last executing test programs: 1m15.895690956s ago: executing program 1 (id=265): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, 0x0, 0x40000000, 0x0) 1m15.075205229s ago: executing program 1 (id=274): r0 = fsopen(&(0x7f0000000000)='gadgetfs\x00', 0x1) fsconfig$FSCONFIG_SET_FLAG(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 1m14.74814798s ago: executing program 1 (id=278): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x1000d, 0xfffffffffffffc60, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r0, 0x8b2a, &(0x7f0000000040)) 1m14.271942225s ago: executing program 1 (id=281): syz_mount_image$udf(&(0x7f0000000400), &(0x7f0000000000)='./file0\x00', 0x800048, &(0x7f00000001c0)=ANY=[], 0x1, 0x4b1, &(0x7f0000000740)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080)) mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000001100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c}) syz_mount_image$nilfs2(&(0x7f0000000100), &(0x7f0000000f00)='./file3\x00', 0x0, &(0x7f0000002d40)=ANY=[], 0x1, 0xf06, &(0x7f0000003e00)="$eJzs3U9sHNX9APA3a6/txCZeAz8w8COk0IpAwQ5JpKa3IFCPiEvvoJDQCENRQw9E/DE9ICohioQ4VRyouFAqpUhFAlWqUE9tT6166wn1QqUqlYJ6aCMlrrJ5b737nGHXE3vW3v18pK/fvnmz8/2O7WxmxrNvAzC2Gu2vR48uFiG8+9k7j778VPHJlWV3ddY40P5axF4rhNDs6hfZ9r6ICy5deOnEtdoiHG5/Tf3w2PnOc2dDCKvhQPg8tMJHyytfffjeIwc/fn3mlrfOPvPKNu1+R74fAAAwis79aeVv9/3jjw8sXDy3/3iY7ixPx+et2J+Nx/2H4oFyOl5uhN5+0RXdprL1JmI0svUmetebnMzyTJbka2bbaZasN/X1+Tp1hXDt/QQAAIDdKJ3XtkLRWOrpNxpLS1fP+6/4Yn6qWHru9MqpM0MqFAAAAKjs36+2b7oVQgghhBBCCCHECMfa/LCvQAAAAADjJp8vbIPVrZ2pq7O11mD5zz/cuPbzYQvU/fsv/+7K/8FrXnEAAKhuVI8m036l4+g0j0E+j+BE9rzNHv83su1MbrLOsnkFe5YXO/fHVFZ//n3dqcrq3+zPcVjK6s/nw9ypyurP5+ncqcrqn665jqrK6p+puY6qyurfU3MdVZXVv7fmOqoqq3+25jqqKqt/ruY6qiqr/4aa66iqrP59NddRVVn9u+W22rL6WzXXUVVZ/Qs111FVWf031lxHVWX131RzHVWV1X9zzXUMy52xTd+H/dl49/lzfk63W87xAAAAYNz91/x/QgghxIZo3wexA+oQYrSj2AE1CCHE+MSrw74AAQAAAAxdel9AegP6WpTGJ/qMT3aPz6yvkMabfZ4/1Wd8us84AAAAEMJv3zh129vF+vv8r3c+vDRv1J7wyeVQYR6jfKK7zea/3nnPrjf/bpm3DAAAgPFSfO/zy/c/+v4LCxfP7T/edfZ7OZ7vpnlAJ+O1gU9jP90XMJf1i3QOfbw3T6Nkvfz6wA1l23v8OncUAAAAxlg6f2+ForHUdd7dCo3G0tL6+fhiaBanTq+cPBT76fNZ/jDfnL6y/KGa6wYAAAAGt36+f+3z//Q5vothqlh67vTKqTNX+3Od5c1G93WB+fXlRfd1gVa2/HDJ8iOxnz6/8wfze9rLl078cOWprd55AAAAGBNnXjz7zJMrKyd/5IEHHnjQeTDsVyYAAGCrffnlO80fH5n73dX3/6/Pf5fe/38g9ltxbr8/xxXSfQLpfQCp30zbeKI3z3y2Xud9/c/3rtfK1puIMZ3VPdO1ndCeb7D3eQtl+Vq925kqyTeb5ZvL8uXzFExm66d8+7Ll+fyEab35bHk+D+NklqPI8t8dAAAAoNzyC88+v3zmxbMPnn72yadPPn3yuSOHj3332LFDD33noeX2ff3L3Xf3AwAAALvR+k2/w64EAAAAAAAAAAAAAAAAAAAAxlcdHyc27H0EAACAcfevV0MIq0IIUTnWpodfgxBCCCGEELsm2p/tXn/exrCvPwAAAADj59KFl050txusFluar7O11tXmcsyb2rkH/7pwJdJq5x+e6Hn+3i2thnFX9++//Lsr/wevbW3+mfRg4Ne/9iXj1bXpuOB4tbz3Lv9ysTv/7ZMD5s/3//Fq+Q9m+e8Ng+Vfez/L/0S1/Pdl+fcOmH/D/j9fLf/9Mf9i7B+8Z9D8vX8ySL8GaT/2DJj/29n+PxUGzZ/tf2vAhJkHYn4AGEejegNAOkpIx9GzsZ/2Nx5uhonseZs9/m9k25m87sp7t5uOg26N/XS8NJflTTZb/2y2vRsq1pnL69qpyurfqp/jdiurv1lzHVWV1T9Vcx1VldU/XXMdVZXVP1NzHVWV1T/oeeiwldW/W64rl9U/W3MdVZXVP1dzHVWV1b/Z/8eHpaz+fTXXUVVZ/fM111FVWf0VL6vVrqz+hZrrqKqs/htrrqOqsvpvqrmOqsrqv7nmOobljtiWnQ+n88/5OJb6raw/fY3v5aheWwAAAIDd5p/m/xNCjFC0//a7A+oQQoxHzIz1a07X3XJDr0VsRfxn7aph17ExGn7PhNiiWFsb0oUHdoTtfTczADuV1//x1vn575Y3XLGl/Psfb37+fJ10D3+R9ZOJPuOTfcabfcansvH893W6z/hN2XbX0nXN6OY+4//XZ3xfn/Fb+4wv9hm/rc/47X3G7+gzDgAAwHi4JbaDnR9+5bwRAAAAdqGXf/Xpm7+594kLCxfP7T8epjbMO38o9qfj39bfiP183vukGf/m/5PY/0Vsfx/bv2fru/8EAAAAtl/6nBj3hwMAAMDoSp9T6vwfAAAARtdCbJ3/AwAAwOi6MbbO/wEAAGCEFTPXXhzbdF3g7tgOOq8fALDz/X9s74zt/tjeFdtvxDYdB9wT22/WVB8AsHV+/v2fHnu7WJ/v/0g2fikuT+0Gq1evFBSN3pn898R2b2y/NWA9+ecBDJo/2Tdgnu3KP3+d+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA0dFofz16dLEI4d3P3nn0Z1Nv/uXKsrs6axxofy1irxVCaHael0bX+7+OK1668NKJ7vZybItwOBSh6CwPj53vZJoNIayGA+Hz0AofLa989eF7jxz8+PWZW946+8wr2/gt6Nk/AAAAGEX/CwAA//+vpSYI") 1m12.997575532s ago: executing program 1 (id=289): seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) dup2(r0, r1) 1m12.308267319s ago: executing program 1 (id=293): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000000000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) 1m11.249522955s ago: executing program 32 (id=293): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@local}, {@local}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5612336f04000000000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b8defe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) 4.058362438s ago: executing program 0 (id=789): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000240), 0x25, 0x4b6, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvvW1pKYUWJfFHVBBRNISZdoCGsMKNxhASI3HlAmo7NE1nOk1nirSyKP+DiSSu9E9wYeLChJV7d7pzgwsTVOILfclbzMudmZZSOm3fo8x96Xw+ycm9555hvt/D9J4zPW3nBNC3LkTERkSciIgHETHeuZ50Stxul+xxr189md189WQ2iWbz3n+TVnt2LXb8m8ypznOORMTPfhzxy+TduPW19cWZSqW80qkXG9XlYn1t/epCdWa+PF9eKpWmp6Ynb167UTqyvp6v/vHljxbu/Pwvf/7mi79t/ODXWVpjnbad/ThK7a4PbcfJDEbEnQ8RLAcDnf6cyDsRPpc0Ir4UERez+7+ZdzYAQC80m+PRHN9ZBwCOu7S1Bpakhc5awFikaaHQXsM7F6NppVZvXHlYW12aa6+VTcRQ+nChUp7srBVOxFCS1ada52/qpV31axFxNiJ+M3yyVS/M1ipzeb7xAYA+dmrX/P/RcHv+BwCOuZG8EwAAes78DwD9x/wPAP3H/A8A/cf8DwD9x/wPAP3H/A8AfeWnd+9mpbnZ+fzruUdrq4u1R1fnyvXFQnV1tjBbW1kuzNdq863P7Kke9HyVWm156nqsPi42yvVGsb62fr9aW11q3G99rvf98lBPegUA7Ofs+ef/SCJi49bJVokdezmYq+F4S/NOAMjNQN4JALkZzDsBIDe+xwf22KL3LV1/RejZ0ecC9Mblr1n/h35l/R/6l/V/6F/W/6F/NZuJPf8BoM9Y4wf8/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+u7FWSdJCZy/wsUjTQiHidERMxFDycKFSnoyIMxHx9+Gh4aw+lXfSAMB7Sv+ddPb/ujx+aWx364nk4+HWMSJ+9bt7v30802isTGXX/7d9vfGsc72UR/4AwEG25umteXzL61dPZrdKL/N5+cP25qJZ3M1OabcMxmDrOBJDETH6/6RTb8verwwcQfyNpxHx1b36n7TWRiY6O5/ujp/FPt3T+Olb8dNWW/uY/V98+QhygX7zPBt/bu91/6VxoXXc+/4faY1Q729r/Nt8Z/xLt8e/gS7j34XDxrj+1590bXsa8fXBveIn2/GTLvEvHTL+P7/xrYvd2pq/j7gce8ffGavYqC4X62vrVxeqM/Pl+fJSqTQ9NT1589qNUrG1Rl3cWql+139uXTmzX/9Hu8QfOaD/3z1k///wyYNffHuf+N//zt6v/7l94mdz4vcOGX9m9E9dt+/O4s916f9Br/+VQ8Z/8a/1uUM+FADogfra+uJMpVJecdKzk+y92xcgDSe5nWRfAUfxPF/5gKnmPTIBH9qbmz7vTAAAAAAAAAAAAAAAgG568QdPefcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA4+vTAAAA//+0tdao") r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x187842, 0x3) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000240)={0x3920e, r0, 0x0, 0x3, 0x2}) 2.972337967s ago: executing program 0 (id=797): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x80000}}]}}]}, 0x44}}, 0x0) 2.625487117s ago: executing program 0 (id=801): r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0xb, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x39}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x60, 0x0, 0x0, 0xb3550aa4ba878396}, 0x9c) 2.520297564s ago: executing program 3 (id=803): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) write$rfkill(r1, &(0x7f00000004c0)={0x3, 0x2, 0x3, 0x1, 0x1}, 0x8) 2.379118425s ago: executing program 6 (id=804): r0 = socket$alg(0x26, 0x5, 0x0) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0xa000000d}) close(r1) 2.294754914s ago: executing program 3 (id=806): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000002000000000000000100008018150000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000450000001801000020756c2500000000002020207b1a00ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000002c0)="e02742e86c0d85ff9782762f0800", 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 2.15123808s ago: executing program 6 (id=807): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a0b040000000000000000020000000900010073797a30000000000900020073797a320000000014000000110001"], 0x54}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000060a010e0000000000000000020000000900020073797a32000000000900010073797a30000000000c0006"], 0x60}, 0x1, 0x0, 0x0, 0x20048880}, 0x0) 2.062118537s ago: executing program 0 (id=808): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000040)={{@any, 0xaeb}, 0x1, 0x0, 0x3ff}) 1.929806318s ago: executing program 5 (id=809): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="5245434c45560a50484f4e454f55540a535045414b455220274344272030303030303030303030303030303030303030300a4449474954414c32202706006e652043617074557265272030303030303034303030303030303030303030300a20"], 0xb8) r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r1, r0, 0x0) 1.908766307s ago: executing program 2 (id=810): r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x4000007b, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 1.901091518s ago: executing program 4 (id=811): r0 = socket$kcm(0x29, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000003680)={0x0, 0x0, 0x0}, 0x44090) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/kcm\x00') read$FUSE(r1, &(0x7f0000000400)={0x2020}, 0x2020) 1.73646249s ago: executing program 5 (id=812): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1) close(r0) 1.681355941s ago: executing program 4 (id=813): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x800) 1.433867965s ago: executing program 4 (id=814): r0 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f05e, 0x1ff, '\x00', @p_u32=0x0}}) write$binfmt_script(r0, &(0x7f0000000280)={'#! ', './file0'}, 0xb) pwritev(r0, &(0x7f0000002740)=[{&(0x7f0000002180)="ce7316", 0x3}], 0x1, 0x2, 0x1) 1.432560901s ago: executing program 2 (id=815): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) fchdir(r0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) pivot_root(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='./file0\x00') 1.387336547s ago: executing program 5 (id=816): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'macsec0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r2, @ANYBLOB="800202000a00020057"], 0x48}}, 0x0) 1.270191022s ago: executing program 2 (id=817): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x8, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00') read$FUSE(r1, &(0x7f0000000080)={0x2020}, 0x2020) 1.176297933s ago: executing program 4 (id=818): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000000c0)=[@in={0x2, 0x4e20, @local}], 0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000), 0x4) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000b40), &(0x7f0000000440)=0x8) 1.133929259s ago: executing program 6 (id=819): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x8202, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) write$proc_mixer(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='\t'], 0x2b) dup3(r1, r0, 0x0) 1.091606012s ago: executing program 0 (id=820): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd27, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) 1.053411228s ago: executing program 3 (id=821): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x19) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 1.015986029s ago: executing program 5 (id=822): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000004c0)=[@in={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in={0x2, 0x4e21, @local}], 0x20) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000140)=[@in6={0xa, 0x4e20, 0xc, @private1, 0x3a11}], 0x1c) 905.311975ms ago: executing program 2 (id=823): mkdir(&(0x7f0000000040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) lsetxattr$system_posix_acl(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000004c0)={{}, {0x1, 0x4}, [], {0x4, 0x6}, [], {0x10, 0x4}, {0x20, 0x7}}, 0x24, 0x0) 822.648106ms ago: executing program 4 (id=824): io_setup(0x3ff, &(0x7f0000000500)=0x0) io_destroy(r0) io_setup(0x7, &(0x7f00000017c0)) io_submit(r0, 0x0, 0x0) 791.828018ms ago: executing program 5 (id=825): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='ext4_ext_remove_space_done\x00', r0, 0x0, 0x8000000000}, 0x18) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080), 0x7d, 0x7a5, &(0x7f0000000f80)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==") truncate(&(0x7f0000000200)='./file2\x00', 0x7) 775.664728ms ago: executing program 3 (id=826): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed}, 0x8) listen(r0, 0x0) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f00000003c0)=0x1, &(0x7f0000000400)=0x4) 774.608092ms ago: executing program 0 (id=827): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00') mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) pread64(r0, &(0x7f0000000080)=""/196, 0xc4, 0x3) 745.950083ms ago: executing program 6 (id=828): bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20f42, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'\x00', 0x6132}) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe3a) 528.530327ms ago: executing program 2 (id=829): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x24, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "9a3382feb390b2dc"}, @NL80211_REKEY_DATA_KEK={0x14, 0x1, @kek="4b782ebc9a8a965cdfaa8e1275114a2d"}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000045}, 0x4000840) 523.994905ms ago: executing program 3 (id=830): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, 0x0, 0x12100}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MODE={0x5, 0x4, 0x1}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x0) 347.153212ms ago: executing program 4 (id=831): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f00000001c0)={0x0, @in={{0x2, 0xa, @empty}}, 0x27c0}, 0x90) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 314.483689ms ago: executing program 6 (id=832): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000140)=0xfffffdfb) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0xfffff001, 0x6, 0x18, "5cadf0fa59ebc3cef90ac43c5c135252e5d962"}) ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000100)={0x1, 0x6, 0xb5, 0x103, 0x4, "32d6c3ea55b5fd2394955b5738668d7ab60163"}) 77.814908ms ago: executing program 2 (id=833): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x602, 0x0) write$rfkill(r1, &(0x7f00000004c0)={0x3, 0x2, 0x3, 0x1, 0x1}, 0x8) 77.610794ms ago: executing program 3 (id=834): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x101600, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x7) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) 77.393008ms ago: executing program 5 (id=835): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x40, r1, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'nicvf0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x8, 0x17, 0x0, 0x1, [@NL80211_MNTR_FLAG_ACTIVE={0x4}]}]]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x0) 0s ago: executing program 6 (id=836): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) kernel console output (not intermixed with test programs): batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.312794][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 119.357096][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.381603][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.418996][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.454134][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.483180][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.509206][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.519613][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.532062][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.542792][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 119.553571][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 119.565476][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 119.586472][ T5844] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.598924][ T5844] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.614114][ T5844] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 119.625294][ T5844] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 120.575382][ T351] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.602225][ T351] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 120.649680][ T5956] Illegal XDP return value 2097485272 on prog (id 3) dev N/A, expect packet loss! [ 120.657020][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 120.683011][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.128443][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.136833][ T351] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.144268][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.153699][ T351] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.282227][ T3934] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.322511][ T3934] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.491041][ T3934] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.516087][ T3934] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.728112][ T3545] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.736051][ T3545] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 121.835953][ T5970] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 121.906030][ T5975] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 121.923434][ T2906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 121.957790][ T2906] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 122.129159][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 122.349017][ T5982] Bluetooth: MGMT ver 1.23 [ 122.354228][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 122.376091][ T24] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 122.447875][ T24] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 122.494055][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 122.528111][ T24] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 122.593964][ T24] usb 5-1: Product: syz [ 122.615320][ T24] usb 5-1: Manufacturer: syz [ 122.712195][ T24] hub 5-1:4.0: USB hub found [ 122.754784][ T5987] netlink: 32 bytes leftover after parsing attributes in process `syz.5.6'. [ 122.784887][ T5992] netlink: 104 bytes leftover after parsing attributes in process `syz.1.24'. [ 122.856860][ T5993] loop3: detected capacity change from 0 to 1024 [ 122.922017][ T24] hub 5-1:4.0: 2 ports detected [ 123.170138][ T5993] hfsplus: xattr searching failed [ 123.331499][ T24] hub 5-1:4.0: set hub depth failed [ 123.417854][ T24] usb 5-1: USB disconnect, device number 2 [ 123.437486][ T6002] veth0_to_team: entered promiscuous mode [ 123.469482][ T3545] hfsplus: bad catalog file entry [ 123.474551][ T6002] veth0_to_team: entered allmulticast mode [ 123.474950][ T3545] hfsplus: b-tree write err: -5, ino 3 [ 124.322809][ T6017] netlink: 40 bytes leftover after parsing attributes in process `syz.4.36'. [ 124.660268][ T6021] loop1: detected capacity change from 0 to 128 [ 124.869886][ T6021] FAT-fs (loop1): error, corrupted directory (invalid i_start) [ 124.913400][ T6021] FAT-fs (loop1): Filesystem has been set read-only [ 124.915927][ T5995] loop0: detected capacity change from 0 to 32768 [ 124.984529][ T5995] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.26 (5995) [ 125.175357][ T5995] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 125.247971][ T5995] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 125.256503][ T5995] BTRFS info (device loop0): using free-space-tree [ 125.946570][ T5851] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 125.963244][ T6018] loop3: detected capacity change from 0 to 32768 [ 125.998915][ T6018] ======================================================= [ 125.998915][ T6018] WARNING: The mand mount option has been deprecated and [ 125.998915][ T6018] and is ignored by this kernel. Remove the mand [ 125.998915][ T6018] option from the mount to silence this warning. [ 125.998915][ T6018] ======================================================= [ 126.321648][ T30] audit: type=1800 audit(1743907224.171:2): pid=6018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.35" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 126.449427][ T6018] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 126.449427][ T6018] [ 126.478402][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.512695][ T6018] ERROR: (device loop3): remounting filesystem as read-only [ 126.588672][ T6018] xtLookup: xtSearch returned -5 [ 126.629234][ T6018] ERROR: (device loop3): xtTruncate: XT_GETPAGE: xtree page corrupt [ 126.629234][ T6018] [ 127.185208][ T6031] loop2: detected capacity change from 0 to 40427 [ 127.279919][ T6031] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x3fffff [ 127.399996][ T6031] F2FS-fs (loop2): invalid crc value [ 127.517935][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 127.618539][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 127.808871][ T6055] mmap: syz.4.47 (6055) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 127.948978][ T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!! [ 127.994709][ T6031] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 128.171470][ T6081] loop3: detected capacity change from 0 to 512 [ 128.209600][ T30] audit: type=1800 audit(1743907226.071:3): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.43" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 128.232438][ T6031] syz.2.43: attempt to access beyond end of device [ 128.232438][ T6031] loop2: rw=34817, sector=77824, nr_sectors = 8 limit=40427 [ 128.336124][ T6081] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.408429][ T6081] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 128.534738][ T5838] syz-executor: attempt to access beyond end of device [ 128.534738][ T5838] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 128.658913][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 128.658967][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 128.658989][ T5838] Call Trace: [ 128.659000][ T5838] [ 128.659014][ T5838] dump_stack_lvl+0x16c/0x1f0 [ 128.659072][ T5838] f2fs_handle_critical_error+0x621/0x9f0 [ 128.659131][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.659175][ T5838] ? __asan_memset+0x23/0x50 [ 128.659224][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.659279][ T5838] f2fs_write_end_io+0x73d/0xac0 [ 128.659337][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 128.659396][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.659451][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 128.659504][ T5838] bio_endio+0x6d2/0x810 [ 128.659564][ T5838] submit_bio_noacct+0x56d/0x1ec0 [ 128.659616][ T5838] __submit_merged_bio+0x33c/0x770 [ 128.659677][ T5838] __submit_merged_write_cond+0x319/0x3f0 [ 128.659745][ T5838] f2fs_write_cache_pages+0x2139/0x2680 [ 128.659837][ T5838] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 128.659901][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.659950][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.659993][ T5838] ? __kasan_check_byte+0x13/0x50 [ 128.660055][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660101][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660153][ T5838] ? rcu_is_watching+0x12/0xc0 [ 128.660200][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660245][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660308][ T5838] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 128.660428][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660472][ T5838] ? add_lock_to_list+0x9d/0x130 [ 128.660531][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660582][ T5838] f2fs_write_data_pages+0x4ad/0xd90 [ 128.660653][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.660727][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660779][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.660823][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.660886][ T5838] do_writepages+0x1b5/0x820 [ 128.660951][ T5838] ? __pfx_do_writepages+0x10/0x10 [ 128.661004][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661050][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661092][ T5838] ? do_raw_spin_lock+0x12c/0x2b0 [ 128.661138][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661180][ T5838] ? find_held_lock+0x2b/0x80 [ 128.661229][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661275][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661318][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 128.661360][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661411][ T5838] filemap_fdatawrite_wbc+0x104/0x160 [ 128.661464][ T5838] ? stack_trace_save+0x8e/0xc0 [ 128.661515][ T5838] __filemap_fdatawrite_range+0xb2/0xf0 [ 128.661556][ T5838] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 128.661593][ T5838] ? check_path.constprop.0+0x24/0x50 [ 128.661701][ T5838] ? find_held_lock+0x2b/0x80 [ 128.661750][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661793][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 128.661834][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.661882][ T5838] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 128.661939][ T5838] block_operations+0x2a3/0xfd0 [ 128.661986][ T5838] ? __pfx_block_operations+0x10/0x10 [ 128.662018][ T5838] ? add_lock_to_list+0x9d/0x130 [ 128.662129][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.662170][ T5838] ? down_write+0x14d/0x200 [ 128.662225][ T5838] ? __pfx_down_write+0x10/0x10 [ 128.662282][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.662323][ T5838] ? rcu_is_watching+0x12/0xc0 [ 128.662373][ T5838] f2fs_write_checkpoint+0x2b8/0x45b0 [ 128.662416][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.662464][ T5838] ? kfree+0x2b6/0x4d0 [ 128.662507][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.662547][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.662594][ T5838] ? f2fs_stop_gc_thread+0x79/0xd0 [ 128.662636][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.662689][ T5838] kill_f2fs_super+0x3c2/0x470 [ 128.662727][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 128.662762][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 128.662829][ T5838] deactivate_locked_super+0xc1/0x1a0 [ 128.662880][ T5838] deactivate_super+0xde/0x100 [ 128.662929][ T5838] cleanup_mnt+0x225/0x450 [ 128.662982][ T5838] task_work_run+0x150/0x240 [ 128.663025][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 128.663063][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.663108][ T5838] ? __pfx___x64_sys_umount+0x10/0x10 [ 128.663187][ T5838] syscall_exit_to_user_mode+0x27b/0x2a0 [ 128.663247][ T5838] do_syscall_64+0xda/0x260 [ 128.663304][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.663338][ T5838] RIP: 0033:0x7f279278e497 [ 128.663366][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 128.663398][ T5838] RSP: 002b:00007ffdb3858eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 128.663432][ T5838] RAX: 0000000000000000 RBX: 00007f279280e08c RCX: 00007f279278e497 [ 128.663454][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb3858f70 [ 128.663476][ T5838] RBP: 00007ffdb3858f70 R08: 0000000000000000 R09: 0000000000000000 [ 128.663497][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdb385a000 [ 128.663519][ T5838] R13: 00007f279280e08c R14: 000000000001f50f R15: 00007ffdb385a040 [ 128.663567][ T5838] [ 129.217644][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 129.309272][ T6093] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 129.372206][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.439157][ T6093] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 129.617898][ T5894] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 129.858065][ T5894] usb 6-1: Using ep0 maxpacket: 16 [ 129.878465][ T5894] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 25 [ 129.900877][ T5894] usb 6-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 129.937967][ T5894] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.946081][ T5894] usb 6-1: Product: syz [ 130.007121][ T5894] usb 6-1: Manufacturer: syz [ 130.038886][ T5894] usb 6-1: SerialNumber: syz [ 130.071151][ T5894] usb 6-1: config 0 descriptor?? [ 130.085575][ T5894] ssu100 6-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 130.927705][ T6121] netem: incorrect ge model size [ 130.937460][ T5894] ssu100 6-1:0.0: probe with driver ssu100 failed with error -71 [ 130.964109][ T5894] usb 6-1: USB disconnect, device number 2 [ 130.972646][ T6121] netem: change failed [ 131.131380][ T6104] loop0: detected capacity change from 0 to 32768 [ 131.174766][ T6123] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 131.383662][ T6111] loop4: detected capacity change from 0 to 32768 [ 131.568425][ T6127] loop2: detected capacity change from 0 to 64 [ 131.728404][ T6127] BFS-fs: bfs_readdir(): Bad f_pos=00007ffb for loop2:00000002 [ 131.789686][ T6111] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 132.195075][ T5833] ocfs2: Unmounting device (7,4) on (node local) [ 132.614625][ T6147] loop3: detected capacity change from 0 to 2048 [ 132.635408][ T6147] EXT4-fs: Ignoring removed mblk_io_submit option [ 132.750817][ T6147] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.847855][ T5889] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 132.935579][ T6147] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm syz.3.86: bg 0: block 234: padding at end of block bitmap is not set [ 132.958355][ T6156] EXT4-fs error (device loop3): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 133.018690][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.031023][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.052237][ T6147] EXT4-fs (loop3): Remounting filesystem read-only [ 133.072451][ T6156] EXT4-fs (loop3): Remounting filesystem read-only [ 133.098314][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 133.147531][ T6161] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.173797][ T5889] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 133.204730][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.229201][ T5889] usb 3-1: config 0 descriptor?? [ 133.334841][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.601341][ T6172] sp0: Synchronizing with TNC [ 133.787192][ T5889] corsair-cpro 0003:1B1C:1D00.0001: hidraw0: USB HID v0.00 Device [HID 1b1c:1d00] on usb-dummy_hcd.2-1/input0 [ 133.894987][ T6182] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 133.912112][ T5889] corsair-cpro 0003:1B1C:1D00.0001: probe with driver corsair-cpro failed with error -38 [ 134.047050][ T5889] usb 3-1: USB disconnect, device number 2 [ 134.105419][ T6186] loop0: detected capacity change from 0 to 1024 [ 134.227629][ T6189] loop4: detected capacity change from 0 to 2048 [ 134.240754][ T6186] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 134.325693][ T6189] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 134.358098][ T30] audit: type=1800 audit(1743907232.221:4): pid=6186 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.101" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 134.420451][ T6198] netlink: 12 bytes leftover after parsing attributes in process `syz.3.106'. [ 134.581726][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.793191][ T6220] loop4: detected capacity change from 0 to 4096 [ 135.818156][ T6220] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 136.186241][ T6196] loop5: detected capacity change from 0 to 40427 [ 136.233274][ T6196] F2FS-fs (loop5): Mismatch start address, segment0(512) cp_blkaddr(175702528) [ 136.279239][ T6196] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 136.359193][ T6196] F2FS-fs (loop5): invalid crc value [ 136.479241][ T6221] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 136.527044][ T6221] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 136.668958][ T6221] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 136.704033][ T6221] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 136.814409][ T6196] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 136.869617][ T6196] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 136.895902][ T6221] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 136.917854][ T6221] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 137.070811][ T30] audit: type=1800 audit(1743907234.941:5): pid=6196 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.104" name="file1" dev="loop5" ino=10 res=0 errno=0 [ 137.091033][ C0] vkms_vblank_simulate: vblank timer overrun [ 137.112490][ T6196] syz.5.104: attempt to access beyond end of device [ 137.112490][ T6196] loop5: rw=34817, sector=53248, nr_sectors = 8 limit=40427 [ 137.178150][ T6221] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 137.188061][ T6221] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 137.298935][ T5844] syz-executor: attempt to access beyond end of device [ 137.298935][ T5844] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 137.330010][ T5844] CPU: 0 UID: 0 PID: 5844 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 137.330064][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 137.330086][ T5844] Call Trace: [ 137.330098][ T5844] [ 137.330111][ T5844] dump_stack_lvl+0x16c/0x1f0 [ 137.330185][ T5844] f2fs_handle_critical_error+0x621/0x9f0 [ 137.330236][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.330282][ T5844] ? __asan_memset+0x23/0x50 [ 137.330333][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.330386][ T5844] f2fs_write_end_io+0x73d/0xac0 [ 137.330452][ T5844] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 137.330511][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.330566][ T5844] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 137.330618][ T5844] bio_endio+0x6d2/0x810 [ 137.330678][ T5844] submit_bio_noacct+0x56d/0x1ec0 [ 137.330730][ T5844] __submit_merged_bio+0x33c/0x770 [ 137.330789][ T5844] __submit_merged_write_cond+0x319/0x3f0 [ 137.330855][ T5844] f2fs_write_cache_pages+0x2139/0x2680 [ 137.330946][ T5844] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 137.331004][ T5844] ? lock_acquire+0x179/0x350 [ 137.331042][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.331099][ T5844] ? check_path.constprop.0+0x24/0x50 [ 137.331177][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.331219][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.331261][ T5844] ? __lock_acquire+0xf7f/0x1ba0 [ 137.331314][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.331356][ T5844] ? do_raw_spin_lock+0x12c/0x2b0 [ 137.331444][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.331486][ T5844] ? lock_acquire+0x179/0x350 [ 137.331519][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.331571][ T5844] f2fs_write_data_pages+0x4ad/0xd90 [ 137.331642][ T5844] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 137.331711][ T5844] ? lock_release+0x201/0x2f0 [ 137.331740][ T5844] ? bpf_ksym_find+0x124/0x1c0 [ 137.331794][ T5844] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 137.331856][ T5844] do_writepages+0x1b5/0x820 [ 137.331913][ T5844] ? arch_stack_walk+0xa6/0x100 [ 137.331968][ T5844] ? __pfx_do_writepages+0x10/0x10 [ 137.332020][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332065][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332107][ T5844] ? do_raw_spin_lock+0x12c/0x2b0 [ 137.332148][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332190][ T5844] ? find_held_lock+0x2b/0x80 [ 137.332238][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332285][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332327][ T5844] ? do_raw_spin_unlock+0x172/0x230 [ 137.332369][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332420][ T5844] filemap_fdatawrite_wbc+0x104/0x160 [ 137.332482][ T5844] __filemap_fdatawrite_range+0xb2/0xf0 [ 137.332522][ T5844] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 137.332621][ T5844] ? find_held_lock+0x2b/0x80 [ 137.332669][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332712][ T5844] ? do_raw_spin_unlock+0x172/0x230 [ 137.332753][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.332803][ T5844] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 137.332862][ T5844] block_operations+0x2a3/0xfd0 [ 137.332912][ T5844] ? __pfx_block_operations+0x10/0x10 [ 137.333010][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.333052][ T5844] ? down_write+0x14d/0x200 [ 137.333109][ T5844] ? __pfx_down_write+0x10/0x10 [ 137.333175][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.333217][ T5844] ? rcu_is_watching+0x12/0xc0 [ 137.333271][ T5844] f2fs_write_checkpoint+0x2b8/0x45b0 [ 137.333315][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.333357][ T5844] ? kfree+0x2b6/0x4d0 [ 137.333400][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.333448][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.333490][ T5844] ? rcu_is_watching+0x12/0xc0 [ 137.333534][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.333576][ T5844] ? kthread_stop+0x273/0x650 [ 137.333617][ T5844] kill_f2fs_super+0x3c2/0x470 [ 137.333657][ T5844] ? __pfx_kill_f2fs_super+0x10/0x10 [ 137.333694][ T5844] ? lockdep_hardirqs_on+0x7c/0x110 [ 137.333766][ T5844] deactivate_locked_super+0xc1/0x1a0 [ 137.333817][ T5844] deactivate_super+0xde/0x100 [ 137.333868][ T5844] cleanup_mnt+0x225/0x450 [ 137.333923][ T5844] task_work_run+0x150/0x240 [ 137.333967][ T5844] ? __pfx_task_work_run+0x10/0x10 [ 137.334006][ T5844] ? srso_alias_return_thunk+0x5/0xfbef5 [ 137.334052][ T5844] ? __pfx___x64_sys_umount+0x10/0x10 [ 137.334119][ T5844] syscall_exit_to_user_mode+0x27b/0x2a0 [ 137.334179][ T5844] do_syscall_64+0xda/0x260 [ 137.334238][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.334274][ T5844] RIP: 0033:0x7f14ee58e497 [ 137.334302][ T5844] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 137.334336][ T5844] RSP: 002b:00007ffffd83e318 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 137.334369][ T5844] RAX: 0000000000000000 RBX: 00007f14ee60e08c RCX: 00007f14ee58e497 [ 137.334392][ T5844] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffffd83e3d0 [ 137.334414][ T5844] RBP: 00007ffffd83e3d0 R08: 0000000000000000 R09: 0000000000000000 [ 137.334434][ T5844] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffffd83f460 [ 137.334457][ T5844] R13: 00007f14ee60e08c R14: 00000000000217d5 R15: 00007ffffd83f4a0 [ 137.334503][ T5844] [ 137.855979][ C0] vkms_vblank_simulate: vblank timer overrun [ 137.876590][ T5844] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 137.938316][ T6221] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 137.945388][ T6221] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 138.010782][ T6221] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 138.034191][ T6221] Bluetooth: hci5: Error when powering off device on rfkill (-4) [ 138.611187][ T6263] pimreg: entered allmulticast mode [ 138.621527][ T6267] pimreg: left allmulticast mode [ 138.952893][ T6246] loop3: detected capacity change from 0 to 32768 [ 139.019663][ T6246] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.127 (6246) [ 139.127915][ T6246] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 139.168385][ T6246] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm [ 139.177321][ T6246] BTRFS info (device loop3): using free-space-tree [ 139.195108][ T6276] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 139.696681][ T30] audit: type=1800 audit(1743907237.541:6): pid=6246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.127" name="file2" dev="loop3" ino=261 res=0 errno=0 [ 140.042388][ T5837] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 140.826182][ T6325] netlink: 8 bytes leftover after parsing attributes in process `syz.5.153'. [ 140.912192][ T6325] netlink: 24 bytes leftover after parsing attributes in process `syz.5.153'. [ 141.119963][ T6329] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 141.926775][ T6347] loop0: detected capacity change from 0 to 2048 [ 141.967853][ T5901] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 142.031134][ T6347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 142.130188][ T5901] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 142.147911][ T5901] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 142.156301][ T6323] loop1: detected capacity change from 0 to 32768 [ 142.158258][ T5901] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 142.175971][ T5901] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.191968][ T6341] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 142.206808][ T5901] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 142.284078][ T6323] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 142.295153][ T6324] loop2: detected capacity change from 0 to 32768 [ 142.313595][ T6324] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.152 (6324) [ 142.320216][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.481051][ T6324] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 142.547593][ T5901] usb 6-1: USB disconnect, device number 3 [ 142.568359][ T6324] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 142.595031][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 142.809286][ T6324] BTRFS info (device loop2): rebuilding free space tree [ 142.862500][ T6323] XFS (loop1): Ending clean mount [ 142.931413][ T6324] BTRFS info (device loop2): disabling free space tree [ 142.941290][ T6323] XFS (loop1): Quotacheck needed: Please wait. [ 142.943518][ T6324] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 142.964491][ T6324] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 143.012366][ T6367] udevd[6367]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 143.095982][ T6323] XFS (loop1): Quotacheck: Done. [ 143.210623][ T6324] BTRFS error (device loop2): balance: mixed groups data and metadata options must be the same [ 143.562448][ T5839] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 143.643504][ T6393] capability: warning: `syz.4.171' uses deprecated v2 capabilities in a way that may be insecure [ 143.650584][ T5838] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 143.768209][ T6395] warning: `syz.5.173' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 143.872850][ T5146] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 144.660560][ T6412] random: crng reseeded on system resumption [ 144.884203][ T6419] loop0: detected capacity change from 0 to 64 [ 145.526380][ T6429] loop1: detected capacity change from 0 to 512 [ 145.654226][ T6429] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 145.667014][ T6429] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 145.762011][ T30] audit: type=1800 audit(1743907243.631:7): pid=6437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.187" name="file2" dev="loop1" ino=16 res=0 errno=0 [ 145.818337][ T6435] netlink: 4 bytes leftover after parsing attributes in process `syz.5.188'. [ 145.838127][ T30] audit: type=1800 audit(1743907243.651:8): pid=6429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.187" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 145.871727][ T5839] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 146.168295][ T6442] netlink: 4 bytes leftover after parsing attributes in process `syz.1.190'. [ 147.148786][ T6463] ALSA: mixer_oss: invalid OSS volume '' [ 147.307383][ T6468] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 147.329777][ T6468] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.339587][ T6468] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.039759][ T6489] netlink: 32 bytes leftover after parsing attributes in process `syz.2.212'. [ 148.098262][ T47] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 148.299398][ T47] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 148.329987][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.372829][ T47] usb 1-1: Product: syz [ 148.398008][ T6498] netlink: 4 bytes leftover after parsing attributes in process `syz.5.215'. [ 148.408336][ T47] usb 1-1: Manufacturer: syz [ 148.412974][ T47] usb 1-1: SerialNumber: syz [ 148.498661][ T47] usb 1-1: config 0 descriptor?? [ 148.869140][ T6507] loop3: detected capacity change from 0 to 2048 [ 148.917049][ T6507] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 148.945105][ T47] usb 1-1: Firmware: major: 107, minor: 86, hardware type: RZUSB (3) [ 148.982768][ T6519] loop1: detected capacity change from 0 to 256 [ 149.087482][ T6519] FAT-fs (loop1): Directory bread(block 64) failed [ 149.105311][ T6519] FAT-fs (loop1): Directory bread(block 65) failed [ 149.116115][ T6507] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 149.150852][ T6519] FAT-fs (loop1): Directory bread(block 66) failed [ 149.160891][ T6519] FAT-fs (loop1): Directory bread(block 67) failed [ 149.170001][ T47] usb 1-1: failed to fetch extended address, random address set [ 149.181136][ T6519] FAT-fs (loop1): Directory bread(block 68) failed [ 149.216027][ T6519] FAT-fs (loop1): Directory bread(block 69) failed [ 149.242466][ T6519] FAT-fs (loop1): Directory bread(block 70) failed [ 149.249353][ T6519] FAT-fs (loop1): Directory bread(block 71) failed [ 149.265235][ T47] usb 1-1: USB disconnect, device number 2 [ 149.271775][ T6519] FAT-fs (loop1): Directory bread(block 72) failed [ 149.295517][ T6519] FAT-fs (loop1): Directory bread(block 73) failed [ 149.467208][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.860601][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 150.912568][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 150.981348][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 151.046925][ T6551] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 151.138388][ T6551] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 151.315205][ T6565] loop1: detected capacity change from 0 to 128 [ 151.327059][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 151.365243][ T6565] FAT-fs (loop1): Directory bread(block 32) failed [ 151.388141][ T6565] FAT-fs (loop1): Directory bread(block 33) failed [ 151.391839][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 151.395261][ T6565] FAT-fs (loop1): Directory bread(block 34) failed [ 151.410769][ T6565] FAT-fs (loop1): Directory bread(block 35) failed [ 151.417644][ T6565] FAT-fs (loop1): Directory bread(block 36) failed [ 151.432776][ T6565] FAT-fs (loop1): Directory bread(block 37) failed [ 151.436493][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 151.440071][ T6565] FAT-fs (loop1): Directory bread(block 38) failed [ 151.477194][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 151.500621][ T6565] FAT-fs (loop1): Directory bread(block 39) failed [ 151.517707][ T6565] FAT-fs (loop1): Directory bread(block 40) failed [ 151.542488][ T6565] FAT-fs (loop1): Directory bread(block 41) failed [ 151.552293][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 151.557325][ T6551] wlan0 speed is unknown, defaulting to 1000 [ 151.563218][ T6567] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 152.038889][ T6565] capability: warning: `syz.1.244' uses 32-bit capabilities (legacy support in use) [ 152.292012][ T6581] block nbd4: not configured, cannot reconfigure [ 152.412585][ T6587] loop0: detected capacity change from 0 to 256 [ 153.275891][ T6609] loop4: detected capacity change from 0 to 2048 [ 153.406208][ T6609] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.493470][ T6609] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 153.542094][ T6609] fs-verity: sha512 using implementation "sha512-avx2" [ 153.819854][ T6628] loop2: detected capacity change from 0 to 2048 [ 153.870792][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.903416][ T6628] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 154.052264][ T6632] loop5: detected capacity change from 0 to 2048 [ 154.084132][ T6632] EXT4-fs: Ignoring removed nobh option [ 154.210093][ T6632] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.211449][ T6642] loop4: detected capacity change from 0 to 8 [ 154.262008][ T6642] SQUASHFS error: lzo decompression failed, data probably corrupt [ 154.286151][ T6632] EXT4-fs (loop5): shut down requested (1) [ 154.302785][ T6642] SQUASHFS error: Failed to read block 0x91: -5 [ 154.332760][ T6642] SQUASHFS error: Unable to read metadata cache entry [8f] [ 154.390184][ T6642] SQUASHFS error: Unable to read inode 0x11f [ 154.617339][ T5844] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.738424][ T6648] loop1: detected capacity change from 0 to 128 [ 154.780155][ T5894] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 154.795812][ T6648] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 154.895865][ T6648] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 154.960180][ T6654] loop5: detected capacity change from 0 to 256 [ 154.979924][ T5894] usb 3-1: config index 0 descriptor too short (expected 2340, got 36) [ 155.004348][ T5894] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.026329][ T6648] overlayfs: upper fs needs to support d_type. [ 155.049861][ T5894] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.077787][ T5894] usb 3-1: config 0 interface 0 has no altsetting 0 [ 155.104815][ T5894] usb 3-1: New USB device found, idVendor=17ef, idProduct=6085, bcdDevice= 0.00 [ 155.122875][ T6622] loop0: detected capacity change from 0 to 32768 [ 155.134799][ T6648] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 155.137830][ T5894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.167429][ T6648] overlayfs: failed to set xattr on upper [ 155.177577][ T6622] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.270 (6622) [ 155.194765][ T5894] usb 3-1: config 0 descriptor?? [ 155.217669][ T6648] overlayfs: ...falling back to redirect_dir=nofollow. [ 155.255256][ T6622] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 155.284897][ T6622] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm [ 155.286567][ T6648] overlayfs: ...falling back to index=off. [ 155.294946][ T6622] BTRFS info (device loop0): disk space caching is enabled [ 155.347400][ T6648] overlayfs: ...falling back to uuid=null. [ 155.348119][ T6622] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 155.651076][ T5894] hid-rmi 0003:17EF:6085.0002: unknown main item tag 0x3 [ 155.694131][ T6622] BTRFS info (device loop0): rebuilding free space tree [ 155.741673][ T5894] hid-rmi 0003:17EF:6085.0002: hidraw0: USB HID v0.0b Device [HID 17ef:6085] on usb-dummy_hcd.2-1/input0 [ 155.788619][ T6622] BTRFS info (device loop0): disabling free space tree [ 155.795613][ T6622] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 155.832927][ T6622] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 155.927259][ T5894] usb 3-1: USB disconnect, device number 3 [ 155.951857][ T5839] UDF-fs: error (device loop1): udf_read_inode: (ino 114) failed !bh [ 155.988301][ T5839] UDF-fs: error (device loop1): udf_read_inode: (ino 114) failed !bh [ 156.353916][ T6622] syz.0.270 (6622) used greatest stack depth: 20584 bytes left [ 156.643055][ T6651] loop4: detected capacity change from 0 to 40427 [ 156.699100][ T6651] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 156.707023][ T6651] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 156.765066][ T5851] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 156.809463][ T6651] F2FS-fs (loop4): build fault injection attr: rate: 17008, type: 0x3fffff [ 156.868042][ T6651] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x1f8 [ 156.966831][ T6651] F2FS-fs (loop4): invalid crc value [ 157.028901][ T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.302532][ T6696] loop0: detected capacity change from 0 to 2048 [ 157.313162][ T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.326438][ T6696] EXT4-fs: Ignoring removed nobh option [ 157.424017][ T6651] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 157.425176][ T6696] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 157.449107][ T6651] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 157.523528][ T6696] EXT4-fs (loop0): shut down requested (1) [ 157.541156][ T6651] syz.4.283: attempt to access beyond end of device [ 157.541156][ T6651] loop4: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 157.590436][ T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.769131][ T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.783459][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.840480][ T5833] syz-executor: attempt to access beyond end of device [ 157.840480][ T5833] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 157.889710][ T5833] CPU: 1 UID: 0 PID: 5833 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 157.889757][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 157.889776][ T5833] Call Trace: [ 157.889787][ T5833] [ 157.889798][ T5833] dump_stack_lvl+0x16c/0x1f0 [ 157.889852][ T5833] f2fs_handle_critical_error+0x621/0x9f0 [ 157.889896][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.889935][ T5833] ? __asan_memset+0x23/0x50 [ 157.889977][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.890026][ T5833] f2fs_write_end_io+0x73d/0xac0 [ 157.890076][ T5833] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 157.890129][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.890177][ T5833] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 157.890222][ T5833] bio_endio+0x6d2/0x810 [ 157.890273][ T5833] submit_bio_noacct+0x56d/0x1ec0 [ 157.890319][ T5833] __submit_merged_bio+0x33c/0x770 [ 157.890372][ T5833] __submit_merged_write_cond+0x319/0x3f0 [ 157.890438][ T5833] f2fs_write_cache_pages+0x2139/0x2680 [ 157.890518][ T5833] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 157.890574][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.890612][ T5833] ? __lock_acquire+0x5ca/0x1ba0 [ 157.890649][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.890686][ T5833] ? __lock_acquire+0x5ca/0x1ba0 [ 157.890801][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.890838][ T5833] ? lock_acquire+0x179/0x350 [ 157.890872][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.890917][ T5833] f2fs_write_data_pages+0x4ad/0xd90 [ 157.890981][ T5833] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 157.891044][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891081][ T5833] ? lru_gen_add_folio+0x1a4/0xef0 [ 157.891121][ T5833] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 157.891176][ T5833] do_writepages+0x1b5/0x820 [ 157.891226][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891267][ T5833] ? __pfx_do_writepages+0x10/0x10 [ 157.891313][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891352][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891389][ T5833] ? do_raw_spin_lock+0x12c/0x2b0 [ 157.891430][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891467][ T5833] ? find_held_lock+0x2b/0x80 [ 157.891510][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891553][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891590][ T5833] ? do_raw_spin_unlock+0x172/0x230 [ 157.891627][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891672][ T5833] filemap_fdatawrite_wbc+0x104/0x160 [ 157.891725][ T5833] __filemap_fdatawrite_range+0xb2/0xf0 [ 157.891761][ T5833] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 157.891851][ T5833] ? find_held_lock+0x2b/0x80 [ 157.891894][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.891932][ T5833] ? do_raw_spin_unlock+0x172/0x230 [ 157.891969][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892014][ T5833] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 157.892067][ T5833] block_operations+0x2a3/0xfd0 [ 157.892111][ T5833] ? __pfx_block_operations+0x10/0x10 [ 157.892196][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892233][ T5833] ? down_write+0x14d/0x200 [ 157.892285][ T5833] ? __pfx_down_write+0x10/0x10 [ 157.892337][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892374][ T5833] ? rcu_is_watching+0x12/0xc0 [ 157.892432][ T5833] f2fs_write_checkpoint+0x2b8/0x45b0 [ 157.892469][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892506][ T5833] ? kfree+0x2b6/0x4d0 [ 157.892545][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892590][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892631][ T5833] ? rcu_is_watching+0x12/0xc0 [ 157.892674][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892716][ T5833] ? kthread_stop+0x273/0x650 [ 157.892757][ T5833] kill_f2fs_super+0x3c2/0x470 [ 157.892796][ T5833] ? __pfx_kill_f2fs_super+0x10/0x10 [ 157.892831][ T5833] ? lockdep_hardirqs_on+0x7c/0x110 [ 157.892902][ T5833] deactivate_locked_super+0xc1/0x1a0 [ 157.892956][ T5833] deactivate_super+0xde/0x100 [ 157.893009][ T5833] cleanup_mnt+0x225/0x450 [ 157.893064][ T5833] task_work_run+0x150/0x240 [ 157.893109][ T5833] ? __pfx_task_work_run+0x10/0x10 [ 157.893148][ T5833] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.893194][ T5833] ? __pfx___x64_sys_umount+0x10/0x10 [ 157.893261][ T5833] syscall_exit_to_user_mode+0x27b/0x2a0 [ 157.893317][ T5833] do_syscall_64+0xda/0x260 [ 157.893375][ T5833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.893417][ T5833] RIP: 0033:0x7faaa978e497 [ 157.893446][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 157.893480][ T5833] RSP: 002b:00007fff44ff1b38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 157.893514][ T5833] RAX: 0000000000000000 RBX: 00007faaa980e08c RCX: 00007faaa978e497 [ 157.893537][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff44ff1bf0 [ 157.893559][ T5833] RBP: 00007fff44ff1bf0 R08: 0000000000000000 R09: 0000000000000000 [ 157.893581][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff44ff2c80 [ 157.893604][ T5833] R13: 00007faaa980e08c R14: 00000000000267c5 R15: 00007fff44ff2cc0 [ 157.893653][ T5833] [ 157.893667][ T5833] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 159.006361][ T6719] netlink: 12 bytes leftover after parsing attributes in process `syz.5.306'. [ 159.026236][ T6718] loop3: detected capacity change from 0 to 1024 [ 159.219742][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 159.232030][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 159.242566][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 159.254314][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 159.269470][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 159.287598][ T5146] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 159.296613][ T5146] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 159.308488][ T5146] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 159.319520][ T5146] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 159.328952][ T5146] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 159.458460][ T62] bridge_slave_1: left promiscuous mode [ 159.494330][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 159.681731][ T62] bridge_slave_0: left allmulticast mode [ 159.725690][ T62] bridge_slave_0: left promiscuous mode [ 159.767697][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 160.268134][ T5901] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 160.468648][ T5901] usb 6-1: Using ep0 maxpacket: 8 [ 160.498624][ T5901] usb 6-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 160.526793][ T5901] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.619152][ T5901] usb 6-1: config 0 descriptor?? [ 160.893466][ T5901] usb 6-1: USB disconnect, device number 4 [ 161.290637][ T6769] loop4: detected capacity change from 0 to 1024 [ 161.329895][ T6769] EXT4-fs: Ignoring removed nomblk_io_submit option [ 161.340548][ T6769] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 161.394106][ T5146] Bluetooth: hci2: command tx timeout [ 161.467516][ T6769] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 161.684856][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.021374][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 162.058532][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 162.084578][ T62] bond0 (unregistering): Released all slaves [ 162.491468][ T6756] wlan0 speed is unknown, defaulting to 1000 [ 162.734561][ T6724] wlan0 speed is unknown, defaulting to 1000 [ 162.868181][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.924314][ T6787] loop5: detected capacity change from 0 to 4096 [ 162.977972][ T6787] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 163.085018][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 163.106739][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 163.124833][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 163.306239][ T6787] ntfs3(loop5): ino=1b, "file0" ntfs_readdir [ 163.314641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 163.338283][ T6787] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 163.470463][ T5146] Bluetooth: hci2: command tx timeout [ 163.558207][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 164.032952][ T62] hsr_slave_0: left promiscuous mode [ 164.055695][ T6803] loop2: detected capacity change from 0 to 1024 [ 164.059507][ T62] hsr_slave_1: left promiscuous mode [ 164.091102][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.107543][ T6803] EXT4-fs: Ignoring removed mblk_io_submit option [ 164.124390][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.147604][ T6803] EXT4-fs: inline encryption not supported [ 164.160207][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.188442][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.300802][ T6803] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.354535][ T62] veth1_macvtap: left promiscuous mode [ 164.395239][ T62] veth0_macvtap: left promiscuous mode [ 164.401268][ T62] veth1_vlan: left promiscuous mode [ 164.406910][ T62] veth0_vlan: left promiscuous mode [ 164.622015][ T6815] loop4: detected capacity change from 0 to 2048 [ 164.682027][ T6815] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 164.710941][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.558298][ T5146] Bluetooth: hci2: command tx timeout [ 165.604398][ T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 165.794531][ T9] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 165.825749][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.849248][ T9] usb 5-1: Product: syz [ 165.853486][ T9] usb 5-1: Manufacturer: syz [ 165.880137][ T9] usb 5-1: SerialNumber: syz [ 165.899528][ T9] usb 5-1: config 0 descriptor?? [ 165.988028][ T30] audit: type=1326 audit(1743907263.841:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6833 comm="syz.0.340" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f221158d169 code=0x0 [ 166.152746][ T6820] loop2: detected capacity change from 0 to 40427 [ 166.167211][ T6820] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3fffff [ 166.180412][ T6820] F2FS-fs (loop2): Image doesn't support compression [ 166.229037][ T6820] F2FS-fs (loop2): invalid crc value [ 166.369599][ T9] usb 5-1: Firmware: major: 107, minor: 86, hardware type: RZUSB (3) [ 166.412461][ T6820] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 166.490326][ T30] audit: type=1800 audit(1743907264.351:10): pid=6820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.335" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=10 res=0 errno=0 [ 166.570045][ T62] team0 (unregistering): Port device team_slave_1 removed [ 166.579149][ T9] usb 5-1: failed to fetch extended address, random address set [ 166.654493][ T5838] F2FS-fs (loop2): inject inconsistent footer in sanity_check_node_footer of __get_node_folio+0x12d/0x1b0 [ 166.673175][ T5838] F2FS-fs (loop2): inconsistent node block, node_type:0, nid:14, node_footer[nid:14,ino:3,ofs:431041,cpver:0,blkaddr:0] [ 166.687259][ T62] team0 (unregistering): Port device team_slave_0 removed [ 166.704055][ T5838] syz-executor: attempt to access beyond end of device [ 166.704055][ T5838] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 166.720841][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 166.720896][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 166.720918][ T5838] Call Trace: [ 166.720930][ T5838] [ 166.720944][ T5838] dump_stack_lvl+0x16c/0x1f0 [ 166.721007][ T5838] f2fs_handle_critical_error+0x621/0x9f0 [ 166.721059][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.721103][ T5838] ? __asan_memset+0x23/0x50 [ 166.721157][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.721214][ T5838] f2fs_write_end_io+0x73d/0xac0 [ 166.721275][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 166.721337][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.721393][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 166.721445][ T5838] bio_endio+0x6d2/0x810 [ 166.721507][ T5838] submit_bio_noacct+0x56d/0x1ec0 [ 166.721561][ T5838] __submit_merged_bio+0x33c/0x770 [ 166.721623][ T5838] __submit_merged_write_cond+0x319/0x3f0 [ 166.721693][ T5838] f2fs_sync_node_pages+0x1558/0x18b0 [ 166.721768][ T5838] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 166.721813][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.721855][ T5838] ? __lock_acquire+0xf7f/0x1ba0 [ 166.721948][ T5838] ? down_write+0x14d/0x200 [ 166.722010][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722055][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722097][ T5838] ? up_write+0x1b2/0x520 [ 166.722147][ T5838] block_operations+0x941/0xfd0 [ 166.722201][ T5838] ? __pfx_block_operations+0x10/0x10 [ 166.722311][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722352][ T5838] ? down_write+0x14d/0x200 [ 166.722406][ T5838] ? __pfx_down_write+0x10/0x10 [ 166.722465][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722507][ T5838] ? rcu_is_watching+0x12/0xc0 [ 166.722563][ T5838] f2fs_write_checkpoint+0x2b8/0x45b0 [ 166.722609][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722650][ T5838] ? kfree+0x2b6/0x4d0 [ 166.722690][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722736][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722776][ T5838] ? rcu_is_watching+0x12/0xc0 [ 166.722819][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.722858][ T5838] ? kthread_stop+0x273/0x650 [ 166.722901][ T5838] kill_f2fs_super+0x3c2/0x470 [ 166.722939][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 166.722975][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 166.723053][ T5838] deactivate_locked_super+0xc1/0x1a0 [ 166.723109][ T5838] deactivate_super+0xde/0x100 [ 166.723171][ T5838] cleanup_mnt+0x225/0x450 [ 166.723228][ T5838] task_work_run+0x150/0x240 [ 166.723276][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 166.723316][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 166.723364][ T5838] ? __pfx___x64_sys_umount+0x10/0x10 [ 166.723435][ T5838] syscall_exit_to_user_mode+0x27b/0x2a0 [ 166.723494][ T5838] do_syscall_64+0xda/0x260 [ 166.723554][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 166.723591][ T5838] RIP: 0033:0x7f279278e497 [ 166.723620][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 166.723656][ T5838] RSP: 002b:00007ffdb3858eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 166.723689][ T5838] RAX: 0000000000000000 RBX: 00007f279280e08c RCX: 00007f279278e497 [ 166.723713][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb3858f70 [ 166.723735][ T5838] RBP: 00007ffdb3858f70 R08: 0000000000000000 R09: 0000000000000000 [ 166.723757][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdb385a000 [ 166.723781][ T5838] R13: 00007f279280e08c R14: 0000000000028a75 R15: 00007ffdb385a040 [ 166.723838][ T5838] [ 166.725215][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 167.120095][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 167.120146][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 167.120167][ T5838] Call Trace: [ 167.120179][ T5838] [ 167.120192][ T5838] dump_stack_lvl+0x16c/0x1f0 [ 167.120250][ T5838] f2fs_handle_critical_error+0x621/0x9f0 [ 167.120302][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.120348][ T5838] ? __asan_memset+0x23/0x50 [ 167.120407][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.120464][ T5838] f2fs_write_end_io+0x73d/0xac0 [ 167.120525][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 167.120585][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.120639][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 167.120686][ T5838] bio_endio+0x6d2/0x810 [ 167.120734][ T5838] submit_bio_noacct+0x56d/0x1ec0 [ 167.120775][ T5838] __submit_merged_bio+0x33c/0x770 [ 167.120822][ T5838] __submit_merged_write_cond+0x319/0x3f0 [ 167.120875][ T5838] f2fs_sync_node_pages+0x1558/0x18b0 [ 167.120929][ T5838] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 167.120965][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.120998][ T5838] ? __lock_acquire+0xf7f/0x1ba0 [ 167.121063][ T5838] ? down_write+0x14d/0x200 [ 167.121109][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121144][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121176][ T5838] ? up_write+0x1b2/0x520 [ 167.121212][ T5838] block_operations+0x941/0xfd0 [ 167.121251][ T5838] ? __pfx_block_operations+0x10/0x10 [ 167.121327][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121360][ T5838] ? down_write+0x14d/0x200 [ 167.121409][ T5838] ? __pfx_down_write+0x10/0x10 [ 167.121456][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121488][ T5838] ? rcu_is_watching+0x12/0xc0 [ 167.121530][ T5838] f2fs_write_checkpoint+0x2b8/0x45b0 [ 167.121563][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121596][ T5838] ? kfree+0x2b6/0x4d0 [ 167.121630][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121667][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121700][ T5838] ? rcu_is_watching+0x12/0xc0 [ 167.121734][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.121767][ T5838] ? kthread_stop+0x273/0x650 [ 167.121799][ T5838] kill_f2fs_super+0x3c2/0x470 [ 167.121829][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 167.121858][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 167.121914][ T5838] deactivate_locked_super+0xc1/0x1a0 [ 167.121955][ T5838] deactivate_super+0xde/0x100 [ 167.121995][ T5838] cleanup_mnt+0x225/0x450 [ 167.122038][ T5838] task_work_run+0x150/0x240 [ 167.122073][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 167.122104][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.122140][ T5838] ? __pfx___x64_sys_umount+0x10/0x10 [ 167.122192][ T5838] syscall_exit_to_user_mode+0x27b/0x2a0 [ 167.122235][ T5838] do_syscall_64+0xda/0x260 [ 167.122281][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.122308][ T5838] RIP: 0033:0x7f279278e497 [ 167.122331][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 167.122358][ T5838] RSP: 002b:00007ffdb3858eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 167.122387][ T5838] RAX: 0000000000000000 RBX: 00007f279280e08c RCX: 00007f279278e497 [ 167.122405][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb3858f70 [ 167.122422][ T5838] RBP: 00007ffdb3858f70 R08: 0000000000000000 R09: 0000000000000000 [ 167.122439][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdb385a000 [ 167.122456][ T5838] R13: 00007f279280e08c R14: 0000000000028a75 R15: 00007ffdb385a040 [ 167.122495][ T5838] [ 167.126252][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 167.508802][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 167.508851][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 167.508873][ T5838] Call Trace: [ 167.508885][ T5838] [ 167.508898][ T5838] dump_stack_lvl+0x16c/0x1f0 [ 167.508955][ T5838] f2fs_handle_critical_error+0x621/0x9f0 [ 167.509004][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.509046][ T5838] ? __asan_memset+0x23/0x50 [ 167.509093][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.509151][ T5838] f2fs_write_end_io+0x73d/0xac0 [ 167.509211][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 167.509273][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.509337][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 167.509390][ T5838] bio_endio+0x6d2/0x810 [ 167.509449][ T5838] submit_bio_noacct+0x56d/0x1ec0 [ 167.509504][ T5838] __submit_merged_bio+0x33c/0x770 [ 167.509568][ T5838] __submit_merged_write_cond+0x319/0x3f0 [ 167.509638][ T5838] f2fs_sync_node_pages+0x1558/0x18b0 [ 167.509714][ T5838] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 167.509760][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.509802][ T5838] ? __lock_acquire+0xf7f/0x1ba0 [ 167.509896][ T5838] ? down_write+0x14d/0x200 [ 167.509955][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510000][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510043][ T5838] ? up_write+0x1b2/0x520 [ 167.510089][ T5838] block_operations+0x941/0xfd0 [ 167.510143][ T5838] ? __pfx_block_operations+0x10/0x10 [ 167.510251][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510293][ T5838] ? down_write+0x14d/0x200 [ 167.510360][ T5838] ? __pfx_down_write+0x10/0x10 [ 167.510420][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510462][ T5838] ? rcu_is_watching+0x12/0xc0 [ 167.510516][ T5838] f2fs_write_checkpoint+0x2b8/0x45b0 [ 167.510560][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510604][ T5838] ? kfree+0x2b6/0x4d0 [ 167.510646][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510692][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510734][ T5838] ? rcu_is_watching+0x12/0xc0 [ 167.510796][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.510841][ T5838] ? kthread_stop+0x273/0x650 [ 167.510885][ T5838] kill_f2fs_super+0x3c2/0x470 [ 167.510926][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 167.510963][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 167.511040][ T5838] deactivate_locked_super+0xc1/0x1a0 [ 167.511094][ T5838] deactivate_super+0xde/0x100 [ 167.511147][ T5838] cleanup_mnt+0x225/0x450 [ 167.511198][ T5838] task_work_run+0x150/0x240 [ 167.511238][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 167.511272][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 167.511325][ T5838] ? __pfx___x64_sys_umount+0x10/0x10 [ 167.511385][ T5838] syscall_exit_to_user_mode+0x27b/0x2a0 [ 167.511434][ T5838] do_syscall_64+0xda/0x260 [ 167.511485][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 167.511515][ T5838] RIP: 0033:0x7f279278e497 [ 167.511541][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 167.511570][ T5838] RSP: 002b:00007ffdb3858eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 167.511598][ T5838] RAX: 0000000000000000 RBX: 00007f279280e08c RCX: 00007f279278e497 [ 167.511618][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb3858f70 [ 167.511637][ T5838] RBP: 00007ffdb3858f70 R08: 0000000000000000 R09: 0000000000000000 [ 167.511655][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdb385a000 [ 167.511675][ T5838] R13: 00007f279280e08c R14: 0000000000028a75 R15: 00007ffdb385a040 [ 167.511723][ T5838] [ 167.511735][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 167.660784][ T5146] Bluetooth: hci2: command tx timeout [ 168.725120][ T6851] loop2: detected capacity change from 0 to 512 [ 168.769167][ T6851] EXT4-fs: Ignoring removed bh option [ 168.783822][ T6851] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 168.807367][ T6851] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 168.892225][ T6851] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2847: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 168.907479][ T6851] EXT4-fs (loop2): 1 truncate cleaned up [ 168.930979][ T6851] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.010513][ T30] audit: type=1800 audit(1743907266.871:11): pid=6851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.345" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 169.084910][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.094065][ T30] audit: type=1800 audit(1743907266.881:12): pid=6851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.345" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 169.291714][ T6855] loop0: detected capacity change from 0 to 4096 [ 169.403690][ T6857] loop2: detected capacity change from 0 to 2048 [ 169.475446][ T6857] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 169.548871][ T9] usb 5-1: USB disconnect, device number 3 [ 169.693353][ T6862] loop4: detected capacity change from 0 to 1024 [ 170.336770][ T6875] netlink: 64 bytes leftover after parsing attributes in process `syz.0.351'. [ 170.644163][ T6724] chnl_net:caif_netlink_parms(): no params data found [ 171.497141][ T6724] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.538035][ T6724] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.545373][ T6724] bridge_slave_0: entered allmulticast mode [ 171.618703][ T6724] bridge_slave_0: entered promiscuous mode [ 171.669249][ T6724] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.676500][ T6724] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.715430][ T6724] bridge_slave_1: entered allmulticast mode [ 171.752254][ T6724] bridge_slave_1: entered promiscuous mode [ 172.131664][ T6724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 172.205728][ T6724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 172.479095][ T6879] loop4: detected capacity change from 0 to 32768 [ 172.565340][ T6879] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 172.605221][ T6724] team0: Port device team_slave_0 added [ 172.682593][ T6724] team0: Port device team_slave_1 added [ 172.824747][ T6879] XFS (loop4): Ending clean mount [ 172.940000][ T6879] XFS (loop4): User initiated shutdown received. [ 172.946889][ T6879] XFS (loop4): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x160/0x190 (fs/xfs/xfs_fsops.c:475). Shutting down filesystem. [ 172.987548][ T6879] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 173.021510][ T6724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 173.034505][ T6724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.120941][ T6724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 173.132219][ T5833] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.186352][ T6724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 173.228235][ T6724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.255832][ T6724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 173.574286][ T6952] netlink: 16 bytes leftover after parsing attributes in process `syz.5.377'. [ 173.668165][ T6954] loop3: detected capacity change from 0 to 256 [ 173.784360][ T6724] hsr_slave_0: entered promiscuous mode [ 173.840130][ T6724] hsr_slave_1: entered promiscuous mode [ 173.891063][ T6724] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 173.911061][ T6954] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 173.963936][ T6724] Cannot create hsr debugfs directory [ 173.982804][ T6961] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.380'. [ 174.021863][ T30] audit: type=1800 audit(1743907271.891:13): pid=6954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.378" name="file2" dev="loop3" ino=8 res=0 errno=0 [ 174.782501][ T6985] loop2: detected capacity change from 0 to 2048 [ 175.895797][ T6985] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.130675][ T6724] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 176.197269][ T6992] loop4: detected capacity change from 0 to 131072 [ 176.341590][ T6724] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 176.375137][ T6992] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 176.395046][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.428991][ T6724] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 176.575751][ T6724] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 176.896048][ T7023] netlink: 'syz.0.400': attribute type 25 has an invalid length. [ 177.308557][ T30] audit: type=1326 audit(1743907275.161:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 177.423709][ T30] audit: type=1326 audit(1743907275.161:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 177.538621][ T30] audit: type=1326 audit(1743907275.161:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 177.675412][ T6724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.677026][ T30] audit: type=1326 audit(1743907275.161:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 177.815753][ T30] audit: type=1326 audit(1743907275.161:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 177.923572][ T6724] 8021q: adding VLAN 0 to HW filter on device team0 [ 177.942974][ T30] audit: type=1326 audit(1743907275.161:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 178.065034][ T30] audit: type=1326 audit(1743907275.161:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 178.127106][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.134402][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 178.213298][ T30] audit: type=1326 audit(1743907275.161:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 178.271182][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.278468][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 178.321284][ T30] audit: type=1326 audit(1743907275.161:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.5.402" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f14ee58d169 code=0x7fc00000 [ 178.476789][ T7059] geneve0: entered promiscuous mode [ 178.542083][ T7059] batadv0: entered promiscuous mode [ 179.615281][ T7085] loop5: detected capacity change from 0 to 1024 [ 179.830213][ T6724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 179.979939][ T13] hfsplus: b-tree write err: -5, ino 4 [ 181.062890][ T7119] xt_CT: You must specify a L4 protocol and not use inversions on it [ 181.132531][ T6724] veth0_vlan: entered promiscuous mode [ 181.233969][ T6724] veth1_vlan: entered promiscuous mode [ 181.331730][ T7122] loop3: detected capacity change from 0 to 2048 [ 181.403109][ T7122] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 181.448215][ T7126] 9pnet: p9_errstr2errno: server reported unknown error [ 181.466591][ T6724] veth0_macvtap: entered promiscuous mode [ 181.544893][ T6724] veth1_macvtap: entered promiscuous mode [ 181.554526][ T7092] loop2: detected capacity change from 0 to 32768 [ 181.673429][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.703967][ T7092] JBD2: Ignoring recovery information on journal [ 181.758342][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.767949][ T5891] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 181.802596][ T7134] loop4: detected capacity change from 0 to 2048 [ 181.827971][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.861205][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.871825][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.883143][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.884482][ T7134] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.896016][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.917380][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.927666][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.939180][ T5891] usb 6-1: Using ep0 maxpacket: 16 [ 181.944451][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.964836][ T5891] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.979136][ T5891] usb 6-1: config 0 interface 0 has no altsetting 0 [ 181.985813][ T5891] usb 6-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00 [ 182.000301][ T6724] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 182.028734][ T7092] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 182.043839][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.053455][ T5837] UDF-fs: warning (device loop3): udf_evict_inode: Inode 1367 (mode 100000) has inode size 4 different from extent length 512. Filesystem need not be standards compliant. [ 182.080786][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.120294][ T5891] usb 6-1: config 0 descriptor?? [ 182.150120][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.182670][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.217952][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.238654][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.273296][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.284380][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.295320][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.306763][ T6724] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 182.317365][ T6724] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 182.339043][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.346866][ T6724] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 182.363435][ T6724] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.372586][ T6724] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.383758][ T5838] ocfs2: Unmounting device (7,2) on (node local) [ 182.384517][ T6724] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.400271][ T6724] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.452144][ T7142] netlink: 12 bytes leftover after parsing attributes in process `syz.3.435'. [ 182.648987][ T5891] apple 0003:05AC:0247.0003: unexpected long global item [ 182.657116][ T5891] apple 0003:05AC:0247.0003: parse failed [ 182.695633][ T5891] apple 0003:05AC:0247.0003: probe with driver apple failed with error -22 [ 182.805023][ T5891] usb 6-1: USB disconnect, device number 5 [ 182.917106][ T2906] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.001612][ T2906] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.171553][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 183.207062][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.453526][ T7161] Bluetooth: hci0: load_link_keys: expected 6403 bytes, got 7 bytes [ 183.538626][ T888] hid-generic 0005:0B57:06E6.0004: item fetching failed at offset 0/1 [ 183.596680][ T888] hid-generic 0005:0B57:06E6.0004: probe with driver hid-generic failed with error -22 [ 183.777897][ T5891] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 183.865659][ T7173] netlink: 64 bytes leftover after parsing attributes in process `syz.5.445'. [ 183.876740][ T5889] IPVS: starting estimator thread 0... [ 183.957548][ T5891] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 184.001280][ T7174] IPVS: using max 22 ests per chain, 52800 per kthread [ 184.040311][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.182289][ T5891] usb 4-1: config 0 descriptor?? [ 184.215947][ T5891] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 184.380292][ T7187] netlink: 12 bytes leftover after parsing attributes in process `syz.5.451'. [ 184.629759][ T5891] cpia1 4-1:0.0: unexpected state after lo power cmd: 00 [ 185.027537][ T5891] gspca_cpia1: usb_control_msg 02, error -71 [ 185.064917][ T5891] gspca_cpia1: usb_control_msg 05, error -71 [ 185.088591][ T5891] cpia1 4-1:0.0: unexpected systemstate: 00 [ 185.110265][ T5891] usb 4-1: USB disconnect, device number 2 [ 185.407987][ T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 185.617435][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 185.649028][ T9] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 185.680057][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.719670][ T9] usb 3-1: config 0 descriptor?? [ 185.740015][ T9] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 185.824363][ T7224] netlink: 28 bytes leftover after parsing attributes in process `syz.4.463'. [ 186.614677][ T9] gspca_nw80x: reg_r err -71 [ 186.620415][ T9] nw80x 3-1:0.0: probe with driver nw80x failed with error -71 [ 186.650558][ T9] usb 3-1: USB disconnect, device number 4 [ 187.545106][ T7276] ALSA: mixer_oss: invalid OSS volume '' [ 187.704390][ T7282] tipc: Started in network mode [ 187.718156][ T7282] tipc: Node identity 5229855f9b2b, cluster identity 4711 [ 187.733081][ T7282] tipc: Enabled bearer , priority 10 [ 188.217171][ T7300] loop0: detected capacity change from 0 to 1024 [ 188.284557][ T7300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.423911][ T7293] wlan0 speed is unknown, defaulting to 1000 [ 188.751790][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.828135][ T5889] tipc: Node number set to 3372385631 [ 189.726154][ T7344] input: syz0 as /devices/virtual/input/input6 [ 189.962610][ T7350] loop6: detected capacity change from 0 to 1024 [ 190.144417][ T7350] hfsplus: xattr searching failed [ 190.338296][ T7361] trusted_key: syz.4.510 sent an empty control message without MSG_MORE. [ 190.396109][ T3545] hfsplus: bad catalog file entry [ 190.431397][ T3545] hfsplus: b-tree write err: -5, ino 3 [ 190.454089][ T7365] tipc: Enabling of bearer rejected, failed to enable media [ 190.522849][ T7369] netlink: 12 bytes leftover after parsing attributes in process `syz.2.511'. [ 190.830056][ T7372] loop6: detected capacity change from 0 to 4096 [ 190.876318][ T7372] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512). [ 191.412491][ T7384] loop4: detected capacity change from 0 to 8192 [ 191.505858][ T7388] loop0: detected capacity change from 0 to 4096 [ 191.544883][ T7388] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 191.701639][ T7391] loop6: detected capacity change from 0 to 64 [ 191.941095][ T7368] loop5: detected capacity change from 0 to 32768 [ 191.969372][ T7368] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.513 (7368) [ 192.026110][ T7368] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 192.067901][ T7368] BTRFS info (device loop5): using crc32c (crc32c-x86_64) checksum algorithm [ 192.117905][ T7368] BTRFS info (device loop5): using free-space-tree [ 193.085246][ T5844] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 193.989467][ T7426] loop4: detected capacity change from 0 to 32768 [ 194.007288][ T7426] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.531 (7426) [ 194.025731][ T7448] loop2: detected capacity change from 0 to 256 [ 194.073136][ T7426] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 194.138105][ T7426] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 194.147210][ T7426] BTRFS info (device loop4): using free-space-tree [ 194.473718][ T7469] netlink: 4 bytes leftover after parsing attributes in process `syz.0.549'. [ 195.151012][ T5833] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 195.525897][ T7459] loop6: detected capacity change from 0 to 32768 [ 195.604480][ T7459] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.544 (7459) [ 195.733171][ T7459] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 195.777999][ T7459] BTRFS info (device loop6): using sha256 (sha256-ni) checksum algorithm [ 195.811203][ T7459] BTRFS info (device loop6): using free-space-tree [ 196.537383][ T6724] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 196.983456][ T7538] loop0: detected capacity change from 0 to 128 [ 197.043861][ T7538] FAT-fs (loop0): bogus number of reserved sectors [ 197.077818][ T7538] FAT-fs (loop0): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 197.087198][ T7538] FAT-fs (loop0): Can't find a valid FAT filesystem [ 197.302791][ T7498] loop2: detected capacity change from 0 to 32768 [ 197.309309][ T5891] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 197.349474][ T7498] XFS: ikeep mount option is deprecated. [ 197.431206][ T7498] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 197.467904][ T5891] usb 5-1: Using ep0 maxpacket: 8 [ 197.488685][ T5891] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.509235][ T5891] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 197.558296][ T5891] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 197.605851][ T7498] XFS (loop2): Ending clean mount [ 197.611096][ T5891] usb 5-1: SerialNumber: syz [ 197.614483][ T5891] usb 5-1: config 0 descriptor?? [ 197.655588][ T5891] usb 5-1: Found UVC 0.00 device (05ac:8501) [ 197.666012][ T7498] XFS (loop2): Quotacheck needed: Please wait. [ 197.708580][ T5891] usb 5-1: Failed to create links for entity 255 [ 197.737897][ T5891] usb 5-1: Failed to register entities (-22). [ 197.754126][ T7498] XFS (loop2): Quotacheck: Done. [ 197.781269][ T7557] loop6: detected capacity change from 0 to 1024 [ 197.885849][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 197.897077][ T5891] usb 5-1: USB disconnect, device number 4 [ 197.928329][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 197.949100][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 197.963781][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 197.996672][ T7560] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.011541][ T7560] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.034551][ T5838] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 198.065120][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.115002][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.149344][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.156730][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.218054][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.257888][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.265358][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.328665][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.368010][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.375442][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.430852][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.448567][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.456140][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.547841][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.556523][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.638513][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.649114][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.699472][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.736712][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.782294][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.797905][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.809946][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.839828][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.870072][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.907914][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.925784][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.943471][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.966846][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.975428][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 198.990280][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 199.019564][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 199.026933][ T7557] hfsplus: request for non-existent node 16777216 in B*Tree [ 199.117847][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 199.117879][ T30] audit: type=1800 audit(1743907296.961:26): pid=7557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.561" name="file1" dev="loop6" ino=20 res=0 errno=0 [ 199.436909][ T7585] netlink: 60 bytes leftover after parsing attributes in process `syz.4.575'. [ 199.469210][ T7582] netlink: 60 bytes leftover after parsing attributes in process `syz.4.575'. [ 199.496504][ T7585] netlink: 60 bytes leftover after parsing attributes in process `syz.4.575'. [ 200.175804][ T7597] loop4: detected capacity change from 0 to 1024 [ 200.370939][ T7597] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.398793][ T7597] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 200.549069][ T7580] loop2: detected capacity change from 0 to 32768 [ 200.617659][ T7580] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.574 (7580) [ 200.676916][ T7608] loop5: detected capacity change from 0 to 256 [ 200.699315][ T7580] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 200.756746][ T7580] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm [ 200.786697][ T7580] BTRFS info (device loop2): using free-space-tree [ 200.795025][ T7608] FAT-fs (loop5): Directory bread(block 64) failed [ 200.811620][ T5833] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.841037][ T7608] FAT-fs (loop5): Directory bread(block 65) failed [ 200.929596][ T7608] FAT-fs (loop5): Directory bread(block 66) failed [ 200.947910][ T5894] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 200.954886][ T7608] FAT-fs (loop5): Directory bread(block 67) failed [ 201.028815][ T7608] FAT-fs (loop5): Directory bread(block 68) failed [ 201.035432][ T7608] FAT-fs (loop5): Directory bread(block 69) failed [ 201.098106][ T5894] usb 7-1: Using ep0 maxpacket: 8 [ 201.158301][ T7608] FAT-fs (loop5): Directory bread(block 70) failed [ 201.165466][ T5894] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 201.165514][ T5894] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 201.256174][ T5894] usb 7-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 201.257939][ T7608] FAT-fs (loop5): Directory bread(block 71) failed [ 201.273164][ T5894] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.285767][ T5838] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 201.306241][ T5894] usb 7-1: Product: syz [ 201.329830][ T5894] usb 7-1: Manufacturer: syz [ 201.357786][ T5894] usb 7-1: SerialNumber: syz [ 201.388361][ T5894] usb 7-1: config 0 descriptor?? [ 201.393885][ T7608] FAT-fs (loop5): Directory bread(block 72) failed [ 201.417668][ T5894] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 201.438032][ T7608] FAT-fs (loop5): Directory bread(block 73) failed [ 201.615194][ T5894] usb 7-1: USB disconnect, device number 2 [ 201.623015][ T2337] usb 7-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 201.670056][ T2337] usb 7-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 202.036537][ T7648] block nbd4: shutting down sockets [ 202.508556][ T7656] netlink: 104 bytes leftover after parsing attributes in process `syz.2.591'. [ 202.572614][ T7653] loop4: detected capacity change from 0 to 2048 [ 202.741876][ T7664] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 203.047889][ T5891] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 203.223524][ T5891] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 203.254250][ T7678] loop0: detected capacity change from 0 to 128 [ 203.270459][ T5891] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 203.314221][ T5891] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 203.326901][ T7674] loop3: detected capacity change from 0 to 32768 [ 203.342359][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.364041][ T7680] loop2: detected capacity change from 0 to 1024 [ 203.391299][ T7678] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 203.412144][ T9] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 203.439131][ T5891] usb 5-1: Product: syz [ 203.465361][ T5891] usb 5-1: Manufacturer: syz [ 203.486249][ T5891] usb 5-1: SerialNumber: syz [ 203.508418][ T7678] ext4 filesystem being mounted at /121/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 203.560186][ T7674] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=gzip,erasure_code,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 203.581451][ T7674] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 203.590188][ T7674] bcachefs (loop3): Version upgrade required: [ 203.590188][ T7674] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 203.590188][ T7674] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.25: extent_flags [ 203.590188][ T7674] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance [ 203.662555][ T7674] bcachefs (loop3): dropping and reconstructing all alloc info [ 203.671240][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.682840][ T7674] bcachefs (loop3): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 203.698427][ T7674] bcachefs (loop3): bcachefs (loop3): error validating btree node on loop3 at btree dirents level 0/0 [ 203.698490][ T7674] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 281474976710656: seq 9aa2895aefce4bdf written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0 [ 203.698523][ T7674] node offset 0/24: incorrect min_key: got 0:0:7 should be POS_MIN, btree topology error: [ 203.737283][ T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 203.741015][ T7674] bcachefs (loop3): flagging btree dirents lost data [ 203.757072][ T7674] bcachefs (loop3): running explicit recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0) [ 203.772940][ T7674] bcachefs (loop3): error reading btree root btree=dirents level=0: btree_node_read_error, fixing [ 203.803563][ T7674] bcachefs (loop3): scan_for_btree_nodes... [ 203.837892][ T9] usb 6-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 203.854625][ T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.888778][ T9] usb 6-1: config 0 descriptor?? [ 203.997603][ T5851] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 204.038885][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 204.058929][ T5891] usb 5-1: 0:2 : does not exist [ 204.067677][ T7674] bcachefs (loop3): btree node scan found 7 nodes after overwrites [ 204.075923][ T7674] done [ 204.080035][ T7674] bcachefs (loop3): check_topology... [ 204.081246][ T7674] bcachefs (loop3): btree root dirents unreadable, must recover from scan [ 204.082626][ T5891] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 204.087264][ T7674] bcachefs (loop3): bch2_get_scanned_nodes(): recovery btree=dirents level=0 POS_MIN - SPOS_MAX [ 204.114288][ T7674] bcachefs (loop3): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key 0:0:7 durability: 1 ptr: 0:41:0 gen 0 [ 204.150612][ T7674] bcachefs (loop3): bch2_get_scanned_nodes(): recovery btree=dirents level=0 POS_MIN - 0:0:6 [ 204.162652][ T7674] bcachefs (loop3): btree node with incorrect min_key at btree=dirents level=1: [ 204.162695][ T7674] parent: u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 204.162717][ T7674] next: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key 0:0:7 durability: 1 ptr: 0:41:0 gen 0, fixing [ 204.194029][ T7674] bcachefs (loop3): set_node_min(): u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9aa2895aefce4bdf written 24 min_key 0:0:7 durability: 1 ptr: 0:41:0 gen 0 -> POS_MIN [ 204.211727][ T7674] done [ 204.218103][ T7674] bcachefs (loop3): accounting_read... done [ 204.293842][ T5891] usb 5-1: USB disconnect, device number 5 [ 204.294493][ T7674] bcachefs (loop3): alloc_read... done [ 204.311234][ T7674] bcachefs (loop3): snapshots_read... done [ 204.319523][ T7674] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean [ 204.321225][ T7676] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 204.330715][ T7674] bcachefs (loop3): done starting filesystem [ 204.359490][ T7676] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 204.375684][ T9] elo 0003:04E7:0030.0005: unknown main item tag 0x0 [ 204.399596][ T9] elo 0003:04E7:0030.0005: unknown main item tag 0x1 [ 204.437806][ T9] elo 0003:04E7:0030.0005: item fetching failed at offset 5/7 [ 204.450636][ T7674] bcachefs (loop3): btree_path_down(): fatal error node not found at pos 4096:4026645229185834034:U32_MAX within parent node u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 204.470328][ T7674] bcachefs (loop3): fatal error - emergency read only [ 204.472660][ T9] elo 0003:04E7:0030.0005: parse failed [ 204.482751][ T7674] bcachefs (loop3): btree_path_down(): fatal error node not found at pos 4096:4026645229185834034:U32_MAX within parent node u64s 5 type btree_ptr SPOS_MAX len 0 ver 0 [ 204.558032][ T9] elo 0003:04E7:0030.0005: probe with driver elo failed with error -22 [ 204.648109][ T9] usb 6-1: USB disconnect, device number 6 [ 204.754646][ T5837] bcachefs (loop3): shutting down [ 205.566694][ T5837] bcachefs (loop3): shutdown complete [ 206.414754][ T7760] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 206.425287][ T7762] loop0: detected capacity change from 0 to 8 [ 206.546772][ T7762] SQUASHFS error: Unable to read directory block [629:46] [ 206.722576][ T7767] bridge: RTM_NEWNEIGH with invalid ether address [ 207.625827][ T7796] trusted_key: encrypted_key: keyword 'load' not allowed when called from .update method [ 208.259967][ T7772] loop4: detected capacity change from 0 to 32768 [ 208.338916][ T7772] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 208.505770][ T7772] XFS (loop4): Ending clean mount [ 208.612223][ T7772] XFS (loop4): Quotacheck needed: Please wait. [ 208.744676][ T7828] loop2: detected capacity change from 0 to 128 [ 208.785457][ T7772] XFS (loop4): Quotacheck: Done. [ 208.814601][ T7828] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 208.862535][ T7828] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 209.048271][ T888] kernel write not supported for file /snd/midiC2D0 (pid: 888 comm: kworker/1:2) [ 209.171533][ T3934] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 209.392232][ T7842] loop0: detected capacity change from 0 to 512 [ 209.453278][ T7842] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 209.536059][ T5833] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab [ 209.587931][ T7842] EXT4-fs (loop0): 1 truncate cleaned up [ 209.595787][ T7842] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.768319][ T30] audit: type=1326 audit(1743907307.631:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 209.797922][ T30] audit: type=1326 audit(1743907307.631:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 209.875308][ T30] audit: type=1326 audit(1743907307.671:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 209.967707][ T30] audit: type=1326 audit(1743907307.671:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 210.067309][ T30] audit: type=1326 audit(1743907307.671:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 210.221912][ T30] audit: type=1326 audit(1743907307.701:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 210.235772][ T7860] loop2: detected capacity change from 0 to 512 [ 210.320495][ T30] audit: type=1326 audit(1743907307.701:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 210.374716][ T7860] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.398723][ T7860] ext4 filesystem being mounted at /128/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 210.434387][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.468377][ T30] audit: type=1326 audit(1743907307.701:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 210.490518][ C1] vkms_vblank_simulate: vblank timer overrun [ 210.518445][ T30] audit: type=1326 audit(1743907307.701:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 210.540596][ C1] vkms_vblank_simulate: vblank timer overrun [ 210.584614][ T30] audit: type=1326 audit(1743907307.701:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7849 comm="syz.2.660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f279278d169 code=0x7ffc0000 [ 210.606826][ C1] vkms_vblank_simulate: vblank timer overrun [ 210.657189][ T7860] EXT4-fs: Cannot specify journal on remount [ 211.110438][ T5838] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.429346][ T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 212.588450][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 212.622217][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 212.648032][ T9] usb 5-1: no configurations [ 212.662314][ T9] usb 5-1: can't read configurations, error -22 [ 213.304159][ T7931] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 213.304159][ T7931] The task syz.5.680 (7931) triggered the difference, watch for misbehavior. [ 213.751843][ T7913] loop0: detected capacity change from 0 to 32768 [ 213.802420][ T7913] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.676 (7913) [ 213.869858][ T7913] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 213.901848][ T7913] BTRFS info (device loop0): using sha256 (sha256-ni) checksum algorithm [ 213.931339][ T7913] BTRFS info (device loop0): using free-space-tree [ 214.157538][ T7960] unknown channel width for channel at 904000KHz? [ 214.429490][ T7968] netlink: 16 bytes leftover after parsing attributes in process `syz.5.687'. [ 214.632601][ T5851] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 215.097904][ T47] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 215.275964][ T7938] loop2: detected capacity change from 0 to 40427 [ 215.318397][ T47] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 215.328187][ T47] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.336372][ T47] usb 6-1: Product: syz [ 215.352175][ T7938] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3fffff [ 215.364804][ T7938] F2FS-fs (loop2): Image doesn't support compression [ 215.378213][ T47] usb 6-1: Manufacturer: syz [ 215.388221][ T47] usb 6-1: SerialNumber: syz [ 215.393205][ T7938] F2FS-fs (loop2): Image doesn't support compression [ 215.409482][ T47] usb 6-1: config 0 descriptor?? [ 215.428402][ T47] ch341 6-1:0.0: ch341-uart converter detected [ 215.440680][ T7938] F2FS-fs (loop2): invalid crc value [ 215.833561][ T7938] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 215.916419][ T7938] F2FS-fs (loop2): inject dquot initialize in f2fs_dquot_initialize of f2fs_mknod+0x143/0x570 [ 216.037685][ T5838] syz-executor: attempt to access beyond end of device [ 216.037685][ T5838] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 216.054854][ T5838] CPU: 0 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 216.054904][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 216.054926][ T5838] Call Trace: [ 216.054938][ T5838] [ 216.054952][ T5838] dump_stack_lvl+0x16c/0x1f0 [ 216.055012][ T5838] f2fs_handle_critical_error+0x621/0x9f0 [ 216.055064][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.055108][ T5838] ? __asan_memset+0x23/0x50 [ 216.055159][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.055216][ T5838] f2fs_write_end_io+0x73d/0xac0 [ 216.055278][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 216.055351][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.055410][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 216.055465][ T5838] bio_endio+0x6d2/0x810 [ 216.055527][ T5838] submit_bio_noacct+0x56d/0x1ec0 [ 216.055583][ T5838] __submit_merged_bio+0x33c/0x770 [ 216.055647][ T5838] __submit_merged_write_cond+0x319/0x3f0 [ 216.055719][ T5838] f2fs_write_cache_pages+0x2139/0x2680 [ 216.055817][ T5838] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 216.055884][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.055929][ T5838] ? __lock_acquire+0x5ca/0x1ba0 [ 216.055973][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056017][ T5838] ? __lock_acquire+0x5ca/0x1ba0 [ 216.056165][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056211][ T5838] ? arch_stack_walk+0xa6/0x100 [ 216.056272][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056329][ T5838] f2fs_write_data_pages+0x4ad/0xd90 [ 216.056409][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 216.056488][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056538][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056584][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 216.056648][ T5838] do_writepages+0x1b5/0x820 [ 216.056710][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056759][ T5838] ? __pfx_do_writepages+0x10/0x10 [ 216.056815][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056862][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056905][ T5838] ? do_raw_spin_lock+0x12c/0x2b0 [ 216.056947][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.056991][ T5838] ? find_held_lock+0x2b/0x80 [ 216.057043][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.057093][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.057137][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 216.057180][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.057236][ T5838] filemap_fdatawrite_wbc+0x104/0x160 [ 216.057297][ T5838] __filemap_fdatawrite_range+0xb2/0xf0 [ 216.057348][ T5838] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 216.057461][ T5838] ? find_held_lock+0x2b/0x80 [ 216.057510][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.057555][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 216.057599][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.057652][ T5838] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 216.057719][ T5838] block_operations+0x2a3/0xfd0 [ 216.057775][ T5838] ? __pfx_block_operations+0x10/0x10 [ 216.057884][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.057927][ T5838] ? down_write+0x14d/0x200 [ 216.057986][ T5838] ? __pfx_down_write+0x10/0x10 [ 216.058047][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.058088][ T5838] ? rcu_is_watching+0x12/0xc0 [ 216.058143][ T5838] f2fs_write_checkpoint+0x2b8/0x45b0 [ 216.058197][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.058239][ T5838] ? rcu_is_watching+0x12/0xc0 [ 216.058285][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.058328][ T5838] ? kthread_stop+0x273/0x650 [ 216.058379][ T5838] kill_f2fs_super+0x3c2/0x470 [ 216.058420][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 216.058457][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 216.058534][ T5838] deactivate_locked_super+0xc1/0x1a0 [ 216.058590][ T5838] deactivate_super+0xde/0x100 [ 216.058644][ T5838] cleanup_mnt+0x225/0x450 [ 216.058702][ T5838] task_work_run+0x150/0x240 [ 216.058748][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 216.058788][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.058836][ T5838] ? __pfx___x64_sys_umount+0x10/0x10 [ 216.058905][ T5838] syscall_exit_to_user_mode+0x27b/0x2a0 [ 216.058964][ T5838] do_syscall_64+0xda/0x260 [ 216.059024][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.059061][ T5838] RIP: 0033:0x7f279278e497 [ 216.059092][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 216.059128][ T5838] RSP: 002b:00007ffdb3858eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 216.059162][ T5838] RAX: 0000000000000000 RBX: 00007f279280e08c RCX: 00007f279278e497 [ 216.059187][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb3858f70 [ 216.059210][ T5838] RBP: 00007ffdb3858f70 R08: 0000000000000000 R09: 0000000000000000 [ 216.059233][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdb385a000 [ 216.059256][ T5838] R13: 00007f279280e08c R14: 0000000000034b6c R15: 00007ffdb385a040 [ 216.059312][ T5838] [ 216.551322][ T47] usb 6-1: failed to send control message: -71 [ 216.569344][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 216.579717][ T47] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 216.603737][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 216.603788][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 216.603811][ T5838] Call Trace: [ 216.603822][ T5838] [ 216.603836][ T5838] dump_stack_lvl+0x16c/0x1f0 [ 216.603897][ T5838] f2fs_handle_critical_error+0x621/0x9f0 [ 216.603948][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.603992][ T5838] ? __asan_memset+0x23/0x50 [ 216.604042][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.604098][ T5838] f2fs_write_end_io+0x73d/0xac0 [ 216.604163][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 216.604226][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.604280][ T5838] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 216.604333][ T5838] bio_endio+0x6d2/0x810 [ 216.604392][ T5838] submit_bio_noacct+0x56d/0x1ec0 [ 216.604444][ T5838] __submit_merged_bio+0x33c/0x770 [ 216.604506][ T5838] __submit_merged_write_cond+0x319/0x3f0 [ 216.604575][ T5838] f2fs_write_cache_pages+0x2139/0x2680 [ 216.604668][ T5838] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 216.604733][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.604777][ T5838] ? __lock_acquire+0x5ca/0x1ba0 [ 216.604819][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.604862][ T5838] ? __lock_acquire+0x5ca/0x1ba0 [ 216.604992][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605036][ T5838] ? arch_stack_walk+0xa6/0x100 [ 216.605097][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605162][ T5838] f2fs_write_data_pages+0x4ad/0xd90 [ 216.605231][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 216.605303][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605351][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605394][ T5838] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 216.605457][ T5838] do_writepages+0x1b5/0x820 [ 216.605516][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605562][ T5838] ? __pfx_do_writepages+0x10/0x10 [ 216.605615][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605660][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605702][ T5838] ? do_raw_spin_lock+0x12c/0x2b0 [ 216.605741][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605783][ T5838] ? find_held_lock+0x2b/0x80 [ 216.605832][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605880][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.605922][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 216.605964][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.606016][ T5838] filemap_fdatawrite_wbc+0x104/0x160 [ 216.606103][ T5838] __filemap_fdatawrite_range+0xb2/0xf0 [ 216.606147][ T5838] ? __pfx___filemap_fdatawrite_range+0x10/0x10 [ 216.606249][ T5838] ? find_held_lock+0x2b/0x80 [ 216.606297][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.606341][ T5838] ? do_raw_spin_unlock+0x172/0x230 [ 216.606383][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.606433][ T5838] f2fs_sync_dirty_inodes+0x2a9/0x990 [ 216.606492][ T5838] block_operations+0x2a3/0xfd0 [ 216.606542][ T5838] ? __pfx_block_operations+0x10/0x10 [ 216.606638][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.606678][ T5838] ? down_write+0x14d/0x200 [ 216.606741][ T5838] ? __pfx_down_write+0x10/0x10 [ 216.606801][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.606843][ T5838] ? rcu_is_watching+0x12/0xc0 [ 216.606896][ T5838] f2fs_write_checkpoint+0x2b8/0x45b0 [ 216.606951][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.606993][ T5838] ? rcu_is_watching+0x12/0xc0 [ 216.607037][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.607079][ T5838] ? kthread_stop+0x273/0x650 [ 216.607121][ T5838] kill_f2fs_super+0x3c2/0x470 [ 216.607168][ T5838] ? __pfx_kill_f2fs_super+0x10/0x10 [ 216.607205][ T5838] ? lockdep_hardirqs_on+0x7c/0x110 [ 216.607278][ T5838] deactivate_locked_super+0xc1/0x1a0 [ 216.607330][ T5838] deactivate_super+0xde/0x100 [ 216.607381][ T5838] cleanup_mnt+0x225/0x450 [ 216.607438][ T5838] task_work_run+0x150/0x240 [ 216.607483][ T5838] ? __pfx_task_work_run+0x10/0x10 [ 216.607523][ T5838] ? srso_alias_return_thunk+0x5/0xfbef5 [ 216.607569][ T5838] ? __pfx___x64_sys_umount+0x10/0x10 [ 216.607636][ T5838] syscall_exit_to_user_mode+0x27b/0x2a0 [ 216.607692][ T5838] do_syscall_64+0xda/0x260 [ 216.607749][ T5838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.607785][ T5838] RIP: 0033:0x7f279278e497 [ 216.607813][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 216.607850][ T5838] RSP: 002b:00007ffdb3858eb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 216.607884][ T5838] RAX: 0000000000000000 RBX: 00007f279280e08c RCX: 00007f279278e497 [ 216.607908][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdb3858f70 [ 216.607930][ T5838] RBP: 00007ffdb3858f70 R08: 0000000000000000 R09: 0000000000000000 [ 216.607952][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdb385a000 [ 216.607975][ T5838] R13: 00007f279280e08c R14: 0000000000034b6c R15: 00007ffdb385a040 [ 216.608024][ T5838] [ 217.091444][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.219197][ T5838] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 217.267569][ T47] usb 6-1: USB disconnect, device number 7 [ 217.275728][ T47] ch341 6-1:0.0: device disconnected [ 217.375985][ T8013] ptrace attach of "./syz-executor exec"[8014] was attempted by "./syz-executor exec"[8013] [ 217.600506][ T8018] loop4: detected capacity change from 0 to 4096 [ 217.900590][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 217.900617][ T30] audit: type=1800 audit(1743907315.771:38): pid=8018 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.703" name="file1" dev="loop4" ino=30 res=0 errno=0 [ 218.324491][ T8028] loop3: detected capacity change from 0 to 4096 [ 218.387526][ T8028] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 219.218327][ T8067] sp0: Synchronizing with TNC [ 220.191336][ T8076] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 220.228168][ T8076] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 220.337616][ T5901] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 220.511616][ T5901] usb 3-1: Using ep0 maxpacket: 16 [ 220.543051][ T5901] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 25 [ 220.576450][ T5901] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 220.625590][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.655956][ T5901] usb 3-1: Product: syz [ 220.676230][ T5901] usb 3-1: Manufacturer: syz [ 220.697831][ T5901] usb 3-1: SerialNumber: syz [ 220.729967][ T5901] usb 3-1: config 0 descriptor?? [ 220.751910][ T5901] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 221.013532][ T8108] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 221.153666][ T8092] loop6: detected capacity change from 0 to 32768 [ 221.222251][ T8095] loop3: detected capacity change from 0 to 32768 [ 221.346509][ T8095] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 221.583522][ T5901] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71 [ 221.599176][ T5901] usb 3-1: USB disconnect, device number 5 [ 221.630429][ T5837] ocfs2: Unmounting device (7,3) on (node local) [ 221.768118][ T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 221.882436][ T8129] netlink: 80 bytes leftover after parsing attributes in process `syz.0.757'. [ 221.938654][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 221.979510][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 222.019185][ T9] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 222.045547][ T9] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 222.068429][ T9] usb 5-1: Product: syz [ 222.072665][ T9] usb 5-1: Manufacturer: syz [ 222.097924][ T9] usb 5-1: SerialNumber: syz [ 222.119854][ T9] usb 5-1: config 0 descriptor?? [ 222.126794][ T8122] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 222.235191][ T8135] loop5: detected capacity change from 0 to 16 [ 222.261217][ T8137] loop3: detected capacity change from 0 to 256 [ 222.291920][ T8137] exfat: Invalid uid '0x00000000ffffffff' [ 222.369403][ T9] usb 5-1: USB disconnect, device number 8 [ 222.399278][ T8135] erofs (device loop5): mounted with root inode @ nid 36. [ 222.438773][ T8135] syz.5.759: attempt to access beyond end of device [ 222.438773][ T8135] loop5: rw=0, sector=103079215104, nr_sectors = 8 limit=16 [ 223.793818][ T8177] loop5: detected capacity change from 0 to 2048 [ 223.803996][ T8179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.778'. [ 223.849639][ T8179] netlink: 24 bytes leftover after parsing attributes in process `syz.2.778'. [ 223.885830][ T8168] loop4: detected capacity change from 0 to 32768 [ 223.895440][ T8177] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.931721][ T8168] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.773 (8168) [ 223.933288][ T8169] loop0: detected capacity change from 0 to 32768 [ 223.981892][ T8168] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 223.999961][ T8168] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 224.039192][ T8169] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 224.083976][ T5844] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.113351][ T8193] netlink: 4 bytes leftover after parsing attributes in process `syz.3.793'. [ 224.200625][ T8168] BTRFS info (device loop4): rebuilding free space tree [ 224.329608][ T8168] BTRFS info (device loop4): disabling free space tree [ 224.341718][ T8168] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 224.364589][ T8168] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 224.375519][ T8169] XFS (loop0): Ending clean mount [ 224.399831][ T8169] XFS (loop0): Quotacheck needed: Please wait. [ 224.487395][ T8169] XFS (loop0): Quotacheck: Done. [ 224.600904][ T8168] BTRFS error (device loop4): balance: mixed groups data and metadata options must be the same [ 224.749052][ T5833] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 224.751813][ T5851] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 225.160081][ T8225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.790'. [ 225.381397][ T8227] loop4: detected capacity change from 0 to 64 [ 225.484022][ T8230] loop0: detected capacity change from 0 to 512 [ 225.546704][ T8230] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 225.560243][ T8230] ext4 filesystem being mounted at /159/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 225.577455][ T8235] random: crng reseeded on system resumption [ 225.704183][ T30] audit: type=1800 audit(1743907323.571:39): pid=8230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.789" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 225.747833][ T30] audit: type=1800 audit(1743907323.591:40): pid=8237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.789" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 225.832601][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.672886][ T5842] Bluetooth: hci6: command 0x1003 tx timeout [ 226.685803][ T5146] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 226.967284][ T8268] ALSA: mixer_oss: invalid OSS volume '' [ 227.533306][ T8284] netlink: 32 bytes leftover after parsing attributes in process `syz.5.816'. [ 227.874675][ T8293] netlink: 4 bytes leftover after parsing attributes in process `syz.0.820'. [ 227.898542][ T8292] ALSA: mixer_oss: invalid OSS volume '' [ 228.234875][ T8301] loop5: detected capacity change from 0 to 2048 [ 228.403407][ T8301] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.525723][ T8301] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 228.732168][ T5844] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.915245][ T8325] sp0: Synchronizing with TNC [ 228.929867][ T12] [ 228.932237][ T12] ===================================================== [ 228.939190][ T12] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 228.946677][ T12] 6.14.0-syzkaller-13524-gf4d2ef48250a #0 Not tainted [ 228.953458][ T12] ----------------------------------------------------- [ 228.960456][ T12] kworker/u8:0/12 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 228.968123][ T12] ffffffff8f577bb8 (disc_data_lock){.+.+}-{3:3}, at: sp_get+0x18/0xf0 [ 228.976404][ T12] [ 228.976404][ T12] and this task is already holding: [ 228.983790][ T12] ffffffff9ae136d8 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30 [ 228.992670][ T12] which would create a new lock dependency: [ 228.998553][ T12] (&port_lock_key){-.-.}-{3:3} -> (disc_data_lock){.+.+}-{3:3} [ 229.006247][ T12] [ 229.006247][ T12] but this new dependency connects a HARDIRQ-irq-safe lock: [ 229.015706][ T12] (&port_lock_key){-.-.}-{3:3} [ 229.015746][ T12] [ 229.015746][ T12] ... which became HARDIRQ-irq-safe at: [ 229.028402][ T12] lock_acquire+0x179/0x350 [ 229.033023][ T12] _raw_spin_lock_irqsave+0x3a/0x60 [ 229.038358][ T12] serial8250_handle_irq+0x95/0xcb0 [ 229.043647][ T12] serial8250_default_handle_irq+0x9a/0x210 [ 229.049634][ T12] serial8250_interrupt+0x106/0x210 [ 229.054925][ T12] __handle_irq_event_percpu+0x22c/0x7d0 [ 229.060653][ T12] handle_irq_event+0xab/0x1e0 [ 229.065528][ T12] handle_edge_irq+0x263/0xd10 [ 229.070384][ T12] __common_interrupt+0xe2/0x250 [ 229.075435][ T12] common_interrupt+0xba/0xe0 [ 229.080227][ T12] asm_common_interrupt+0x26/0x40 [ 229.085342][ T12] pv_native_safe_halt+0xf/0x20 [ 229.090291][ T12] default_idle+0x13/0x20 [ 229.094723][ T12] default_idle_call+0x6d/0xb0 [ 229.099588][ T12] do_idle+0x391/0x510 [ 229.103752][ T12] cpu_startup_entry+0x4f/0x60 [ 229.108611][ T12] start_secondary+0x21d/0x2b0 [ 229.113461][ T12] common_startup_64+0x13e/0x148 [ 229.118492][ T12] [ 229.118492][ T12] to a HARDIRQ-irq-unsafe lock: [ 229.125496][ T12] (disc_data_lock){.+.+}-{3:3} [ 229.125535][ T12] [ 229.125535][ T12] ... which became HARDIRQ-irq-unsafe at: [ 229.138263][ T12] ... [ 229.138273][ T12] lock_acquire+0x179/0x350 [ 229.145431][ T12] _raw_read_lock+0x5f/0x70 [ 229.150033][ T12] sp_get+0x18/0xf0 [ 229.153934][ T12] sixpack_write_wakeup+0x20/0x390 [ 229.159141][ T12] tty_wakeup+0xe8/0x120 [ 229.163488][ T12] tty_port_default_wakeup+0x2a/0x40 [ 229.168974][ T12] uart_flush_buffer+0x37b/0x890 [ 229.173997][ T12] tty_driver_flush_buffer+0x64/0x80 [ 229.179386][ T12] tty_ldisc_hangup+0xe7/0x730 [ 229.184250][ T12] __tty_hangup.part.0+0x3eb/0x890 [ 229.189469][ T12] tty_ioctl+0x10bf/0x1610 [ 229.193985][ T12] __x64_sys_ioctl+0x193/0x200 [ 229.198840][ T12] do_syscall_64+0xcd/0x260 [ 229.203441][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.209424][ T12] [ 229.209424][ T12] other info that might help us debug this: [ 229.209424][ T12] [ 229.219659][ T12] Possible interrupt unsafe locking scenario: [ 229.219659][ T12] [ 229.227964][ T12] CPU0 CPU1 [ 229.233319][ T12] ---- ---- [ 229.238700][ T12] lock(disc_data_lock); [ 229.243047][ T12] local_irq_disable(); [ 229.249789][ T12] lock(&port_lock_key); [ 229.256640][ T12] lock(disc_data_lock); [ 229.263491][ T12] [ 229.266931][ T12] lock(&port_lock_key); [ 229.271433][ T12] [ 229.271433][ T12] *** DEADLOCK *** [ 229.271433][ T12] [ 229.279562][ T12] 6 locks held by kworker/u8:0/12: [ 229.284659][ T12] #0: ffff88801b481148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 229.295855][ T12] #1: ffffc90000117d18 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 229.306941][ T12] #2: ffff8880252b8ca0 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x34/0x780 [ 229.316042][ T12] #3: ffff8880122bc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80 [ 229.325397][ T12] #4: ffffffff9ae136d8 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30 [ 229.334561][ T12] #5: ffff8880122bc0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80 [ 229.343911][ T12] [ 229.343911][ T12] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 229.354308][ T12] -> (&port_lock_key){-.-.}-{3:3} { [ 229.359535][ T12] IN-HARDIRQ-W at: [ 229.363511][ T12] lock_acquire+0x179/0x350 [ 229.369668][ T12] _raw_spin_lock_irqsave+0x3a/0x60 [ 229.376525][ T12] serial8250_handle_irq+0x95/0xcb0 [ 229.383477][ T12] serial8250_default_handle_irq+0x9a/0x210 [ 229.391024][ T12] serial8250_interrupt+0x106/0x210 [ 229.397883][ T12] __handle_irq_event_percpu+0x22c/0x7d0 [ 229.405180][ T12] handle_irq_event+0xab/0x1e0 [ 229.411599][ T12] handle_edge_irq+0x263/0xd10 [ 229.418052][ T12] __common_interrupt+0xe2/0x250 [ 229.424652][ T12] common_interrupt+0xba/0xe0 [ 229.430979][ T12] asm_common_interrupt+0x26/0x40 [ 229.437655][ T12] pv_native_safe_halt+0xf/0x20 [ 229.444167][ T12] default_idle+0x13/0x20 [ 229.450165][ T12] default_idle_call+0x6d/0xb0 [ 229.456572][ T12] do_idle+0x391/0x510 [ 229.462296][ T12] cpu_startup_entry+0x4f/0x60 [ 229.468717][ T12] start_secondary+0x21d/0x2b0 [ 229.475152][ T12] common_startup_64+0x13e/0x148 [ 229.481758][ T12] IN-SOFTIRQ-W at: [ 229.485758][ T12] lock_acquire+0x179/0x350 [ 229.491913][ T12] _raw_spin_lock_irqsave+0x3a/0x60 [ 229.498769][ T12] serial8250_handle_irq+0x95/0xcb0 [ 229.505641][ T12] serial8250_default_handle_irq+0x9a/0x210 [ 229.513191][ T12] serial8250_interrupt+0x106/0x210 [ 229.520045][ T12] __handle_irq_event_percpu+0x22c/0x7d0 [ 229.527360][ T12] handle_irq_event+0xab/0x1e0 [ 229.533793][ T12] handle_edge_irq+0x263/0xd10 [ 229.540229][ T12] __common_interrupt+0xe2/0x250 [ 229.546815][ T12] common_interrupt+0x61/0xe0 [ 229.553145][ T12] asm_common_interrupt+0x26/0x40 [ 229.559821][ T12] rcu_is_watching+0x60/0xc0 [ 229.566080][ T12] lock_acquire+0x2cd/0x350 [ 229.572231][ T12] unwind_next_frame+0xd1/0x20a0 [ 229.578827][ T12] arch_stack_walk+0x94/0x100 [ 229.585253][ T12] stack_trace_save+0x8e/0xc0 [ 229.591590][ T12] kasan_save_stack+0x33/0x60 [ 229.597933][ T12] kasan_save_track+0x14/0x30 [ 229.604279][ T12] kasan_save_free_info+0x3b/0x60 [ 229.610963][ T12] __kasan_slab_free+0x51/0x70 [ 229.617403][ T12] kmem_cache_free+0x2d4/0x4d0 [ 229.623836][ T12] ptlock_free+0x45/0x60 [ 229.629741][ T12] pagetable_dtor+0x14/0x260 [ 229.635996][ T12] tlb_remove_table_rcu+0xa4/0x1a0 [ 229.642774][ T12] rcu_core+0x79c/0x14e0 [ 229.648673][ T12] handle_softirqs+0x219/0x8e0 [ 229.655123][ T12] __irq_exit_rcu+0x109/0x170 [ 229.661462][ T12] irq_exit_rcu+0x9/0x30 [ 229.667366][ T12] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 229.674741][ T12] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 229.682392][ T12] unwind_next_frame+0xa3d/0x20a0 [ 229.689080][ T12] arch_stack_walk+0x94/0x100 [ 229.695418][ T12] stack_trace_save+0x8e/0xc0 [ 229.701757][ T12] kasan_save_stack+0x33/0x60 [ 229.708101][ T12] kasan_save_track+0x14/0x30 [ 229.714449][ T12] kasan_save_free_info+0x3b/0x60 [ 229.721132][ T12] __kasan_slab_free+0x51/0x70 [ 229.727565][ T12] kmem_cache_free+0x2d4/0x4d0 [ 229.733999][ T12] unlink_anon_vmas+0x173/0x820 [ 229.740516][ T12] free_pgtables+0x2d4/0x810 [ 229.746757][ T12] exit_mmap+0x3fb/0xb90 [ 229.752656][ T12] __mmput+0x12a/0x410 [ 229.758411][ T12] mmput+0x62/0x70 [ 229.763789][ T12] do_exit+0x9d1/0x2c30 [ 229.769593][ T12] do_group_exit+0xd3/0x2a0 [ 229.775776][ T12] __x64_sys_exit_group+0x3e/0x50 [ 229.782454][ T12] x64_sys_call+0x1530/0x1730 [ 229.788801][ T12] do_syscall_64+0xcd/0x260 [ 229.794969][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 229.802524][ T12] INITIAL USE at: [ 229.806419][ T12] lock_acquire+0x179/0x350 [ 229.812511][ T12] _raw_spin_lock_irqsave+0x3a/0x60 [ 229.819285][ T12] serial8250_do_set_termios+0x310/0x1710 [ 229.826666][ T12] serial8250_set_termios+0x6e/0x80 [ 229.833441][ T12] uart_set_options+0x31a/0x5f0 [ 229.839875][ T12] serial8250_console_setup+0x189/0x450 [ 229.846996][ T12] univ8250_console_setup+0x1eb/0x2e0 [ 229.853950][ T12] try_enable_preferred_console+0x2fd/0x530 [ 229.861422][ T12] register_console+0x3ab/0x11b0 [ 229.867934][ T12] univ8250_console_init+0x5f/0x90 [ 229.874618][ T12] console_init+0x14f/0x680 [ 229.880698][ T12] start_kernel+0x29f/0x4d0 [ 229.886774][ T12] x86_64_start_reservations+0x18/0x30 [ 229.893812][ T12] x86_64_start_kernel+0xb0/0xc0 [ 229.900329][ T12] common_startup_64+0x13e/0x148 [ 229.906849][ T12] } [ 229.909336][ T12] ... key at: [] port_lock_key+0x0/0x40 [ 229.916979][ T12] [ 229.916979][ T12] the dependencies between the lock to be acquired [ 229.916992][ T12] and HARDIRQ-irq-unsafe lock: [ 229.930501][ T12] -> (disc_data_lock){.+.+}-{3:3} { [ 229.935763][ T12] HARDIRQ-ON-R at: [ 229.939738][ T12] lock_acquire+0x179/0x350 [ 229.945893][ T12] _raw_read_lock+0x5f/0x70 [ 229.952083][ T12] sp_get+0x18/0xf0 [ 229.957586][ T12] sixpack_write_wakeup+0x20/0x390 [ 229.964369][ T12] tty_wakeup+0xe8/0x120 [ 229.970276][ T12] tty_port_default_wakeup+0x2a/0x40 [ 229.977222][ T12] uart_flush_buffer+0x37b/0x890 [ 229.983820][ T12] tty_driver_flush_buffer+0x64/0x80 [ 229.990789][ T12] tty_ldisc_hangup+0xe7/0x730 [ 229.997227][ T12] __tty_hangup.part.0+0x3eb/0x890 [ 230.004030][ T12] tty_ioctl+0x10bf/0x1610 [ 230.010127][ T12] __x64_sys_ioctl+0x193/0x200 [ 230.016562][ T12] do_syscall_64+0xcd/0x260 [ 230.022755][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.030304][ T12] SOFTIRQ-ON-R at: [ 230.034313][ T12] lock_acquire+0x179/0x350 [ 230.040501][ T12] _raw_read_lock+0x5f/0x70 [ 230.046672][ T12] sp_get+0x18/0xf0 [ 230.052145][ T12] sixpack_write_wakeup+0x20/0x390 [ 230.058949][ T12] tty_wakeup+0xe8/0x120 [ 230.064880][ T12] tty_port_default_wakeup+0x2a/0x40 [ 230.071842][ T12] uart_flush_buffer+0x37b/0x890 [ 230.078520][ T12] tty_driver_flush_buffer+0x64/0x80 [ 230.085467][ T12] tty_ldisc_hangup+0xe7/0x730 [ 230.091901][ T12] __tty_hangup.part.0+0x3eb/0x890 [ 230.098685][ T12] tty_ioctl+0x10bf/0x1610 [ 230.104793][ T12] __x64_sys_ioctl+0x193/0x200 [ 230.111218][ T12] do_syscall_64+0xcd/0x260 [ 230.117390][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.124942][ T12] INITIAL USE at: [ 230.128831][ T12] lock_acquire+0x179/0x350 [ 230.134897][ T12] _raw_write_lock_irq+0x36/0x50 [ 230.141457][ T12] sixpack_close+0x1e/0x2f0 [ 230.147561][ T12] tty_ldisc_close+0x114/0x1a0 [ 230.153902][ T12] tty_ldisc_kill+0x8e/0x150 [ 230.160070][ T12] tty_ldisc_hangup+0x365/0x730 [ 230.166500][ T12] __tty_hangup.part.0+0x3eb/0x890 [ 230.173192][ T12] tty_ioctl+0x10bf/0x1610 [ 230.179230][ T12] __x64_sys_ioctl+0x193/0x200 [ 230.185565][ T12] do_syscall_64+0xcd/0x260 [ 230.191650][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.199110][ T12] INITIAL READ USE at: [ 230.203438][ T12] lock_acquire+0x179/0x350 [ 230.209935][ T12] _raw_read_lock+0x5f/0x70 [ 230.216443][ T12] sp_get+0x18/0xf0 [ 230.222258][ T12] sixpack_write_wakeup+0x20/0x390 [ 230.229400][ T12] tty_wakeup+0xe8/0x120 [ 230.235655][ T12] tty_port_default_wakeup+0x2a/0x40 [ 230.242962][ T12] uart_flush_buffer+0x37b/0x890 [ 230.249896][ T12] tty_driver_flush_buffer+0x64/0x80 [ 230.257191][ T12] tty_ldisc_hangup+0xe7/0x730 [ 230.263970][ T12] __tty_hangup.part.0+0x3eb/0x890 [ 230.271117][ T12] tty_ioctl+0x10bf/0x1610 [ 230.277553][ T12] __x64_sys_ioctl+0x193/0x200 [ 230.284326][ T12] do_syscall_64+0xcd/0x260 [ 230.290850][ T12] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.298758][ T12] } [ 230.301268][ T12] ... key at: [] disc_data_lock+0x18/0xfe0 [ 230.309183][ T12] ... acquired at: [ 230.312974][ T12] lock_acquire+0x179/0x350 [ 230.317655][ T12] _raw_read_lock+0x5f/0x70 [ 230.322342][ T12] sp_get+0x18/0xf0 [ 230.326332][ T12] sixpack_write_wakeup+0x20/0x390 [ 230.331623][ T12] tty_wakeup+0xe8/0x120 [ 230.336071][ T12] tty_port_default_wakeup+0x2a/0x40 [ 230.341530][ T12] serial8250_tx_chars+0x68e/0x860 [ 230.346832][ T12] __start_tx+0x3e9/0x4a0 [ 230.351336][ T12] serial8250_start_tx+0x368/0x530 [ 230.356623][ T12] __uart_start+0x295/0x4c0 [ 230.361310][ T12] uart_write+0x218/0xb30 [ 230.365809][ T12] sixpack_receive_buf+0x3d3/0x1c90 [ 230.371193][ T12] tty_ldisc_receive_buf+0x15a/0x1a0 [ 230.376665][ T12] tty_port_default_receive_buf+0x70/0xb0 [ 230.382569][ T12] flush_to_ldisc+0x26b/0x780 [ 230.387441][ T12] process_one_work+0x9cf/0x1b70 [ 230.392557][ T12] worker_thread+0x6c8/0xf10 [ 230.397343][ T12] kthread+0x3c5/0x780 [ 230.401586][ T12] ret_from_fork+0x48/0x80 [ 230.406178][ T12] ret_from_fork_asm+0x1a/0x30 [ 230.411132][ T12] [ 230.413443][ T12] [ 230.413443][ T12] stack backtrace: [ 230.419324][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.14.0-syzkaller-13524-gf4d2ef48250a #0 PREEMPT(full) [ 230.419358][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 230.419379][ T12] Workqueue: events_unbound flush_to_ldisc [ 230.419425][ T12] Call Trace: [ 230.419437][ T12] [ 230.419448][ T12] dump_stack_lvl+0x116/0x1f0 [ 230.419490][ T12] check_irq_usage+0x7dc/0x920 [ 230.419535][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.419577][ T12] ? check_path.constprop.0+0x24/0x50 [ 230.419623][ T12] ? __lock_acquire+0x1189/0x1ba0 [ 230.419646][ T12] __lock_acquire+0x1189/0x1ba0 [ 230.419674][ T12] ? lock_acquire+0x179/0x350 [ 230.419700][ T12] lock_acquire+0x179/0x350 [ 230.419724][ T12] ? sp_get+0x18/0xf0 [ 230.419759][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.419791][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.419822][ T12] ? ldsem_down_read_trylock+0x120/0x180 [ 230.419855][ T12] ? __pfx_sixpack_write_wakeup+0x10/0x10 [ 230.419892][ T12] _raw_read_lock+0x5f/0x70 [ 230.419925][ T12] ? sp_get+0x18/0xf0 [ 230.419956][ T12] sp_get+0x18/0xf0 [ 230.419989][ T12] ? __pfx_sixpack_write_wakeup+0x10/0x10 [ 230.420025][ T12] sixpack_write_wakeup+0x20/0x390 [ 230.420061][ T12] ? __pfx_sixpack_write_wakeup+0x10/0x10 [ 230.420098][ T12] tty_wakeup+0xe8/0x120 [ 230.420141][ T12] tty_port_default_wakeup+0x2a/0x40 [ 230.420168][ T12] serial8250_tx_chars+0x68e/0x860 [ 230.420202][ T12] __start_tx+0x3e9/0x4a0 [ 230.420231][ T12] serial8250_start_tx+0x368/0x530 [ 230.420262][ T12] __uart_start+0x295/0x4c0 [ 230.420299][ T12] uart_write+0x218/0xb30 [ 230.420327][ T12] sixpack_receive_buf+0x3d3/0x1c90 [ 230.420367][ T12] ? ldsem_down_read_trylock+0x120/0x180 [ 230.420399][ T12] ? __pfx_ldsem_down_read_trylock+0x10/0x10 [ 230.420432][ T12] ? __pfx_sixpack_receive_buf+0x10/0x10 [ 230.420470][ T12] tty_ldisc_receive_buf+0x15a/0x1a0 [ 230.420515][ T12] tty_port_default_receive_buf+0x70/0xb0 [ 230.420544][ T12] flush_to_ldisc+0x26b/0x780 [ 230.420589][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.420621][ T12] ? rcu_is_watching+0x12/0xc0 [ 230.420657][ T12] process_one_work+0x9cf/0x1b70 [ 230.420696][ T12] ? __pfx_process_one_work+0x10/0x10 [ 230.420728][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.420766][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.420798][ T12] ? assign_work+0x1a0/0x250 [ 230.420828][ T12] worker_thread+0x6c8/0xf10 [ 230.420867][ T12] ? __pfx_worker_thread+0x10/0x10 [ 230.420898][ T12] kthread+0x3c5/0x780 [ 230.420926][ T12] ? __pfx_kthread+0x10/0x10 [ 230.420951][ T12] ? __pfx_kthread+0x10/0x10 [ 230.420977][ T12] ? __pfx_kthread+0x10/0x10 [ 230.421003][ T12] ? __pfx_kthread+0x10/0x10 [ 230.421028][ T12] ? srso_alias_return_thunk+0x5/0xfbef5 [ 230.421060][ T12] ? rcu_is_watching+0x12/0xc0 [ 230.421094][ T12] ? __pfx_kthread+0x10/0x10 [ 230.421126][ T12] ret_from_fork+0x48/0x80 [ 230.421155][ T12] ? __pfx_kthread+0x10/0x10 [ 230.421182][ T12] ret_from_fork_asm+0x1a/0x30 [ 230.421234][ T12]