last executing test programs: 14.936391321s ago: executing program 0 (id=275): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="540000001000010029bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="5cd2220000000000140003006e657464657673696d300000000000001800168014000180"], 0x54}, 0x1, 0x0, 0x0, 0x1}, 0x40) sendto$inet6(r0, &(0x7f0000000080)="fb", 0x1, 0x4000001, 0x0, 0x0) 14.019163476s ago: executing program 0 (id=280): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e9b5b0007e03dd65193dfb6c575963f6558", 0x12}, {&(0x7f00000001c0)="d4523df4cecbddaa28d0306cd6ca", 0xe}], 0x2) 12.921379955s ago: executing program 0 (id=285): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_setup(0xbc3, &(0x7f0000000180)={0x0, 0x1064, 0x0, 0x0, 0x271}, 0x0, 0x0) epoll_create1(0x80000) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x92) mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x8, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x8, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180)) 12.037655414s ago: executing program 0 (id=290): syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) syz_emit_vhci(&(0x7f00000020c0)=ANY=[@ANYBLOB="02c92012000e00050000020a000a0001000e0006000004"], 0x17) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x50, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x24, 0xfc, 0x0, 0x1, [@nested={0x20, 0x8, 0x0, 0x1, [@typed={0xe, 0x131, 0x0, 0x0, @str='*\'&-.+*{.\x00'}, @nested={0xc, 0xa7, 0x0, 0x1, [@typed={0x8, 0x14d, 0x0, 0x0, @uid}]}]}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x4, 0x2}, @typed={0x8, 0x5, 0x0, 0x0, @u32=0x9}]}, 0x50}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) 11.347003087s ago: executing program 0 (id=293): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1003}], 0x0, 0x0, 0x0}) 10.657384642s ago: executing program 0 (id=296): r0 = epoll_create1(0x80000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x4e24, @local}, 0x10) r3 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x3, 0x312}, &(0x7f0000000200)=0x0, &(0x7f0000000300)=0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r6, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x60, 0x185100}) io_uring_enter(r3, 0x7277, 0x0, 0x28, 0x0, 0x0) 7.828811363s ago: executing program 4 (id=308): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 6.640701305s ago: executing program 4 (id=313): mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) mknod$loop(&(0x7f00000002c0)='./file0/../file0/file0\x00', 0xffff8000, 0x0) 5.126878401s ago: executing program 2 (id=317): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xd3a, 0x2c, 0x2, 0x76, 0x7, 0x6a, 0x4, 0x8, 0x80000000}}}}]}, 0x58}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}}}, 0x24}}, 0x0) 4.924952638s ago: executing program 4 (id=318): r0 = socket(0x10, 0x80002, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000005400e5012abd7000ffffffff07000000", @ANYRES32=r2, @ANYBLOB="20000100", @ANYRES32=r4, @ANYBLOB="01010300ff3e"], 0x38}, 0x1, 0x0, 0x0, 0x2800}, 0x40084c0) sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0) 4.373017559s ago: executing program 3 (id=320): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000180)=0x7ff, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) r1 = socket$kcm(0x2b, 0x1, 0x0) sendmsg$inet(r1, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc) close(r1) 4.351047234s ago: executing program 2 (id=321): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0) socket$unix(0x1, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@deltfilter={0x24, 0x2d, 0x1, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xb, 0x19}, {0x1, 0xfff1}, {0x3, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x800) 3.966195721s ago: executing program 1 (id=322): r0 = gettid() r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x1, 0x8801) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000000400)={{0x1, 0x3, 0xfffffffa, 0x2, 'syz0\x00', 0xc522}, 0x2, 0x200, 0x3, r0, 0x0, 0x0, 'syz0\x00', 0x0}) 3.790726021s ago: executing program 3 (id=323): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r0, 0xffffffffffffffff, 0x0) 3.787369916s ago: executing program 2 (id=324): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0xa, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0xd000}) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0f7f"], 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3.676727723s ago: executing program 4 (id=325): write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000005c0)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x5a}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f900f5", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@fastopen={0x1e, 0x3, 'q'}]}}}}}}}}, 0x0) 3.264048468s ago: executing program 1 (id=326): r0 = socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10) 3.118755564s ago: executing program 3 (id=327): openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x7, 0x100000000, 0x0, 0x85, 0x100000, 0x0, 0x2004c8, 0x1, 0x0, 0x1, 0xf012, 0x0, 0x0, 0x0, 0x2, 0x5da], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.906191648s ago: executing program 2 (id=328): mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020}, 0x2020) mknod$loop(&(0x7f00000002c0)='./file0/../file0/file0\x00', 0xffff8000, 0x0) 2.624126647s ago: executing program 4 (id=329): openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x41, 0x90) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0xa0031718561b10dc}}, 0x50) utimensat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x100) 2.623890675s ago: executing program 1 (id=330): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x0, 0x0, 0x40300, 0x0, 0x54}, 0x9c) 2.081878336s ago: executing program 3 (id=331): socket$netlink(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newqdisc={0x58, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xd3a, 0x2c, 0x2, 0x76, 0x7, 0x6a, 0x4, 0x8, 0x80000000}}}}]}, 0x58}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=@gettclass={0x24, 0x2a, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}}}, 0x24}}, 0x0) 2.020135969s ago: executing program 1 (id=332): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1003}], 0x0, 0x0, 0x0}) 1.516705371s ago: executing program 2 (id=333): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"}) r1 = syz_open_pts(r0, 0x0) dup3(r1, r0, 0x0) ppoll(&(0x7f0000000140)=[{r0}], 0x1, 0x0, 0x0, 0x0) 1.327716931s ago: executing program 3 (id=334): sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, 0x0, 0x0, 0x1f00c00e}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) fsetxattr$security_ima(r2, 0x0, &(0x7f0000000140)=@v2={0x5, 0x1, 0x4, 0x1, 0x40, "6d0c0e7d6e1140e8995145199c2f3e09fc81ec72042688545110ad4815b4b11e9501d0eaefc732109764942e4f90f20e719da9a3640b2586aee280ee1792442f"}, 0x49, 0x2) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.164140965s ago: executing program 1 (id=335): dup(0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_emit_ethernet(0x4a, &(0x7f0000000600)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2a}, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x10, 0x11, 0xff, @remote, @local, {[], {0x0, 0xe22, 0x10, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}}}}}}}}, 0x0) 676.554521ms ago: executing program 4 (id=336): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in6={{0xa, 0x4e20, 0x6, @empty, 0x4}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 458.789175ms ago: executing program 1 (id=337): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="7105020602020181bf079fcc5729e9229f070602"], 0x14) 111.362162ms ago: executing program 2 (id=338): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, 0x0, 0x4000000) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000000)={0x0, 0x21, &(0x7f0000000440)={&(0x7f0000000480)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002000000140001800500020001"], 0x28}, 0x1, 0x0, 0x0, 0x20044811}, 0x2000c094) 0s ago: executing program 3 (id=339): syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000380), 0x3, 0xbc01) r2 = openat2(r1, 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$GTP_CMD_NEWPDP(r3, 0x0, 0x0) sendmsg$GTP_CMD_DELPDP(r2, 0x0, 0x4044081) r4 = userfaultfd(0x801) setreuid(0xee00, 0x0) r5 = getuid() setreuid(0xee00, r5) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, 0x0) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, 0x0) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = syz_pidfd_open(r6, 0x0) ioctl$EXT4_IOC_MIGRATE(r7, 0xff08) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, r8) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r1, 0x80dc5521, &(0x7f0000000580)=""/142) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 142.005891][ T5462] 8021q: adding VLAN 0 to HW filter on device bond0 [ 142.058708][ T5462] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.57' (ED25519) to the list of known hosts. syzkaller login: [ 192.512466][ T5793] cgroup: Unknown subsys name 'net' [ 192.645067][ T5793] cgroup: Unknown subsys name 'cpuset' [ 192.671588][ T5793] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 198.959801][ T5793] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 203.415840][ T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 203.424997][ T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 203.435292][ T5813] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 203.443477][ T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 203.453602][ T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 203.481786][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 203.495592][ T5815] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 203.506822][ T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 203.513961][ T5815] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 203.518044][ T5815] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 203.522462][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 203.543701][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 203.553234][ T5815] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 203.565697][ T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 203.583032][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 203.594433][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 203.613335][ T5820] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 203.614564][ T5108] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 203.631949][ T5813] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 203.644378][ T5108] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 203.658382][ T5813] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 203.668614][ T5813] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 203.692896][ T5820] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 203.713579][ T5820] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 203.726492][ T5820] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 204.941979][ T5809] chnl_net:caif_netlink_parms(): no params data found [ 205.487985][ T5810] chnl_net:caif_netlink_parms(): no params data found [ 205.629868][ T5820] Bluetooth: hci0: command tx timeout [ 205.709705][ T5820] Bluetooth: hci1: command tx timeout [ 205.715343][ T5820] Bluetooth: hci2: command tx timeout [ 205.750183][ T5818] chnl_net:caif_netlink_parms(): no params data found [ 205.799688][ T5820] Bluetooth: hci4: command tx timeout [ 205.869541][ T5820] Bluetooth: hci3: command tx timeout [ 206.012840][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.023871][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.031929][ T5809] bridge_slave_0: entered allmulticast mode [ 206.041730][ T5809] bridge_slave_0: entered promiscuous mode [ 206.131311][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.142944][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.151285][ T5809] bridge_slave_1: entered allmulticast mode [ 206.161046][ T5809] bridge_slave_1: entered promiscuous mode [ 206.171605][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 206.380653][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.475593][ T5816] chnl_net:caif_netlink_parms(): no params data found [ 206.521706][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.787481][ T5809] team0: Port device team_slave_0 added [ 206.841834][ T5809] team0: Port device team_slave_1 added [ 207.005929][ T5810] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.013804][ T5810] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.023234][ T5810] bridge_slave_0: entered allmulticast mode [ 207.032880][ T5810] bridge_slave_0: entered promiscuous mode [ 207.149590][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 207.156755][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.183190][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 207.198632][ T5810] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.206635][ T5810] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.214548][ T5810] bridge_slave_1: entered allmulticast mode [ 207.224378][ T5810] bridge_slave_1: entered promiscuous mode [ 207.332972][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 207.340330][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 207.366819][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 207.485399][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.493073][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.500904][ T5818] bridge_slave_0: entered allmulticast mode [ 207.510648][ T5818] bridge_slave_0: entered promiscuous mode [ 207.639732][ T5810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.652322][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.660727][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.668290][ T5818] bridge_slave_1: entered allmulticast mode [ 207.678070][ T5818] bridge_slave_1: entered promiscuous mode [ 207.716378][ T5820] Bluetooth: hci0: command tx timeout [ 207.731430][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.739175][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.746726][ T5822] bridge_slave_0: entered allmulticast mode [ 207.756585][ T5822] bridge_slave_0: entered promiscuous mode [ 207.772208][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.781374][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.789326][ T5820] Bluetooth: hci2: command tx timeout [ 207.789420][ T5822] bridge_slave_1: entered allmulticast mode [ 207.794888][ T5820] Bluetooth: hci1: command tx timeout [ 207.805044][ T5822] bridge_slave_1: entered promiscuous mode [ 207.829419][ T5810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.874401][ T5815] Bluetooth: hci4: command tx timeout [ 207.949237][ T5815] Bluetooth: hci3: command tx timeout [ 208.217507][ T5816] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.225437][ T5816] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.233244][ T5816] bridge_slave_0: entered allmulticast mode [ 208.243027][ T5816] bridge_slave_0: entered promiscuous mode [ 208.339384][ T5810] team0: Port device team_slave_0 added [ 208.357002][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.368025][ T5816] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.375845][ T5816] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.383668][ T5816] bridge_slave_1: entered allmulticast mode [ 208.393442][ T5816] bridge_slave_1: entered promiscuous mode [ 208.416981][ T5809] hsr_slave_0: entered promiscuous mode [ 208.426222][ T5809] hsr_slave_1: entered promiscuous mode [ 208.446983][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.469528][ T5810] team0: Port device team_slave_1 added [ 208.485841][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.542597][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.712175][ T5816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.873382][ T5816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.910204][ T5822] team0: Port device team_slave_0 added [ 208.920906][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 208.928149][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 208.955913][ T5810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 208.975856][ T5818] team0: Port device team_slave_0 added [ 208.985681][ T5810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 208.993120][ T5810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.019548][ T5810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.107369][ T5822] team0: Port device team_slave_1 added [ 209.162423][ T5818] team0: Port device team_slave_1 added [ 209.357347][ T5816] team0: Port device team_slave_0 added [ 209.380476][ T5816] team0: Port device team_slave_1 added [ 209.453121][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.461274][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.487794][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.582059][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.589322][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.615616][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.646458][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.653941][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.680298][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.779203][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 209.786362][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.812732][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 209.820402][ T5815] Bluetooth: hci0: command tx timeout [ 209.873091][ T5815] Bluetooth: hci1: command tx timeout [ 209.878723][ T5815] Bluetooth: hci2: command tx timeout [ 209.889485][ T5810] hsr_slave_0: entered promiscuous mode [ 209.899578][ T5810] hsr_slave_1: entered promiscuous mode [ 209.908151][ T5810] debugfs: 'hsr0' already exists in 'hsr' [ 209.914158][ T5810] Cannot create hsr debugfs directory [ 209.954762][ T5815] Bluetooth: hci4: command tx timeout [ 209.966466][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.973885][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.000277][ T5816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.047426][ T5815] Bluetooth: hci3: command tx timeout [ 210.122695][ T5816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.130004][ T5816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.157144][ T5816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 210.183336][ T5822] hsr_slave_0: entered promiscuous mode [ 210.193759][ T5822] hsr_slave_1: entered promiscuous mode [ 210.203622][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 210.209774][ T5822] Cannot create hsr debugfs directory [ 210.669314][ T5818] hsr_slave_0: entered promiscuous mode [ 210.678304][ T5818] hsr_slave_1: entered promiscuous mode [ 210.687239][ T5818] debugfs: 'hsr0' already exists in 'hsr' [ 210.693292][ T5818] Cannot create hsr debugfs directory [ 210.764014][ T5816] hsr_slave_0: entered promiscuous mode [ 210.773223][ T5816] hsr_slave_1: entered promiscuous mode [ 210.782089][ T5816] debugfs: 'hsr0' already exists in 'hsr' [ 210.788014][ T5816] Cannot create hsr debugfs directory [ 211.401956][ T5809] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 211.526700][ T5809] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 211.658159][ T5809] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 211.792018][ T5809] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 211.869445][ T5815] Bluetooth: hci0: command tx timeout [ 211.949486][ T5815] Bluetooth: hci2: command tx timeout [ 211.955164][ T5820] Bluetooth: hci1: command tx timeout [ 212.045173][ T5815] Bluetooth: hci4: command tx timeout [ 212.047526][ T5810] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 212.074892][ T5810] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 212.109441][ T5815] Bluetooth: hci3: command tx timeout [ 212.175883][ T5810] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 212.245922][ T5810] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 212.526142][ T5822] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 212.654396][ T5822] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 212.694390][ T5822] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 212.718629][ T5822] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 212.801044][ T5818] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 212.833639][ T5818] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 212.952492][ T5818] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 212.984941][ T5818] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 213.058275][ T5816] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 213.125638][ T5816] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 213.186163][ T5816] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 213.273125][ T5816] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 213.422496][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.665976][ T5809] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.761262][ T3820] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.769107][ T3820] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.845678][ T5810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.886942][ T3820] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.894626][ T3820] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.092051][ T5810] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.236800][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.244616][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.306423][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.442802][ T5809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 214.454695][ T5809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 214.495924][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.503566][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.561867][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.598262][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.800465][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.808005][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.966834][ T5818] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.999666][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.007200][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.082802][ T5816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 215.217814][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.225486][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.243903][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.251541][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.322587][ T5816] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.572409][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.580082][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.607709][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.615362][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 216.854184][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.265205][ T5810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 217.495894][ T5809] veth0_vlan: entered promiscuous mode [ 217.646124][ T5809] veth1_vlan: entered promiscuous mode [ 217.925259][ T5810] veth0_vlan: entered promiscuous mode [ 217.955531][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.019750][ T5810] veth1_vlan: entered promiscuous mode [ 218.144140][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.219949][ T5809] veth0_macvtap: entered promiscuous mode [ 218.286373][ T5816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.311001][ T5809] veth1_macvtap: entered promiscuous mode [ 218.585604][ T5822] veth0_vlan: entered promiscuous mode [ 218.602102][ T5810] veth0_macvtap: entered promiscuous mode [ 218.646620][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.670372][ T5810] veth1_macvtap: entered promiscuous mode [ 218.776329][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.799094][ T5822] veth1_vlan: entered promiscuous mode [ 218.862036][ T5818] veth0_vlan: entered promiscuous mode [ 218.900356][ T3820] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.976057][ T3820] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.022779][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.034703][ T3820] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.067348][ T5818] veth1_vlan: entered promiscuous mode [ 219.111029][ T3820] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.151141][ T5810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.306344][ T14] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.392240][ T14] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.405184][ T5822] veth0_macvtap: entered promiscuous mode [ 219.445216][ T14] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.487910][ T5822] veth1_macvtap: entered promiscuous mode [ 219.526596][ T5818] veth0_macvtap: entered promiscuous mode [ 219.537673][ T14] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 219.619224][ T5818] veth1_macvtap: entered promiscuous mode [ 219.737702][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 219.851208][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 219.878361][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 220.000639][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 220.017600][ T3612] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.081077][ T58] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.140867][ T58] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.215715][ T58] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.265933][ T58] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.329578][ T58] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.338648][ T58] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 220.431587][ T58] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.586514][ T5816] veth0_vlan: entered promiscuous mode [ 221.730866][ T5816] veth1_vlan: entered promiscuous mode [ 222.063374][ T5816] veth0_macvtap: entered promiscuous mode [ 222.183300][ T5816] veth1_macvtap: entered promiscuous mode [ 222.446215][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 222.547641][ T5816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 222.676056][ T3612] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.712494][ T3612] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.802319][ T3612] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.853381][ T3612] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 226.538603][ T3612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.546903][ T3612] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.690921][ T3612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.699164][ T3612] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.906336][ T3612] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.917184][ T3612] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 226.975953][ T3671] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 226.985028][ T3671] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 227.282298][ T5809] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 228.167044][ T3754] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.175393][ T3754] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.545053][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.553540][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.579314][ T5998] loop2: detected capacity change from 0 to 32768 [ 228.666356][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.675218][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.827284][ T3754] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 228.836540][ T3754] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 228.900357][ T5998] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 228.900484][ T5998] allowing incompatible features above 0.0: (unknown version) [ 228.900580][ T5998] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 228.938062][ T5998] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 228.946717][ T5998] bcachefs (loop2): initializing new filesystem [ 228.968857][ T5998] bcachefs (loop2): going read-write [ 228.986349][ T5998] bcachefs (loop2): marking superblocks [ 229.042902][ T5998] bcachefs (loop2): initializing freespace [ 229.076768][ T5998] bcachefs (loop2): done initializing freespace [ 229.097318][ T5998] bcachefs (loop2): reading snapshots table [ 229.103922][ T5998] bcachefs (loop2): reading snapshots done [ 229.240277][ T5998] bcachefs (loop2): loop2: Superblock write was silently dropped! (seq 0 expected 42) [ 229.277399][ T5998] bcachefs (loop2): done starting filesystem [ 229.493207][ T5998] syz.2.3 (5998) used greatest stack depth: 1200 bytes left [ 229.585511][ T5809] bcachefs (loop2): shutting down [ 229.590984][ T5809] bcachefs (loop2): going read-only [ 229.609924][ T5809] bcachefs (loop2): finished waiting for writes to stop [ 229.700653][ T5809] bcachefs (loop2): flushing journal and stopping allocators, journal seq 3 [ 229.777459][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 229.784324][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 230.040952][ T5809] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 3 [ 230.124392][ T5809] bcachefs (loop2): clean shutdown complete, journal seq 4 [ 230.138805][ T6018] loop3: detected capacity change from 0 to 256 [ 230.153545][ T5809] bcachefs (loop2): marking filesystem clean [ 230.202732][ T6018] exfat: Deprecated parameter 'namecase' [ 230.209318][ T6018] exfat: Deprecated parameter 'utf8' [ 230.317690][ T5809] bcachefs (loop2): shutdown complete [ 230.433188][ T6018] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 230.885073][ T6025] capability: warning: `syz.1.10' uses deprecated v2 capabilities in a way that may be insecure [ 231.157012][ T3820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.165402][ T3820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.225357][ T6030] loop0: detected capacity change from 0 to 256 [ 231.328190][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 231.336410][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 231.665503][ T6030] syz.0.11: attempt to access beyond end of device [ 231.665503][ T6030] loop0: rw=524288, sector=256, nr_sectors = 20 limit=256 [ 231.680567][ T6030] syz.0.11: attempt to access beyond end of device [ 231.680567][ T6030] loop0: rw=0, sector=256, nr_sectors = 8 limit=256 [ 231.719142][ T30] audit: type=1800 audit(1754377123.109:2): pid=6030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.11" name="file2" dev="loop0" ino=1048600 res=0 errno=0 [ 231.756064][ T6030] process 'syz.0.11' launched './file1' with NULL argv: empty string added [ 231.835735][ T6030] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 231.846796][ T6030] FAT-fs (loop0): Filesystem has been set read-only [ 231.853872][ T6030] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 231.864579][ T6030] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 231.943647][ T6033] loop1: detected capacity change from 0 to 512 [ 232.070482][ T6030] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 232.139989][ T6033] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.153359][ T6033] ext4 filesystem being mounted at /5/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 232.336738][ T6041] netlink: 44 bytes leftover after parsing attributes in process `syz.3.14'. [ 232.383928][ T6033] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.13: iget: bad i_size value: 2533274857506816 [ 232.540823][ T6041] netlink: 24 bytes leftover after parsing attributes in process `syz.3.14'. [ 232.550324][ T6041] netlink: 48 bytes leftover after parsing attributes in process `syz.3.14'. [ 232.595119][ T6030] syz.0.11: attempt to access beyond end of device [ 232.595119][ T6030] loop0: rw=0, sector=272, nr_sectors = 4 limit=256 [ 232.756474][ T6030] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 198) [ 232.817177][ T6030] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 198) [ 233.295440][ T6035] loop4: detected capacity change from 0 to 40427 [ 233.334776][ T6035] F2FS-fs (loop4): build fault injection rate: 14 [ 233.342550][ T6035] F2FS-fs (loop4): build fault injection type: 0x3bfe8c [ 233.360444][ T6035] F2FS-fs (loop4): invalid crc value [ 233.400249][ C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of bio_endio+0xe24/0xf80 [ 233.425040][ C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of bio_endio+0xe24/0xf80 [ 233.696248][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.740130][ T6035] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50 [ 233.782394][ T6035] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 233.799820][ T6035] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 233.815453][ T6035] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_get_read_data_folio+0x90/0x1270 [ 233.829616][ T6035] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 233.843844][ T6035] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x310/0x2ce0 [ 233.859065][ T6035] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:1219692001,blkaddr:4098] [ 233.901517][ T6035] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_new_inode_folio+0xb9/0x100 [ 233.921052][ T6035] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x831/0x19b0 [ 234.011251][ T6035] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x1144/0x2ce0 [ 234.023979][ T6035] F2FS-fs (loop4): inconsistent node block, node_type:0, nid:20, node_footer[nid:20,ino:3,ofs:2041,cpver:0,blkaddr:0] [ 234.037713][ T6035] syz.4.5: attempt to access beyond end of device [ 234.037713][ T6035] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 234.051884][ T6035] CPU: 0 UID: 0 PID: 6035 Comm: syz.4.5 Not tainted 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 234.052036][ T6035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 234.052133][ T6035] Call Trace: [ 234.052201][ T6035] [ 234.052254][ T6035] __dump_stack+0x26/0x30 [ 234.052443][ T6035] dump_stack_lvl+0x1df/0x270 [ 234.052638][ T6035] dump_stack+0x1e/0x25 [ 234.052818][ T6035] f2fs_handle_critical_error+0xa6f/0xc20 [ 234.053042][ T6035] f2fs_stop_checkpoint+0x65/0x80 [ 234.053236][ T6035] f2fs_write_end_io+0xb4b/0x1920 [ 234.053439][ T6035] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 234.053642][ T6035] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 234.053831][ T6035] bio_endio+0xe24/0xf80 [ 234.054030][ T6035] submit_bio_noacct+0x214/0x2710 [ 234.054299][ T6035] submit_bio+0x5a9/0x5d0 [ 234.054506][ T6035] f2fs_submit_write_bio+0x92/0x250 [ 234.054685][ T6035] __submit_merged_bio+0x16f/0x6a0 [ 234.054850][ T6035] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 234.055088][ T6035] __submit_merged_write_cond+0x458/0x9a0 [ 234.055381][ T6035] f2fs_write_data_pages+0x4bb2/0x5480 [ 234.055725][ T6035] ? kmsan_get_metadata+0xfb/0x160 [ 234.055905][ T6035] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 234.056091][ T6035] ? kmsan_get_metadata+0xfb/0x160 [ 234.056266][ T6035] ? kmsan_get_metadata+0xfb/0x160 [ 234.056454][ T6035] ? kmsan_get_metadata+0xfb/0x160 [ 234.056629][ T6035] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 234.056814][ T6035] ? kmsan_get_metadata+0xfb/0x160 [ 234.057003][ T6035] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 234.057182][ T6035] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 234.057365][ T6035] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 234.057542][ T6035] do_writepages+0x3f2/0x860 [ 234.057713][ T6035] ? _raw_spin_unlock+0x30/0x50 [ 234.057966][ T6035] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 234.058209][ T6035] filemap_fdatawrite+0x207/0x260 [ 234.058479][ T6035] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 234.058730][ T6035] f2fs_write_checkpoint+0xfe2/0x2b00 [ 234.059082][ T6035] kill_f2fs_super+0x2ff/0x970 [ 234.059314][ T6035] ? __pfx_kill_f2fs_super+0x10/0x10 [ 234.059531][ T6035] deactivate_locked_super+0xcb/0x3c0 [ 234.059718][ T6035] deactivate_super+0x12f/0x140 [ 234.059884][ T6035] cleanup_mnt+0x6fb/0x780 [ 234.060089][ T6035] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 234.060330][ T6035] ? file_free+0x201/0x280 [ 234.060490][ T6035] ? __pfx___cleanup_mnt+0x10/0x10 [ 234.060695][ T6035] __cleanup_mnt+0x22/0x30 [ 234.060911][ T6035] task_work_run+0x209/0x2b0 [ 234.061111][ T6035] do_exit+0x99d/0x3d50 [ 234.061293][ T6035] ? filter_irq_stacks+0x49/0x190 [ 234.061513][ T6035] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 234.061730][ T6035] do_group_exit+0x259/0x390 [ 234.061942][ T6035] ? kmsan_get_metadata+0xfb/0x160 [ 234.062137][ T6035] get_signal+0x23c0/0x2a20 [ 234.062306][ T6035] ? kmsan_get_metadata+0xfb/0x160 [ 234.062523][ T6035] arch_do_signal_or_restart+0x53/0xbf0 [ 234.062758][ T6035] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 234.062971][ T6035] ? __x64_sys_futex+0x114/0x1a0 [ 234.063202][ T6035] exit_to_user_mode_loop+0xec/0x330 [ 234.063385][ T6035] do_syscall_64+0x1e3/0x210 [ 234.063549][ T6035] ? irqentry_exit+0x16/0x60 [ 234.063688][ T6035] ? clear_bhb_loop+0x40/0x90 [ 234.063858][ T6035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.064029][ T6035] RIP: 0033:0x7fb573b8eb69 [ 234.064159][ T6035] Code: Unable to access opcode bytes at 0x7fb573b8eb3f. [ 234.064230][ T6035] RSP: 002b:00007fb574aa80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 234.064398][ T6035] RAX: fffffffffffffe00 RBX: 00007fb573db5fa8 RCX: 00007fb573b8eb69 [ 234.064503][ T6035] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb573db5fa8 [ 234.064595][ T6035] RBP: 00007fb573db5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 234.064685][ T6035] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb573db5fac [ 234.064773][ T6035] R13: 0000000000000000 R14: 00007ffc40acb3e0 R15: 00007ffc40acb4c8 [ 234.064913][ T6035] [ 234.463337][ T6035] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 234.865468][ T6051] loop3: detected capacity change from 0 to 64 [ 235.572260][ T6056] loop0: detected capacity change from 0 to 256 [ 235.668660][ T6056] ======================================================= [ 235.668660][ T6056] WARNING: The mand mount option has been deprecated and [ 235.668660][ T6056] and is ignored by this kernel. Remove the mand [ 235.668660][ T6056] option from the mount to silence this warning. [ 235.668660][ T6056] ======================================================= [ 235.840376][ T6056] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x009ea0b8, utbl_chksum : 0x7319d30d) [ 237.059407][ T6068] loop1: detected capacity change from 0 to 128 [ 237.627615][ T6074] loop2: detected capacity change from 0 to 256 [ 237.658047][ T6073] loop3: detected capacity change from 0 to 256 [ 237.703922][ T6073] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 237.715091][ T6073] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 237.735575][ T6074] exfat: Deprecated parameter 'namecase' [ 237.742102][ T6074] exfat: Deprecated parameter 'namecase' [ 237.873480][ T6073] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 237.949741][ T6074] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xdf1a9a6c, utbl_chksum : 0xe619d30d) [ 238.912333][ T6086] loop1: detected capacity change from 0 to 512 [ 239.023451][ T6088] netlink: 'syz.3.26': attribute type 5 has an invalid length. [ 239.230478][ T6086] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 239.243737][ T6086] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 239.322916][ T6094] loop0: detected capacity change from 0 to 256 [ 239.366058][ T6086] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.25: iget: bad i_size value: 2533274857506816 [ 239.407121][ T6094] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 239.418538][ T6094] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 239.589184][ T6094] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 240.543349][ T6100] loop3: detected capacity change from 0 to 32768 [ 240.729294][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.853307][ T6100] bcachefs (loop3): starting version 1.1023: (unknown version) opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=0,compression=lz4:2,nopromote_whole_extents,nojournal_transaction_names,allocator_stuck_timeout=0 [ 240.853473][ T6100] allowing incompatible features above 0.0: (unknown version) [ 240.853568][ T6100] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 240.900079][ T6100] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 240.908543][ T6100] bcachefs (loop3): initializing new filesystem [ 240.933998][ T6100] bcachefs (loop3): going read-write [ 240.978680][ T6100] bcachefs (loop3): marking superblocks [ 241.036979][ T6109] loop2: detected capacity change from 0 to 2048 [ 241.043785][ T6100] bcachefs (loop3): initializing freespace [ 241.070340][ T6100] bcachefs (loop3): done initializing freespace [ 241.089959][ T6100] bcachefs (loop3): reading snapshots table [ 241.096299][ T6100] bcachefs (loop3): reading snapshots done [ 241.273686][ T6100] bcachefs (loop3): done starting filesystem [ 241.714363][ T6126] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 241.721915][ T6126] FAULT_INJECTION: forcing a failure. [ 241.721915][ T6126] name failslab, interval 1, probability 0, space 0, times 1 [ 241.735155][ T6126] CPU: 0 UID: 0 PID: 6126 Comm: syz.0.34 Not tainted 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 241.735306][ T6126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 241.735397][ T6126] Call Trace: [ 241.735455][ T6126] [ 241.735506][ T6126] __dump_stack+0x26/0x30 [ 241.735691][ T6126] dump_stack_lvl+0x1df/0x270 [ 241.735898][ T6126] dump_stack+0x1e/0x25 [ 241.736069][ T6126] should_fail_ex+0x7dc/0x8a0 [ 241.736279][ T6126] should_failslab+0x15b/0x200 [ 241.736468][ T6126] __kmalloc_cache_noprof+0xcb/0xed0 [ 241.736670][ T6126] ? __request_region+0x70/0x1e0 [ 241.736874][ T6126] ? kmsan_get_metadata+0xfb/0x160 [ 241.737070][ T6126] __request_region+0x70/0x1e0 [ 241.737269][ T6126] __comedi_request_region+0x90/0x280 [ 241.737432][ T6126] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 241.737626][ T6126] dev_8255_attach+0x1007/0x12c0 [ 241.737824][ T6126] ? __pfx_dev_8255_attach+0x10/0x10 [ 241.738004][ T6126] comedi_device_attach+0x81e/0xb30 [ 241.738180][ T6126] comedi_unlocked_ioctl+0xd3d/0x1f60 [ 241.738430][ T6126] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 241.738625][ T6126] __se_sys_ioctl+0x23c/0x400 [ 241.738810][ T6126] __x64_sys_ioctl+0x97/0xe0 [ 241.738980][ T6126] x64_sys_call+0x1cbc/0x3e20 [ 241.739177][ T6126] do_syscall_64+0xd9/0x210 [ 241.739346][ T6126] ? irqentry_exit+0x16/0x60 [ 241.739488][ T6126] ? clear_bhb_loop+0x40/0x90 [ 241.739654][ T6126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.739824][ T6126] RIP: 0033:0x7f391af8eb69 [ 241.739936][ T6126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.740059][ T6126] RSP: 002b:00007f391bd26038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 241.740200][ T6126] RAX: ffffffffffffffda RBX: 00007f391b1b5fa0 RCX: 00007f391af8eb69 [ 241.740302][ T6126] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000003 [ 241.740395][ T6126] RBP: 00007f391bd26090 R08: 0000000000000000 R09: 0000000000000000 [ 241.740488][ T6126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.740576][ T6126] R13: 0000000000000000 R14: 00007f391b1b5fa0 R15: 00007ffda8ab22b8 [ 241.740706][ T6126] [ 241.965597][ T6126] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 241.973117][ T6126] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 242.487230][ T5818] bcachefs (loop3): shutting down [ 242.493414][ T5818] bcachefs (loop3): going read-only [ 242.498838][ T5818] bcachefs (loop3): finished waiting for writes to stop [ 242.569537][ T5818] bcachefs (loop3): flushing journal and stopping allocators, journal seq 4 [ 242.691788][ T5818] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 4 [ 242.737568][ T5818] bcachefs (loop3): clean shutdown complete, journal seq 5 [ 242.781980][ T5818] bcachefs (loop3): marking filesystem clean [ 242.932396][ T5818] bcachefs (loop3): shutdown complete [ 243.144093][ T6133] loop1: detected capacity change from 0 to 1764 [ 243.205370][ T6137] loop2: detected capacity change from 0 to 1024 [ 243.326935][ T6133] isofs_fill_super: get root inode failed [ 243.417140][ T6137] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.470345][ T6142] netlink: 'syz.0.39': attribute type 5 has an invalid length. [ 243.654095][ T6137] Zero length message leads to an empty skb [ 244.037034][ T6145] capability: warning: `syz.1.35' uses 32-bit capabilities (legacy support in use) [ 244.161894][ T6137] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 244.220309][ T6137] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 319 with max blocks 1 with error 28 [ 244.233295][ T6137] EXT4-fs (loop2): This should not happen!! Data will be lost [ 244.233295][ T6137] [ 244.243445][ T6137] EXT4-fs (loop2): Total free blocks count 0 [ 244.249942][ T6137] EXT4-fs (loop2): Free/Dirty block details [ 244.256039][ T6137] EXT4-fs (loop2): free_blocks=20480 [ 244.261794][ T6137] EXT4-fs (loop2): dirty_blocks=16 [ 244.267100][ T6137] EXT4-fs (loop2): Block reservation details [ 244.273636][ T6137] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 244.287266][ T6133] dlm: plock device version mismatch: kernel (1.2.0), user (1986356271.1970299695.1831805743) [ 244.729391][ T1605] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 244.802729][ T5809] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.949458][ T1605] usb 2-1: Using ep0 maxpacket: 32 [ 245.041306][ T1605] usb 2-1: config 0 interface 0 has no altsetting 0 [ 245.129121][ T1605] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 245.138586][ T1605] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.147058][ T1605] usb 2-1: Product: syz [ 245.151646][ T1605] usb 2-1: Manufacturer: syz [ 245.156454][ T1605] usb 2-1: SerialNumber: syz [ 245.303131][ T1605] usb 2-1: config 0 descriptor?? [ 245.379061][ T6151] loop0: detected capacity change from 0 to 1024 [ 245.945311][ T6158] loop4: detected capacity change from 0 to 256 [ 246.105681][ T6158] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 246.117148][ T6158] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 246.334661][ T6155] loop2: detected capacity change from 0 to 32768 [ 246.385941][ T1605] gs_usb 2-1:0.0: Couldn't send data format (err=-110) [ 246.396991][ T1605] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -110 [ 246.605229][ T6158] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 246.792604][ T6155] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 246.792736][ T6155] allowing incompatible features above 0.0: (unknown version) [ 246.792838][ T6155] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 246.830236][ T6155] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 246.838667][ T6155] bcachefs (loop2): initializing new filesystem [ 246.870046][ T6155] bcachefs (loop2): going read-write [ 246.976510][ T6155] bcachefs (loop2): marking superblocks [ 247.039875][ T6155] bcachefs (loop2): initializing freespace [ 247.077321][ T6155] bcachefs (loop2): done initializing freespace [ 247.103093][ T6155] bcachefs (loop2): reading snapshots table [ 247.109570][ T6155] bcachefs (loop2): reading snapshots done [ 247.227866][ T1555] usb 2-1: USB disconnect, device number 2 [ 247.342171][ T6155] bcachefs (loop2): loop2: Superblock write was silently dropped! (seq 0 expected 42) [ 247.391158][ T6155] bcachefs (loop2): done starting filesystem [ 247.940992][ T5809] bcachefs (loop2): shutting down [ 247.946234][ T5809] bcachefs (loop2): going read-only [ 247.953468][ T5809] bcachefs (loop2): finished waiting for writes to stop [ 248.014823][ T5809] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4 [ 248.138310][ T6178] loop4: detected capacity change from 0 to 256 [ 248.217242][ T6178] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 248.228652][ T6178] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 248.268376][ T6179] loop1: detected capacity change from 0 to 256 [ 248.392693][ T6179] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 248.411646][ T6179] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 248.435051][ T5809] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4 [ 248.528500][ T5809] bcachefs (loop2): clean shutdown complete, journal seq 5 [ 248.612767][ T6179] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 248.614853][ T5809] bcachefs (loop2): marking filesystem clean [ 248.649446][ T6178] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 248.892381][ T5809] bcachefs (loop2): shutdown complete [ 248.977089][ T6182] loop3: detected capacity change from 0 to 128 [ 249.172399][ T6182] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 249.310845][ T6182] ext4 filesystem being mounted at /7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 249.580044][ T6182] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:375: inode #2: comm syz.3.36: No space for directory leaf checksum. Please run e2fsck -D. [ 249.600818][ T6182] EXT4-fs error (device loop3): htree_dirblock_to_tree:1051: inode #2: comm syz.3.36: Directory block failed checksum [ 249.691901][ T6191] netlink: 'syz.0.50': attribute type 5 has an invalid length. [ 249.721625][ T6186] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:375: inode #2: comm syz.3.36: No space for directory leaf checksum. Please run e2fsck -D. [ 249.739448][ T6186] EXT4-fs error (device loop3): htree_dirblock_to_tree:1051: inode #2: comm syz.3.36: Directory block failed checksum [ 250.083964][ T6197] FAULT_INJECTION: forcing a failure. [ 250.083964][ T6197] name failslab, interval 1, probability 0, space 0, times 0 [ 250.097090][ T6197] CPU: 1 UID: 0 PID: 6197 Comm: syz.1.51 Not tainted 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 250.097253][ T6197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 250.097342][ T6197] Call Trace: [ 250.097396][ T6197] [ 250.097448][ T6197] __dump_stack+0x26/0x30 [ 250.097646][ T6197] dump_stack_lvl+0x1df/0x270 [ 250.097846][ T6197] dump_stack+0x1e/0x25 [ 250.098016][ T6197] should_fail_ex+0x7dc/0x8a0 [ 250.098225][ T6197] should_failslab+0x15b/0x200 [ 250.098405][ T6197] kmem_cache_alloc_noprof+0xf0/0xec0 [ 250.098611][ T6197] ? vm_area_dup+0x5c/0xcc0 [ 250.098809][ T6197] ? kmsan_get_metadata+0xfb/0x160 [ 250.098994][ T6197] vm_area_dup+0x5c/0xcc0 [ 250.099180][ T6197] ? kmsan_get_metadata+0xfb/0x160 [ 250.099342][ T6197] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 250.099536][ T6197] __split_vma+0x2a3/0x13a0 [ 250.099711][ T6197] ? kmsan_get_metadata+0xfb/0x160 [ 250.099878][ T6197] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 250.100063][ T6197] ? can_vma_merge_left+0x2ab/0xc60 [ 250.100230][ T6197] ? kmsan_get_metadata+0xfb/0x160 [ 250.100399][ T6197] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 250.100599][ T6197] vma_modify+0xc47/0x2970 [ 250.100785][ T6197] ? kmsan_get_metadata+0xfb/0x160 [ 250.100993][ T6197] vma_modify_flags+0x2dd/0x400 [ 250.101218][ T6197] mprotect_fixup+0x78f/0x10e0 [ 250.101463][ T6197] do_mprotect_pkey+0x10d9/0x1ab0 [ 250.101759][ T6197] __x64_sys_mprotect+0x9a/0x100 [ 250.101947][ T6197] x64_sys_call+0x2ed4/0x3e20 [ 250.102147][ T6197] do_syscall_64+0xd9/0x210 [ 250.102307][ T6197] ? irqentry_exit+0x16/0x60 [ 250.102445][ T6197] ? clear_bhb_loop+0x40/0x90 [ 250.102628][ T6197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.102794][ T6197] RIP: 0033:0x7f0f3c98eb69 [ 250.102909][ T6197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.103031][ T6197] RSP: 002b:00007f0f3d7b3038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 250.103175][ T6197] RAX: ffffffffffffffda RBX: 00007f0f3cbb6080 RCX: 00007f0f3c98eb69 [ 250.103280][ T6197] RDX: 0000000000000001 RSI: 0000000000004000 RDI: 0000200000000000 [ 250.103372][ T6197] RBP: 00007f0f3d7b3090 R08: 0000000000000000 R09: 0000000000000000 [ 250.103461][ T6197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.103557][ T6197] R13: 0000000000000001 R14: 00007f0f3cbb6080 R15: 00007ffeb8fd6568 [ 250.103687][ T6197] [ 250.531691][ T5818] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 250.784173][ T6205] loop1: detected capacity change from 0 to 128 [ 251.136616][ T6209] loop3: detected capacity change from 0 to 128 [ 251.548676][ T6212] loop4: detected capacity change from 0 to 64 [ 252.096115][ T6214] loop1: detected capacity change from 0 to 256 [ 252.157210][ T6214] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 252.168448][ T6214] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 252.265676][ T6214] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 253.100764][ T1605] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 253.283501][ T6224] loop1: detected capacity change from 0 to 1024 [ 253.291579][ T1605] usb 5-1: Using ep0 maxpacket: 8 [ 253.315638][ T1605] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 253.324439][ T1605] usb 5-1: config 0 has no interface number 0 [ 253.331044][ T1605] usb 5-1: config 0 interface 1 has no altsetting 0 [ 253.359110][ T6224] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 253.380156][ T1605] usb 5-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 253.390755][ T1605] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.399879][ T1605] usb 5-1: Product: syz [ 253.404256][ T1605] usb 5-1: Manufacturer: syz [ 253.409210][ T1605] usb 5-1: SerialNumber: syz [ 253.425083][ T1605] usb 5-1: config 0 descriptor?? [ 253.469552][ T6224] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.655565][ T6224] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: inode #11: comm syz.1.60: missing EA_INODE flag [ 253.749532][ T6224] EXT4-fs (loop1): Remounting filesystem read-only [ 253.756669][ T6224] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 255.085536][ T6233] loop0: detected capacity change from 0 to 128 [ 255.301631][ T30] audit: type=1800 audit(1754377146.699:3): pid=6233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.62" name="file2" dev="loop0" ino=1048618 res=0 errno=0 [ 255.332518][ T6233] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 255.341196][ T6233] FAT-fs (loop0): Filesystem has been set read-only [ 255.348020][ T6233] syz.0.62: attempt to access beyond end of device [ 255.348020][ T6233] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128 [ 255.370936][ T6233] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 255.381967][ T6233] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100) [ 255.658572][ T6233] syz.0.62: attempt to access beyond end of device [ 255.658572][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.675747][ T6233] syz.0.62: attempt to access beyond end of device [ 255.675747][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.689879][ T6233] syz.0.62: attempt to access beyond end of device [ 255.689879][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.704164][ T6233] syz.0.62: attempt to access beyond end of device [ 255.704164][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.824260][ T6233] syz.0.62: attempt to access beyond end of device [ 255.824260][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.828252][ T6233] syz.0.62: attempt to access beyond end of device [ 255.828252][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.835110][ T6233] syz.0.62: attempt to access beyond end of device [ 255.835110][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.835529][ T6233] syz.0.62: attempt to access beyond end of device [ 255.835529][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 255.835929][ T6233] syz.0.62: attempt to access beyond end of device [ 255.835929][ T6233] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128 [ 256.107841][ T6233] Buffer I/O error on dev loop0, logical block 2065, async page read [ 256.107987][ T6233] Buffer I/O error on dev loop0, logical block 2066, async page read [ 256.108113][ T6233] Buffer I/O error on dev loop0, logical block 2067, async page read [ 256.108239][ T6233] Buffer I/O error on dev loop0, logical block 2068, async page read [ 256.108372][ T6233] Buffer I/O error on dev loop0, logical block 2069, async page read [ 256.108498][ T6233] Buffer I/O error on dev loop0, logical block 2070, async page read [ 256.108623][ T6233] Buffer I/O error on dev loop0, logical block 2071, async page read [ 256.108749][ T6233] Buffer I/O error on dev loop0, logical block 2072, async page read [ 256.126310][ T6233] Buffer I/O error on dev loop0, logical block 2065, async page read [ 256.252638][ T6233] Buffer I/O error on dev loop0, logical block 2066, async page read [ 256.294798][ T1605] i2c-cp2615 5-1:0.1: probe with driver i2c-cp2615 failed with error -71 [ 256.350815][ T6244] FAULT_INJECTION: forcing a failure. [ 256.350815][ T6244] name failslab, interval 1, probability 0, space 0, times 0 [ 256.364734][ T6244] CPU: 0 UID: 0 PID: 6244 Comm: syz.0.62 Not tainted 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 256.364891][ T6244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 256.364982][ T6244] Call Trace: [ 256.365034][ T6244] [ 256.365087][ T6244] __dump_stack+0x26/0x30 [ 256.365283][ T6244] dump_stack_lvl+0x1df/0x270 [ 256.365478][ T6244] dump_stack+0x1e/0x25 [ 256.365657][ T6244] should_fail_ex+0x7dc/0x8a0 [ 256.365872][ T6244] should_failslab+0x15b/0x200 [ 256.366056][ T6244] __kmalloc_noprof+0x182/0x1310 [ 256.366252][ T6244] ? tomoyo_encode+0x626/0xa10 [ 256.366404][ T6244] ? kmsan_get_metadata+0xfb/0x160 [ 256.366576][ T6244] ? kmsan_get_metadata+0xfb/0x160 [ 256.366773][ T6244] tomoyo_encode+0x626/0xa10 [ 256.366960][ T6244] tomoyo_realpath_from_path+0x92e/0x9f0 [ 256.367138][ T6244] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 256.367349][ T6244] tomoyo_path_number_perm+0x1d0/0x7d0 [ 256.367564][ T6244] ? stack_depot_save_flags+0x35/0x7b0 [ 256.367774][ T6244] ? kmsan_get_metadata+0xfb/0x160 [ 256.367956][ T6244] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 256.368185][ T6244] tomoyo_file_ioctl+0x3d/0x50 [ 256.368353][ T6244] security_file_ioctl+0x141/0x590 [ 256.368554][ T6244] __se_sys_ioctl+0xbb/0x400 [ 256.368739][ T6244] __x64_sys_ioctl+0x97/0xe0 [ 256.368912][ T6244] x64_sys_call+0x1cbc/0x3e20 [ 256.369105][ T6244] do_syscall_64+0xd9/0x210 [ 256.369268][ T6244] ? irqentry_exit+0x16/0x60 [ 256.369405][ T6244] ? clear_bhb_loop+0x40/0x90 [ 256.369571][ T6244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.369741][ T6244] RIP: 0033:0x7f391af8eb69 [ 256.369853][ T6244] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.369971][ T6244] RSP: 002b:00007f3918dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 256.370111][ T6244] RAX: ffffffffffffffda RBX: 00007f391b1b6160 RCX: 00007f391af8eb69 [ 256.370217][ T6244] RDX: 0000200000000180 RSI: 00000000c020aa00 RDI: 0000000000000006 [ 256.370309][ T6244] RBP: 00007f3918dd5090 R08: 0000000000000000 R09: 0000000000000000 [ 256.370400][ T6244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 256.370483][ T6244] R13: 0000000000000000 R14: 00007f391b1b6160 R15: 00007ffda8ab22b8 [ 256.370621][ T6244] [ 256.600611][ C0] vkms_vblank_simulate: vblank timer overrun [ 256.609693][ T6244] ERROR: Out of memory at tomoyo_realpath_from_path. [ 256.649025][ T1605] usb 5-1: USB disconnect, device number 2 [ 256.659822][ T6235] loop3: detected capacity change from 0 to 2048 [ 256.726501][ T6246] netlink: 'syz.2.63': attribute type 5 has an invalid length. [ 256.984900][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 257.362671][ T6248] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 257.654724][ T6255] loop1: detected capacity change from 0 to 512 [ 257.689038][ T6252] loop3: detected capacity change from 0 to 512 [ 257.721093][ T6255] ext4: Bad value for 'mb_optimize_scan' [ 257.744556][ T6254] loop2: detected capacity change from 0 to 256 [ 257.799354][ T6252] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 257.812805][ T6252] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 257.955497][ T6257] loop0: detected capacity change from 0 to 1024 [ 258.082354][ T6257] EXT4-fs: Ignoring removed orlov option [ 258.113113][ T6252] EXT4-fs (loop3): 1 orphan inode deleted [ 258.119315][ T6252] EXT4-fs (loop3): 1 truncate cleaned up [ 258.135120][ T6252] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 258.369182][ T6257] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 258.592209][ T6264] loop6: detected capacity change from 0 to 7 [ 258.602500][ T6264] Dev loop6: unable to read RDB block 7 [ 258.608407][ T6264] loop6: unable to read partition table [ 258.617819][ T6257] netlink: 28 bytes leftover after parsing attributes in process `syz.0.68'. [ 258.682076][ T6264] loop6: partition table beyond EOD, truncated [ 258.688533][ T6264] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 258.880071][ T6257] EXT4-fs: Ignoring sb option on remount [ 258.886035][ T6257] EXT4-fs: Ignoring removed orlov option [ 258.892349][ T6257] EXT4-fs: Ignoring removed nomblk_io_submit option [ 258.899499][ T6257] EXT4-fs: Remounting fs w/o journal so ignoring data_err option [ 258.986740][ T6257] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000. [ 259.010723][ T5818] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.111301][ T6268] loop2: detected capacity change from 0 to 256 [ 259.190629][ T6268] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 259.201792][ T6268] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 259.413773][ T6268] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 259.475087][ T5822] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.553420][ T6272] loop4: detected capacity change from 0 to 1024 [ 259.566632][ T6272] hfsplus: Unknown parameter 'creaycr' [ 260.941589][ T1605] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 261.148478][ T1605] usb 4-1: Using ep0 maxpacket: 8 [ 261.192239][ T1605] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 261.203440][ T1605] usb 4-1: config 0 has no interface number 0 [ 261.229381][ T1605] usb 4-1: config 0 interface 1 has no altsetting 0 [ 261.362699][ T6290] netlink: 'syz.0.76': attribute type 5 has an invalid length. [ 261.370598][ T1605] usb 4-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 261.370759][ T1605] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.370888][ T1605] usb 4-1: Product: syz [ 261.370994][ T1605] usb 4-1: Manufacturer: syz [ 261.371102][ T1605] usb 4-1: SerialNumber: syz [ 261.378528][ T1605] usb 4-1: config 0 descriptor?? [ 261.385188][ T1555] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 261.760449][ T1555] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 261.769869][ T1555] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 261.780446][ T1555] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 261.789940][ T1555] usb 3-1: config 1 has no interface number 1 [ 261.796259][ T1555] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 261.809465][ T1555] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 262.377444][ T1555] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 262.387423][ T1555] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.396045][ T1555] usb 3-1: Product: syz [ 262.400571][ T1555] usb 3-1: Manufacturer: syz [ 262.405386][ T1555] usb 3-1: SerialNumber: syz [ 262.794843][ T6292] loop4: detected capacity change from 0 to 32768 [ 262.806855][ T6292] ocfs2: Unknown parameter '01777777777777777777777' [ 263.220862][ T6302] Can't find ip_set type hash€ [ 264.191727][ T1555] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 264.201013][ T1555] usb 3-1: MIDIStreaming interface descriptor not found [ 264.450116][ T1605] i2c-cp2615 4-1:0.1: probe with driver i2c-cp2615 failed with error -71 [ 264.556100][ T1605] usb 4-1: USB disconnect, device number 2 [ 264.562715][ T1555] usb 3-1: USB disconnect, device number 2 [ 264.733958][ T6301] loop1: detected capacity change from 0 to 4096 [ 264.841548][ T6301] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 264.972464][ T6309] loop4: detected capacity change from 0 to 1764 [ 264.983956][ T6309] iso9660: Unknown parameter ' [ 264.983956][ T6309] ' [ 265.024654][ T6314] loop0: detected capacity change from 0 to 16 [ 265.132534][ T6314] erofs (device loop0): mounted with root inode @ nid 36. [ 265.188107][ T6301] ntfs3(loop1): Failed to load $Extend (-22). [ 265.196936][ T6301] ntfs3(loop1): Failed to initialize $Extend. [ 265.213587][ T6309] netlink: 7 bytes leftover after parsing attributes in process `syz.4.81'. [ 265.280585][ T6314] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 265.286457][ T6309] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 265.325007][ T6285] udevd[6285]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 265.346859][ T6314] erofs (device loop0): failed to decompress -46 in[60, 4036] out[1851] [ 265.355826][ T6314] erofs (device loop0): read error -117 @ 43 of nid 36 [ 265.450619][ T5874] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 265.511593][ T6318] Bluetooth: MGMT ver 1.23 [ 265.589298][ T5874] usb 4-1: device descriptor read/64, error -71 [ 265.880624][ T5874] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 266.077355][ T6326] loop4: detected capacity change from 0 to 256 [ 266.099318][ T5874] usb 4-1: device descriptor read/64, error -71 [ 266.366365][ T6326] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 267.062871][ T5874] usb usb4-port1: attempt power cycle [ 267.152713][ T6327] loop2: detected capacity change from 0 to 40427 [ 267.174530][ T6327] F2FS-fs (loop2): Wrong NAT boundary, start(2560) end(3584) blocks(512) [ 267.184863][ T6327] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 267.207540][ T6327] F2FS-fs (loop2): invalid crc value [ 267.570765][ T6335] openvswitch: netlink: IP tunnel TTL not specified. [ 267.630004][ T6327] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 267.637410][ T6327] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 267.665846][ T5874] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 267.701007][ T30] audit: type=1800 audit(1754377159.099:4): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.87" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 267.760274][ T6327] bio_check_eod: 1092 callbacks suppressed [ 267.760359][ T6327] syz.2.87: attempt to access beyond end of device [ 267.760359][ T6327] loop2: rw=2049, sector=45096, nr_sectors = 96 limit=40427 [ 267.861572][ T5874] usb 4-1: device descriptor read/8, error -71 [ 267.873232][ T5809] syz-executor: attempt to access beyond end of device [ 267.873232][ T5809] loop2: rw=2049, sector=45192, nr_sectors = 16 limit=40427 [ 267.889840][ T5809] CPU: 0 UID: 0 PID: 5809 Comm: syz-executor Not tainted 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 267.890003][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 267.890094][ T5809] Call Trace: [ 267.890148][ T5809] [ 267.890201][ T5809] __dump_stack+0x26/0x30 [ 267.890390][ T5809] dump_stack_lvl+0x1df/0x270 [ 267.890592][ T5809] dump_stack+0x1e/0x25 [ 267.890769][ T5809] f2fs_handle_critical_error+0xa6f/0xc20 [ 267.891013][ T5809] f2fs_stop_checkpoint+0x65/0x80 [ 267.891209][ T5809] f2fs_write_end_io+0xb4b/0x1920 [ 267.891415][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 267.891620][ T5809] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 267.891812][ T5809] bio_endio+0xe24/0xf80 [ 267.892027][ T5809] submit_bio_noacct+0x214/0x2710 [ 267.892292][ T5809] submit_bio+0x5a9/0x5d0 [ 267.892505][ T5809] f2fs_submit_write_bio+0x92/0x250 [ 267.892687][ T5809] __submit_merged_bio+0x16f/0x6a0 [ 267.892861][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 267.893054][ T5809] __submit_merged_write_cond+0x458/0x9a0 [ 267.893249][ T5809] f2fs_write_data_pages+0x4bb2/0x5480 [ 267.893578][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 267.893755][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 267.893939][ T5809] ? folios_put_refs+0x11/0xb10 [ 267.894133][ T5809] ? filter_irq_stacks+0x49/0x190 [ 267.894359][ T5809] ? stack_depot_save_flags+0x35/0x7b0 [ 267.894531][ T5809] ? lru_gen_add_folio+0xd66/0x1190 [ 267.894744][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 267.894910][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 267.895093][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 267.895261][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 267.895430][ T5809] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 267.895611][ T5809] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 267.895797][ T5809] do_writepages+0x3f2/0x860 [ 267.895955][ T5809] ? _raw_spin_unlock+0x30/0x50 [ 267.896142][ T5809] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 267.896375][ T5809] filemap_fdatawrite+0x207/0x260 [ 267.896624][ T5809] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 267.896855][ T5809] f2fs_write_checkpoint+0xfe2/0x2b00 [ 267.897192][ T5809] kill_f2fs_super+0x2ff/0x970 [ 267.897424][ T5809] ? __pfx_kill_f2fs_super+0x10/0x10 [ 267.897631][ T5809] deactivate_locked_super+0xcb/0x3c0 [ 267.897819][ T5809] deactivate_super+0x12f/0x140 [ 267.898006][ T5809] cleanup_mnt+0x6fb/0x780 [ 267.898203][ T5809] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 267.898447][ T5809] ? __pfx___cleanup_mnt+0x10/0x10 [ 267.898647][ T5809] __cleanup_mnt+0x22/0x30 [ 267.898833][ T5809] task_work_run+0x209/0x2b0 [ 267.899026][ T5809] exit_to_user_mode_loop+0x2a6/0x330 [ 267.899218][ T5809] do_syscall_64+0x1e3/0x210 [ 267.899381][ T5809] ? irqentry_exit+0x16/0x60 [ 267.899520][ T5809] ? clear_bhb_loop+0x40/0x90 [ 267.899697][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.899862][ T5809] RIP: 0033:0x7f882bd8fe97 [ 267.899974][ T5809] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 267.900106][ T5809] RSP: 002b:00007ffedc639af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 267.900255][ T5809] RAX: 0000000000000000 RBX: 00007f882be11bdd RCX: 00007f882bd8fe97 [ 267.900351][ T5809] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffedc639bb0 [ 267.900442][ T5809] RBP: 00007ffedc639bb0 R08: 0000000000000000 R09: 0000000000000000 [ 267.900533][ T5809] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffedc63ac40 [ 267.900630][ T5809] R13: 00007f882be11bdd R14: 00000000000415f1 R15: 00007ffedc63ac80 [ 267.900767][ T5809] [ 268.261500][ T5809] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 268.268766][ T5809] CPU: 0 UID: 0 PID: 5809 Comm: syz-executor Not tainted 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 268.268923][ T5809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 268.269023][ T5809] Call Trace: [ 268.269079][ T5809] [ 268.269135][ T5809] __dump_stack+0x26/0x30 [ 268.269327][ T5809] dump_stack_lvl+0x1df/0x270 [ 268.269516][ T5809] dump_stack+0x1e/0x25 [ 268.269683][ T5809] f2fs_handle_critical_error+0xa6f/0xc20 [ 268.269915][ T5809] f2fs_stop_checkpoint+0x65/0x80 [ 268.270111][ T5809] f2fs_write_end_io+0xb4b/0x1920 [ 268.270355][ T5809] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 268.270548][ T5809] bio_endio+0xe24/0xf80 [ 268.270755][ T5809] submit_bio_noacct+0x214/0x2710 [ 268.271029][ T5809] submit_bio+0x5a9/0x5d0 [ 268.271253][ T5809] f2fs_submit_write_bio+0x92/0x250 [ 268.271434][ T5809] __submit_merged_bio+0x16f/0x6a0 [ 268.271610][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 268.271805][ T5809] __submit_merged_write_cond+0x458/0x9a0 [ 268.272018][ T5809] f2fs_write_data_pages+0x4bb2/0x5480 [ 268.272348][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 268.272525][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 268.272715][ T5809] ? folios_put_refs+0x11/0xb10 [ 268.272911][ T5809] ? filter_irq_stacks+0x49/0x190 [ 268.273147][ T5809] ? stack_depot_save_flags+0x35/0x7b0 [ 268.273323][ T5809] ? lru_gen_add_folio+0xd66/0x1190 [ 268.273541][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 268.273715][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 268.273902][ T5809] ? kmsan_get_metadata+0xfb/0x160 [ 268.274081][ T5809] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 268.274260][ T5809] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 268.274447][ T5809] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 268.274633][ T5809] do_writepages+0x3f2/0x860 [ 268.274798][ T5809] ? _raw_spin_unlock+0x30/0x50 [ 268.275004][ T5809] ? wbc_attach_and_unlock_inode+0x131/0x680 [ 268.275246][ T5809] filemap_fdatawrite+0x207/0x260 [ 268.275510][ T5809] f2fs_sync_dirty_inodes+0x2ab/0x9e0 [ 268.275749][ T5809] f2fs_write_checkpoint+0xfe2/0x2b00 [ 268.276097][ T5809] kill_f2fs_super+0x2ff/0x970 [ 268.276332][ T5809] ? __pfx_kill_f2fs_super+0x10/0x10 [ 268.276545][ T5809] deactivate_locked_super+0xcb/0x3c0 [ 268.276733][ T5809] deactivate_super+0x12f/0x140 [ 268.276903][ T5809] cleanup_mnt+0x6fb/0x780 [ 268.277109][ T5809] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 268.277357][ T5809] ? __pfx___cleanup_mnt+0x10/0x10 [ 268.277564][ T5809] __cleanup_mnt+0x22/0x30 [ 268.277766][ T5809] task_work_run+0x209/0x2b0 [ 268.277951][ T5809] exit_to_user_mode_loop+0x2a6/0x330 [ 268.278150][ T5809] do_syscall_64+0x1e3/0x210 [ 268.278314][ T5809] ? irqentry_exit+0x16/0x60 [ 268.278455][ T5809] ? clear_bhb_loop+0x40/0x90 [ 268.278625][ T5809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.278790][ T5809] RIP: 0033:0x7f882bd8fe97 [ 268.278899][ T5809] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 268.279028][ T5809] RSP: 002b:00007ffedc639af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 268.279166][ T5809] RAX: 0000000000000000 RBX: 00007f882be11bdd RCX: 00007f882bd8fe97 [ 268.279257][ T5809] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffedc639bb0 [ 268.279345][ T5809] RBP: 00007ffedc639bb0 R08: 0000000000000000 R09: 0000000000000000 [ 268.279433][ T5809] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffedc63ac40 [ 268.279527][ T5809] R13: 00007f882be11bdd R14: 00000000000415f1 R15: 00007ffedc63ac80 [ 268.279651][ T5809] [ 268.667407][ T5809] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 268.781885][ T5874] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 269.003603][ T5874] usb 4-1: device descriptor read/8, error -71 [ 269.375576][ T5874] usb usb4-port1: unable to enumerate USB device [ 269.842970][ T6344] netlink: 'syz.2.89': attribute type 5 has an invalid length. [ 270.942756][ T6353] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 271.075021][ T6354] loop4: detected capacity change from 0 to 1024 [ 271.082166][ T6349] loop1: detected capacity change from 0 to 4096 [ 271.091282][ T1605] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 271.200170][ T6354] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 271.295440][ T6362] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 271.341148][ T1605] usb 1-1: Using ep0 maxpacket: 8 [ 271.359833][ T6354] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 271.401449][ T6354] EXT4-fs (loop4): orphan cleanup on readonly fs [ 271.431605][ T1605] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 271.442106][ T1605] usb 1-1: config 0 has no interface number 0 [ 271.449218][ T1605] usb 1-1: config 0 interface 1 has no altsetting 0 [ 271.467137][ T6354] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.95: Freeing blocks not in datazone - block = 0, count = 4096 [ 271.529692][ T30] audit: type=1800 audit(1754377162.889:5): pid=6349 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.92" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 271.570099][ T1605] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 271.579822][ T1605] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.588059][ T1605] usb 1-1: Product: syz [ 271.592694][ T1605] usb 1-1: Manufacturer: syz [ 271.596687][ T6354] EXT4-fs (loop4): 1 orphan inode deleted [ 271.597472][ T1605] usb 1-1: SerialNumber: syz [ 271.606380][ T6354] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 271.635189][ T6347] syz.1.92 uses obsolete (PF_INET,SOCK_PACKET) [ 271.799973][ T6347] QAT: Device 0 not found [ 271.817016][ T1605] usb 1-1: config 0 descriptor?? [ 272.383311][ T5816] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.011996][ T6368] netlink: 'syz.3.98': attribute type 16 has an invalid length. [ 273.020696][ T6368] netlink: 64138 bytes leftover after parsing attributes in process `syz.3.98'. [ 273.251408][ T6374] loop4: detected capacity change from 0 to 164 [ 273.403200][ T6374] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 274.939670][ T5862] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 275.050859][ T6384] netlink: 'syz.1.103': attribute type 5 has an invalid length. [ 275.103034][ T1605] i2c-cp2615 1-1:0.1: probe with driver i2c-cp2615 failed with error -71 [ 275.206970][ T1605] usb 1-1: USB disconnect, device number 2 [ 275.263404][ T5862] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 275.273941][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.413109][ T5862] usb 3-1: config 0 descriptor?? [ 275.471711][ T5862] cp210x 3-1:0.0: cp210x converter detected [ 275.919912][ T6382] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 275.931148][ T6382] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.031289][ T5862] cp210x 3-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 276.115018][ T5862] usb 3-1: cp210x converter now attached to ttyUSB0 [ 276.339558][ T1605] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 276.519679][ T1605] usb 2-1: device descriptor read/64, error -71 [ 276.783678][ T1605] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 276.980596][ T1605] usb 2-1: device descriptor read/64, error -71 [ 277.132754][ T1605] usb usb2-port1: attempt power cycle [ 277.256748][ T6394] loop2: detected capacity change from 0 to 32768 [ 277.550329][ T1605] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 277.714318][ T1605] usb 2-1: device descriptor read/8, error -71 [ 277.862921][ T5874] usb 3-1: USB disconnect, device number 3 [ 277.886049][ T5874] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 277.960969][ T5874] cp210x 3-1:0.0: device disconnected [ 278.019395][ T1605] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 278.140453][ T1605] usb 2-1: device descriptor read/8, error -71 [ 278.282899][ T1605] usb usb2-port1: unable to enumerate USB device [ 279.185982][ T6409] loop2: detected capacity change from 0 to 32768 [ 279.212700][ T5874] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 279.221514][ T6409] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.112 (6409) [ 279.286951][ T6409] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 279.297648][ T6409] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 279.307034][ T6409] BTRFS info (device loop2): using free-space-tree [ 279.458138][ T6415] tipc: Started in network mode [ 279.463689][ T6415] tipc: Node identity e62d0b33b9f6, cluster identity 4711 [ 279.471866][ T6415] tipc: Enabled bearer , priority 0 [ 279.504621][ T6415] syzkaller0: entered promiscuous mode [ 279.511121][ T6415] syzkaller0: entered allmulticast mode [ 279.613619][ T6429] netlink: 'syz.3.116': attribute type 5 has an invalid length. [ 279.716236][ T6415] tipc: Resetting bearer [ 279.740680][ T5874] usb 1-1: Using ep0 maxpacket: 8 [ 279.795090][ T5874] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 279.804408][ T5874] usb 1-1: config 0 has no interface number 0 [ 279.811067][ T5874] usb 1-1: config 0 interface 1 has no altsetting 0 [ 279.877011][ T6414] tipc: Resetting bearer [ 279.934338][ T5874] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 279.950844][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.962043][ T5874] usb 1-1: Product: syz [ 279.966433][ T5874] usb 1-1: Manufacturer: syz [ 279.971451][ T5874] usb 1-1: SerialNumber: syz [ 280.000800][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz.2.112'. [ 280.010689][ T6409] netlink: 48 bytes leftover after parsing attributes in process `syz.2.112'. [ 280.048406][ T6414] tipc: Disabling bearer [ 280.090610][ T5874] usb 1-1: config 0 descriptor?? [ 280.512276][ T6439] loop3: detected capacity change from 0 to 64 [ 280.710266][ T5809] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 281.308583][ T6443] loop1: detected capacity change from 0 to 512 [ 281.596653][ T6443] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 281.610290][ T6443] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 281.701129][ T6443] EXT4-fs error (device loop1): ext4_lookup:1787: inode #12: comm syz.1.119: iget: bad i_size value: 2533274857506816 [ 282.813644][ T5874] i2c-cp2615 1-1:0.1: probe with driver i2c-cp2615 failed with error -71 [ 282.850488][ T5874] usb 1-1: USB disconnect, device number 3 [ 282.923215][ T5810] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 282.970491][ T6455] loop3: detected capacity change from 0 to 32768 [ 283.211343][ T6455] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 283.211474][ T6455] allowing incompatible features above 0.0: (unknown version) [ 283.211571][ T6455] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 283.260044][ T6455] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 283.268482][ T6455] bcachefs (loop3): initializing new filesystem [ 283.289698][ T6455] bcachefs (loop3): going read-write [ 283.335855][ T6455] bcachefs (loop3): marking superblocks [ 283.388499][ T6455] bcachefs (loop3): initializing freespace [ 283.426497][ T6455] bcachefs (loop3): done initializing freespace [ 283.450100][ T6455] bcachefs (loop3): reading snapshots table [ 283.456426][ T6455] bcachefs (loop3): reading snapshots done [ 283.673846][ T6455] bcachefs (loop3): loop3: Superblock write was silently dropped! (seq 0 expected 42) [ 283.719073][ T6455] bcachefs (loop3): done starting filesystem [ 284.151445][ T5874] usb 1-1: new full-speed USB device number 4 using dummy_hcd [ 284.179453][ T1605] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 284.380372][ T1605] usb 2-1: Using ep0 maxpacket: 16 [ 284.511598][ T5874] usb 1-1: unable to get BOS descriptor or descriptor too short [ 284.526110][ T1605] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 284.529553][ T5874] usb 1-1: not running at top speed; connect to a high speed hub [ 284.536115][ T1605] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.579242][ T1555] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 284.611210][ T1605] usb 2-1: config 0 descriptor?? [ 284.637718][ T5874] usb 1-1: config 8 has an invalid interface number: 24 but max is 0 [ 284.653591][ T5874] usb 1-1: config 8 has no interface number 0 [ 284.662604][ T5874] usb 1-1: config 8 interface 24 altsetting 2 endpoint 0xE has invalid maxpacket 1535, setting to 64 [ 284.674132][ T5874] usb 1-1: config 8 interface 24 altsetting 2 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 284.685568][ T5874] usb 1-1: config 8 interface 24 altsetting 2 endpoint 0x85 has invalid wMaxPacketSize 0 [ 284.695870][ T5874] usb 1-1: config 8 interface 24 has no altsetting 0 [ 284.800136][ T1605] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 284.927277][ T5874] usb 1-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 284.936939][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 284.946311][ T5874] usb 1-1: Product: syz [ 284.951690][ T5874] usb 1-1: Manufacturer: syz [ 284.964202][ T5874] usb 1-1: SerialNumber: syz [ 285.077341][ T1555] usb 5-1: Using ep0 maxpacket: 8 [ 285.089939][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 285.226093][ T1555] usb 5-1: New USB device found, idVendor=041e, idProduct=401c, bcdDevice=1d.9c [ 285.235674][ T1555] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.245010][ T1555] usb 5-1: Product: syz [ 285.250292][ T1555] usb 5-1: Manufacturer: syz [ 285.255098][ T1555] usb 5-1: SerialNumber: syz [ 285.280496][ T24] usb 3-1: device descriptor read/64, error -71 [ 285.342572][ T6471] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 285.354395][ T1555] usb 5-1: config 0 descriptor?? [ 285.436211][ T1555] gspca_main: gspca_zc3xx-2.14.0 probing 041e:401c [ 285.587003][ T24] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 285.611187][ T1605] gspca_sonixj: reg_r err -110 [ 285.616695][ T1605] sonixj 2-1:0.0: probe with driver sonixj failed with error -110 [ 285.689502][ T1555] gspca_zc3xx: reg_w_i err -71 [ 285.707381][ T6471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 285.719338][ T6471] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 285.851419][ T24] usb 3-1: device descriptor read/64, error -71 [ 285.860418][ T1605] usb 2-1: USB disconnect, device number 7 [ 285.897403][ T5874] vmk80xx 1-1:8.24: driver 'vmk80xx' failed to auto-configure device. [ 285.943049][ T5874] vmk80xx 1-1:8.24: probe with driver vmk80xx failed with error -22 [ 285.958625][ T5874] usb 1-1: USB disconnect, device number 4 [ 285.983971][ T24] usb usb3-port1: attempt power cycle [ 286.020213][ T5818] bcachefs (loop3): shutting down [ 286.025447][ T5818] bcachefs (loop3): going read-only [ 286.034988][ T5818] bcachefs (loop3): finished waiting for writes to stop [ 286.139834][ T5818] bcachefs (loop3): flushing journal and stopping allocators, journal seq 4 [ 286.438622][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 286.460061][ T1555] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 286.466801][ T1555] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 286.561279][ T24] usb 3-1: device descriptor read/8, error -71 [ 286.649400][ T1555] usb 5-1: USB disconnect, device number 3 [ 286.719634][ T5818] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5 [ 286.794986][ T5818] bcachefs (loop3): clean shutdown complete, journal seq 6 [ 286.851114][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 286.941492][ T5818] bcachefs (loop3): marking filesystem clean [ 286.970019][ T24] usb 3-1: device descriptor read/8, error -71 [ 287.089864][ T6482] loop1: detected capacity change from 0 to 32768 [ 287.112229][ T24] usb usb3-port1: unable to enumerate USB device [ 287.339861][ T6482] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 287.339986][ T6482] allowing incompatible features above 0.0: (unknown version) [ 287.340080][ T6482] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 287.356900][ T5818] bcachefs (loop3): shutdown complete [ 287.363558][ T6482] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 287.363732][ T6482] bcachefs (loop1): initializing new filesystem [ 287.416001][ T6482] bcachefs (loop1): going read-write [ 287.501978][ T6482] bcachefs (loop1): marking superblocks [ 287.561489][ T6482] bcachefs (loop1): initializing freespace [ 287.590601][ T6482] bcachefs (loop1): done initializing freespace [ 287.612272][ T6482] bcachefs (loop1): reading snapshots table [ 287.620652][ T6482] bcachefs (loop1): reading snapshots done [ 287.796753][ T6482] bcachefs (loop1): loop1: Superblock write was silently dropped! (seq 0 expected 42) [ 287.885836][ T6482] bcachefs (loop1): done starting filesystem [ 287.899995][ T5820] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 287.908659][ T5820] Bluetooth: hci4: Injecting HCI hardware error event [ 287.916486][ T5820] Bluetooth: hci4: hardware error 0x00 [ 288.349148][ T24] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 288.420442][ T5810] bcachefs (loop1): shutting down [ 288.425678][ T5810] bcachefs (loop1): going read-only [ 288.431777][ T5810] bcachefs (loop1): finished waiting for writes to stop [ 288.519847][ T5810] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 288.597180][ T24] usb 5-1: config 0 has an invalid interface number: 3 but max is 0 [ 288.605815][ T24] usb 5-1: config 0 has no interface number 0 [ 288.612377][ T24] usb 5-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 288.622819][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.812267][ T24] usb 5-1: config 0 descriptor?? [ 288.893936][ T24] hub 5-1:0.3: bad descriptor, ignoring hub [ 288.900228][ T24] hub 5-1:0.3: probe with driver hub failed with error -5 [ 288.912722][ T24] sierra 5-1:0.3: Sierra USB modem converter detected [ 288.935375][ T6498] loop0: detected capacity change from 0 to 2048 [ 288.971951][ T5810] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3 [ 289.022924][ T5810] bcachefs (loop1): clean shutdown complete, journal seq 4 [ 289.060245][ T5810] bcachefs (loop1): marking filesystem clean [ 289.376943][ T5810] bcachefs (loop1): shutdown complete [ 289.708446][ T24] usb 5-1: Sierra USB modem converter now attached to ttyUSB0 [ 289.811287][ T24] usb 5-1: USB disconnect, device number 4 [ 289.888780][ T24] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 289.900970][ T24] sierra 5-1:0.3: device disconnected [ 289.992322][ T6498] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 290.060042][ T5820] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 291.192492][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 291.200915][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 291.430597][ T6509] orangefs_mount: mount request failed with -4 [ 291.459830][ T6510] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 291.466335][ T6510] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 291.573320][ T6510] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 291.608021][ T5822] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.693982][ T6510] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 291.700705][ T6510] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 291.733315][ T6510] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 291.886868][ T6510] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 291.893457][ T6510] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 291.974008][ T6513] netlink: 24 bytes leftover after parsing attributes in process `syz.0.136'. [ 292.068673][ T6510] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 292.090336][ T6510] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 292.096841][ T6510] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 292.110898][ T6510] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 292.836842][ T6515] netlink: 'syz.3.128': attribute type 5 has an invalid length. [ 293.072752][ T5820] Bluetooth: hci0: command 0x0c1a tx timeout [ 293.712338][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout [ 293.954066][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout [ 294.109319][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout [ 295.149190][ T5820] Bluetooth: hci0: command 0x0c1a tx timeout [ 295.754188][ T6554] netlink: 'syz.3.146': attribute type 1 has an invalid length. [ 295.789180][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout [ 296.029463][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout [ 296.171387][ T6554] 8021q: adding VLAN 0 to HW filter on device bond1 [ 296.199725][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout [ 296.344996][ T6558] 8021q: adding VLAN 0 to HW filter on device bond1 [ 296.354355][ T6558] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 296.374408][ T6558] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 296.574984][ T6559] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 296.583330][ T6559] batadv_slave_1: entered promiscuous mode [ 296.601802][ T6559] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 296.635647][ T6559] bond1: (slave batadv_slave_1): making interface the new active one [ 296.648723][ T6559] bond1: (slave batadv_slave_1): Enslaving as an active interface with an up link [ 296.682229][ T6562] IPVS: Unknown mcast interface: G0= [ 297.206901][ T6571] random: crng reseeded on system resumption [ 297.229954][ T5820] Bluetooth: hci0: command 0x0c1a tx timeout [ 297.871404][ T5820] Bluetooth: hci1: command 0x0c1a tx timeout [ 298.129447][ T5820] Bluetooth: hci2: command 0x0c1a tx timeout [ 298.271915][ T5820] Bluetooth: hci3: command 0x0c1a tx timeout [ 298.394543][ T6587] tipc: Enabling of bearer rejected, failed to enable media [ 299.819127][ T6600] tipc: Started in network mode [ 299.824333][ T6600] tipc: Node identity b63c60454a2a, cluster identity 4711 [ 299.832788][ T6600] tipc: Enabled bearer , priority 0 [ 299.908461][ T6600] syzkaller0: entered promiscuous mode [ 299.914721][ T6600] syzkaller0: entered allmulticast mode [ 299.967467][ T6603] tipc: Resetting bearer [ 300.133927][ T6599] tipc: Resetting bearer [ 300.191512][ T6608] syzkaller0: create flow: hash 740316769 index 1 [ 300.250604][ T6599] tipc: Disabling bearer [ 300.383596][ T6604] syzkaller0: delete flow: hash 740316769 index 1 [ 301.155894][ T5820] Bluetooth: hci3: Malformed LE Event: 0x1b [ 301.509905][ T6626] syzkaller0: entered promiscuous mode [ 301.515842][ T6626] syzkaller0: entered allmulticast mode [ 302.789395][ T1605] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 303.066724][ T1605] usb 5-1: Using ep0 maxpacket: 16 [ 303.245389][ T1605] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 303.257210][ T1605] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 303.266159][ T1605] usb 5-1: Product: syz [ 303.270852][ T1605] usb 5-1: Manufacturer: syz [ 303.275854][ T1605] usb 5-1: SerialNumber: syz [ 303.598610][ T1605] usb 5-1: config 0 descriptor?? [ 303.694251][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 305.373748][ T1605] usb 5-1: USB disconnect, device number 5 [ 305.525862][ T6654] netlink: 8 bytes leftover after parsing attributes in process `syz.3.178'. [ 306.968282][ T6664] netlink: 48 bytes leftover after parsing attributes in process `syz.3.183'. [ 307.820437][ T6678] netlink: 68 bytes leftover after parsing attributes in process `syz.3.186'. [ 310.846226][ T6704] netlink: 'syz.0.196': attribute type 3 has an invalid length. [ 311.071028][ T6708] kvm: pic: non byte write [ 311.139283][ T30] audit: type=1326 audit(1754377202.529:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6712 comm="syz.4.199" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb573b8eb69 code=0x0 [ 312.082600][ T6719] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 312.351512][ T6719] kvm: pic: non byte read [ 312.360438][ T6719] kvm: pic: level sensitive irq not supported [ 312.361333][ T6719] kvm: pic: non byte read [ 314.908034][ T6750] netlink: 80 bytes leftover after parsing attributes in process `syz.3.212'. [ 314.970273][ T6750] netlink: 8 bytes leftover after parsing attributes in process `syz.3.212'. [ 315.047623][ T6746] netlink: 'syz.0.211': attribute type 3 has an invalid length. [ 318.009251][ T6786] netlink: 'syz.0.227': attribute type 3 has an invalid length. [ 318.449420][ T5862] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 318.702052][ T5862] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 318.711720][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.794270][ T5862] usb 3-1: config 0 descriptor?? [ 318.903390][ T5862] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 320.206820][ T5862] gspca_cpia1: usb_control_msg 03, error -110 [ 320.232273][ T5862] gspca_cpia1: usb_control_msg 01, error -32 [ 320.304785][ T5862] gspca_cpia1: usb_control_msg 01, error -32 [ 320.360401][ T5862] gspca_cpia1: usb_control_msg 01, error -32 [ 320.419719][ T5862] gspca_cpia1: usb_control_msg 01, error -32 [ 320.426086][ T5862] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0) [ 321.572549][ T5862] usb 3-1: USB disconnect, device number 8 [ 323.445342][ T24] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 323.689920][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 323.752165][ T24] usb 3-1: config index 0 descriptor too short (expected 28277, got 36) [ 323.761067][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.777877][ T24] usb 3-1: config 0 has no interfaces? [ 323.786461][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 323.795980][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.888719][ T24] usb 3-1: config 0 descriptor?? [ 325.059659][ T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 325.259184][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 325.389498][ T24] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 325.403121][ T24] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 325.417779][ T24] usb 5-1: Product: syz [ 325.425164][ T24] usb 5-1: Manufacturer: syz [ 325.430077][ T24] usb 5-1: SerialNumber: syz [ 325.539125][ T24] usb 5-1: config 0 descriptor?? [ 326.002563][ T24] usb 3-1: USB disconnect, device number 9 [ 326.970341][ T24] usb 5-1: USB disconnect, device number 6 [ 328.035098][ T6901] netlink: 24 bytes leftover after parsing attributes in process `syz.3.269'. [ 328.795542][ T6914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.275'. [ 328.877409][ T6914] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 328.907963][ T6914] netlink: 16 bytes leftover after parsing attributes in process `syz.0.275'. [ 329.039621][ T6918] Bluetooth: hci0: too big key_count value 34945 [ 329.879251][ T6929] tipc: Enabling of bearer rejected, failed to enable media [ 330.612822][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.284'. [ 330.622462][ T6938] netlink: 36 bytes leftover after parsing attributes in process `syz.1.284'. [ 330.747897][ T6938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.284'. [ 330.757782][ T6938] netlink: 36 bytes leftover after parsing attributes in process `syz.1.284'. [ 331.331654][ T6945] netlink: 24 bytes leftover after parsing attributes in process `syz.3.287'. [ 331.695566][ T6951] netlink: 'syz.0.290': attribute type 8 has an invalid length. [ 331.703660][ T6951] netlink: 'syz.0.290': attribute type 1 has an invalid length. [ 331.712077][ T6951] netlink: 'syz.0.290': attribute type 2 has an invalid length. [ 332.575240][ T6962] binder_alloc: 6960: binder_alloc_buf, no vma [ 334.581599][ T6989] netlink: 24 bytes leftover after parsing attributes in process `syz.3.302'. [ 335.069785][ T5815] Bluetooth: hci3: command 0x0c1a tx timeout [ 336.572745][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 336.816025][ T24] usb 4-1: config 0 has no interfaces? [ 336.822069][ T24] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 336.831548][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.922377][ T24] usb 4-1: config 0 descriptor?? [ 337.455294][ T7011] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 337.466410][ T7011] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 337.904860][ T7024] binder: 7023:7024 ioctl 400c620e 2000000000c0 returned -22 [ 338.018549][ T24] usb 4-1: USB disconnect, device number 7 [ 338.966129][ T7035] binder_alloc: 7033: binder_alloc_buf, no vma [ 339.786388][ T7042] snd_aloop snd_aloop.0: control 3:-6:2:syz0:50466 is already present [ 341.814669][ T7065] binder_alloc: 7063: binder_alloc_buf, no vma [ 343.381029][ T3671] ===================================================== [ 343.395018][ T3671] BUG: KMSAN: uninit-value in nci_ntf_packet+0x2753/0x42b0 [ 343.403309][ T3671] nci_ntf_packet+0x2753/0x42b0 [ 343.408398][ T3671] nci_rx_work+0x403/0x750 [ 343.413201][ T3671] process_scheduled_works+0xb91/0x1d80 [ 343.419104][ T3671] worker_thread+0xedf/0x1590 [ 343.426636][ T3671] kthread+0xd59/0xf00 [ 343.432078][ T3671] ret_from_fork+0x1e3/0x310 [ 343.437405][ T3671] ret_from_fork_asm+0x1a/0x30 [ 343.442583][ T3671] [ 343.445011][ T3671] Uninit was created at: [ 343.449870][ T3671] kmem_cache_alloc_node_noprof+0x818/0xf00 [ 343.456021][ T3671] kmalloc_reserve+0x13c/0x4b0 [ 343.461287][ T3671] __alloc_skb+0x347/0x7d0 [ 343.465941][ T3671] virtual_ncidev_write+0x6b/0x430 [ 343.473364][ T3671] vfs_write+0x463/0x1580 [ 343.477942][ T3671] __x64_sys_write+0x1fb/0x4d0 [ 343.484626][ T3671] x64_sys_call+0x3014/0x3e20 [ 343.489704][ T3671] do_syscall_64+0xd9/0x210 [ 343.494408][ T3671] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.500758][ T3671] [ 343.503230][ T3671] CPU: 0 UID: 0 PID: 3671 Comm: kworker/u8:15 Not tainted 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 343.515627][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 343.528746][ T3671] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 343.535538][ T3671] ===================================================== [ 343.542724][ T3671] Disabling lock debugging due to kernel taint [ 343.549158][ T3671] Kernel panic - not syncing: kmsan.panic set ... [ 343.555741][ T3671] CPU: 0 UID: 0 PID: 3671 Comm: kworker/u8:15 Tainted: G B 6.16.0-syzkaller-11568-gd632ab86aff2 #0 PREEMPT(none) [ 343.569556][ T3671] Tainted: [B]=BAD_PAGE [ 343.573835][ T3671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 343.584054][ T3671] Workqueue: nfc2_nci_rx_wq nci_rx_work [ 343.589846][ T3671] Call Trace: [ 343.593249][ T3671] [ 343.596293][ T3671] __dump_stack+0x26/0x30 [ 343.600838][ T3671] dump_stack_lvl+0x53/0x270 [ 343.605655][ T3671] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 343.611695][ T3671] dump_stack+0x1e/0x25 [ 343.616081][ T3671] vpanic+0x361/0xc50 [ 343.620310][ T3671] panic+0x15d/0x160 [ 343.624466][ T3671] kmsan_report+0x31c/0x320 [ 343.629190][ T3671] ? __msan_warning+0x1b/0x30 [ 343.634046][ T3671] ? nci_ntf_packet+0x2753/0x42b0 [ 343.639286][ T3671] ? nci_rx_work+0x403/0x750 [ 343.644072][ T3671] ? process_scheduled_works+0xb91/0x1d80 [ 343.650043][ T3671] ? worker_thread+0xedf/0x1590 [ 343.655138][ T3671] ? kthread+0xd59/0xf00 [ 343.659572][ T3671] ? ret_from_fork+0x1e3/0x310 [ 343.664521][ T3671] ? ret_from_fork_asm+0x1a/0x30 [ 343.669687][ T3671] ? ret_from_fork_asm+0x1a/0x30 [ 343.674855][ T3671] ? kmsan_get_metadata+0xfb/0x160 [ 343.680180][ T3671] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 343.686213][ T3671] ? kmsan_get_metadata+0xfb/0x160 [ 343.691533][ T3671] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 343.698135][ T3671] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 343.704480][ T3671] ? _raw_spin_unlock_irqrestore+0x3f/0x60 [ 343.710542][ T3671] ? stack_depot_save_flags+0x615/0x7b0 [ 343.716321][ T3671] ? kmsan_get_metadata+0xfb/0x160 [ 343.721647][ T3671] ? kmsan_internal_memmove_metadata+0x181/0x230 [ 343.728189][ T3671] ? kmsan_get_metadata+0xfb/0x160 [ 343.733532][ T3671] __msan_warning+0x1b/0x30 [ 343.738250][ T3671] nci_ntf_packet+0x2753/0x42b0 [ 343.743323][ T3671] ? __pfx_kmsan_internal_unpoison_memory+0x10/0x10 [ 343.750245][ T3671] nci_rx_work+0x403/0x750 [ 343.754883][ T3671] ? __pfx_nci_rx_work+0x10/0x10 [ 343.760017][ T3671] process_scheduled_works+0xb91/0x1d80 [ 343.765894][ T3671] worker_thread+0xedf/0x1590 [ 343.770867][ T3671] kthread+0xd59/0xf00 [ 343.775139][ T3671] ? __pfx_worker_thread+0x10/0x10 [ 343.780524][ T3671] ? __pfx_kthread+0x10/0x10 [ 343.785323][ T3671] ret_from_fork+0x1e3/0x310 [ 343.790112][ T3671] ? __pfx_kthread+0x10/0x10 [ 343.794896][ T3671] ret_from_fork_asm+0x1a/0x30 [ 343.799947][ T3671] [ 343.803480][ T3671] Kernel Offset: disabled [ 343.807900][ T3671] Rebooting in 86400 seconds..