc38db5fa0 RCX: 00007fbc38b8e929 [ 109.882613][ T6027] RDX: 0000000000000000 RSI: 000000000000f507 RDI: 0000000000000004 [ 109.882626][ T6027] RBP: 00007fbc38c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 109.882640][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 109.882652][ T6027] R13: 0000000000000000 R14: 00007fbc38db5fa0 R15: 00007ffcbe99ba28 [ 109.882686][ T6027] [ 109.882857][ T6027] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 110.086117][ T5195] loop4: p135 start 4284289 is beyond EOD, [ 110.088869][ T6027] CPU: 0 UID: 0 PID: 6027 Comm: syz.0.26 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 110.088902][ T6027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 110.088918][ T6027] Call Trace: [ 110.088928][ T6027] [ 110.088938][ T6027] dump_stack_lvl+0x189/0x250 [ 110.088990][ T6027] ? __pfx_dump_stack_lvl+0x10/0x10 [ 110.089024][ T6027] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 110.089060][ T6027] ? __pfx_queue_work_on+0x10/0x10 [ 110.089100][ T6027] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 110.089146][ T6027] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 110.089184][ T6027] ? f2fs_hw_is_readonly+0x39b/0x470 [ 110.089228][ T6027] f2fs_handle_critical_error+0x37c/0x540 [ 110.089275][ T6027] f2fs_write_end_io+0x495/0x810 [ 110.089296][ T6027] ? blkg_put+0x22/0x240 [ 110.089344][ T6027] __submit_merged_bio+0x27a/0x6a0 [ 110.089391][ T6027] __submit_merged_write_cond+0x255/0x530 [ 110.089440][ T6027] f2fs_write_data_pages+0x261d/0x3000 [ 110.089533][ T6027] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 110.089642][ T6027] ? check_path+0x21/0x40 [ 110.089679][ T6027] ? check_noncircular+0xe0/0x160 [ 110.089792][ T6027] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 110.089834][ T6027] do_writepages+0x32b/0x550 [ 110.089888][ T6027] ? do_raw_spin_unlock+0x122/0x240 [ 110.089922][ T6027] filemap_fdatawrite+0x191/0x230 [ 110.089961][ T6027] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 110.090068][ T6027] ? do_raw_spin_unlock+0x122/0x240 [ 110.090103][ T6027] f2fs_sync_dirty_inodes+0x31f/0x830 [ 110.090158][ T6027] f2fs_write_checkpoint+0x94a/0x1de0 [ 110.090220][ T6027] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 110.090307][ T6027] ? __pfx_down_write+0x10/0x10 [ 110.090350][ T6027] f2fs_issue_checkpoint+0x3ac/0x570 [ 110.090381][ T6027] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 110.090416][ T6027] ? mnt_get_write_access+0x68/0x2a0 [ 110.090479][ T6027] ? f2fs_sync_fs+0x200/0x3d0 [ 110.090518][ T6027] __f2fs_ioctl+0x3d63/0xb610 [ 110.090583][ T6027] ? do_vfs_ioctl+0xf37/0x1990 [ 110.090614][ T6027] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 110.090652][ T6027] ? kasan_quarantine_put+0xdd/0x220 [ 110.090685][ T6027] ? __pfx___f2fs_ioctl+0x10/0x10 [ 110.090718][ T6027] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 110.090753][ T6027] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 110.090787][ T6027] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 110.090817][ T6027] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 110.090853][ T6027] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 110.090912][ T6027] ? __lock_acquire+0xab9/0xd20 [ 110.090950][ T6027] ? __asan_memset+0x22/0x50 [ 110.090975][ T6027] ? smack_file_ioctl+0x24a/0x340 [ 110.091007][ T6027] ? __pfx_smack_file_ioctl+0x10/0x10 [ 110.091054][ T6027] ? __fget_files+0x2a/0x420 [ 110.091086][ T6027] ? __fget_files+0x3a0/0x420 [ 110.091117][ T6027] ? __fget_files+0x2a/0x420 [ 110.091169][ T6027] ? f2fs_ioctl+0x135/0x250 [ 110.091195][ T6027] ? __pfx_f2fs_ioctl+0x10/0x10 [ 110.091222][ T6027] __se_sys_ioctl+0xfc/0x170 [ 110.091255][ T6027] do_syscall_64+0xfa/0x3b0 [ 110.091275][ T6027] ? lockdep_hardirqs_on+0x9c/0x150 [ 110.091313][ T6027] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.091339][ T6027] ? clear_bhb_loop+0x60/0xb0 [ 110.091370][ T6027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 110.091395][ T6027] RIP: 0033:0x7fbc38b8e929 [ 110.091417][ T6027] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.091439][ T6027] RSP: 002b:00007fbc39ab1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 110.091464][ T6027] RAX: ffffffffffffffda RBX: 00007fbc38db5fa0 RCX: 00007fbc38b8e929 [ 110.091481][ T6027] RDX: 0000000000000000 RSI: 000000000000f507 RDI: 0000000000000004 [ 110.091497][ T6027] RBP: 00007fbc38c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 110.091511][ T6027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 110.091526][ T6027] R13: 0000000000000000 R14: 00007fbc38db5fa0 R15: 00007ffcbe99ba28 [ 110.091571][ T6027] [ 110.091580][ T6027] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 110.092844][ T5195] truncated [ 110.127101][ T6046] loop2: detected capacity change from 0 to 2048 [ 110.173785][ T176] veth1_macvtap: left promiscuous mode [ 110.174742][ T5195] loop4: p136 start 4284289 is beyond EOD, [ 110.179399][ T176] veth0_macvtap: left promiscuous mode [ 110.195372][ T5195] truncated [ 110.201627][ T176] veth1_vlan: left promiscuous mode [ 110.214449][ T6046] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.216466][ T176] veth0_vlan: left promiscuous mode [ 110.221274][ T5195] loop4: p137 start 4284289 is beyond EOD, [ 110.422252][ T51] Bluetooth: hci3: command tx timeout [ 110.433657][ T5195] truncated [ 110.459505][ T6046] overlayfs: upper fs needs to support d_type. [ 110.461262][ T5195] loop4: p138 start 4284289 is beyond EOD, [ 110.474701][ T6046] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 110.477255][ T5195] truncated [ 110.493997][ T6046] overlayfs: failed to set xattr on upper [ 110.540269][ T5195] loop4: p139 start 4284289 is beyond EOD, [ 110.561868][ T6046] overlayfs: ...falling back to redirect_dir=nofollow. [ 110.578102][ T5195] truncated [ 110.584680][ T6046] overlayfs: ...falling back to index=off. [ 110.600322][ T5195] loop4: p140 start 4284289 is beyond EOD, [ 110.639190][ T6046] overlayfs: ...falling back to uuid=null. [ 110.710349][ T5195] truncated [ 110.849732][ T5195] loop4: p141 start 4284289 is beyond EOD, truncated [ 110.856782][ T5195] loop4: p142 start 4284289 is beyond EOD, truncated [ 110.863584][ T5195] loop4: p143 start 4284289 is beyond EOD, truncated [ 110.870651][ T5195] loop4: p144 start 4284289 is beyond EOD, truncated [ 110.878263][ T5195] loop4: p145 start 4284289 is beyond EOD, truncated [ 110.885000][ T5195] loop4: p146 start 4284289 is beyond EOD, truncated [ 110.891875][ T5195] loop4: p147 start 4284289 is beyond EOD, truncated [ 110.904985][ T5195] loop4: p148 start 4284289 is beyond EOD, truncated [ 110.915956][ T5195] loop4: p149 start 4284289 is beyond EOD, truncated [ 110.926363][ T5195] loop4: p150 start 4284289 is beyond EOD, truncated [ 110.933228][ T5195] loop4: p151 start 4284289 is beyond EOD, truncated [ 110.941836][ T5195] loop4: p152 start 4284289 is beyond EOD, truncated [ 110.955280][ T5195] loop4: p153 start 4284289 is beyond EOD, truncated [ 111.012350][ T5195] loop4: p154 start 4284289 is beyond EOD, truncated [ 111.020849][ T5195] loop4: p155 start 4284289 is beyond EOD, truncated [ 111.050836][ T5195] loop4: p156 start 4284289 is beyond EOD, truncated [ 111.060134][ T5195] loop4: p157 start 4284289 is beyond EOD, truncated [ 111.068620][ T5195] loop4: p158 start 4284289 is beyond EOD, truncated [ 111.078140][ T5195] loop4: p159 start 4284289 is beyond EOD, truncated [ 111.085164][ T5195] loop4: p160 start 4284289 is beyond EOD, truncated [ 111.093560][ T5195] loop4: p161 start 4284289 is beyond EOD, truncated [ 111.113657][ T5195] loop4: p162 start 4284289 is beyond EOD, truncated [ 111.133110][ T5195] loop4: p163 start 4284289 is beyond EOD, truncated [ 111.152538][ T5195] loop4: p164 start 4284289 is beyond EOD, truncated [ 111.161146][ T5195] loop4: p165 start 4284289 is beyond EOD, truncated [ 111.183784][ T5195] loop4: p166 start 4284289 is beyond EOD, truncated [ 111.203363][ T5195] loop4: p167 start 4284289 is beyond EOD, truncated [ 111.239203][ T5195] loop4: p168 start 4284289 is beyond EOD, truncated [ 111.268168][ T5195] loop4: p169 start 4284289 is beyond EOD, truncated [ 111.275503][ T5195] loop4: p170 start 4284289 is beyond EOD, truncated [ 111.300063][ T5195] loop4: p171 start 4284289 is beyond EOD, truncated [ 111.313435][ T5195] loop4: p172 start 4284289 is beyond EOD, truncated [ 111.344694][ T5195] loop4: p173 start 4284289 is beyond EOD, truncated [ 111.358028][ T5195] loop4: p174 start 4284289 is beyond EOD, truncated [ 111.364799][ T5195] loop4: p175 start 4284289 is beyond EOD, truncated [ 111.374004][ T5195] loop4: p176 start 4284289 is beyond EOD, truncated [ 111.383859][ T5195] loop4: p177 start 4284289 is beyond EOD, truncated [ 111.391631][ T5195] loop4: p178 start 4284289 is beyond EOD, truncated [ 111.403731][ T5195] loop4: p179 start 4284289 is beyond EOD, truncated [ 111.431576][ T5195] loop4: p180 start 4284289 is beyond EOD, truncated [ 111.441805][ T5195] loop4: p181 start 4284289 is beyond EOD, truncated [ 111.449517][ T5195] loop4: p182 start 4284289 is beyond EOD, truncated [ 111.459226][ T5195] loop4: p183 start 4284289 is beyond EOD, truncated [ 111.470412][ T5195] loop4: p184 start 4284289 is beyond EOD, truncated [ 111.479698][ T5195] loop4: p185 start 4284289 is beyond EOD, truncated [ 111.489942][ T5195] loop4: p186 start 4284289 is beyond EOD, truncated [ 111.508312][ T5195] loop4: p187 start 4284289 is beyond EOD, truncated [ 111.515085][ T5195] loop4: p188 start 4284289 is beyond EOD, truncated [ 111.542306][ T5195] loop4: p189 start 4284289 is beyond EOD, truncated [ 111.560023][ T5195] loop4: p190 start 4284289 is beyond EOD, truncated [ 111.589038][ T5195] loop4: p191 start 4284289 is beyond EOD, truncated [ 111.596540][ T5195] loop4: p192 start 4284289 is beyond EOD, truncated [ 111.603398][ T5195] loop4: p193 start 4284289 is beyond EOD, truncated [ 111.610413][ T5195] loop4: p194 start 4284289 is beyond EOD, truncated [ 111.617281][ T5195] loop4: p195 start 4284289 is beyond EOD, truncated [ 111.630933][ T5195] loop4: p196 start 4284289 is beyond EOD, truncated [ 111.661526][ T5195] loop4: p197 start 4284289 is beyond EOD, truncated [ 111.675884][ T5195] loop4: p198 start 4284289 is beyond EOD, truncated [ 111.714823][ T5195] loop4: p199 start 4284289 is beyond EOD, truncated [ 111.721860][ T5195] loop4: p200 start 4284289 is beyond EOD, truncated [ 111.732267][ T6048] loop0: detected capacity change from 0 to 32768 [ 111.744138][ T5195] loop4: p201 start 4284289 is beyond EOD, truncated [ 111.752096][ T5195] loop4: p202 start 4284289 is beyond EOD, truncated [ 111.772817][ T5195] loop4: p203 start 4284289 is beyond EOD, truncated [ 111.772981][ T6048] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.28 (6048) [ 111.792704][ T5195] loop4: p204 start 4284289 is beyond EOD, truncated [ 111.799619][ T5195] loop4: p205 start 4284289 is beyond EOD, truncated [ 111.828440][ T5195] loop4: p206 start 4284289 is beyond EOD, truncated [ 111.835226][ T5195] loop4: p207 start 4284289 is beyond EOD, truncated [ 111.849795][ T5195] loop4: p208 start 4284289 is beyond EOD, truncated [ 111.859695][ T6048] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 111.871386][ T5195] loop4: p209 start 4284289 is beyond EOD, truncated [ 111.878341][ T5195] loop4: p210 start 4284289 is beyond EOD, truncated [ 111.885079][ T5195] loop4: p211 start 4284289 is beyond EOD, truncated [ 111.891977][ T5195] loop4: p212 start 4284289 is beyond EOD, truncated [ 111.899019][ T5195] loop4: p213 start 4284289 is beyond EOD, truncated [ 111.906032][ T6048] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 111.914897][ T6048] BTRFS info (device loop0): using free-space-tree [ 111.929373][ T5195] loop4: p214 start 4284289 is beyond EOD, truncated [ 111.957045][ T5195] loop4: p215 start 4284289 is beyond EOD, truncated [ 111.964171][ T5195] loop4: p216 start 4284289 is beyond EOD, truncated [ 111.974063][ T176] team0 (unregistering): Port device team_slave_1 removed [ 112.002105][ T5195] loop4: p217 start 4284289 is beyond EOD, truncated [ 112.014968][ T5195] loop4: p218 start 4284289 is beyond EOD, truncated [ 112.034524][ T5195] loop4: p219 start 4284289 is beyond EOD, truncated [ 112.058403][ T5195] loop4: p220 start 4284289 is beyond EOD, truncated [ 112.067098][ T5195] loop4: p221 start 4284289 is beyond EOD, truncated [ 112.081796][ T5195] loop4: p222 start 4284289 is beyond EOD, truncated [ 112.101043][ T176] team0 (unregistering): Port device team_slave_0 removed [ 112.109398][ T5195] loop4: p223 start 4284289 is beyond EOD, truncated [ 112.115369][ T6056] loop2: detected capacity change from 0 to 32768 [ 112.131823][ T5195] loop4: p224 start 4284289 is beyond EOD, truncated [ 112.143964][ T5195] loop4: p225 start 4284289 is beyond EOD, truncated [ 112.151158][ T5195] loop4: p226 start 4284289 is beyond EOD, truncated [ 112.158387][ T5195] loop4: p227 start 4284289 is beyond EOD, truncated [ 112.165235][ T5195] loop4: p228 start 4284289 is beyond EOD, truncated [ 112.175420][ T5195] loop4: p229 start 4284289 is beyond EOD, truncated [ 112.182464][ T5195] loop4: p230 start 4284289 is beyond EOD, truncated [ 112.189422][ T5195] loop4: p231 start 4284289 is beyond EOD, truncated [ 112.196819][ T5195] loop4: p232 start 4284289 is beyond EOD, truncated [ 112.203565][ T5195] loop4: p233 start 4284289 is beyond EOD, truncated [ 112.210589][ T5195] loop4: p234 start 4284289 is beyond EOD, truncated [ 112.217724][ T5195] loop4: p235 start 4284289 is beyond EOD, truncated [ 112.224472][ T5195] loop4: p236 start 4284289 is beyond EOD, truncated [ 112.231570][ T5195] loop4: p237 start 4284289 is beyond EOD, truncated [ 112.238762][ T5195] loop4: p238 start 4284289 is beyond EOD, truncated [ 112.245506][ T5195] loop4: p239 start 4284289 is beyond EOD, truncated [ 112.252867][ T5195] loop4: p240 start 4284289 is beyond EOD, truncated [ 112.260719][ T5195] loop4: p241 start 4284289 is beyond EOD, truncated [ 112.267952][ T5195] loop4: p242 start 4284289 is beyond EOD, truncated [ 112.274707][ T5195] loop4: p243 start 4284289 is beyond EOD, truncated [ 112.282703][ T5195] loop4: p244 start 4284289 is beyond EOD, truncated [ 112.289721][ T5195] loop4: p245 start 4284289 is beyond EOD, truncated [ 112.302521][ T5195] loop4: p246 start 4284289 is beyond EOD, truncated [ 112.309665][ T5195] loop4: p247 start 4284289 is beyond EOD, truncated [ 112.316650][ T5195] loop4: p248 start 4284289 is beyond EOD, truncated [ 112.323396][ T5195] loop4: p249 start 4284289 is beyond EOD, truncated [ 112.330582][ T5195] loop4: p250 start 4284289 is beyond EOD, truncated [ 112.337669][ T5195] loop4: p251 start 4284289 is beyond EOD, truncated [ 112.344467][ T5195] loop4: p252 start 4284289 is beyond EOD, truncated [ 112.353267][ T5195] loop4: p253 start 4284289 is beyond EOD, truncated [ 112.360376][ T5195] loop4: p254 start 4284289 is beyond EOD, truncated [ 112.365158][ T6056] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 112.365158][ T6056] allowing incompatible features above 0.0: (unknown version) [ 112.365158][ T6056] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 112.367777][ T5195] loop4: p255 start 4284289 is beyond EOD, truncated [ 112.414136][ T6056] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 112.433368][ T5832] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 112.444376][ T6056] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 112.459841][ T51] Bluetooth: hci3: command tx timeout [ 112.491575][ T6056] bcachefs (loop2): Version upgrade required: [ 112.491575][ T6056] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 112.491575][ T6056] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 112.491575][ T6056] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 112.655682][ T6075] loop4: detected capacity change from 0 to 1024 [ 112.677762][ T6075] EXT4-fs: Ignoring removed oldalloc option [ 112.716578][ T6075] EXT4-fs: Ignoring removed orlov option [ 112.726758][ T6056] bcachefs (loop2): invalid bkey in btree_node btree=alloc level=0: u64s 12 type alloc_v4 0:28:0 len 0 ver 0: [ 112.726790][ T6056] gen 0 oldest_gen 0 data_type btree [ 112.726801][ T6056] journal_seq_nonempty 6 [ 112.726810][ T6056] journal_seq_empty 0 [ 112.726821][ T6056] need_discard 1 [ 112.726831][ T6056] need_inc_gen 1 [ 112.726841][ T6056] dirty_sectors 0 [ 112.726852][ T6056] stripe_sectors 1769482 [ 112.726862][ T6056] cached_sectors 0 [ 112.726873][ T6056] stripe 0 [ 112.726884][ T6056] stripe_redundancy 0 [ 112.726902][ T6056] io_time[READ] 1 [ 112.726913][ T6056] io_time[WRITE] 768 [ 112.726925][ T6056] fragmentation 0 [ 112.726935][ T6056] bp_start 7 [ 112.726945][ T6056] [ 112.726954][ T6056] invalid data type (got 3 should be 9), deleting [ 112.752412][ T6075] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 112.771651][ T5884] udevd[5884]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 112.779227][ T5891] udevd[5891]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 112.883574][ T6075] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.071480][ T6081] udevd[6081]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 113.082545][ T5891] udevd[5891]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 113.159744][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.322755][ T6085] loop4: detected capacity change from 0 to 512 [ 113.454000][ T6085] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.489135][ T6056] bcachefs (loop2): accounting_read... [ 113.502493][ T6085] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 113.513564][ T6056] done [ 113.535901][ T6056] bcachefs (loop2): alloc_read... done [ 113.575976][ T6056] bcachefs (loop2): snapshots_read... done [ 113.604277][ T6056] bcachefs (loop2): check_allocations... [ 113.634659][ T6056] bcachefs (loop2): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 113.634693][ T6056] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 113.651458][ T6085] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz.4.34: iget: bad i_size value: 2533274857506816 [ 113.892417][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.905996][ T6056] bcachefs (loop2): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 113.906019][ T6056] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 114.040990][ T6056] bcachefs (loop2): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 114.041014][ T6056] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 114.158989][ T6056] bcachefs (loop2): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 114.159014][ T6056] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 114.273427][ T6056] bcachefs (loop2): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 114.273452][ T6056] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 114.340980][ T6056] bcachefs (loop2): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 114.341003][ T6056] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 114.413384][ T6078] loop0: detected capacity change from 0 to 40427 [ 114.416983][ T6078] F2FS-fs (loop0): heap/no_heap options were deprecated [ 114.417055][ T6078] F2FS-fs (loop0): build fault injection rate: 19 [ 114.417149][ T6078] F2FS-fs (loop0): build fault injection type: 0x3bfe8c [ 114.448543][ T6078] F2FS-fs (loop0): invalid crc value [ 114.472177][ T6078] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 114.553040][ T5831] Bluetooth: hci3: command tx timeout [ 114.625473][ T6078] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0 [ 114.637506][ T6056] bcachefs (loop2): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.691722][ T6056] bcachefs (loop2): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 114.746085][ T6078] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 114.794788][ T6056] bcachefs (loop2): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 114.809341][ T6078] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40 [ 114.838725][ T6078] F2FS-fs (loop0): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40 [ 114.892299][ T6078] syz.0.33: attempt to access beyond end of device [ 114.892299][ T6078] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 114.893474][ T6078] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40 [ 115.031492][ T6006] chnl_net:caif_netlink_parms(): no params data found [ 115.072515][ T5832] syz-executor: attempt to access beyond end of device [ 115.072515][ T5832] loop0: rw=2049, sector=45104, nr_sectors = 16 limit=40427 [ 115.072974][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 115.073000][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.073012][ T5832] Call Trace: [ 115.073021][ T5832] [ 115.073030][ T5832] dump_stack_lvl+0x189/0x250 [ 115.073071][ T5832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.073100][ T5832] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 115.073131][ T5832] ? __pfx_queue_work_on+0x10/0x10 [ 115.073163][ T5832] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 115.073192][ T5832] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 115.073223][ T5832] ? f2fs_hw_is_readonly+0x39b/0x470 [ 115.073258][ T5832] f2fs_handle_critical_error+0x37c/0x540 [ 115.073295][ T5832] f2fs_write_end_io+0x495/0x810 [ 115.073312][ T5832] ? blkg_put+0x22/0x240 [ 115.073350][ T5832] __submit_merged_bio+0x27a/0x6a0 [ 115.073386][ T5832] __submit_merged_write_cond+0x255/0x530 [ 115.073432][ T5832] f2fs_write_data_pages+0x261d/0x3000 [ 115.073501][ T5832] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 115.073592][ T5832] ? folios_put_refs+0x559/0x640 [ 115.073631][ T5832] ? __lock_acquire+0xab9/0xd20 [ 115.073668][ T5832] ? do_raw_spin_lock+0x121/0x290 [ 115.073703][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 115.073725][ T5832] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 115.073759][ T5832] do_writepages+0x32b/0x550 [ 115.073802][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 115.073829][ T5832] filemap_fdatawrite+0x191/0x230 [ 115.073861][ T5832] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 115.073942][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 115.073970][ T5832] f2fs_sync_dirty_inodes+0x31f/0x830 [ 115.074007][ T5832] f2fs_write_checkpoint+0x94a/0x1de0 [ 115.074054][ T5832] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 115.074124][ T5832] ? kill_f2fs_super+0x298/0x6c0 [ 115.074151][ T5832] kill_f2fs_super+0x2c3/0x6c0 [ 115.074178][ T5832] ? __pfx_kill_f2fs_super+0x10/0x10 [ 115.074197][ T5832] ? radix_tree_delete_item+0x2b6/0x400 [ 115.074235][ T5832] ? shrinker_free+0x2ce/0x3e0 [ 115.074268][ T5832] deactivate_locked_super+0xbc/0x130 [ 115.074292][ T5832] cleanup_mnt+0x425/0x4c0 [ 115.074325][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.074359][ T5832] task_work_run+0x1d1/0x260 [ 115.074387][ T5832] ? __pfx_task_work_run+0x10/0x10 [ 115.074408][ T5832] ? __x64_sys_umount+0x122/0x160 [ 115.074445][ T5832] ? exit_to_user_mode_loop+0x40/0x110 [ 115.074476][ T5832] exit_to_user_mode_loop+0xec/0x110 [ 115.074505][ T5832] do_syscall_64+0x2bd/0x3b0 [ 115.074522][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.074552][ T5832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.074572][ T5832] ? clear_bhb_loop+0x60/0xb0 [ 115.074598][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.074617][ T5832] RIP: 0033:0x7fbc38b8fc57 [ 115.074637][ T5832] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 115.074655][ T5832] RSP: 002b:00007ffcbe99acb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 115.074677][ T5832] RAX: 0000000000000000 RBX: 00007fbc38c10925 RCX: 00007fbc38b8fc57 [ 115.074691][ T5832] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcbe99ad70 [ 115.074704][ T5832] RBP: 00007ffcbe99ad70 R08: 0000000000000000 R09: 0000000000000000 [ 115.074716][ T5832] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcbe99be00 [ 115.074729][ T5832] R13: 00007fbc38c10925 R14: 000000000001c0a6 R15: 00007ffcbe99be40 [ 115.074763][ T5832] [ 115.074771][ T5832] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 115.074808][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 115.074830][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 115.074842][ T5832] Call Trace: [ 115.074849][ T5832] [ 115.074856][ T5832] dump_stack_lvl+0x189/0x250 [ 115.074892][ T5832] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.074920][ T5832] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 115.074949][ T5832] ? __pfx_queue_work_on+0x10/0x10 [ 115.074980][ T5832] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 115.075009][ T5832] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 115.075040][ T5832] ? f2fs_hw_is_readonly+0x39b/0x470 [ 115.075073][ T5832] f2fs_handle_critical_error+0x37c/0x540 [ 115.075110][ T5832] f2fs_write_end_io+0x495/0x810 [ 115.075127][ T5832] ? blkg_put+0x22/0x240 [ 115.075164][ T5832] __submit_merged_bio+0x27a/0x6a0 [ 115.075201][ T5832] __submit_merged_write_cond+0x255/0x530 [ 115.075237][ T5832] f2fs_write_data_pages+0x261d/0x3000 [ 115.075305][ T5832] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 115.075395][ T5832] ? folios_put_refs+0x559/0x640 [ 115.075439][ T5832] ? __lock_acquire+0xab9/0xd20 [ 115.075476][ T5832] ? do_raw_spin_lock+0x121/0x290 [ 115.075510][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 115.075533][ T5832] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 115.075566][ T5832] do_writepages+0x32b/0x550 [ 115.075607][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 115.075634][ T5832] filemap_fdatawrite+0x191/0x230 [ 115.075666][ T5832] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 115.075748][ T5832] ? do_raw_spin_unlock+0x122/0x240 [ 115.075776][ T5832] f2fs_sync_dirty_inodes+0x31f/0x830 [ 115.075810][ T5832] f2fs_write_checkpoint+0x94a/0x1de0 [ 115.075853][ T5832] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 115.075918][ T5832] ? kill_f2fs_super+0x298/0x6c0 [ 115.075943][ T5832] kill_f2fs_super+0x2c3/0x6c0 [ 115.075969][ T5832] ? __pfx_kill_f2fs_super+0x10/0x10 [ 115.075987][ T5832] ? radix_tree_delete_item+0x2b6/0x400 [ 115.076025][ T5832] ? shrinker_free+0x2ce/0x3e0 [ 115.076058][ T5832] deactivate_locked_super+0xbc/0x130 [ 115.076079][ T5832] cleanup_mnt+0x425/0x4c0 [ 115.076111][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.076144][ T5832] task_work_run+0x1d1/0x260 [ 115.076170][ T5832] ? __pfx_task_work_run+0x10/0x10 [ 115.076188][ T5832] ? __x64_sys_umount+0x122/0x160 [ 115.076217][ T5832] ? exit_to_user_mode_loop+0x40/0x110 [ 115.076250][ T5832] exit_to_user_mode_loop+0xec/0x110 [ 115.076278][ T5832] do_syscall_64+0x2bd/0x3b0 [ 115.076295][ T5832] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.076324][ T5832] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.076344][ T5832] ? clear_bhb_loop+0x60/0xb0 [ 115.076370][ T5832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.076388][ T5832] RIP: 0033:0x7fbc38b8fc57 [ 115.076405][ T5832] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 115.076429][ T5832] RSP: 002b:00007ffcbe99acb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 115.076450][ T5832] RAX: 0000000000000000 RBX: 00007fbc38c10925 RCX: 00007fbc38b8fc57 [ 115.076464][ T5832] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcbe99ad70 [ 115.076476][ T5832] RBP: 00007ffcbe99ad70 R08: 0000000000000000 R09: 0000000000000000 [ 115.076489][ T5832] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcbe99be00 [ 115.076501][ T5832] R13: 00007fbc38c10925 R14: 000000000001c0a6 R15: 00007ffcbe99be40 [ 115.076534][ T5832] [ 115.137061][ T5832] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 115.895941][ T6056] bcachefs (loop2): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 115.908144][ T6056] bcachefs (loop2): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 115.919333][ T6056] bcachefs (loop2): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 115.931232][ T6056] bcachefs (loop2): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 115.941850][ T6056] bcachefs (loop2): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 115.953765][ T6056] bcachefs (loop2): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 115.966566][ T6056] bcachefs (loop2): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 115.994132][ T6056] bcachefs (loop2): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 116.026001][ T6056] bcachefs (loop2): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 116.067196][ T6056] bcachefs (loop2): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 116.097751][ T6056] bcachefs (loop2): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 116.122354][ T6056] bcachefs (loop2): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 116.176015][ T6056] bcachefs (loop2): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 116.220513][ T6056] bcachefs (loop2): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 116.238018][ T6006] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.239167][ T6006] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.239437][ T6006] bridge_slave_0: entered allmulticast mode [ 116.250478][ T6006] bridge_slave_0: entered promiscuous mode [ 116.267583][ T6006] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.267753][ T6006] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.267953][ T6006] bridge_slave_1: entered allmulticast mode [ 116.280267][ T6006] bridge_slave_1: entered promiscuous mode [ 116.437487][ T6056] bcachefs (loop2): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 116.474625][ T6056] bcachefs (loop2): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 116.486609][ T6056] bcachefs (loop2): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 116.502156][ T6056] bcachefs (loop2): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 116.502180][ T6056] Ratelimiting new instances of previous error [ 116.518754][ T6006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.522286][ T6006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.604060][ T6056] bcachefs (loop2): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 116.604083][ T6056] Ratelimiting new instances of previous error [ 116.679690][ T6006] team0: Port device team_slave_0 added [ 116.699476][ T6006] team0: Port device team_slave_1 added [ 116.718959][ T6056] done [ 116.757752][ T6056] bcachefs (loop2): going read-write [ 116.767475][ T6056] workqueue: Failed to create a rescuer kthread for wq "bcachefs": -EINTR [ 116.786788][ T6056] bcachefs (loop2): flushing journal and stopping allocators, journal seq 10 [ 116.866087][ T6006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 116.873115][ T6006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.904178][ T6056] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 10 [ 116.914543][ T6056] bcachefs (loop2): unclean shutdown complete, journal seq 10 [ 116.925526][ T6056] bcachefs (loop2): error in recovery: ENOMEM_fs_other_allocemergency read only at seq 10 [ 116.936941][ T6056] bcachefs (loop2): bch2_fs_start(): error starting filesystem ENOMEM_fs_other_alloc [ 116.947894][ T6006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 116.960032][ T6056] bcachefs (loop2): shutting down [ 116.976013][ T6006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 116.983028][ T6006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.023782][ T6056] bcachefs (loop2): shutdown complete [ 117.075848][ T6006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 117.182953][ T6006] hsr_slave_0: entered promiscuous mode [ 117.200380][ T6006] hsr_slave_1: entered promiscuous mode [ 117.210375][ T6006] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 117.220056][ T6006] Cannot create hsr debugfs directory [ 117.545674][ T6115] loop0: detected capacity change from 0 to 32768 [ 117.573558][ T6115] btrfs: Deprecated parameter 'usebackuproot' [ 117.626798][ T6115] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 117.647743][ T6115] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.36 (6115) [ 117.690518][ T6115] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 117.714270][ T6115] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 117.723577][ T6115] BTRFS info (device loop0): using free-space-tree [ 117.837374][ T6006] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 117.866809][ T49] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb6fb6650 level 0 [ 117.906003][ T6006] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 117.951111][ T6115] BTRFS warning (device loop0): couldn't read tree root [ 117.951990][ T6006] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 117.994990][ T6115] BTRFS warning (device loop0): try to load backup roots slot 1 [ 118.012137][ T78] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x7a216cc0 level 0 [ 118.029418][ T6006] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 118.066074][ T6115] BTRFS warning (device loop0): couldn't read tree root [ 118.076396][ T6115] BTRFS warning (device loop0): try to load backup roots slot 2 [ 118.090232][ T49] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 118.161782][ T6115] BTRFS warning (device loop0): couldn't read tree root [ 118.190267][ T6115] BTRFS warning (device loop0): try to load backup roots slot 3 [ 118.256175][ T6115] BTRFS info (device loop0): rebuilding free space tree [ 118.426474][ T6115] BTRFS info (device loop0): checking UUID tree [ 118.514392][ T6006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 118.617378][ T6006] 8021q: adding VLAN 0 to HW filter on device team0 [ 118.642711][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.649962][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 118.722889][ T176] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.730134][ T176] bridge0: port 2(bridge_slave_1) entered forwarding state [ 118.823883][ T5832] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 119.008005][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 119.017819][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 119.026298][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 119.038459][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 119.046992][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 119.076926][ T6056] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc [ 119.278208][ T6056] syz.2.32 (6056) used greatest stack depth: 19352 bytes left [ 119.601968][ T6137] loop4: detected capacity change from 0 to 32768 [ 119.644319][ T6137] XFS: ikeep mount option is deprecated. [ 119.740685][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.762392][ T6137] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 119.935979][ T6173] loop2: detected capacity change from 0 to 64 [ 120.102186][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.273109][ T6137] XFS (loop4): Ending clean mount [ 120.322751][ T6137] XFS (loop4): Quotacheck needed: Please wait. [ 120.325098][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.435946][ T6137] XFS (loop4): Quotacheck: Done. [ 120.463273][ T6006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.599942][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.683297][ T5828] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 120.934146][ T6162] loop0: detected capacity change from 0 to 40427 [ 121.044898][ T6162] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 121.099979][ T51] Bluetooth: hci5: command tx timeout [ 121.126096][ T6162] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 121.234415][ T6155] chnl_net:caif_netlink_parms(): no params data found [ 121.366189][ T12] bridge_slave_1: left allmulticast mode [ 121.386583][ T12] bridge_slave_1: left promiscuous mode [ 121.406631][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.463680][ T12] bridge_slave_0: left allmulticast mode [ 121.496250][ T12] bridge_slave_0: left promiscuous mode [ 121.502911][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.629457][ T6162] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 121.663906][ T6176] loop2: detected capacity change from 0 to 32768 [ 121.697219][ T6162] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 121.956796][ T6176] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 121.956796][ T6176] allowing incompatible features above 0.0: (unknown version) [ 121.956796][ T6176] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 122.047158][ T6176] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 122.057204][ T6176] bcachefs (loop2): recovering from clean shutdown, journal seq 10 [ 122.065539][ T6176] bcachefs (loop2): Version upgrade required: [ 122.065539][ T6176] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 122.065539][ T6176] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 122.065539][ T6176] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 122.244607][ T6176] bcachefs (loop2): invalid bkey in btree_node btree=alloc level=0: u64s 12 type alloc_v4 0:28:0 len 0 ver 0: [ 122.244633][ T6176] gen 0 oldest_gen 0 data_type btree [ 122.244646][ T6176] journal_seq_nonempty 6 [ 122.244656][ T6176] journal_seq_empty 0 [ 122.244667][ T6176] need_discard 1 [ 122.244678][ T6176] need_inc_gen 1 [ 122.244689][ T6176] dirty_sectors 0 [ 122.244699][ T6176] stripe_sectors 1769482 [ 122.244711][ T6176] cached_sectors 0 [ 122.244721][ T6176] stripe 0 [ 122.244756][ T6176] stripe_redundancy 0 [ 122.244767][ T6176] io_time[READ] 1 [ 122.244778][ T6176] io_time[WRITE] 768 [ 122.244789][ T6176] fragmentation 0 [ 122.244799][ T6176] bp_start 7 [ 122.244810][ T6176] [ 122.244819][ T6176] invalid data type (got 3 should be 9), deleting [ 122.430736][ T6176] bcachefs (loop2): accounting_read... done [ 122.443213][ T6176] bcachefs (loop2): alloc_read... done [ 122.453333][ T6176] bcachefs (loop2): snapshots_read... done [ 122.462196][ T6176] bcachefs (loop2): check_allocations... [ 122.492952][ T6176] bcachefs (loop2): bucket 0:26 data type btree ptr gen 0 missing in alloc btree [ 122.492978][ T6176] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing [ 122.658267][ T6176] bcachefs (loop2): bucket 0:38 data type btree ptr gen 0 missing in alloc btree [ 122.658292][ T6176] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing [ 122.744311][ T6176] bcachefs (loop2): bucket 0:41 data type btree ptr gen 0 missing in alloc btree [ 122.744333][ T6176] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing [ 122.767058][ T6207] loop4: detected capacity change from 0 to 32768 [ 122.777743][ T6207] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.43 (6207) [ 122.835533][ T6207] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 122.858344][ T6207] BTRFS info (device loop4): using sha256 (sha256-x86_64) checksum algorithm [ 122.868347][ T6176] bcachefs (loop2): bucket 0:35 data type btree ptr gen 0 missing in alloc btree [ 122.868369][ T6176] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c0bef60d07ceb940 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing [ 122.905929][ T6207] BTRFS info (device loop4): disk space caching is enabled [ 122.905969][ T6207] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 122.963359][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.984192][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.987360][ T12] bond0 (unregistering): Released all slaves [ 123.083736][ T6176] bcachefs (loop2): bucket 0:28 data type btree ptr gen 0 missing in alloc btree [ 123.083762][ T6176] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 28f61e078e70b95c written 16 min_key POS_MIN durability: 1 ptr: 0:28:0 gen 0, fixing [ 123.120053][ T6207] BTRFS info (device loop4): rebuilding free space tree [ 123.131333][ T6176] bcachefs (loop2): bucket 0:29 data type btree ptr gen 0 missing in alloc btree [ 123.131356][ T6176] while marking u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing [ 123.185923][ T51] Bluetooth: hci5: command tx timeout [ 123.243114][ T6207] BTRFS info (device loop4): disabling free space tree [ 123.257230][ T6207] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 123.269406][ T6176] bcachefs (loop2): bucket 0:1 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.290087][ T6207] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 123.316598][ T6176] bcachefs (loop2): bucket 0:1 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 123.328903][ T6176] bcachefs (loop2): bucket 0:2 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.342977][ T6176] bcachefs (loop2): bucket 0:2 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 123.378203][ T6176] bcachefs (loop2): bucket 0:3 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.388960][ T6176] bcachefs (loop2): bucket 0:3 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 123.401501][ T6176] bcachefs (loop2): bucket 0:4 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.411959][ T6176] bcachefs (loop2): bucket 0:4 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 123.424281][ T6176] bcachefs (loop2): bucket 0:5 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.434857][ T6176] bcachefs (loop2): bucket 0:5 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 123.454858][ T6176] bcachefs (loop2): bucket 0:6 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.468013][ T6176] bcachefs (loop2): bucket 0:6 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 123.484985][ T6176] bcachefs (loop2): bucket 0:7 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.503110][ T6176] bcachefs (loop2): bucket 0:7 gen 0 data type sb has wrong dirty_sectors: got 0, should be 256, fixing [ 123.525147][ T5828] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 123.551062][ T6176] bcachefs (loop2): bucket 0:8 gen 0 has wrong data_type: got free, should be sb, fixing [ 123.562519][ T6176] bcachefs (loop2): bucket 0:8 gen 0 data type sb has wrong dirty_sectors: got 0, should be 8, fixing [ 123.577235][ T6176] bcachefs (loop2): bucket 0:9 gen 0 has wrong data_type: got free, should be journal, fixing [ 123.623093][ T6176] bcachefs (loop2): bucket 0:9 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 123.685694][ T6176] bcachefs (loop2): bucket 0:10 gen 0 has wrong data_type: got free, should be journal, fixing [ 123.717200][ T6176] bcachefs (loop2): bucket 0:10 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 123.762104][ T6176] bcachefs (loop2): bucket 0:11 gen 0 has wrong data_type: got free, should be journal, fixing [ 123.762127][ T6176] Ratelimiting new instances of previous error [ 123.806092][ T6176] bcachefs (loop2): bucket 0:11 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing [ 123.806116][ T6176] Ratelimiting new instances of previous error [ 123.904127][ T6176] done [ 123.932580][ T6176] bcachefs (loop2): going read-write [ 123.938568][ T6176] workqueue: Failed to create a rescuer kthread for wq "bcachefs": -EINTR [ 123.938702][ T6176] bcachefs (loop2): flushing journal and stopping allocators, journal seq 10 [ 123.977007][ T6155] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.984218][ T6155] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.998828][ T6176] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 10 [ 124.016281][ T6155] bridge_slave_0: entered allmulticast mode [ 124.024202][ T6155] bridge_slave_0: entered promiscuous mode [ 124.043212][ T6225] loop0: detected capacity change from 0 to 32768 [ 124.050031][ T6176] bcachefs (loop2): unclean shutdown complete, journal seq 10 [ 124.065235][ T6176] bcachefs (loop2): error in recovery: ENOMEM_fs_other_allocemergency read only at seq 10 [ 124.086905][ T6176] bcachefs (loop2): bch2_fs_start(): error starting filesystem ENOMEM_fs_other_alloc [ 124.099997][ T6176] bcachefs (loop2): shutting down [ 124.134864][ T6155] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.161391][ T6155] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.171825][ T6225] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 124.186264][ T6155] bridge_slave_1: entered allmulticast mode [ 124.195934][ T6176] bcachefs (loop2): shutdown complete [ 124.210801][ T6155] bridge_slave_1: entered promiscuous mode [ 124.232306][ T6006] veth0_vlan: entered promiscuous mode [ 124.269872][ T12] hsr_slave_0: left promiscuous mode [ 124.277544][ T12] hsr_slave_1: left promiscuous mode [ 124.284462][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 124.292285][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 124.292935][ T6225] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 124.331798][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 124.359441][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 124.420813][ T12] veth1_macvtap: left promiscuous mode [ 124.442226][ T12] veth0_macvtap: left promiscuous mode [ 124.464042][ T12] veth1_vlan: left promiscuous mode [ 124.476728][ T12] veth0_vlan: left promiscuous mode [ 124.526422][ T5832] ocfs2: Unmounting device (7,0) on (node local) [ 124.982975][ T6234] loop4: detected capacity change from 0 to 32768 [ 125.035358][ T6234] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.45 (6234) [ 125.131902][ T6234] BTRFS info (device loop4): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 125.155900][ T6234] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 125.175803][ T6234] BTRFS info (device loop4): disk space caching is enabled [ 125.195560][ T6234] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 125.256423][ T51] Bluetooth: hci5: command tx timeout [ 125.429293][ T6234] BTRFS info (device loop4): rebuilding free space tree [ 125.488263][ T6234] BTRFS info (device loop4): disabling free space tree [ 125.495242][ T6234] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 125.529500][ T6234] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 125.541349][ T6240] loop0: detected capacity change from 0 to 32768 [ 125.555241][ T6240] btrfs: Deprecated parameter 'usebackuproot' [ 125.562548][ T6240] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 125.618437][ T6240] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.47 (6240) [ 125.710063][ T6240] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 125.732384][ T6240] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 125.736328][ T6176] bcachefs: bch2_fs_get_tree() error: ENOMEM_fs_other_alloc [ 125.765603][ T6240] BTRFS info (device loop0): using free-space-tree [ 125.772881][ T6234] BTRFS info (device loop4): balance: start -d -m [ 125.836730][ T6234] BTRFS info (device loop4): relocating block group 6881280 flags data|metadata [ 125.995360][ T3442] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0 [ 126.034773][ T6240] BTRFS warning (device loop0): couldn't read tree root [ 126.074872][ T6234] BTRFS info (device loop4): relocating block group 5242880 flags data|metadata [ 126.086122][ T6240] BTRFS warning (device loop0): try to load backup roots slot 1 [ 126.108470][ T3494] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0 [ 126.159965][ T6240] BTRFS warning (device loop0): couldn't read tree root [ 126.180202][ T6240] BTRFS warning (device loop0): try to load backup roots slot 2 [ 126.188677][ T6234] BTRFS info (device loop4): balance: canceled [ 126.212370][ T3494] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 126.227672][ T12] team0 (unregistering): Port device team_slave_1 removed [ 126.266992][ T6240] BTRFS warning (device loop0): couldn't read tree root [ 126.274624][ T6240] BTRFS warning (device loop0): try to load backup roots slot 3 [ 126.294620][ T6275] loop2: detected capacity change from 0 to 512 [ 126.313747][ T5828] BTRFS info (device loop4): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 126.338760][ T6275] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 126.362151][ T6275] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 126.373240][ T6240] BTRFS info (device loop0): rebuilding free space tree [ 126.394583][ T12] team0 (unregistering): Port device team_slave_0 removed [ 126.420576][ T6275] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 126.452265][ T6275] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 126.492167][ T6275] System zones: 0-2, 18-18, 34-34 [ 126.498254][ T6240] BTRFS info (device loop0): checking UUID tree [ 126.538523][ T6275] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.49: iget: bad i_size value: 360287970189639680 [ 126.602776][ T6275] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.49: couldn't read orphan inode 15 (err -117) [ 126.681062][ T6275] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.760747][ T6275] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.49: iget: bad i_size value: 360287970189639680 [ 126.810464][ T6282] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.49: iget: bad i_size value: 360287970189639680 [ 126.849172][ T6275] EXT4-fs error (device loop2): ext4_lookup:1787: inode #15: comm syz.2.49: iget: bad i_size value: 360287970189639680 [ 126.906373][ T5832] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 127.038902][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.336609][ T51] Bluetooth: hci5: command tx timeout [ 127.744509][ T6284] loop4: detected capacity change from 0 to 40427 [ 127.773371][ T6284] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 127.796365][ T6284] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 128.116049][ T6284] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 128.123185][ T6284] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 128.217012][ T6284] syz.4.50: attempt to access beyond end of device [ 128.217012][ T6284] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 128.268426][ T6286] loop2: detected capacity change from 0 to 32768 [ 128.276619][ T6291] f2fs_ckpt-7:4: attempt to access beyond end of device [ 128.276619][ T6291] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 128.339058][ T6291] CPU: 0 UID: 0 PID: 6291 Comm: f2fs_ckpt-7:4 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 128.339091][ T6291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 128.339105][ T6291] Call Trace: [ 128.339114][ T6291] [ 128.339123][ T6291] dump_stack_lvl+0x189/0x250 [ 128.339165][ T6291] ? __pfx_dump_stack_lvl+0x10/0x10 [ 128.339193][ T6291] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 128.339235][ T6291] ? __pfx_queue_work_on+0x10/0x10 [ 128.339269][ T6291] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 128.339298][ T6291] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 128.339329][ T6291] ? f2fs_hw_is_readonly+0x39b/0x470 [ 128.339365][ T6291] f2fs_handle_critical_error+0x37c/0x540 [ 128.339403][ T6291] f2fs_write_end_io+0x495/0x810 [ 128.339422][ T6291] ? blkg_put+0x22/0x240 [ 128.339461][ T6291] __submit_merged_bio+0x27a/0x6a0 [ 128.339490][ T6291] ? up_write+0x1c4/0x420 [ 128.339516][ T6291] __submit_merged_write_cond+0x44c/0x530 [ 128.339554][ T6291] f2fs_sync_node_pages+0x1871/0x1a10 [ 128.339608][ T6291] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 128.339668][ T6291] ? f2fs_write_checkpoint+0xe33/0x1de0 [ 128.339695][ T6291] ? up_write+0x1c4/0x420 [ 128.339711][ T6291] ? do_raw_spin_unlock+0x122/0x240 [ 128.339740][ T6291] f2fs_write_checkpoint+0xe5f/0x1de0 [ 128.339789][ T6291] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 128.339857][ T6291] ? __pfx_down_write+0x10/0x10 [ 128.339879][ T6291] ? __pfx___schedule+0x10/0x10 [ 128.339917][ T6291] __checkpoint_and_complete_reqs+0xd9/0x3b0 [ 128.339946][ T6291] ? __pfx___checkpoint_and_complete_reqs+0x10/0x10 [ 128.339987][ T6291] issue_checkpoint_thread+0xd9/0x260 [ 128.340014][ T6291] ? __pfx_issue_checkpoint_thread+0x10/0x10 [ 128.340036][ T6291] ? __pfx_autoremove_wake_function+0x10/0x10 [ 128.340060][ T6291] ? __kthread_parkme+0x7b/0x200 [ 128.340091][ T6291] ? __kthread_parkme+0x1a1/0x200 [ 128.340129][ T6291] kthread+0x70e/0x8a0 [ 128.340154][ T6291] ? __pfx_issue_checkpoint_thread+0x10/0x10 [ 128.340176][ T6291] ? __pfx_kthread+0x10/0x10 [ 128.340199][ T6291] ? _raw_spin_unlock_irq+0x23/0x50 [ 128.340235][ T6291] ? lockdep_hardirqs_on+0x9c/0x150 [ 128.340263][ T6291] ? __pfx_kthread+0x10/0x10 [ 128.340286][ T6291] ret_from_fork+0x3fc/0x770 [ 128.340319][ T6291] ? __pfx_ret_from_fork+0x10/0x10 [ 128.340356][ T6291] ? __switch_to_asm+0x39/0x70 [ 128.340376][ T6291] ? __switch_to_asm+0x33/0x70 [ 128.340395][ T6291] ? __pfx_kthread+0x10/0x10 [ 128.340419][ T6291] ret_from_fork_asm+0x1a/0x30 [ 128.340460][ T6291] [ 128.340467][ T6291] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 128.608720][ T6286] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 128.620167][ T6290] loop0: detected capacity change from 0 to 40427 [ 128.631792][ T6290] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 128.655838][ T6290] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 128.695924][ T6290] F2FS-fs (loop0): heap/no_heap options were deprecated [ 128.716700][ T6284] syz.4.50 (6284): drop_caches: 2 [ 128.787334][ T6290] F2FS-fs (loop0): invalid crc value [ 128.841639][ T6286] XFS (loop2): Ending clean mount [ 129.003242][ T6155] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.075862][ T5827] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 129.092070][ T6155] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.236278][ T6290] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 129.243413][ T6290] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 129.382738][ T6290] syz.0.53: attempt to access beyond end of device [ 129.382738][ T6290] loop0: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 129.430030][ T6006] veth1_vlan: entered promiscuous mode [ 129.458452][ T6290] CPU: 1 UID: 0 PID: 6290 Comm: syz.0.53 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 129.458482][ T6290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.458495][ T6290] Call Trace: [ 129.458504][ T6290] [ 129.458513][ T6290] dump_stack_lvl+0x189/0x250 [ 129.458553][ T6290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.458580][ T6290] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 129.458609][ T6290] ? __pfx_queue_work_on+0x10/0x10 [ 129.458641][ T6290] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 129.458667][ T6290] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 129.458695][ T6290] ? f2fs_hw_is_readonly+0x39b/0x470 [ 129.458729][ T6290] f2fs_handle_critical_error+0x37c/0x540 [ 129.458765][ T6290] f2fs_write_end_io+0x495/0x810 [ 129.458783][ T6290] ? blkg_put+0x22/0x240 [ 129.458821][ T6290] __submit_merged_bio+0x27a/0x6a0 [ 129.458855][ T6290] f2fs_submit_page_write+0xba9/0x20c0 [ 129.458916][ T6290] do_write_page+0x63c/0x990 [ 129.458946][ T6290] f2fs_outplace_write_data+0x11a/0x220 [ 129.458974][ T6290] f2fs_do_write_data_page+0x12ea/0x1a40 [ 129.459014][ T6290] ? f2fs_write_single_data_page+0x9f1/0x1680 [ 129.459043][ T6290] ? css_rstat_updated+0x1a5/0xca0 [ 129.459074][ T6290] ? __pfx_f2fs_do_write_data_page+0x10/0x10 [ 129.459108][ T6290] ? __pfx_css_rstat_updated+0x10/0x10 [ 129.459138][ T6290] ? __lock_acquire+0xab9/0xd20 [ 129.459178][ T6290] f2fs_write_single_data_page+0x9f1/0x1680 [ 129.459228][ T6290] ? __pfx_f2fs_write_single_data_page+0x10/0x10 [ 129.459273][ T6290] ? __pfx_folios_put_refs+0x10/0x10 [ 129.459299][ T6290] ? mlock_drain_local+0x79/0x490 [ 129.459328][ T6290] ? mlock_drain_local+0x28e/0x490 [ 129.459376][ T6290] f2fs_write_data_pages+0x195b/0x3000 [ 129.459448][ T6290] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 129.459559][ T6290] ? __lock_acquire+0xab9/0xd20 [ 129.459596][ T6290] ? do_raw_spin_lock+0x121/0x290 [ 129.459630][ T6290] ? do_raw_spin_unlock+0x122/0x240 [ 129.459653][ T6290] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 129.459684][ T6290] do_writepages+0x32b/0x550 [ 129.459729][ T6290] ? do_raw_spin_unlock+0x122/0x240 [ 129.459755][ T6290] filemap_write_and_wait_range+0x217/0x310 [ 129.459780][ T6290] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 129.459841][ T6290] ? __pfx_down_write+0x10/0x10 [ 129.459867][ T6290] ? up_write+0x1c4/0x420 [ 129.459894][ T6290] f2fs_collapse_range+0x2ff/0x390 [ 129.459932][ T6290] f2fs_fallocate+0x55d/0x990 [ 129.459966][ T6290] vfs_fallocate+0x6a0/0x830 [ 129.459992][ T6290] ? __fget_files+0x2a/0x420 [ 129.460026][ T6290] ? __pfx_vfs_fallocate+0x10/0x10 [ 129.460050][ T6290] ? __fget_files+0x2a/0x420 [ 129.460088][ T6290] __x64_sys_fallocate+0xc0/0x110 [ 129.460123][ T6290] do_syscall_64+0xfa/0x3b0 [ 129.460142][ T6290] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.460175][ T6290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.460198][ T6290] ? clear_bhb_loop+0x60/0xb0 [ 129.460225][ T6290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.460246][ T6290] RIP: 0033:0x7fbc38b8e929 [ 129.460266][ T6290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.460283][ T6290] RSP: 002b:00007fbc39ab1038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 129.460304][ T6290] RAX: ffffffffffffffda RBX: 00007fbc38db5fa0 RCX: 00007fbc38b8e929 [ 129.460320][ T6290] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000004 [ 129.460331][ T6290] RBP: 00007fbc38c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 129.460344][ T6290] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000 [ 129.460366][ T6290] R13: 0000000000000000 R14: 00007fbc38db5fa0 R15: 00007ffcbe99ba28 [ 129.460402][ T6290] [ 129.954339][ T6317] loop4: detected capacity change from 0 to 1024 [ 129.966655][ T6290] F2FS-fs (loop0): Remounting filesystem read-only [ 129.972515][ T6317] EXT4-fs: Ignoring removed oldalloc option [ 129.973552][ T6290] syz.0.53: attempt to access beyond end of device [ 129.973552][ T6290] loop0: rw=2049, sector=53272, nr_sectors = 8 limit=40427 [ 129.996657][ T6290] CPU: 1 UID: 0 PID: 6290 Comm: syz.0.53 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 129.996688][ T6290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 129.996703][ T6290] Call Trace: [ 129.996712][ T6290] [ 129.996721][ T6290] dump_stack_lvl+0x189/0x250 [ 129.996765][ T6290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 129.996796][ T6290] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 129.996828][ T6290] ? __pfx_queue_work_on+0x10/0x10 [ 129.996865][ T6290] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 129.996896][ T6290] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 129.996929][ T6290] ? f2fs_hw_is_readonly+0x39b/0x470 [ 129.996966][ T6290] f2fs_handle_critical_error+0x37c/0x540 [ 129.997007][ T6290] f2fs_write_end_io+0x495/0x810 [ 129.997028][ T6290] ? blkg_put+0x22/0x240 [ 129.997085][ T6290] __submit_merged_bio+0x27a/0x6a0 [ 129.997116][ T6290] ? up_write+0x1c4/0x420 [ 129.997146][ T6290] __submit_merged_write_cond+0x44c/0x530 [ 129.997188][ T6290] f2fs_write_single_data_page+0x119f/0x1680 [ 129.997246][ T6290] ? __pfx_f2fs_write_single_data_page+0x10/0x10 [ 129.997300][ T6290] ? __pfx_folios_put_refs+0x10/0x10 [ 129.997327][ T6290] ? mlock_drain_local+0x79/0x490 [ 129.997359][ T6290] ? mlock_drain_local+0x28e/0x490 [ 129.997397][ T6290] f2fs_write_data_pages+0x195b/0x3000 [ 129.997479][ T6290] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 129.997609][ T6290] ? __lock_acquire+0xab9/0xd20 [ 129.997650][ T6290] ? do_raw_spin_lock+0x121/0x290 [ 129.997690][ T6290] ? do_raw_spin_unlock+0x122/0x240 [ 129.997715][ T6290] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 129.997751][ T6290] do_writepages+0x32b/0x550 [ 129.997798][ T6290] ? do_raw_spin_unlock+0x122/0x240 [ 129.997828][ T6290] filemap_write_and_wait_range+0x217/0x310 [ 129.997856][ T6290] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 129.997934][ T6290] ? __pfx_down_write+0x10/0x10 [ 129.997963][ T6290] ? up_write+0x1c4/0x420 [ 129.997992][ T6290] f2fs_collapse_range+0x2ff/0x390 [ 129.998044][ T6290] f2fs_fallocate+0x55d/0x990 [ 129.998083][ T6290] vfs_fallocate+0x6a0/0x830 [ 129.998109][ T6290] ? __fget_files+0x2a/0x420 [ 129.998146][ T6290] ? __pfx_vfs_fallocate+0x10/0x10 [ 129.998171][ T6290] ? __fget_files+0x2a/0x420 [ 129.998212][ T6290] __x64_sys_fallocate+0xc0/0x110 [ 129.998246][ T6290] do_syscall_64+0xfa/0x3b0 [ 129.998265][ T6290] ? lockdep_hardirqs_on+0x9c/0x150 [ 129.998299][ T6290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.998321][ T6290] ? clear_bhb_loop+0x60/0xb0 [ 129.998350][ T6290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 129.998370][ T6290] RIP: 0033:0x7fbc38b8e929 [ 129.998391][ T6290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 129.998410][ T6290] RSP: 002b:00007fbc39ab1038 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 129.998433][ T6290] RAX: ffffffffffffffda RBX: 00007fbc38db5fa0 RCX: 00007fbc38b8e929 [ 129.998450][ T6290] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000004 [ 129.998463][ T6290] RBP: 00007fbc38c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 129.998476][ T6290] R10: 0000000000002000 R11: 0000000000000246 R12: 0000000000000000 [ 129.998490][ T6290] R13: 0000000000000000 R14: 00007fbc38db5fa0 R15: 00007ffcbe99ba28 [ 129.998530][ T6290] [ 129.998540][ T6290] F2FS-fs (loop0): Remounting filesystem read-only [ 130.044983][ T6317] EXT4-fs: Ignoring removed orlov option [ 130.358137][ T6155] team0: Port device team_slave_0 added [ 130.395407][ T6155] team0: Port device team_slave_1 added [ 130.428959][ T176] page: refcount:3 mapcount:0 mapping:ffff8880554b6d60 index:0xb pfn:0x582be [ 130.457925][ T6317] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 130.465894][ T176] memcg:ffff888027e20000 [ 130.472144][ T176] aops:f2fs_node_aops ino:1 [ 130.502915][ T176] flags: 0xfff0000000403c(referenced|uptodate|dirty|lru|private|node=0|zone=1|lastcpupid=0x7ff) [ 130.535073][ T176] raw: 00fff0000000403c ffffea000148ec08 ffffea00015e9388 ffff8880554b6d60 [ 130.558885][ T176] raw: 000000000000000b 0000000000000009 00000003ffffffff ffff888027e20000 [ 130.584158][ T176] page dumped because: VM_BUG_ON_FOLIO(!folio_test_locked(folio)) [ 130.586650][ T6317] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 130.598349][ T176] page_owner tracks the page as allocated [ 130.619078][ T176] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x40c40(GFP_NOFS|__GFP_COMP), pid 6290, tgid 6289 (syz.0.53), ts 129353570562, free_ts 129326337587 [ 130.637274][ T176] post_alloc_hook+0x240/0x2a0 [ 130.642128][ T176] get_page_from_freelist+0x21d5/0x22b0 [ 130.648229][ T176] __alloc_frozen_pages_noprof+0x181/0x370 [ 130.654210][ T176] alloc_pages_mpol+0x232/0x4a0 [ 130.659192][ T176] alloc_pages_noprof+0xa9/0x190 [ 130.664195][ T176] folio_alloc_noprof+0x1e/0x30 [ 130.669174][ T176] filemap_alloc_folio_noprof+0xdf/0x470 [ 130.674859][ T176] __filemap_get_folio+0x3f2/0xaf0 [ 130.680286][ T176] f2fs_new_node_folio+0x131/0xa40 [ 130.685458][ T176] f2fs_get_dnode_of_data+0x7d3/0x1b50 [ 130.691043][ T176] f2fs_reserve_block+0x53/0x310 [ 130.696103][ T176] f2fs_get_new_data_folio+0x138/0x870 [ 130.701621][ T176] f2fs_add_regular_entry+0x5a3/0xc10 [ 130.707777][ T176] f2fs_add_dentry+0xda/0x1d0 [ 130.712526][ T176] f2fs_do_add_link+0x20f/0x3b0 [ 130.717485][ T176] f2fs_create+0x337/0x5c0 [ 130.721967][ T176] page last free pid 23 tgid 23 stack trace: [ 130.728085][ T176] __free_frozen_pages+0xc65/0xe60 [ 130.733283][ T176] __tlb_remove_table+0x2d2/0x3b0 [ 130.738439][ T176] tlb_remove_table_rcu+0x85/0x100 [ 130.743612][ T176] rcu_core+0xca8/0x1710 [ 130.747979][ T176] handle_softirqs+0x286/0x870 [ 130.752798][ T176] run_ksoftirqd+0x9b/0x100 [ 130.757407][ T176] smpboot_thread_fn+0x53f/0xa60 [ 130.772115][ T176] kthread+0x70e/0x8a0 [ 130.785982][ T176] ret_from_fork+0x3fc/0x770 [ 130.790677][ T176] ret_from_fork_asm+0x1a/0x30 [ 130.808249][ T6155] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 130.824653][ T5828] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 130.836257][ T6155] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 130.863773][ T176] ------------[ cut here ]------------ [ 130.869387][ T176] kernel BUG at mm/filemap.c:1498! [ 130.884544][ T176] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 130.890863][ T176] CPU: 0 UID: 0 PID: 176 Comm: kworker/u8:5 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) [ 130.901209][ T176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 130.911289][ T176] Workqueue: writeback wb_workfn (flush-7:0) [ 130.917316][ T176] RIP: 0010:folio_unlock+0x13d/0x160 [ 130.922622][ T176] Code: de c8 ff 48 89 df 48 c7 c6 60 36 94 8b e8 cb 6d 0e 00 90 0f 0b e8 13 de c8 ff 48 89 df 48 c7 c6 80 2c 94 8b e8 b4 6d 0e 00 90 <0f> 0b e8 fc dd c8 ff 48 89 df 48 c7 c6 60 36 94 8b e8 9d 6d 0e 00 [ 130.942435][ T176] RSP: 0018:ffffc90002fe6e28 EFLAGS: 00010246 [ 130.948527][ T176] RAX: d83dacc2bfb38200 RBX: ffffea000160af80 RCX: 0000000000000000 [ 130.956524][ T176] RDX: 0000000000000006 RSI: ffffffff8d96d7bc RDI: 00000000ffffffff [ 130.964524][ T176] RBP: ffffc90002fe7110 R08: ffffffff8f9fdef7 R09: 1ffffffff1f3fbde [ 130.972531][ T176] R10: dffffc0000000000 R11: fffffbfff1f3fbdf R12: 1ffffd40002c15f1 [ 130.980528][ T176] R13: 00fff0000000403c R14: ffffea000160af88 R15: dffffc0000000000 [ 130.988516][ T176] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 130.997462][ T176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.004066][ T176] CR2: 00007f4bc4ae56c0 CR3: 0000000072e38000 CR4: 00000000003526f0 [ 131.012053][ T176] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 131.020054][ T176] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 131.028137][ T176] Call Trace: [ 131.031430][ T176] [ 131.034375][ T176] f2fs_sync_node_pages+0x180a/0x1a10 [ 131.039781][ T176] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 131.045545][ T176] ? __percpu_counter_sum+0x1c2/0x1e0 [ 131.050953][ T176] ? rcu_is_watching+0x15/0xb0 [ 131.055747][ T176] ? blk_start_plug+0x52/0x1b0 [ 131.060541][ T176] f2fs_write_node_pages+0x303/0x6e0 [ 131.065847][ T176] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 131.071673][ T176] ? __lock_acquire+0xab9/0xd20 [ 131.076545][ T176] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 131.082377][ T176] do_writepages+0x32b/0x550 [ 131.086992][ T176] ? reacquire_held_locks+0x127/0x1d0 [ 131.092395][ T176] ? writeback_sb_inodes+0x372/0x1000 [ 131.097786][ T176] __writeback_single_inode+0x145/0xff0 [ 131.103347][ T176] ? do_raw_spin_unlock+0x122/0x240 [ 131.108591][ T176] writeback_sb_inodes+0x6b5/0x1000 [ 131.113834][ T176] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 131.119523][ T176] ? rcu_is_watching+0x15/0xb0 [ 131.124411][ T176] wb_writeback+0x43b/0xaf0 [ 131.128980][ T176] ? queue_io+0x351/0x590 [ 131.133331][ T176] ? __pfx_wb_writeback+0x10/0x10 [ 131.138377][ T176] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.143602][ T176] wb_workfn+0x409/0xef0 [ 131.147908][ T176] ? __pfx_wb_workfn+0x10/0x10 [ 131.153134][ T176] ? __lock_acquire+0xab9/0xd20 [ 131.158015][ T176] ? process_scheduled_works+0x9ef/0x17b0 [ 131.163758][ T176] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.169012][ T176] ? process_scheduled_works+0x9ef/0x17b0 [ 131.174777][ T176] ? process_scheduled_works+0x9ef/0x17b0 [ 131.180532][ T176] process_scheduled_works+0xade/0x17b0 [ 131.186120][ T176] ? __pfx_process_scheduled_works+0x10/0x10 [ 131.192134][ T176] worker_thread+0x8a0/0xda0 [ 131.196752][ T176] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 131.203105][ T176] ? __kthread_parkme+0x7b/0x200 [ 131.208069][ T176] kthread+0x70e/0x8a0 [ 131.212154][ T176] ? __pfx_worker_thread+0x10/0x10 [ 131.217291][ T176] ? __pfx_kthread+0x10/0x10 [ 131.221900][ T176] ? _raw_spin_unlock_irq+0x23/0x50 [ 131.227125][ T176] ? lockdep_hardirqs_on+0x9c/0x150 [ 131.232347][ T176] ? __pfx_kthread+0x10/0x10 [ 131.236958][ T176] ret_from_fork+0x3fc/0x770 [ 131.241567][ T176] ? __pfx_ret_from_fork+0x10/0x10 [ 131.246702][ T176] ? __switch_to_asm+0x39/0x70 [ 131.251487][ T176] ? __switch_to_asm+0x33/0x70 [ 131.256353][ T176] ? __pfx_kthread+0x10/0x10 [ 131.260987][ T176] ret_from_fork_asm+0x1a/0x30 [ 131.265793][ T176] [ 131.268832][ T176] Modules linked in: [ 131.275047][ T176] ---[ end trace 0000000000000000 ]--- [ 131.288535][ T176] RIP: 0010:folio_unlock+0x13d/0x160 [ 131.293690][ T6155] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 131.293919][ T176] Code: de c8 ff 48 89 df 48 c7 c6 60 36 94 8b e8 cb 6d 0e 00 90 0f 0b e8 13 de c8 ff 48 89 df 48 c7 c6 80 2c 94 8b e8 b4 6d 0e 00 90 <0f> 0b e8 fc dd c8 ff 48 89 df 48 c7 c6 60 36 94 8b e8 9d 6d 0e 00 [ 131.325780][ T176] RSP: 0018:ffffc90002fe6e28 EFLAGS: 00010246 [ 131.331933][ T176] RAX: d83dacc2bfb38200 RBX: ffffea000160af80 RCX: 0000000000000000 [ 131.340115][ T176] RDX: 0000000000000006 RSI: ffffffff8d96d7bc RDI: 00000000ffffffff [ 131.348173][ T176] RBP: ffffc90002fe7110 R08: ffffffff8f9fdef7 R09: 1ffffffff1f3fbde [ 131.356220][ T176] R10: dffffc0000000000 R11: fffffbfff1f3fbdf R12: 1ffffd40002c15f1 [ 131.364247][ T176] R13: 00fff0000000403c R14: ffffea000160af88 R15: dffffc0000000000 [ 131.372308][ T176] FS: 0000000000000000(0000) GS:ffff888125c86000(0000) knlGS:0000000000000000 [ 131.381413][ T176] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 131.382436][ T6006] veth0_macvtap: entered promiscuous mode [ 131.397645][ T6006] veth1_macvtap: entered promiscuous mode [ 131.411774][ T176] CR2: 000055558b2c7808 CR3: 0000000072e38000 CR4: 00000000003526f0 [ 131.423434][ T6155] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 131.431893][ T6155] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 131.458229][ T176] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 131.472800][ T176] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 131.485833][ T6155] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 131.499125][ T176] Kernel panic - not syncing: Fatal exception [ 131.505693][ T176] Kernel Offset: disabled [ 131.510051][ T176] Rebooting in 86400 seconds..