last executing test programs: 14m40.573944653s ago: executing program 2 (id=3): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0xa010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x6) writev(r5, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = getpid() syz_pidfd_open(r6, 0x0) 14m37.824420791s ago: executing program 2 (id=21): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0xa010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) socket$netlink(0x10, 0x3, 0x6) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176) r4 = getpid() syz_pidfd_open(r4, 0x0) 14m34.866780308s ago: executing program 3 (id=4): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@call={0x85, 0x0, 0x0, 0x6a}]}, 0x0, 0x8}, 0x94) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580), 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x4904}, 0x4040005) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x402000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x48) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) write$P9_RGETLOCK(r6, &(0x7f00000000c0)=ANY=[], 0xffffff6a) 14m34.605168411s ago: executing program 2 (id=24): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, &(0x7f0000000040)) syz_open_dev$dri(0x0, 0x1ff, 0x400002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) kexec_load(0xff0f, 0x1, &(0x7f0000000480)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0) 14m29.821272119s ago: executing program 3 (id=28): socket$rxrpc(0x21, 0x2, 0xa) r0 = syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, 0x0) io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bc00d08e36655c00"}) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) 14m28.573041306s ago: executing program 2 (id=30): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@call={0x85, 0x0, 0x0, 0x6a}]}, 0x0, 0x8}, 0x94) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580), 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x4904}, 0x4040005) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x402000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x48) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) tee(r6, r8, 0xfffffffffffffc01, 0x0) tee(r6, r8, 0x60000000000, 0x0) 14m25.549792006s ago: executing program 2 (id=34): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) sendmmsg(r3, &(0x7f0000000180), 0x400000000000077, 0x7600) 14m20.629338281s ago: executing program 3 (id=40): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES32=r2, @ANYBLOB="100001800400048008000100"], 0x28}}, 0x0) ioctl$TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f0000000140)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="a40000003a002902000000000000000002"], 0xa4}}, 0x0) 14m13.677906879s ago: executing program 3 (id=51): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x400000000000077, 0x7600) 14m10.080115394s ago: executing program 32 (id=34): socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), 0xffffffffffffffff) sendmsg$IEEE802154_LLSEC_ADD_DEV(0xffffffffffffffff, &(0x7f0000000900)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r4, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) sendmmsg(r3, &(0x7f0000000180), 0x400000000000077, 0x7600) 13m58.170093908s ago: executing program 33 (id=51): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(&(0x7f00000004c0), 0xffffffffffffffff) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x0, 0x0, 0x1}, {{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d5, 0x32}, 0x0, @in6=@loopback, 0x1, 0x3, 0x0, 0xb7, 0x1fb, 0xffffffff}}, 0xe8) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r5, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) sendmmsg(r4, &(0x7f0000000180), 0x400000000000077, 0x7600) 13m10.273187517s ago: executing program 1 (id=132): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)=ANY=[], 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) r3 = epoll_create(0xcbcc) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000000080)={0x20000004}) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa) 13m4.57268085s ago: executing program 1 (id=134): mkdir(&(0x7f0000000400)='./file0\x00', 0x99) mount$tmpfs(0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000001b40)=ANY=[@ANYBLOB='huge=a']) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) truncate(&(0x7f0000000000)='./bus\x00', 0x8001) socket(0x10, 0x2, 0x0) r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x1, 0x8aa000) ioctl$VIDIOC_G_CTRL(r0, 0xc008561b, &(0x7f0000000100)={0x980900, 0x8}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r4, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) sendto$inet6(r4, &(0x7f0000000180)="b8", 0x1, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x8000000, @loopback, 0xffffffff}, 0x1c) 13m3.266355989s ago: executing program 1 (id=135): setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 13m1.897416257s ago: executing program 1 (id=138): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r3}, 0x18) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r4, 0xc0605345, &(0x7f0000000040)) syz_open_dev$dri(0x0, 0x1ff, 0x400002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) kexec_load(0xff0f, 0x1, &(0x7f0000000480)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0) 13m0.363144362s ago: executing program 1 (id=149): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r4, 0xc08c5332, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r4, 0xc0605345, &(0x7f0000000040)) syz_open_dev$dri(0x0, 0x1ff, 0x400002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) kexec_load(0xff0f, 0x1, &(0x7f0000000480)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0) 12m58.353643477s ago: executing program 1 (id=142): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@call={0x85, 0x0, 0x0, 0x6a}]}, 0x0, 0x8}, 0x94) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580), 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x4904}, 0x4040005) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x402000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) tee(r6, r8, 0xfffffffffffffc01, 0x0) tee(r6, r8, 0x60000000000, 0x0) 12m42.778362921s ago: executing program 34 (id=142): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@call={0x85, 0x0, 0x0, 0x6a}]}, 0x0, 0x8}, 0x94) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580), 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x4904}, 0x4040005) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x402000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) tee(r6, r8, 0xfffffffffffffc01, 0x0) tee(r6, r8, 0x60000000000, 0x0) 13.029790392s ago: executing program 0 (id=1002): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000040154220a9055015bbe4010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) 11.521874725s ago: executing program 4 (id=1004): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r0, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r0], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r2 = socket(0x10, 0x3, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtfilter={0x48, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r3, {0x10, 0x9}, {}, {0x2, 0x6}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x5}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 10.944007938s ago: executing program 4 (id=1005): openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x56, &(0x7f0000002d80)=ANY=[@ANYBLOB="12010000c9d1c40899040a50b7e70102030109024400020000000009049700010dd5ce0008240201000000000905000000000000000705a3f6d2fb5b09040000014106cf0008240201000000000905c926"], 0x0) 8.656457244s ago: executing program 0 (id=1007): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r0, 0x3) accept(r0, &(0x7f0000000240)=@qipcrtr, 0x0) 8.528747581s ago: executing program 4 (id=1008): sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x1, 0x400000000000000}, 0x0) r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001340)={0x84, &(0x7f0000001400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0xc0145b0d, &(0x7f0000000040)) 8.209621649s ago: executing program 5 (id=1010): keyctl$clear(0x5, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) syz_io_uring_setup(0x41f9, &(0x7f00000000c0)={0x0, 0xe22, 0x1000, 0x2, 0x123}, &(0x7f0000000140), 0x0) accept(r2, &(0x7f0000000240)=@qipcrtr, 0x0) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="043e130100c900", @ANYBLOB=' '], 0x16) 7.382643353s ago: executing program 0 (id=1011): pipe2(&(0x7f0000001cc0), 0x800) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0xc090) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) setresgid(0x0, 0x0, 0xffffffffffffffff) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={0x0, @in6={{0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x103}}}, 0x90) 6.390788432s ago: executing program 4 (id=1012): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)=ANY=[@ANYBLOB="1201000040154220a9055015bbe4010203010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000180)={0x0, 0x31, 0x3, "04f52e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 6.018433419s ago: executing program 5 (id=1013): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bind$netlink(0xffffffffffffffff, 0x0, 0x0) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000000)={0xb29, 0x0, 0xfffffffe, 0x0, 0x0, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"}) r4 = socket$inet6(0xa, 0x3, 0x5) r5 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, 0x0) bind$netlink(0xffffffffffffffff, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) connect$inet6(r4, &(0x7f00000001c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) 4.971211808s ago: executing program 5 (id=1014): syz_usb_connect(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000226aa140070ad0001310010203010902240001000000000904000002bd22f00009050303000000000009058aff30"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x28000000000000) 4.771130278s ago: executing program 0 (id=1015): r0 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r1, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r1], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0) r3 = socket(0x10, 0x3, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x9}, {0xffff, 0xffff}, {0x0, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0xffffffffffffffdb, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtfilter={0x48, 0x28, 0xd27, 0x1004001, 0x0, {0x0, 0x0, 0x0, r4, {0x10, 0x9}, {}, {0x2, 0x6}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_FLAGS={0x8}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x5}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x810}, 0x48c0) 3.589576718s ago: executing program 0 (id=1016): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1, 0x0, 0x6}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r5, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r5, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r6}, 0x94) openat$khugepaged_scan(0xffffffffffffff9c, 0x0, 0x1, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000180)={0x6, 0x9, &(0x7f0000000080)=@raw=[@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}], &(0x7f0000000000)='GPL\x00', 0xff, 0x0, 0x0, 0x41100, 0x0, '\x00', r6, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf01}, 0x94) 3.495206056s ago: executing program 5 (id=1017): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeed, 0x8031, 0xffffffffffffffff, 0xf6d0d000) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 3.179901311s ago: executing program 4 (id=1018): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000003, 0x12, 0xffffffffffffffff, 0x45809000) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xbf, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x37, @time={0xbf, 0x316575}}) 2.57768769s ago: executing program 4 (id=1019): socket$netlink(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYRES64, @ANYBLOB="cb41ac3a45f0e72773b41b1979196076b96329b91c1cb07f13cfcd1bf816ed453ecf96e653835f38d8ded28a2341a778154036b52f7befc540d54e6ab6b455e456c30749f4050332e49b38564fa498ed1f523a38fbe914869914be945055d37d2babe28be75f3b1ae1b188cf525d9d97d633f1567a08f94f2c60aba2765f1d7beae30535d1af9616815305877c0ffbb937dfb504609a6e78b525bd62538fe09d314a8028974872b98098972965e022e011f65066e24f42a1fff08b39727f54aaad85bf21671a9d47383a43e53ef952ddfdd584a9f3f4069cd7989f2d0fe2c25136a4fd43a274921cdb2465d81aa71ab16232172610c92cd738b74a473e6873ebf65086e20c51e3db5543fe0cbff78c1fdd8cdaa8439e520cc9e65e72527c05978bd8bf92dc25a23c17d9eaa4858c1c687e6387bb4567646e328af5cdfefe11e235e86759d654c1685a61614bbd9d9b6c976a8903d712ed6fb19d8be78134612fe88f3b472982ebf79f782136ddd14af6c3c821ebf96b3de96a56e2b637fbffb8e8753a074a4d8eb53fc0bb9fd9795a462d5cea7c6d7d7f409f5336262bcb34ba4cece469a84ddfbcb05246ee062ae1109968b7bcf0ea7e8c4fe6539a623772a8e1de38188a611ab1099ae6afdca5c3edad2a6d2b9a35e7b67b1a4825fad590ed8cb220862a484a2089cf0ffac33d1b0c4d3ce846314831bc44d1f7f083f140d8a8539408ecc0de582f86291b3acf24691a36ad289548de70d719b4ceea60ad9bc282625b20250c13802485fc086281c7ab9dff512519094c25ef051740d9a5d15369411421aad7f014c55e512756af65ab5e3f8ac20ff1afc72e13a66b220467ad44a4cff3be396024cdb70500e2aa1b9211485764d901fec66d931a4dcb1789c659ae756f58a416c83de105f8de7414f91e2b6a833a13ce8b8d2b72532e5eb10935a6de8271af64dbd7a985cbc4b9540d8725e053bcd478d16fe69644d9a70cbb7bf49f1b2b04603ed8b5a6f700cf48dbd335b32083b04611b43d5c0efa21add1b2603fdb314b680a81a1c435f68fc8cc41b7812199c1ff4647326289a4da4d56ce657f8fa302b155dcfa5cd1a6d252cef9ba76572e61dd49babf9c9a8f79d2efda581442339017ab1afef2c73d3daa71462c554f27c2e3ac1f5195dfcab3b76ca9e0a1c6b835e4718bc820be5a8a07046b8f51dd4d810fa85e0d9dba9b42a6b631414cdba6eb47f3c53ad29df741e2f388ece86d46ca0247823f0982067936f352a4257d071618d8b01119a6693395ec4e14f3ddd3c6d7a0bd0adf0409c1aafd617801bf44a36d30edd9e910ee9af51b93387df16fe0610266bf2bba2cf4a2e448cf4e623eb473f0f3a6c4688ed06ad4dd67ed0a59156fb7218eeda2f6b9b8be16db7f00af38f007cd5416d669404e0abc2ecdbc5b71ebbc40a7cd906ab1dcb5b1ab5fcf005671518c35388d6ab473b50e8a556a0d305197a9765d94434eb331071145d872e06b782f6a9c415e7d27fd5c05f34a29e90b31f340f9c8582ac95d91cd579d99474cb3bb1915d2fbd701f354f011eaf7757ab5687c4b12ff33325b98747c11bba6b095d279486cdf045ddd6359d695ba17c260a89424324a93046455e30c0e79594b27cd7f476c03ce25d3f2a4ca3f86543c08dec752f24c3b87ff2d62359eb5c3db9dff0e3136b36f6c083deb3a11b0f46a9b4393440b14564839c0622c3c2ad0042eb96cbf0e654787b42ca03428643d7ae0840ef3907f1897c48253d645af6fddac982687cc160bb3d7e9815eba147ec37e323fa745341a4983b19bb03e6bbf4cc266c672914abebe63da91ff1ca37828e038237912347770eea9ada6806e6e6e294d506e5e648c2a8766ba32c888b9f220b58c7896630c4eda5d9be1249592f48cd3b876ef5820f70a1413eef05e998d93e51ea3b9ad482ecf59d47fb5eca9ca56b0c54df2e452022b160fccab7399ef6b556e14d7e6b1f33735789c0925d1c2dd5f9a5c6270f5044b91ab3334d05d066a79635e121fba3acfb4946a82746ac5c7d0fe86ac7c533ff38f7f3f8320c46c39aa9cc9cc7959259e4a8ac7e0fcf8e830d616313c4df649d126a8cf72062d17876dc3eec5879b3ad958521e3b3e7d162af29db55dc31504e5d97630a90c86109ab7782a918ec009144fea40a35d82aeb0571c4f96e02a36dcbc2e8c201fcdc1b38191809f86eca2073328f43dd017691c86fd8c08e39f4b4d5696b80096de2590b83bf265171c4a4162e6bbe10179c1bf74cb62e1d7b1160b082a583c95814f3434a149e0a134d5a8b574e2ee47d0eb1ac91eab0d6d20fd3d5aae3e8de53e4073cd0d5991419883093d5be73f8bde111ed5f1b073550eaf503d29c2c6f33002b61e5863b48c39529618e849cd7b1d10c1848e3559ea20ae8fbfc57f62f7ee202e431b1186e0afafd7680c91fb29d15a3eb3f209a8d1d63688f8201f82f7bf5890c4fb497cd0515b9fb532b649cc5254e506b52ff293ad6f2d7e2291a58f7b85f4f2449001984b1532470f14e56de7240fa9e9aede00fac9470089fcf198c81ef2449b2763ec2964f63fe86bb6f023fb7a1f419fe5e70da1cfa76751597b4af8ed2a7a8d0c207a64cea02cdc686f738bbeb640070871cbf333c2c1a0cf5fc4f7f4fe1b1197fc2135c8a6b969c4fbe243b5faa633949e5f98b03ab49086676fb1243e4231e084dd0fa7ea012fadfb54688ec33b6cbd1d6b1fe9c36f2370f97dffc6ab4e88137fa4e80cec1e4e5859e7bdd66f9448bbd5844467aa06d9a86609b1f6e02747e2a218f008633e7b6b0bc244d0f3910ef5d8e2dbc5e734b70495193cafadc8caf05ac50e6c00942a4453ba9db82b205db971d59cec4ae86687a6d2bccd4865c84fadce7c23c2e8a50610554255f378f10c55d73ea5b2879235aada21ceac73b52737259913d2c869f8ea80f8f40875d8745a36fa8a9e0e5b72e308ab693d0e07278121e6f922c6a290d69275eb8bdfd75122255f3d45d1d6e9ef800e4236e1d196c97be0421e0364fe510e754e104db2f1c132fef1f733da8891bc95c5477a45b9804167cbd82ff2619ed08c3821ca4b1480d02b653da301c58b20e421cab6a184da68ac81cf7e5124e9ba3c73920d305fc596aff136445ae4d9a81bf177b975e9f0ab2cfadb8df4207851247a158b35b5039f554ab7a2cc61a94c3511de4d234f8e5bec1921ce7442e3a63812a05d3b1ffe09164b95c35a1d755671bc108ed5e9f3c46cb4d594b6e2a5b794405c7dbfb26f5c5d3be9414b9cf43083867104fed2bc04afa6b14383bc060418d5c1b51b87fe6dae9134f14a61b84311bdef52f1a9c6b6d5afbd555827c438edb21e6d019bd4f04f641cb36b310b5b8668301be1709c3758a74c5ab743d11390b82be5bfd29093c3e0cb1af5fdc76f00b9ea37b19e1a26283dda62eacbac8c37b507e7602cc622100e332a886eab96beb6b2afd76b8ee49fcc921a0c713916de9b61d2bf124fcd9b6f42704eb0e9e0af3a8fa4a52c80fb5e56aa9f0956c61d5d1698aa4d1349885b67ae6b135b90297662bd466cb9931347404be650c7b512dbf94d4a0b41baad45b088453e6dc0e26de3612870bbc3e615026ae31bb305332de050584aab6e372b16bbae3c1cec56ae7568a46061ca6064c17a65ad565e390177187ffad7b597ca97db684718d542b4c59e8ba5764c0cd9ae255e369e1b56fb3cde4c0c637e62a3209824ddfefa80063618e6bcae695114114dc1ba7b874db179e022283648dadc0a2fdf8f611ef2e23c2be10df7f72aa795a93513df7ec063092fc3ac0bd515b1c74b35d4ced457f575c40e0fe14eac1c32d4d5ba5e00218249968a00f991ee21e49d6803fbf14859157d3368898d2f0fba72a76f9fbe5f2fbf884195675f7eec558985289a125ce3a591dd63ce55b0543497a1cdb22c1c61972d085aec8abf7985e44dacdce89a33a5b0eecee5a9672f152fd96a2727fc5500f19188365172d74c47c4c7f45c2124a49ac6413a569b3107a3b0cfb56e10d1c3009d5a640120aa1b6446c656a3944bdfc53bce8833a1b1eb654fab2abf0d555423daaba37f62586f71807cacf58d120bcbb336ff27ea1778b44e0782b68fc162b4d7982b0bc78cfd53995eaeac0ad4227edff4e43bf8818e4db29b956636c8a3f147680b64a5bbdc87f496cb228f7d535b216c72c2abc56e1da45c9806c20a14e2c5a9e3d29e1138e64007c5ba8789b26577fa9c31e9966d3e54acd50e810084fa3d05f91c5110dbd467a4370fbf191af73ae0b08d88bcc7b87350d4274a11ea8cf10a29f065be875e1f107848ebd314460474e9d0298b0c9ff0bee6f2c73594776f011eb245d671867d8a5308d637e5a496be0931b0c982ec501a8e12b937bc4ee7d98ac3b202e073b70c60dfe4738f096d56ed784860f602b40d7b687e8e982ad07d893678523931a4bc6b0d2df0b67d94956e8a9565c2528d3482df226e6364165fa4365301d326f16bf3d8650429061439638c6f88066200f0bde7ad82eca279b7a97c058f5cf695cb71d81afc662f97bdb5183e54e13bbd92b2221dcc5ba06784ead565cb5d93faa257190cf822fa9e731334e6b05ffaa0bc8e136b016ad48eae42770ef3c54dcdb6cac8f0bd2c660734fc23c4e6b911e74723f773c848dda346b5c53e5007fc8c41242b1cbfd5f89bd359d60c98935d187e119acb356a9e46fe05d7f20d2974a3ebaf2e4cdcb2c8dff88f4dc2ff4919f51d48b33896c0273afd1d871e05520714eb2deaf55fc99ab2b62f3a17e699824069387c417ca0986459e1adf1cd4443af90f6169c243e87f9b626f0658d81139bcce468622de24806cae6e161e1ad861a8290a303c60829a651b53f685ba483f6a6da04aa2805c660793a83368bec4d29579352338d47287001ea4b2df1f4aca2c08a7e2d6f2040db3b3c1870adc661b869873f3429980fd667acd5ecdd80ac9a7c59e6da6facf993ca7edac1e403f8594f6899e88e804ac872e93af89c4177e8621d019094af73ce1399a2dfa06dada8b369b275c62469491508618bad6dab592448e63531a29ba27fa6f7e8457fd365de3898237d9ae198e32fef6d604b7d2178fa312fd1d7f0cdd915e05d9ed4b1bd2d2c08cc528dfa07ea8ba543e5bdc558e81278fcdfebbba5dca695f99f45b992b9b2235055c3a50c4d2a0b38fd6c35019683bd4b319bad8818686cc7d613ff9defd4bba048d178060ffb97aae4cefda1a8944adbc015f0033114684248ce5c8f5685be773932721d4ef182e42d8ea05ba5c011e1ccb818a6fa38629d672399680ecdb76fe4edb4d64ac5d17e320053953a48a9ae978daf6f7b9d00d6bf0472178e55beea0475c133f756ee63c84704e81737161cd530f90172efefc95593d742593a37fef7c44630842bd7f7c0dc2a405bd5867fd0668cee34ea6d2de940684eb03e54df582b410fb6b48ca748402090f3f2a49a8d512890da5a3de232ad1934ec40ebef5c37df24cafcd9c617afbbf8e024a0d0152f3040bdb0c9f64be24a077d142f38d2d8868efeb2b32e8dfc5e37a3537d58baf409a412251c1861721020b1c4cf9afef97ba618652b6b11f0091ce6a20c51606f0c762497199dfdebe2e8cf9389a9a45bc8a6326b2c4edcca0ec5c8d3c73b18d197ccfffbe34f29703d3151bb5c351f53b2cecdeb9df01f7bbe654d7630e4512cf37ebc2b27b32bb91bd525de4c70b6c1330024bb065b7b43fa19f292ffe7efcbd63a6d7a8d7a4f15705b7c696aa463fda1fbebbd1de1", @ANYRES8, @ANYRESHEX=0x0], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4000005}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r3, 0x29, 0x13, &(0x7f0000000200)=0x1, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000004c00)=""/102392, 0x18ff8) r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='blkio.bfq.io_service_time\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, 0x0, 0x0) socket(0x11, 0x800000003, 0x0) r6 = socket$netlink(0x10, 0x3, 0x4) bind$inet6(r3, &(0x7f0000000300)={0xa, 0x4e22, 0x0, @mcast2, 0x8}, 0x1c) write(r6, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xc, 0x0, &(0x7f0000004100)) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000900)=@newlink={0x48, 0x10, 0x401, 0x0, 0x4, {0x0, 0x0, 0x0, r7}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, r9, 0x10820, 0x343}}}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000014}, 0x0) 1.523524313s ago: executing program 5 (id=1020): r0 = syz_open_procfs(0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x2125099, 0x0) mkdir(0x0, 0x8) mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='dyn']) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x1600) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x81, 0x6a, 0xa, 0xbcf3}, {0x6, 0xf, 0xac, 0xc}]}) openat$cgroup_ro(r0, &(0x7f0000000280)='blkio.throttle.io_serviced\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x200040, 0x1) open_tree(r1, 0x0, 0x8900) mount$bind(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='./file0\x00', 0x0, 0x801018, 0x0) mount$bind(0x0, 0x0, 0x0, 0x80000, 0x0) mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0) mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x80700a, 0x0) 1.199993987s ago: executing program 0 (id=1021): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) socket(0x10, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000100)=ANY=[@ANYRESHEX=r2, @ANYRES8=r3, @ANYRESHEX=r0], 0x0, 0x3}, 0x94) r4 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) write$P9_RREMOVE(r4, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}}, 0x0) dup(0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_coalesce={0x46, 0x80, 0x10000, 0x6, 0xc6, 0x8001, 0xb28e, 0x46, 0x6, 0x81, 0x6, 0x3, 0x8, 0x8008, 0x8000, 0xae, 0x101, 0x2, 0xfff, 0x4d, 0x1000000, 0x1000001, 0x15b}}) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}}, 0x1c}}, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) dup(0xffffffffffffffff) 0s ago: executing program 5 (id=1022): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)) syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x48800}, 0xa010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x10000000}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) writev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e22d991000000000000a80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff0000000200000000", 0x58}], 0x1) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) open_by_handle_at(r6, &(0x7f0000000180)=ANY=[@ANYBLOB="15000000fe000000"], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r4}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) r7 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_GET(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000091401000000"], 0x18}}, 0x0) socket$inet6(0xa, 0x2, 0x0) kernel console output (not intermixed with test programs): 91572][T10426] bridge_slave_1: entered allmulticast mode [ 900.465773][T10660] netlink: 12 bytes leftover after parsing attributes in process `syz.4.893'. [ 900.683757][T10426] bridge_slave_1: entered promiscuous mode [ 901.316213][T10669] netlink: 12 bytes leftover after parsing attributes in process `syz.0.894'. [ 901.874653][T10426] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 902.074127][T10426] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 902.545666][T10684] netlink: 12 bytes leftover after parsing attributes in process `syz.4.897'. [ 903.237000][T10426] team0: Port device team_slave_0 added [ 903.258669][T10686] loop4: detected capacity change from 0 to 512 [ 903.436760][T10686] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e028, mo2=0002] [ 903.475379][T10366] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 903.494443][T10686] System zones: 1-12 [ 903.554425][T10686] EXT4-fs error (device loop4): ext4_free_branches:1020: inode #11: comm syz.4.898: invalid indirect mapped block 8 (level 2) [ 903.581644][T10426] team0: Port device team_slave_1 added [ 903.652058][T10686] EXT4-fs (loop4): Remounting filesystem read-only [ 903.707217][T10686] EXT4-fs (loop4): 1 truncate cleaned up [ 903.707826][T10688] loop5: detected capacity change from 0 to 40427 [ 903.734166][T10688] F2FS-fs (loop5): invalid crc value [ 903.758213][T10686] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 903.859413][T10688] F2FS-fs (loop5): Start checkpoint disabled! [ 903.882996][T10366] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 903.904536][T10688] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 903.951825][T10366] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 904.136684][T10426] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 904.178118][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 904.422141][T10426] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 904.840659][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 904.853922][T10366] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 904.902449][ T3554] kworker/u8:7: attempt to access beyond end of device [ 904.902449][ T3554] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 904.948506][ T3554] CPU: 1 UID: 0 PID: 3554 Comm: kworker/u8:7 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 904.948558][ T3554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 904.948584][ T3554] Workqueue: writeback wb_workfn (flush-7:5) [ 904.948630][ T3554] Call Trace: [ 904.948642][ T3554] [ 904.948657][ T3554] dump_stack_lvl+0x16c/0x1f0 [ 904.948719][ T3554] f2fs_handle_critical_error+0x621/0x9f0 [ 904.948770][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.948817][ T3554] ? f2fs_build_fault_attr+0x53/0x1f0 [ 904.948870][ T3554] f2fs_write_end_io+0x785/0xc20 [ 904.948926][ T3554] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 904.948985][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.949043][ T3554] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 904.949093][ T3554] bio_endio+0x70d/0x850 [ 904.949135][ T3554] submit_bio_noacct+0x56d/0x1eb0 [ 904.949197][ T3554] __submit_merged_bio+0x33c/0x770 [ 904.949256][ T3554] __submit_merged_write_cond+0x319/0x3f0 [ 904.949334][ T3554] f2fs_write_cache_pages+0x2067/0x2570 [ 904.949428][ T3554] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 904.949492][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.949543][ T3554] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 904.949597][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.949748][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.949799][ T3554] f2fs_write_data_pages+0x4ad/0xd90 [ 904.949863][ T3554] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 904.949935][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.949976][ T3554] ? __lock_acquire+0xb8a/0x1c90 [ 904.950038][ T3554] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 904.950101][ T3554] do_writepages+0x27a/0x600 [ 904.950168][ T3554] ? __pfx_do_writepages+0x10/0x10 [ 904.950223][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.950265][ T3554] ? reacquire_held_locks+0xcd/0x1f0 [ 904.950334][ T3554] ? writeback_sb_inodes+0x3a4/0xf90 [ 904.950398][ T3554] __writeback_single_inode+0x160/0xfb0 [ 904.950457][ T3554] ? __pfx___writeback_single_inode+0x10/0x10 [ 904.950515][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.950557][ T3554] ? do_raw_spin_unlock+0x172/0x230 [ 904.950600][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.950652][ T3554] writeback_sb_inodes+0x601/0xf90 [ 904.950732][ T3554] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 904.950782][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.950892][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.950934][ T3554] ? rcu_is_watching+0x12/0xc0 [ 904.950977][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951018][ T3554] ? queue_io+0x3f6/0x520 [ 904.951072][ T3554] wb_writeback+0x419/0xb70 [ 904.951141][ T3554] ? __pfx_wb_writeback+0x10/0x10 [ 904.951189][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951250][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951300][ T3554] ? mark_held_locks+0x49/0x80 [ 904.951366][ T3554] wb_workfn+0x14d/0xbe0 [ 904.951400][ T3554] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 904.951458][ T3554] ? __pfx_wb_workfn+0x10/0x10 [ 904.951497][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951548][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951597][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951642][ T3554] ? rcu_is_watching+0x12/0xc0 [ 904.951700][ T3554] process_one_work+0x9cf/0x1b70 [ 904.951765][ T3554] ? __pfx_process_one_work+0x10/0x10 [ 904.951807][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951865][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.951909][ T3554] ? assign_work+0x1a0/0x250 [ 904.951951][ T3554] worker_thread+0x6c8/0xf10 [ 904.952017][ T3554] ? __pfx_worker_thread+0x10/0x10 [ 904.952058][ T3554] kthread+0x3c5/0x780 [ 904.952096][ T3554] ? __pfx_kthread+0x10/0x10 [ 904.952134][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.952179][ T3554] ? rcu_is_watching+0x12/0xc0 [ 904.952228][ T3554] ? __pfx_kthread+0x10/0x10 [ 904.952268][ T3554] ret_from_fork+0x5d7/0x6f0 [ 904.952332][ T3554] ? __pfx_kthread+0x10/0x10 [ 904.952369][ T3554] ret_from_fork_asm+0x1a/0x30 [ 904.952439][ T3554] [ 904.952453][ T3554] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 904.964793][T10426] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 904.976578][ T3554] CPU: 1 UID: 0 PID: 3554 Comm: kworker/u8:7 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 904.976626][ T3554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 904.976650][ T3554] Workqueue: writeback wb_workfn (flush-7:5) [ 904.976695][ T3554] Call Trace: [ 904.976706][ T3554] [ 904.976720][ T3554] dump_stack_lvl+0x16c/0x1f0 [ 904.976779][ T3554] f2fs_handle_critical_error+0x621/0x9f0 [ 904.976827][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.976872][ T3554] ? f2fs_build_fault_attr+0x53/0x1f0 [ 904.976922][ T3554] f2fs_write_end_io+0x785/0xc20 [ 904.976976][ T3554] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 904.977032][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.977088][ T3554] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 904.977136][ T3554] bio_endio+0x70d/0x850 [ 904.977177][ T3554] submit_bio_noacct+0x56d/0x1eb0 [ 904.977238][ T3554] __submit_merged_bio+0x33c/0x770 [ 904.977300][ T3554] __submit_merged_write_cond+0x319/0x3f0 [ 904.977365][ T3554] f2fs_write_cache_pages+0x2067/0x2570 [ 904.977456][ T3554] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 904.977517][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.977571][ T3554] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 904.977630][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.977791][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.977845][ T3554] f2fs_write_data_pages+0x4ad/0xd90 [ 904.977912][ T3554] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 904.977984][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.978028][ T3554] ? __lock_acquire+0xb8a/0x1c90 [ 904.978089][ T3554] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 904.978150][ T3554] do_writepages+0x27a/0x600 [ 904.978217][ T3554] ? __pfx_do_writepages+0x10/0x10 [ 904.978273][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.978319][ T3554] ? reacquire_held_locks+0xcd/0x1f0 [ 904.978379][ T3554] ? writeback_sb_inodes+0x3a4/0xf90 [ 904.978445][ T3554] __writeback_single_inode+0x160/0xfb0 [ 904.978510][ T3554] ? __pfx___writeback_single_inode+0x10/0x10 [ 904.978567][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.978611][ T3554] ? do_raw_spin_unlock+0x172/0x230 [ 904.978654][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.978706][ T3554] writeback_sb_inodes+0x601/0xf90 [ 904.978791][ T3554] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 904.978848][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.978971][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979015][ T3554] ? rcu_is_watching+0x12/0xc0 [ 904.979063][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979106][ T3554] ? queue_io+0x3f6/0x520 [ 904.979164][ T3554] wb_writeback+0x419/0xb70 [ 904.979236][ T3554] ? __pfx_wb_writeback+0x10/0x10 [ 904.979297][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979356][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979399][ T3554] ? mark_held_locks+0x49/0x80 [ 904.979468][ T3554] wb_workfn+0x14d/0xbe0 [ 904.979510][ T3554] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 904.979568][ T3554] ? __pfx_wb_workfn+0x10/0x10 [ 904.979607][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979656][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979706][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979750][ T3554] ? rcu_is_watching+0x12/0xc0 [ 904.979806][ T3554] process_one_work+0x9cf/0x1b70 [ 904.979871][ T3554] ? __pfx_process_one_work+0x10/0x10 [ 904.979912][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.979969][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.980012][ T3554] ? assign_work+0x1a0/0x250 [ 904.980056][ T3554] worker_thread+0x6c8/0xf10 [ 904.980123][ T3554] ? __pfx_worker_thread+0x10/0x10 [ 904.980164][ T3554] kthread+0x3c5/0x780 [ 904.980201][ T3554] ? __pfx_kthread+0x10/0x10 [ 904.980240][ T3554] ? srso_alias_return_thunk+0x5/0xfbef5 [ 904.980289][ T3554] ? rcu_is_watching+0x12/0xc0 [ 904.980336][ T3554] ? __pfx_kthread+0x10/0x10 [ 904.980375][ T3554] ret_from_fork+0x5d7/0x6f0 [ 904.980431][ T3554] ? __pfx_kthread+0x10/0x10 [ 904.980468][ T3554] ret_from_fork_asm+0x1a/0x30 [ 904.980538][ T3554] [ 904.980551][ T3554] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 905.014184][T10426] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 905.014289][T10426] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 905.898097][T10426] hsr_slave_0: entered promiscuous mode [ 905.926444][T10426] hsr_slave_1: entered promiscuous mode [ 905.932998][T10426] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 905.953923][T10426] Cannot create hsr debugfs directory [ 907.713339][ T5863] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 907.748302][ T5863] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 907.763008][ T5863] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 908.030980][ T5863] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 908.082577][ T5863] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 908.385588][T10727] loop0: detected capacity change from 0 to 1024 [ 909.827609][T10727] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 910.081669][ T30] audit: type=1800 audit(1751952251.485:117): pid=10725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.904" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 911.934071][ T5863] Bluetooth: hci5: command tx timeout [ 912.516397][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 912.873534][T10718] chnl_net:caif_netlink_parms(): no params data found [ 912.940850][T10426] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 912.998127][T10426] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 913.083963][T10426] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 913.119383][T10426] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 913.558822][T10718] bridge0: port 1(bridge_slave_0) entered blocking state [ 913.573044][T10718] bridge0: port 1(bridge_slave_0) entered disabled state [ 913.590004][T10718] bridge_slave_0: entered allmulticast mode [ 913.609255][T10718] bridge_slave_0: entered promiscuous mode [ 913.618603][T10718] bridge0: port 2(bridge_slave_1) entered blocking state [ 913.629842][T10718] bridge0: port 2(bridge_slave_1) entered disabled state [ 913.640370][T10718] bridge_slave_1: entered allmulticast mode [ 913.652358][T10718] bridge_slave_1: entered promiscuous mode [ 913.849380][T10718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 913.879489][T10718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 914.102157][ T5863] Bluetooth: hci5: command tx timeout [ 914.880675][T10775] netlink: 12 bytes leftover after parsing attributes in process `syz.5.907'. [ 915.521536][T10774] netlink: 12 bytes leftover after parsing attributes in process `syz.0.906'. [ 916.154518][ T5864] Bluetooth: hci5: command tx timeout [ 916.230625][T10718] team0: Port device team_slave_0 added [ 916.291531][T10781] loop4: detected capacity change from 0 to 512 [ 916.360523][T10781] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e028, mo2=0002] [ 916.372592][T10781] System zones: 1-12 [ 916.383157][T10781] EXT4-fs error (device loop4): ext4_free_branches:1020: inode #11: comm syz.4.909: invalid indirect mapped block 8 (level 2) [ 916.411573][T10781] EXT4-fs (loop4): Remounting filesystem read-only [ 916.510957][T10781] EXT4-fs (loop4): 1 truncate cleaned up [ 916.557934][T10787] netlink: 12 bytes leftover after parsing attributes in process `syz.5.908'. [ 916.829631][T10718] team0: Port device team_slave_1 added [ 917.501366][T10781] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 917.724151][ T5864] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 917.736302][ T5864] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 917.747212][ T5864] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 917.755757][ T5864] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 917.768872][ T5864] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 917.815220][ T3554] bridge_slave_1: left allmulticast mode [ 917.827941][ T3554] bridge_slave_1: left promiscuous mode [ 917.839974][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 917.862988][ T3554] bridge_slave_0: left allmulticast mode [ 917.870653][ T3554] bridge_slave_0: left promiscuous mode [ 917.872450][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 917.887877][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 918.042067][T10799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.912'. [ 918.209794][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 918.227856][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 918.243895][ T5864] Bluetooth: hci5: command tx timeout [ 918.252862][ T3554] bond0 (unregistering): Released all slaves [ 918.408761][T10718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 918.469087][T10718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 918.564344][T10718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 918.616023][T10718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 918.623153][T10718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 918.784151][T10718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 919.046347][T10806] loop0: detected capacity change from 0 to 40427 [ 919.061016][T10806] F2FS-fs (loop0): invalid crc value [ 919.132223][ T3554] hsr_slave_0: left promiscuous mode [ 919.187996][ T3554] hsr_slave_1: left promiscuous mode [ 919.188142][T10806] F2FS-fs (loop0): Start checkpoint disabled! [ 919.211671][T10806] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 919.231214][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 919.264898][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 919.834042][ T5864] Bluetooth: hci2: command tx timeout [ 920.068471][ T6137] kworker/u8:13: attempt to access beyond end of device [ 920.068471][ T6137] loop0: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 920.143972][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: kworker/u8:13 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 920.144024][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 920.144048][ T6137] Workqueue: writeback wb_workfn (flush-7:0) [ 920.144095][ T6137] Call Trace: [ 920.144106][ T6137] [ 920.144119][ T6137] dump_stack_lvl+0x16c/0x1f0 [ 920.144180][ T6137] f2fs_handle_critical_error+0x621/0x9f0 [ 920.144228][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.144275][ T6137] ? f2fs_build_fault_attr+0x53/0x1f0 [ 920.144327][ T6137] f2fs_write_end_io+0x785/0xc20 [ 920.144380][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 920.144434][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.144489][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 920.144537][ T6137] bio_endio+0x70d/0x850 [ 920.144577][ T6137] submit_bio_noacct+0x56d/0x1eb0 [ 920.144636][ T6137] __submit_merged_bio+0x33c/0x770 [ 920.144692][ T6137] __submit_merged_write_cond+0x319/0x3f0 [ 920.144755][ T6137] f2fs_write_cache_pages+0x2067/0x2570 [ 920.144840][ T6137] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 920.144901][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.144954][ T6137] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 920.145111][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.145165][ T6137] f2fs_write_data_pages+0x4ad/0xd90 [ 920.145231][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 920.145304][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.145348][ T6137] ? __lock_acquire+0xb8a/0x1c90 [ 920.145411][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 920.145472][ T6137] do_writepages+0x27a/0x600 [ 920.145540][ T6137] ? __pfx_do_writepages+0x10/0x10 [ 920.145598][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.145642][ T6137] ? reacquire_held_locks+0xcd/0x1f0 [ 920.145703][ T6137] ? writeback_sb_inodes+0x3a4/0xf90 [ 920.145769][ T6137] __writeback_single_inode+0x160/0xfb0 [ 920.145853][ T6137] ? __pfx___writeback_single_inode+0x10/0x10 [ 920.145913][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.145957][ T6137] ? do_raw_spin_unlock+0x172/0x230 [ 920.146001][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.146051][ T6137] writeback_sb_inodes+0x601/0xf90 [ 920.146134][ T6137] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 920.146262][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.146311][ T6137] ? rcu_is_watching+0x12/0xc0 [ 920.146360][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.146405][ T6137] ? queue_io+0x3f6/0x520 [ 920.146464][ T6137] wb_writeback+0x419/0xb70 [ 920.146535][ T6137] ? __pfx_wb_writeback+0x10/0x10 [ 920.146593][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.146651][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.146697][ T6137] ? mark_held_locks+0x49/0x80 [ 920.146768][ T6137] wb_workfn+0x14d/0xbe0 [ 920.146807][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.146853][ T6137] ? try_to_wake_up+0x157/0x1680 [ 920.146902][ T6137] ? __pfx_wb_workfn+0x10/0x10 [ 920.146941][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.146990][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147042][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147087][ T6137] ? rcu_is_watching+0x12/0xc0 [ 920.147146][ T6137] process_one_work+0x9cf/0x1b70 [ 920.147204][ T6137] ? __pfx_netdevice_event_work_handler+0x10/0x10 [ 920.147272][ T6137] ? __pfx_process_one_work+0x10/0x10 [ 920.147321][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147379][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147425][ T6137] ? assign_work+0x1a0/0x250 [ 920.147467][ T6137] worker_thread+0x6c8/0xf10 [ 920.147520][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147568][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147614][ T6137] ? __kthread_parkme+0x19e/0x250 [ 920.147670][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147719][ T6137] ? __pfx_worker_thread+0x10/0x10 [ 920.147761][ T6137] kthread+0x3c5/0x780 [ 920.147798][ T6137] ? __pfx_kthread+0x10/0x10 [ 920.147838][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.147883][ T6137] ? rcu_is_watching+0x12/0xc0 [ 920.147933][ T6137] ? __pfx_kthread+0x10/0x10 [ 920.147972][ T6137] ret_from_fork+0x5d7/0x6f0 [ 920.148031][ T6137] ? __pfx_kthread+0x10/0x10 [ 920.148067][ T6137] ret_from_fork_asm+0x1a/0x30 [ 920.148136][ T6137] [ 920.148149][ T6137] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 920.590080][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: kworker/u8:13 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 920.590130][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 920.590156][ T6137] Workqueue: writeback wb_workfn (flush-7:0) [ 920.590201][ T6137] Call Trace: [ 920.590212][ T6137] [ 920.590225][ T6137] dump_stack_lvl+0x16c/0x1f0 [ 920.590287][ T6137] f2fs_handle_critical_error+0x621/0x9f0 [ 920.590344][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.590388][ T6137] ? f2fs_build_fault_attr+0x53/0x1f0 [ 920.590439][ T6137] f2fs_write_end_io+0x785/0xc20 [ 920.590493][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 920.590550][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.590607][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 920.590656][ T6137] bio_endio+0x70d/0x850 [ 920.590697][ T6137] submit_bio_noacct+0x56d/0x1eb0 [ 920.590758][ T6137] __submit_merged_bio+0x33c/0x770 [ 920.590815][ T6137] __submit_merged_write_cond+0x319/0x3f0 [ 920.590881][ T6137] f2fs_write_cache_pages+0x2067/0x2570 [ 920.590974][ T6137] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 920.591039][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.591095][ T6137] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 920.591274][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.591335][ T6137] f2fs_write_data_pages+0x4ad/0xd90 [ 920.591405][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 920.591479][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.591524][ T6137] ? __lock_acquire+0xb8a/0x1c90 [ 920.591589][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 920.591652][ T6137] do_writepages+0x27a/0x600 [ 920.591723][ T6137] ? __pfx_do_writepages+0x10/0x10 [ 920.591782][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.591827][ T6137] ? reacquire_held_locks+0xcd/0x1f0 [ 920.591889][ T6137] ? writeback_sb_inodes+0x3a4/0xf90 [ 920.591959][ T6137] __writeback_single_inode+0x160/0xfb0 [ 920.592027][ T6137] ? __pfx___writeback_single_inode+0x10/0x10 [ 920.592087][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.592132][ T6137] ? do_raw_spin_unlock+0x172/0x230 [ 920.592177][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.592230][ T6137] writeback_sb_inodes+0x601/0xf90 [ 920.592327][ T6137] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 920.592468][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.592514][ T6137] ? rcu_is_watching+0x12/0xc0 [ 920.592563][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.592608][ T6137] ? queue_io+0x3f6/0x520 [ 920.592669][ T6137] wb_writeback+0x419/0xb70 [ 920.592742][ T6137] ? __pfx_wb_writeback+0x10/0x10 [ 920.592800][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.592861][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.592907][ T6137] ? mark_held_locks+0x49/0x80 [ 920.592978][ T6137] wb_workfn+0x14d/0xbe0 [ 920.593019][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593063][ T6137] ? try_to_wake_up+0x157/0x1680 [ 920.593114][ T6137] ? __pfx_wb_workfn+0x10/0x10 [ 920.593153][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593204][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593256][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593306][ T6137] ? rcu_is_watching+0x12/0xc0 [ 920.593365][ T6137] process_one_work+0x9cf/0x1b70 [ 920.593425][ T6137] ? __pfx_netdevice_event_work_handler+0x10/0x10 [ 920.593493][ T6137] ? __pfx_process_one_work+0x10/0x10 [ 920.593535][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593594][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593640][ T6137] ? assign_work+0x1a0/0x250 [ 920.593684][ T6137] worker_thread+0x6c8/0xf10 [ 920.593737][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593783][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593830][ T6137] ? __kthread_parkme+0x19e/0x250 [ 920.593883][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.593932][ T6137] ? __pfx_worker_thread+0x10/0x10 [ 920.593974][ T6137] kthread+0x3c5/0x780 [ 920.594013][ T6137] ? __pfx_kthread+0x10/0x10 [ 920.594052][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 920.594096][ T6137] ? rcu_is_watching+0x12/0xc0 [ 920.594146][ T6137] ? __pfx_kthread+0x10/0x10 [ 920.594185][ T6137] ret_from_fork+0x5d7/0x6f0 [ 920.594243][ T6137] ? __pfx_kthread+0x10/0x10 [ 920.594280][ T6137] ret_from_fork_asm+0x1a/0x30 [ 920.594358][ T6137] [ 921.080707][ T6137] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 921.087776][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: kworker/u8:13 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 921.087827][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 921.087852][ T6137] Workqueue: writeback wb_workfn (flush-7:0) [ 921.087898][ T6137] Call Trace: [ 921.087909][ T6137] [ 921.087923][ T6137] dump_stack_lvl+0x16c/0x1f0 [ 921.087984][ T6137] f2fs_handle_critical_error+0x621/0x9f0 [ 921.088034][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.088080][ T6137] ? f2fs_build_fault_attr+0x53/0x1f0 [ 921.088129][ T6137] f2fs_write_end_io+0x785/0xc20 [ 921.088183][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 921.088238][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.088302][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 921.088350][ T6137] bio_endio+0x70d/0x850 [ 921.088390][ T6137] submit_bio_noacct+0x56d/0x1eb0 [ 921.088448][ T6137] __submit_merged_bio+0x33c/0x770 [ 921.088504][ T6137] __submit_merged_write_cond+0x319/0x3f0 [ 921.088565][ T6137] f2fs_write_cache_pages+0x2067/0x2570 [ 921.088652][ T6137] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 921.088716][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.088769][ T6137] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 921.088929][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.088983][ T6137] f2fs_write_data_pages+0x4ad/0xd90 [ 921.089050][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 921.089121][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.089166][ T6137] ? __lock_acquire+0xb8a/0x1c90 [ 921.089229][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 921.089298][ T6137] do_writepages+0x27a/0x600 [ 921.089367][ T6137] ? __pfx_do_writepages+0x10/0x10 [ 921.089424][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.089469][ T6137] ? reacquire_held_locks+0xcd/0x1f0 [ 921.089532][ T6137] ? writeback_sb_inodes+0x3a4/0xf90 [ 921.089599][ T6137] __writeback_single_inode+0x160/0xfb0 [ 921.089665][ T6137] ? __pfx___writeback_single_inode+0x10/0x10 [ 921.089725][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.089770][ T6137] ? do_raw_spin_unlock+0x172/0x230 [ 921.089815][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.089867][ T6137] writeback_sb_inodes+0x601/0xf90 [ 921.089950][ T6137] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 921.090075][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090121][ T6137] ? rcu_is_watching+0x12/0xc0 [ 921.090169][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090213][ T6137] ? queue_io+0x3f6/0x520 [ 921.090270][ T6137] wb_writeback+0x419/0xb70 [ 921.090348][ T6137] ? __pfx_wb_writeback+0x10/0x10 [ 921.090405][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090464][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090509][ T6137] ? mark_held_locks+0x49/0x80 [ 921.090574][ T6137] wb_workfn+0x14d/0xbe0 [ 921.090613][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090663][ T6137] ? try_to_wake_up+0x157/0x1680 [ 921.090713][ T6137] ? __pfx_wb_workfn+0x10/0x10 [ 921.090751][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090800][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090851][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.090895][ T6137] ? rcu_is_watching+0x12/0xc0 [ 921.090951][ T6137] process_one_work+0x9cf/0x1b70 [ 921.091007][ T6137] ? __pfx_netdevice_event_work_handler+0x10/0x10 [ 921.091073][ T6137] ? __pfx_process_one_work+0x10/0x10 [ 921.091114][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.091171][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.091217][ T6137] ? assign_work+0x1a0/0x250 [ 921.091259][ T6137] worker_thread+0x6c8/0xf10 [ 921.091314][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.091361][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.091405][ T6137] ? __kthread_parkme+0x19e/0x250 [ 921.091458][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.091505][ T6137] ? __pfx_worker_thread+0x10/0x10 [ 921.091546][ T6137] kthread+0x3c5/0x780 [ 921.091584][ T6137] ? __pfx_kthread+0x10/0x10 [ 921.091623][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 921.091668][ T6137] ? rcu_is_watching+0x12/0xc0 [ 921.091716][ T6137] ? __pfx_kthread+0x10/0x10 [ 921.091755][ T6137] ret_from_fork+0x5d7/0x6f0 [ 921.091812][ T6137] ? __pfx_kthread+0x10/0x10 [ 921.091850][ T6137] ret_from_fork_asm+0x1a/0x30 [ 921.091916][ T6137] [ 921.093359][ T6137] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 921.915474][ T5864] Bluetooth: hci2: command tx timeout [ 922.875574][ T3554] team0 (unregistering): Port device team_slave_1 removed [ 922.976985][ T3554] team0 (unregistering): Port device team_slave_0 removed [ 923.794706][T10718] hsr_slave_0: entered promiscuous mode [ 923.828090][T10718] hsr_slave_1: entered promiscuous mode [ 923.850284][T10718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 923.878139][T10718] Cannot create hsr debugfs directory [ 923.996859][ T5864] Bluetooth: hci2: command tx timeout [ 926.074073][ T5864] Bluetooth: hci2: command tx timeout [ 927.050633][T10858] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 927.060903][T10858] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 927.070627][T10858] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 927.213981][ T30] audit: type=1800 audit(1751952268.585:118): pid=10858 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.919" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 928.045913][ T5863] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 928.076271][ T5863] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 928.087751][ T5863] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 928.109765][ T5863] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 928.118400][ T5863] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 928.257651][T10869] netlink: 4 bytes leftover after parsing attributes in process `syz.4.922'. [ 928.525873][T10869] netlink: 4 bytes leftover after parsing attributes in process `syz.4.922'. [ 928.560986][T10873] loop5: detected capacity change from 0 to 512 [ 928.580571][T10873] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e028, mo2=0002] [ 928.589919][T10873] System zones: 1-12 [ 928.599707][T10873] EXT4-fs error (device loop5): ext4_free_branches:1020: inode #11: comm syz.5.923: invalid indirect mapped block 8 (level 2) [ 928.638351][T10873] EXT4-fs (loop5): Remounting filesystem read-only [ 928.645781][T10873] EXT4-fs (loop5): 1 truncate cleaned up [ 928.654521][T10873] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 928.818424][ T5856] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 928.964888][T10878] netlink: 8 bytes leftover after parsing attributes in process `syz.5.924'. [ 929.222867][T10892] loop0: detected capacity change from 0 to 1024 [ 929.335538][T10892] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 929.365613][ T30] audit: type=1800 audit(1751952270.895:119): pid=10892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.925" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 929.914813][T10897] loop4: detected capacity change from 0 to 40427 [ 929.996959][T10897] F2FS-fs (loop4): invalid crc value [ 930.086757][T10897] F2FS-fs (loop4): Start checkpoint disabled! [ 930.118640][T10897] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 930.155748][ T5864] Bluetooth: hci6: command tx timeout [ 931.408735][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 931.543228][T10085] kworker/u8:9: attempt to access beyond end of device [ 931.543228][T10085] loop4: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 931.609795][T10085] CPU: 1 UID: 0 PID: 10085 Comm: kworker/u8:9 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 931.609846][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 931.609870][T10085] Workqueue: writeback wb_workfn (flush-7:4) [ 931.609914][T10085] Call Trace: [ 931.609925][T10085] [ 931.609938][T10085] dump_stack_lvl+0x16c/0x1f0 [ 931.609998][T10085] f2fs_handle_critical_error+0x621/0x9f0 [ 931.610047][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.610091][T10085] ? f2fs_build_fault_attr+0x53/0x1f0 [ 931.610139][T10085] f2fs_write_end_io+0x785/0xc20 [ 931.610191][T10085] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 931.610246][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.610301][T10085] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 931.610357][T10085] bio_endio+0x70d/0x850 [ 931.610397][T10085] submit_bio_noacct+0x56d/0x1eb0 [ 931.610455][T10085] __submit_merged_bio+0x33c/0x770 [ 931.610510][T10085] __submit_merged_write_cond+0x319/0x3f0 [ 931.610572][T10085] f2fs_write_cache_pages+0x2067/0x2570 [ 931.610658][T10085] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 931.610729][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.610783][T10085] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 931.610941][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.610994][T10085] f2fs_write_data_pages+0x4ad/0xd90 [ 931.611059][T10085] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 931.611129][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.611173][T10085] ? __lock_acquire+0xb8a/0x1c90 [ 931.611234][T10085] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 931.611295][T10085] do_writepages+0x27a/0x600 [ 931.611371][T10085] ? __pfx_do_writepages+0x10/0x10 [ 931.611429][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.611474][T10085] ? reacquire_held_locks+0xcd/0x1f0 [ 931.611534][T10085] ? writeback_sb_inodes+0x3a4/0xf90 [ 931.611601][T10085] __writeback_single_inode+0x160/0xfb0 [ 931.611666][T10085] ? __pfx___writeback_single_inode+0x10/0x10 [ 931.611725][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.611769][T10085] ? do_raw_spin_unlock+0x172/0x230 [ 931.611813][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.611864][T10085] writeback_sb_inodes+0x601/0xf90 [ 931.611946][T10085] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 931.612004][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612117][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612161][T10085] ? rcu_is_watching+0x12/0xc0 [ 931.612210][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612253][T10085] ? queue_io+0x3f6/0x520 [ 931.612337][T10085] wb_writeback+0x419/0xb70 [ 931.612407][T10085] ? __pfx_wb_writeback+0x10/0x10 [ 931.612464][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612521][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612565][T10085] ? mark_held_locks+0x49/0x80 [ 931.612633][T10085] wb_workfn+0x14d/0xbe0 [ 931.612671][T10085] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 931.612729][T10085] ? __pfx_wb_workfn+0x10/0x10 [ 931.612766][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612815][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612865][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.612910][T10085] ? rcu_is_watching+0x12/0xc0 [ 931.612965][T10085] process_one_work+0x9cf/0x1b70 [ 931.613026][T10085] ? __pfx_process_one_work+0x10/0x10 [ 931.613066][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.613116][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.613160][T10085] ? assign_work+0x1a0/0x250 [ 931.613202][T10085] worker_thread+0x6c8/0xf10 [ 931.613253][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.613299][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.613350][T10085] ? __kthread_parkme+0x19e/0x250 [ 931.613403][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.613451][T10085] ? __pfx_worker_thread+0x10/0x10 [ 931.613493][T10085] kthread+0x3c5/0x780 [ 931.613529][T10085] ? __pfx_kthread+0x10/0x10 [ 931.613567][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 931.613612][T10085] ? rcu_is_watching+0x12/0xc0 [ 931.613660][T10085] ? __pfx_kthread+0x10/0x10 [ 931.613699][T10085] ret_from_fork+0x5d7/0x6f0 [ 931.613757][T10085] ? __pfx_kthread+0x10/0x10 [ 931.613794][T10085] ret_from_fork_asm+0x1a/0x30 [ 931.613864][T10085] [ 932.028813][T10085] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 932.035900][T10085] CPU: 1 UID: 0 PID: 10085 Comm: kworker/u8:9 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 932.035949][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 932.035976][T10085] Workqueue: writeback wb_workfn (flush-7:4) [ 932.036022][T10085] Call Trace: [ 932.036034][T10085] [ 932.036049][T10085] dump_stack_lvl+0x16c/0x1f0 [ 932.036114][T10085] f2fs_handle_critical_error+0x621/0x9f0 [ 932.036165][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.036212][T10085] ? f2fs_build_fault_attr+0x53/0x1f0 [ 932.036263][T10085] f2fs_write_end_io+0x785/0xc20 [ 932.036326][T10085] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 932.036384][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.036443][T10085] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 932.036493][T10085] bio_endio+0x70d/0x850 [ 932.036536][T10085] submit_bio_noacct+0x56d/0x1eb0 [ 932.036599][T10085] __submit_merged_bio+0x33c/0x770 [ 932.036658][T10085] __submit_merged_write_cond+0x319/0x3f0 [ 932.036726][T10085] f2fs_write_cache_pages+0x2067/0x2570 [ 932.036820][T10085] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 932.036886][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.036943][T10085] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 932.037124][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.037180][T10085] f2fs_write_data_pages+0x4ad/0xd90 [ 932.037251][T10085] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 932.037333][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.037379][T10085] ? __lock_acquire+0xb8a/0x1c90 [ 932.037444][T10085] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 932.037509][T10085] do_writepages+0x27a/0x600 [ 932.037580][T10085] ? __pfx_do_writepages+0x10/0x10 [ 932.037640][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.037685][T10085] ? reacquire_held_locks+0xcd/0x1f0 [ 932.037748][T10085] ? writeback_sb_inodes+0x3a4/0xf90 [ 932.037818][T10085] __writeback_single_inode+0x160/0xfb0 [ 932.037887][T10085] ? __pfx___writeback_single_inode+0x10/0x10 [ 932.037960][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.038009][T10085] ? do_raw_spin_unlock+0x172/0x230 [ 932.038053][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.038108][T10085] writeback_sb_inodes+0x601/0xf90 [ 932.038198][T10085] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 932.038259][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.038417][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.038473][T10085] ? rcu_is_watching+0x12/0xc0 [ 932.038525][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.038572][T10085] ? queue_io+0x3f6/0x520 [ 932.038633][T10085] wb_writeback+0x419/0xb70 [ 932.038709][T10085] ? __pfx_wb_writeback+0x10/0x10 [ 932.038768][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.038828][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.038874][T10085] ? mark_held_locks+0x49/0x80 [ 932.038947][T10085] wb_workfn+0x14d/0xbe0 [ 932.038988][T10085] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 932.039052][T10085] ? __pfx_wb_workfn+0x10/0x10 [ 932.039096][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039147][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039200][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039247][T10085] ? rcu_is_watching+0x12/0xc0 [ 932.039325][T10085] process_one_work+0x9cf/0x1b70 [ 932.039392][T10085] ? __pfx_process_one_work+0x10/0x10 [ 932.039436][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039497][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039542][T10085] ? assign_work+0x1a0/0x250 [ 932.039587][T10085] worker_thread+0x6c8/0xf10 [ 932.039642][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039691][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039737][T10085] ? __kthread_parkme+0x19e/0x250 [ 932.039792][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.039843][T10085] ? __pfx_worker_thread+0x10/0x10 [ 932.039885][T10085] kthread+0x3c5/0x780 [ 932.039924][T10085] ? __pfx_kthread+0x10/0x10 [ 932.039965][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.040010][T10085] ? rcu_is_watching+0x12/0xc0 [ 932.040059][T10085] ? __pfx_kthread+0x10/0x10 [ 932.040100][T10085] ret_from_fork+0x5d7/0x6f0 [ 932.040159][T10085] ? __pfx_kthread+0x10/0x10 [ 932.040198][T10085] ret_from_fork_asm+0x1a/0x30 [ 932.040271][T10085] [ 932.040286][T10085] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 932.322538][ T5864] Bluetooth: hci6: command tx timeout [ 932.352119][T10085] CPU: 1 UID: 0 PID: 10085 Comm: kworker/u8:9 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 932.352169][T10085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 932.352194][T10085] Workqueue: writeback wb_workfn (flush-7:4) [ 932.352240][T10085] Call Trace: [ 932.352251][T10085] [ 932.352265][T10085] dump_stack_lvl+0x16c/0x1f0 [ 932.352331][T10085] f2fs_handle_critical_error+0x621/0x9f0 [ 932.352378][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.352423][T10085] ? f2fs_build_fault_attr+0x53/0x1f0 [ 932.352470][T10085] f2fs_write_end_io+0x785/0xc20 [ 932.352522][T10085] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 932.352576][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.352630][T10085] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 932.352676][T10085] bio_endio+0x70d/0x850 [ 932.352716][T10085] submit_bio_noacct+0x56d/0x1eb0 [ 932.352773][T10085] __submit_merged_bio+0x33c/0x770 [ 932.352828][T10085] __submit_merged_write_cond+0x319/0x3f0 [ 932.352889][T10085] f2fs_write_cache_pages+0x2067/0x2570 [ 932.352974][T10085] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 932.353035][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.353086][T10085] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 932.353243][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.353302][T10085] f2fs_write_data_pages+0x4ad/0xd90 [ 932.353367][T10085] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 932.353435][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.353478][T10085] ? __lock_acquire+0xb8a/0x1c90 [ 932.353540][T10085] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 932.353599][T10085] do_writepages+0x27a/0x600 [ 932.353664][T10085] ? __pfx_do_writepages+0x10/0x10 [ 932.353719][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.353762][T10085] ? reacquire_held_locks+0xcd/0x1f0 [ 932.353825][T10085] ? writeback_sb_inodes+0x3a4/0xf90 [ 932.353889][T10085] __writeback_single_inode+0x160/0xfb0 [ 932.353953][T10085] ? __pfx___writeback_single_inode+0x10/0x10 [ 932.354011][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.354054][T10085] ? do_raw_spin_unlock+0x172/0x230 [ 932.354097][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.354147][T10085] writeback_sb_inodes+0x601/0xf90 [ 932.354228][T10085] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 932.354290][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.354401][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.354444][T10085] ? rcu_is_watching+0x12/0xc0 [ 932.354491][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.354534][T10085] ? queue_io+0x3f6/0x520 [ 932.354591][T10085] wb_writeback+0x419/0xb70 [ 932.354660][T10085] ? __pfx_wb_writeback+0x10/0x10 [ 932.354715][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.354771][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.354814][T10085] ? mark_held_locks+0x49/0x80 [ 932.354880][T10085] wb_workfn+0x14d/0xbe0 [ 932.354918][T10085] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 932.354974][T10085] ? __pfx_wb_workfn+0x10/0x10 [ 932.355011][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355059][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355108][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355151][T10085] ? rcu_is_watching+0x12/0xc0 [ 932.355206][T10085] process_one_work+0x9cf/0x1b70 [ 932.355267][T10085] ? __pfx_process_one_work+0x10/0x10 [ 932.355311][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355366][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355410][T10085] ? assign_work+0x1a0/0x250 [ 932.355450][T10085] worker_thread+0x6c8/0xf10 [ 932.355500][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355545][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355587][T10085] ? __kthread_parkme+0x19e/0x250 [ 932.355640][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355688][T10085] ? __pfx_worker_thread+0x10/0x10 [ 932.355728][T10085] kthread+0x3c5/0x780 [ 932.355766][T10085] ? __pfx_kthread+0x10/0x10 [ 932.355803][T10085] ? srso_alias_return_thunk+0x5/0xfbef5 [ 932.355847][T10085] ? rcu_is_watching+0x12/0xc0 [ 932.355895][T10085] ? __pfx_kthread+0x10/0x10 [ 932.355932][T10085] ret_from_fork+0x5d7/0x6f0 [ 932.355987][T10085] ? __pfx_kthread+0x10/0x10 [ 932.356024][T10085] ret_from_fork_asm+0x1a/0x30 [ 932.356089][T10085] [ 932.356153][T10085] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 933.565179][T10792] chnl_net:caif_netlink_parms(): no params data found [ 934.000422][T10921] netlink: 12 bytes leftover after parsing attributes in process `syz.5.931'. [ 934.397240][ T5864] Bluetooth: hci6: command tx timeout [ 934.564488][T10865] chnl_net:caif_netlink_parms(): no params data found [ 934.746558][T10718] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 934.815708][T10718] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 934.945146][T10932] netlink: 12 bytes leftover after parsing attributes in process `syz.4.930'. [ 935.445276][T10718] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 935.511237][T10718] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 935.870650][T10792] bridge0: port 1(bridge_slave_0) entered blocking state [ 936.181447][T10938] loop4: detected capacity change from 0 to 40427 [ 936.193781][T10792] bridge0: port 1(bridge_slave_0) entered disabled state [ 936.201935][T10792] bridge_slave_0: entered allmulticast mode [ 936.220082][T10938] F2FS-fs (loop4): invalid crc value [ 936.266023][T10792] bridge_slave_0: entered promiscuous mode [ 936.302635][T10938] F2FS-fs (loop4): Start checkpoint disabled! [ 936.320525][T10938] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 936.474207][ T5864] Bluetooth: hci6: command tx timeout [ 936.929597][T10792] bridge0: port 2(bridge_slave_1) entered blocking state [ 936.937121][T10792] bridge0: port 2(bridge_slave_1) entered disabled state [ 936.944660][T10792] bridge_slave_1: entered allmulticast mode [ 936.953449][T10792] bridge_slave_1: entered promiscuous mode [ 937.029224][ T77] kworker/u8:4: attempt to access beyond end of device [ 937.029224][ T77] loop4: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 937.174031][ T77] CPU: 1 UID: 0 PID: 77 Comm: kworker/u8:4 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 937.174082][ T77] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 937.174107][ T77] Workqueue: writeback wb_workfn (flush-7:4) [ 937.174153][ T77] Call Trace: [ 937.174163][ T77] [ 937.174177][ T77] dump_stack_lvl+0x16c/0x1f0 [ 937.174236][ T77] f2fs_handle_critical_error+0x621/0x9f0 [ 937.174284][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.174336][ T77] ? f2fs_build_fault_attr+0x53/0x1f0 [ 937.174384][ T77] f2fs_write_end_io+0x785/0xc20 [ 937.174436][ T77] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 937.174490][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.174544][ T77] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 937.174591][ T77] bio_endio+0x70d/0x850 [ 937.174630][ T77] submit_bio_noacct+0x56d/0x1eb0 [ 937.174688][ T77] __submit_merged_bio+0x33c/0x770 [ 937.174745][ T77] __submit_merged_write_cond+0x319/0x3f0 [ 937.174807][ T77] f2fs_write_cache_pages+0x2067/0x2570 [ 937.174892][ T77] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 937.174962][ T77] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 937.175122][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.175176][ T77] f2fs_write_data_pages+0x4ad/0xd90 [ 937.175242][ T77] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 937.175320][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.175365][ T77] ? __lock_acquire+0xb8a/0x1c90 [ 937.175428][ T77] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 937.175490][ T77] do_writepages+0x27a/0x600 [ 937.175562][ T77] ? __pfx_do_writepages+0x10/0x10 [ 937.175621][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.175665][ T77] ? reacquire_held_locks+0xcd/0x1f0 [ 937.175727][ T77] ? writeback_sb_inodes+0x3a4/0xf90 [ 937.175793][ T77] __writeback_single_inode+0x160/0xfb0 [ 937.175859][ T77] ? __pfx___writeback_single_inode+0x10/0x10 [ 937.175920][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.175965][ T77] ? do_raw_spin_unlock+0x172/0x230 [ 937.176009][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.176061][ T77] writeback_sb_inodes+0x601/0xf90 [ 937.176145][ T77] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 937.176203][ T77] ? __lock_acquire+0xb8a/0x1c90 [ 937.176334][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.176380][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.176438][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.176485][ T77] ? queue_io+0x3f6/0x520 [ 937.176575][ T77] wb_writeback+0x419/0xb70 [ 937.176658][ T77] ? __pfx_wb_writeback+0x10/0x10 [ 937.176717][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.176775][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.176819][ T77] ? mark_held_locks+0x49/0x80 [ 937.176888][ T77] wb_workfn+0x14d/0xbe0 [ 937.176927][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.176972][ T77] ? try_to_wake_up+0x157/0x1680 [ 937.177020][ T77] ? __pfx_wb_workfn+0x10/0x10 [ 937.177059][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.177109][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.177160][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.177205][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.177263][ T77] process_one_work+0x9cf/0x1b70 [ 937.177326][ T77] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 937.177380][ T77] ? __pfx_process_one_work+0x10/0x10 [ 937.177421][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.177478][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.177523][ T77] ? assign_work+0x1a0/0x250 [ 937.177565][ T77] worker_thread+0x6c8/0xf10 [ 937.177629][ T77] ? __pfx_worker_thread+0x10/0x10 [ 937.177670][ T77] kthread+0x3c5/0x780 [ 937.177707][ T77] ? __pfx_kthread+0x10/0x10 [ 937.177746][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.177791][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.177841][ T77] ? __pfx_kthread+0x10/0x10 [ 937.177879][ T77] ret_from_fork+0x5d7/0x6f0 [ 937.177937][ T77] ? __pfx_kthread+0x10/0x10 [ 937.177973][ T77] ret_from_fork_asm+0x1a/0x30 [ 937.178040][ T77] [ 937.178053][ T77] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 937.686264][ T77] CPU: 1 UID: 0 PID: 77 Comm: kworker/u8:4 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 937.686314][ T77] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 937.686339][ T77] Workqueue: writeback wb_workfn (flush-7:4) [ 937.686385][ T77] Call Trace: [ 937.686396][ T77] [ 937.686411][ T77] dump_stack_lvl+0x16c/0x1f0 [ 937.686471][ T77] f2fs_handle_critical_error+0x621/0x9f0 [ 937.686521][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.686566][ T77] ? f2fs_build_fault_attr+0x53/0x1f0 [ 937.686615][ T77] f2fs_write_end_io+0x785/0xc20 [ 937.686667][ T77] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 937.686721][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.686776][ T77] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 937.686823][ T77] bio_endio+0x70d/0x850 [ 937.686864][ T77] submit_bio_noacct+0x56d/0x1eb0 [ 937.686922][ T77] __submit_merged_bio+0x33c/0x770 [ 937.686977][ T77] __submit_merged_write_cond+0x319/0x3f0 [ 937.687039][ T77] f2fs_write_cache_pages+0x2067/0x2570 [ 937.687132][ T77] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 937.687203][ T77] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 937.687361][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.687414][ T77] f2fs_write_data_pages+0x4ad/0xd90 [ 937.687480][ T77] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 937.687547][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.687592][ T77] ? __lock_acquire+0xb8a/0x1c90 [ 937.687654][ T77] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 937.687715][ T77] do_writepages+0x27a/0x600 [ 937.687781][ T77] ? __pfx_do_writepages+0x10/0x10 [ 937.687838][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.687883][ T77] ? reacquire_held_locks+0xcd/0x1f0 [ 937.687943][ T77] ? writeback_sb_inodes+0x3a4/0xf90 [ 937.688009][ T77] __writeback_single_inode+0x160/0xfb0 [ 937.688079][ T77] ? __pfx___writeback_single_inode+0x10/0x10 [ 937.688139][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.688183][ T77] ? do_raw_spin_unlock+0x172/0x230 [ 937.688226][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.688277][ T77] writeback_sb_inodes+0x601/0xf90 [ 937.688360][ T77] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 937.688417][ T77] ? __lock_acquire+0xb8a/0x1c90 [ 937.688542][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.688586][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.688634][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.688678][ T77] ? queue_io+0x3f6/0x520 [ 937.688736][ T77] wb_writeback+0x419/0xb70 [ 937.688806][ T77] ? __pfx_wb_writeback+0x10/0x10 [ 937.688862][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.688919][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.688963][ T77] ? mark_held_locks+0x49/0x80 [ 937.689031][ T77] wb_workfn+0x14d/0xbe0 [ 937.689079][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.689123][ T77] ? try_to_wake_up+0x157/0x1680 [ 937.689171][ T77] ? __pfx_wb_workfn+0x10/0x10 [ 937.689209][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.689258][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.689307][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.689351][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.689407][ T77] process_one_work+0x9cf/0x1b70 [ 937.689463][ T77] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 937.689515][ T77] ? __pfx_process_one_work+0x10/0x10 [ 937.689557][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.689613][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.689656][ T77] ? assign_work+0x1a0/0x250 [ 937.689698][ T77] worker_thread+0x6c8/0xf10 [ 937.689760][ T77] ? __pfx_worker_thread+0x10/0x10 [ 937.689802][ T77] kthread+0x3c5/0x780 [ 937.689838][ T77] ? __pfx_kthread+0x10/0x10 [ 937.689877][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.689920][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.689970][ T77] ? __pfx_kthread+0x10/0x10 [ 937.690008][ T77] ret_from_fork+0x5d7/0x6f0 [ 937.690070][ T77] ? __pfx_kthread+0x10/0x10 [ 937.690107][ T77] ret_from_fork_asm+0x1a/0x30 [ 937.690173][ T77] [ 937.690186][ T77] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 937.951623][T10956] loop0: detected capacity change from 0 to 512 [ 937.961098][ T77] CPU: 1 UID: 0 PID: 77 Comm: kworker/u8:4 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 937.961149][ T77] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 937.961174][ T77] Workqueue: writeback wb_workfn (flush-7:4) [ 937.961219][ T77] Call Trace: [ 937.961231][ T77] [ 937.961244][ T77] dump_stack_lvl+0x16c/0x1f0 [ 937.961303][ T77] f2fs_handle_critical_error+0x621/0x9f0 [ 937.961352][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.961397][ T77] ? f2fs_build_fault_attr+0x53/0x1f0 [ 937.961447][ T77] f2fs_write_end_io+0x785/0xc20 [ 937.961500][ T77] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 937.961556][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.961612][ T77] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 937.961659][ T77] bio_endio+0x70d/0x850 [ 937.961700][ T77] submit_bio_noacct+0x56d/0x1eb0 [ 937.961761][ T77] __submit_merged_bio+0x33c/0x770 [ 937.961817][ T77] __submit_merged_write_cond+0x319/0x3f0 [ 937.961880][ T77] f2fs_write_cache_pages+0x2067/0x2570 [ 937.961970][ T77] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 937.962052][ T77] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 937.962229][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.962282][ T77] f2fs_write_data_pages+0x4ad/0xd90 [ 937.962349][ T77] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 937.962420][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.962463][ T77] ? __lock_acquire+0xb8a/0x1c90 [ 937.962524][ T77] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 937.962584][ T77] do_writepages+0x27a/0x600 [ 937.962651][ T77] ? __pfx_do_writepages+0x10/0x10 [ 937.962706][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.962749][ T77] ? reacquire_held_locks+0xcd/0x1f0 [ 937.962809][ T77] ? writeback_sb_inodes+0x3a4/0xf90 [ 937.962875][ T77] __writeback_single_inode+0x160/0xfb0 [ 937.962940][ T77] ? __pfx___writeback_single_inode+0x10/0x10 [ 937.962997][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.963046][ T77] ? do_raw_spin_unlock+0x172/0x230 [ 937.963090][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.963142][ T77] writeback_sb_inodes+0x601/0xf90 [ 937.963227][ T77] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 937.963283][ T77] ? __lock_acquire+0xb8a/0x1c90 [ 937.963420][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.963462][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.963509][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.963552][ T77] ? queue_io+0x3f6/0x520 [ 937.963610][ T77] wb_writeback+0x419/0xb70 [ 937.963682][ T77] ? __pfx_wb_writeback+0x10/0x10 [ 937.963736][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.963794][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.963842][ T77] ? mark_held_locks+0x49/0x80 [ 937.963910][ T77] wb_workfn+0x14d/0xbe0 [ 937.963949][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.963992][ T77] ? try_to_wake_up+0x157/0x1680 [ 937.964044][ T77] ? __pfx_wb_workfn+0x10/0x10 [ 937.964083][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.964132][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.964186][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.964228][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.964285][ T77] process_one_work+0x9cf/0x1b70 [ 937.964344][ T77] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 937.964396][ T77] ? __pfx_process_one_work+0x10/0x10 [ 937.964437][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.964493][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.964536][ T77] ? assign_work+0x1a0/0x250 [ 937.964579][ T77] worker_thread+0x6c8/0xf10 [ 937.964646][ T77] ? __pfx_worker_thread+0x10/0x10 [ 937.964687][ T77] kthread+0x3c5/0x780 [ 937.964724][ T77] ? __pfx_kthread+0x10/0x10 [ 937.964764][ T77] ? srso_alias_return_thunk+0x5/0xfbef5 [ 937.964807][ T77] ? rcu_is_watching+0x12/0xc0 [ 937.964854][ T77] ? __pfx_kthread+0x10/0x10 [ 937.964893][ T77] ret_from_fork+0x5d7/0x6f0 [ 937.964948][ T77] ? __pfx_kthread+0x10/0x10 [ 937.964986][ T77] ret_from_fork_asm+0x1a/0x30 [ 937.965071][ T77] [ 937.965230][ T77] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 938.315690][T10956] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e028, mo2=0002] [ 938.571458][T10792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 938.584353][T10956] System zones: 1-12 [ 938.651465][T10956] EXT4-fs error (device loop0): ext4_free_branches:1020: inode #11: comm syz.0.934: invalid indirect mapped block 8 (level 2) [ 938.699077][T10865] bridge0: port 1(bridge_slave_0) entered blocking state [ 938.715851][T10956] EXT4-fs (loop0): Remounting filesystem read-only [ 938.740143][T10865] bridge0: port 1(bridge_slave_0) entered disabled state [ 938.761327][T10956] EXT4-fs (loop0): 1 truncate cleaned up [ 938.775921][T10865] bridge_slave_0: entered allmulticast mode [ 938.788205][T10956] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 938.816120][T10865] bridge_slave_0: entered promiscuous mode [ 938.827276][T10865] bridge0: port 2(bridge_slave_1) entered blocking state [ 938.835039][T10865] bridge0: port 2(bridge_slave_1) entered disabled state [ 938.842557][T10865] bridge_slave_1: entered allmulticast mode [ 938.869371][T10865] bridge_slave_1: entered promiscuous mode [ 938.919372][T10792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 939.013911][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 939.325366][T10792] team0: Port device team_slave_0 added [ 939.517324][T10865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 939.608295][T10865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 939.666013][T10792] team0: Port device team_slave_1 added [ 939.984709][T10975] netlink: 12 bytes leftover after parsing attributes in process `syz.4.933'. [ 940.546068][T10792] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 940.553080][T10792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 940.670420][T10792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 940.704770][T10983] netlink: 8 bytes leftover after parsing attributes in process `syz.5.938'. [ 941.065876][T10982] loop4: detected capacity change from 0 to 40427 [ 941.092937][T10982] F2FS-fs (loop4): invalid crc value [ 941.119557][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 941.145157][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 941.196537][T10982] F2FS-fs (loop4): Start checkpoint disabled! [ 941.208385][T10982] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 942.822942][T10865] team0: Port device team_slave_0 added [ 942.833656][ T49] kworker/u8:3: attempt to access beyond end of device [ 942.833656][ T49] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 942.903445][T10792] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 942.919568][T10792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 942.924922][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 942.924968][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 942.924993][ T49] Workqueue: writeback wb_workfn (flush-7:4) [ 942.925037][ T49] Call Trace: [ 942.925048][ T49] [ 942.925061][ T49] dump_stack_lvl+0x16c/0x1f0 [ 942.925121][ T49] f2fs_handle_critical_error+0x621/0x9f0 [ 942.925170][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.925214][ T49] ? f2fs_build_fault_attr+0x53/0x1f0 [ 942.925262][ T49] f2fs_write_end_io+0x785/0xc20 [ 942.925320][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 942.925374][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.925428][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 942.925475][ T49] bio_endio+0x70d/0x850 [ 942.925514][ T49] submit_bio_noacct+0x56d/0x1eb0 [ 942.925571][ T49] __submit_merged_bio+0x33c/0x770 [ 942.925625][ T49] __submit_merged_write_cond+0x319/0x3f0 [ 942.925687][ T49] f2fs_write_cache_pages+0x2067/0x2570 [ 942.925771][ T49] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 942.925859][ T49] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 942.925912][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.926058][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.926109][ T49] f2fs_write_data_pages+0x4ad/0xd90 [ 942.926174][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 942.926243][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.926286][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 942.926351][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 942.926410][ T49] do_writepages+0x27a/0x600 [ 942.926475][ T49] ? __pfx_do_writepages+0x10/0x10 [ 942.926530][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.926572][ T49] ? reacquire_held_locks+0xcd/0x1f0 [ 942.926632][ T49] ? writeback_sb_inodes+0x3a4/0xf90 [ 942.926696][ T49] __writeback_single_inode+0x160/0xfb0 [ 942.926758][ T49] ? __pfx___writeback_single_inode+0x10/0x10 [ 942.926816][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.926859][ T49] ? do_raw_spin_unlock+0x172/0x230 [ 942.926901][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.926952][ T49] writeback_sb_inodes+0x601/0xf90 [ 942.927032][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 942.927157][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.927199][ T49] ? rcu_is_watching+0x12/0xc0 [ 942.927246][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.927289][ T49] ? queue_io+0x3f6/0x520 [ 942.927351][ T49] wb_writeback+0x419/0xb70 [ 942.927419][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 942.927473][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.927530][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.927572][ T49] ? mark_held_locks+0x49/0x80 [ 942.927639][ T49] wb_workfn+0x14d/0xbe0 [ 942.927677][ T49] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 942.927732][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 942.927770][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.927818][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.927867][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.927910][ T49] ? rcu_is_watching+0x12/0xc0 [ 942.927965][ T49] process_one_work+0x9cf/0x1b70 [ 942.928024][ T49] ? __pfx_process_one_work+0x10/0x10 [ 942.928065][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.928120][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.928163][ T49] ? assign_work+0x1a0/0x250 [ 942.928204][ T49] worker_thread+0x6c8/0xf10 [ 942.928266][ T49] ? __pfx_worker_thread+0x10/0x10 [ 942.928310][ T49] kthread+0x3c5/0x780 [ 942.928347][ T49] ? __pfx_kthread+0x10/0x10 [ 942.928385][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 942.928427][ T49] ? rcu_is_watching+0x12/0xc0 [ 942.928475][ T49] ? __pfx_kthread+0x10/0x10 [ 942.928512][ T49] ret_from_fork+0x5d7/0x6f0 [ 942.928567][ T49] ? __pfx_kthread+0x10/0x10 [ 942.928603][ T49] ret_from_fork_asm+0x1a/0x30 [ 942.928668][ T49] [ 942.928681][ T49] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 942.946456][T10792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 943.023329][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 943.023378][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 943.023403][ T49] Workqueue: writeback wb_workfn (flush-7:4) [ 943.023447][ T49] Call Trace: [ 943.023459][ T49] [ 943.023473][ T49] dump_stack_lvl+0x16c/0x1f0 [ 943.023533][ T49] f2fs_handle_critical_error+0x621/0x9f0 [ 943.023582][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.023627][ T49] ? f2fs_build_fault_attr+0x53/0x1f0 [ 943.023677][ T49] f2fs_write_end_io+0x785/0xc20 [ 943.023730][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 943.023786][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.023846][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 943.023894][ T49] bio_endio+0x70d/0x850 [ 943.023935][ T49] submit_bio_noacct+0x56d/0x1eb0 [ 943.023996][ T49] __submit_merged_bio+0x33c/0x770 [ 943.024052][ T49] __submit_merged_write_cond+0x319/0x3f0 [ 943.024116][ T49] f2fs_write_cache_pages+0x2067/0x2570 [ 943.024207][ T49] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 943.024281][ T49] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 943.024337][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.024503][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.024557][ T49] f2fs_write_data_pages+0x4ad/0xd90 [ 943.024623][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 943.024695][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.024738][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 943.024800][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 943.024860][ T49] do_writepages+0x27a/0x600 [ 943.024928][ T49] ? __pfx_do_writepages+0x10/0x10 [ 943.024984][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.025026][ T49] ? reacquire_held_locks+0xcd/0x1f0 [ 943.025086][ T49] ? writeback_sb_inodes+0x3a4/0xf90 [ 943.025152][ T49] __writeback_single_inode+0x160/0xfb0 [ 943.025217][ T49] ? __pfx___writeback_single_inode+0x10/0x10 [ 943.025275][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.025324][ T49] ? do_raw_spin_unlock+0x172/0x230 [ 943.025367][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.025420][ T49] writeback_sb_inodes+0x601/0xf90 [ 943.025506][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 943.025645][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.025689][ T49] ? rcu_is_watching+0x12/0xc0 [ 943.025736][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.025779][ T49] ? queue_io+0x3f6/0x520 [ 943.025853][ T49] wb_writeback+0x419/0xb70 [ 943.025924][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 943.025979][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026039][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026081][ T49] ? mark_held_locks+0x49/0x80 [ 943.026149][ T49] wb_workfn+0x14d/0xbe0 [ 943.026190][ T49] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 943.026246][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 943.026285][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026340][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026391][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026434][ T49] ? rcu_is_watching+0x12/0xc0 [ 943.026491][ T49] process_one_work+0x9cf/0x1b70 [ 943.026555][ T49] ? __pfx_process_one_work+0x10/0x10 [ 943.026596][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026654][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026697][ T49] ? assign_work+0x1a0/0x250 [ 943.026740][ T49] worker_thread+0x6c8/0xf10 [ 943.026807][ T49] ? __pfx_worker_thread+0x10/0x10 [ 943.026848][ T49] kthread+0x3c5/0x780 [ 943.026885][ T49] ? __pfx_kthread+0x10/0x10 [ 943.026924][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 943.026967][ T49] ? rcu_is_watching+0x12/0xc0 [ 943.027016][ T49] ? __pfx_kthread+0x10/0x10 [ 943.027056][ T49] ret_from_fork+0x5d7/0x6f0 [ 943.027112][ T49] ? __pfx_kthread+0x10/0x10 [ 943.027150][ T49] ret_from_fork_asm+0x1a/0x30 [ 943.027220][ T49] [ 943.036365][ T49] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 943.736213][T10996] loop5: detected capacity change from 0 to 40427 [ 943.762497][T10996] F2FS-fs (loop5): invalid crc value [ 943.941511][T10996] F2FS-fs (loop5): Start checkpoint disabled! [ 943.966385][T10996] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 944.052667][T10865] team0: Port device team_slave_1 added [ 944.917879][T11002] loop0: detected capacity change from 0 to 40427 [ 944.950280][T11002] F2FS-fs (loop0): invalid crc value [ 945.033188][T11002] F2FS-fs (loop0): Start checkpoint disabled! [ 945.052947][T11002] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 945.595719][ T49] kworker/u8:3: attempt to access beyond end of device [ 945.595719][ T49] loop5: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 945.634090][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 945.634143][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 945.634168][ T49] Workqueue: writeback wb_workfn (flush-7:5) [ 945.634213][ T49] Call Trace: [ 945.634225][ T49] [ 945.634238][ T49] dump_stack_lvl+0x16c/0x1f0 [ 945.634300][ T49] f2fs_handle_critical_error+0x621/0x9f0 [ 945.634358][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.634403][ T49] ? f2fs_build_fault_attr+0x53/0x1f0 [ 945.634452][ T49] f2fs_write_end_io+0x785/0xc20 [ 945.634505][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 945.634559][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.634614][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 945.634662][ T49] bio_endio+0x70d/0x850 [ 945.634702][ T49] submit_bio_noacct+0x56d/0x1eb0 [ 945.634761][ T49] __submit_merged_bio+0x33c/0x770 [ 945.634816][ T49] __submit_merged_write_cond+0x319/0x3f0 [ 945.634880][ T49] f2fs_write_cache_pages+0x2067/0x2570 [ 945.634967][ T49] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 945.635041][ T49] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 945.635200][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.635254][ T49] f2fs_write_data_pages+0x4ad/0xd90 [ 945.635326][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 945.635396][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.635442][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 945.635505][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 945.635570][ T49] do_writepages+0x27a/0x600 [ 945.635639][ T49] ? __pfx_do_writepages+0x10/0x10 [ 945.635696][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.635741][ T49] ? reacquire_held_locks+0xcd/0x1f0 [ 945.635802][ T49] ? writeback_sb_inodes+0x3a4/0xf90 [ 945.635871][ T49] __writeback_single_inode+0x160/0xfb0 [ 945.635938][ T49] ? __pfx___writeback_single_inode+0x10/0x10 [ 945.635998][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.636043][ T49] ? do_raw_spin_unlock+0x172/0x230 [ 945.636088][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.636140][ T49] writeback_sb_inodes+0x601/0xf90 [ 945.636223][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 945.636281][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 945.636416][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.636461][ T49] ? rcu_is_watching+0x12/0xc0 [ 945.636509][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.636554][ T49] ? queue_io+0x3f6/0x520 [ 945.636612][ T49] wb_writeback+0x419/0xb70 [ 945.636682][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 945.636740][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.636797][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.636842][ T49] ? mark_held_locks+0x49/0x80 [ 945.636912][ T49] wb_workfn+0x14d/0xbe0 [ 945.636951][ T49] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 945.637010][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 945.637048][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.637096][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.637147][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.637192][ T49] ? rcu_is_watching+0x12/0xc0 [ 945.637249][ T49] process_one_work+0x9cf/0x1b70 [ 945.637310][ T49] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 945.637363][ T49] ? __pfx_process_one_work+0x10/0x10 [ 945.637405][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.637462][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.637507][ T49] ? assign_work+0x1a0/0x250 [ 945.637548][ T49] worker_thread+0x6c8/0xf10 [ 945.637610][ T49] ? __pfx_worker_thread+0x10/0x10 [ 945.637651][ T49] kthread+0x3c5/0x780 [ 945.637689][ T49] ? __pfx_kthread+0x10/0x10 [ 945.637727][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 945.637771][ T49] ? rcu_is_watching+0x12/0xc0 [ 945.637821][ T49] ? __pfx_kthread+0x10/0x10 [ 945.637860][ T49] ret_from_fork+0x5d7/0x6f0 [ 945.637918][ T49] ? __pfx_kthread+0x10/0x10 [ 945.637956][ T49] ret_from_fork_asm+0x1a/0x30 [ 945.638023][ T49] [ 945.638046][ T49] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 946.049755][ T49] CPU: 1 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 946.049807][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 946.049833][ T49] Workqueue: writeback wb_workfn (flush-7:5) [ 946.049880][ T49] Call Trace: [ 946.049892][ T49] [ 946.049907][ T49] dump_stack_lvl+0x16c/0x1f0 [ 946.049969][ T49] f2fs_handle_critical_error+0x621/0x9f0 [ 946.050020][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.050076][ T49] ? f2fs_build_fault_attr+0x53/0x1f0 [ 946.050129][ T49] f2fs_write_end_io+0x785/0xc20 [ 946.050184][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 946.050243][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.050302][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 946.050351][ T49] bio_endio+0x70d/0x850 [ 946.050393][ T49] submit_bio_noacct+0x56d/0x1eb0 [ 946.050455][ T49] __submit_merged_bio+0x33c/0x770 [ 946.050513][ T49] __submit_merged_write_cond+0x319/0x3f0 [ 946.050585][ T49] f2fs_write_cache_pages+0x2067/0x2570 [ 946.050678][ T49] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 946.050753][ T49] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 946.050932][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.050989][ T49] f2fs_write_data_pages+0x4ad/0xd90 [ 946.051065][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.051139][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.051184][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 946.051248][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.051311][ T49] do_writepages+0x27a/0x600 [ 946.051380][ T49] ? __pfx_do_writepages+0x10/0x10 [ 946.051439][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.051484][ T49] ? reacquire_held_locks+0xcd/0x1f0 [ 946.051547][ T49] ? writeback_sb_inodes+0x3a4/0xf90 [ 946.051616][ T49] __writeback_single_inode+0x160/0xfb0 [ 946.051684][ T49] ? __pfx___writeback_single_inode+0x10/0x10 [ 946.051746][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.051791][ T49] ? do_raw_spin_unlock+0x172/0x230 [ 946.051835][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.051889][ T49] writeback_sb_inodes+0x601/0xf90 [ 946.051978][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 946.052038][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 946.052185][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.052231][ T49] ? rcu_is_watching+0x12/0xc0 [ 946.052281][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.052325][ T49] ? queue_io+0x3f6/0x520 [ 946.052386][ T49] wb_writeback+0x419/0xb70 [ 946.052460][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 946.052518][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.052579][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.052624][ T49] ? mark_held_locks+0x49/0x80 [ 946.052695][ T49] wb_workfn+0x14d/0xbe0 [ 946.052736][ T49] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 946.052796][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 946.052836][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.052888][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.052940][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.052985][ T49] ? rcu_is_watching+0x12/0xc0 [ 946.053044][ T49] process_one_work+0x9cf/0x1b70 [ 946.053112][ T49] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 946.053167][ T49] ? __pfx_process_one_work+0x10/0x10 [ 946.053210][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.053269][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.053314][ T49] ? assign_work+0x1a0/0x250 [ 946.053358][ T49] worker_thread+0x6c8/0xf10 [ 946.053427][ T49] ? __pfx_worker_thread+0x10/0x10 [ 946.053469][ T49] kthread+0x3c5/0x780 [ 946.053507][ T49] ? __pfx_kthread+0x10/0x10 [ 946.053546][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.053592][ T49] ? rcu_is_watching+0x12/0xc0 [ 946.053641][ T49] ? __pfx_kthread+0x10/0x10 [ 946.053682][ T49] ret_from_fork+0x5d7/0x6f0 [ 946.053739][ T49] ? __pfx_kthread+0x10/0x10 [ 946.053778][ T49] ret_from_fork_asm+0x1a/0x30 [ 946.053851][ T49] [ 946.452400][ T49] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 946.459532][ T49] CPU: 0 UID: 0 PID: 49 Comm: kworker/u8:3 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 946.459576][ T49] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 946.459601][ T49] Workqueue: writeback wb_workfn (flush-7:5) [ 946.459643][ T49] Call Trace: [ 946.459654][ T49] [ 946.459667][ T49] dump_stack_lvl+0x16c/0x1f0 [ 946.459725][ T49] f2fs_handle_critical_error+0x621/0x9f0 [ 946.459773][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.459817][ T49] ? f2fs_build_fault_attr+0x53/0x1f0 [ 946.459863][ T49] f2fs_write_end_io+0x785/0xc20 [ 946.459913][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 946.459966][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.460019][ T49] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 946.460072][ T49] bio_endio+0x70d/0x850 [ 946.460111][ T49] submit_bio_noacct+0x56d/0x1eb0 [ 946.460167][ T49] __submit_merged_bio+0x33c/0x770 [ 946.460221][ T49] __submit_merged_write_cond+0x319/0x3f0 [ 946.460282][ T49] f2fs_write_cache_pages+0x2067/0x2570 [ 946.460364][ T49] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 946.460433][ T49] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 946.460586][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.460637][ T49] f2fs_write_data_pages+0x4ad/0xd90 [ 946.460700][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.460768][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.460810][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 946.460870][ T49] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.460928][ T49] do_writepages+0x27a/0x600 [ 946.460992][ T49] ? __pfx_do_writepages+0x10/0x10 [ 946.461047][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.461095][ T49] ? reacquire_held_locks+0xcd/0x1f0 [ 946.461152][ T49] ? writeback_sb_inodes+0x3a4/0xf90 [ 946.461215][ T49] __writeback_single_inode+0x160/0xfb0 [ 946.461277][ T49] ? __pfx___writeback_single_inode+0x10/0x10 [ 946.461333][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.461375][ T49] ? do_raw_spin_unlock+0x172/0x230 [ 946.461416][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.461465][ T49] writeback_sb_inodes+0x601/0xf90 [ 946.461549][ T49] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 946.461603][ T49] ? __lock_acquire+0xb8a/0x1c90 [ 946.461723][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.461765][ T49] ? rcu_is_watching+0x12/0xc0 [ 946.461810][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.461852][ T49] ? queue_io+0x3f6/0x520 [ 946.461907][ T49] wb_writeback+0x419/0xb70 [ 946.461973][ T49] ? __pfx_wb_writeback+0x10/0x10 [ 946.462027][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462089][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462131][ T49] ? mark_held_locks+0x49/0x80 [ 946.462195][ T49] wb_workfn+0x14d/0xbe0 [ 946.462231][ T49] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 946.462286][ T49] ? __pfx_wb_workfn+0x10/0x10 [ 946.462321][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462367][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462415][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462456][ T49] ? rcu_is_watching+0x12/0xc0 [ 946.462510][ T49] process_one_work+0x9cf/0x1b70 [ 946.462563][ T49] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 946.462614][ T49] ? __pfx_process_one_work+0x10/0x10 [ 946.462652][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462706][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462747][ T49] ? assign_work+0x1a0/0x250 [ 946.462787][ T49] worker_thread+0x6c8/0xf10 [ 946.462847][ T49] ? __pfx_worker_thread+0x10/0x10 [ 946.462886][ T49] kthread+0x3c5/0x780 [ 946.462921][ T49] ? __pfx_kthread+0x10/0x10 [ 946.462958][ T49] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.462999][ T49] ? rcu_is_watching+0x12/0xc0 [ 946.463046][ T49] ? __pfx_kthread+0x10/0x10 [ 946.463094][ T49] ret_from_fork+0x5d7/0x6f0 [ 946.463147][ T49] ? __pfx_kthread+0x10/0x10 [ 946.463182][ T49] ret_from_fork_asm+0x1a/0x30 [ 946.463244][ T49] [ 946.468164][ T6137] kworker/u8:13: attempt to access beyond end of device [ 946.468164][ T6137] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 946.489554][ T49] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 946.492631][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: kworker/u8:13 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 946.492678][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 946.492702][ T6137] Workqueue: writeback wb_workfn (flush-7:0) [ 946.492746][ T6137] Call Trace: [ 946.492758][ T6137] [ 946.492771][ T6137] dump_stack_lvl+0x16c/0x1f0 [ 946.492831][ T6137] f2fs_handle_critical_error+0x621/0x9f0 [ 946.492879][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.492923][ T6137] ? f2fs_build_fault_attr+0x53/0x1f0 [ 946.492971][ T6137] f2fs_write_end_io+0x785/0xc20 [ 946.493023][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 946.493077][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.493131][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 946.493179][ T6137] bio_endio+0x70d/0x850 [ 946.493218][ T6137] submit_bio_noacct+0x56d/0x1eb0 [ 946.493275][ T6137] __submit_merged_bio+0x33c/0x770 [ 946.493338][ T6137] __submit_merged_write_cond+0x319/0x3f0 [ 946.493399][ T6137] f2fs_write_cache_pages+0x2067/0x2570 [ 946.493483][ T6137] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 946.493544][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.493596][ T6137] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 946.493753][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.493808][ T6137] f2fs_write_data_pages+0x4ad/0xd90 [ 946.493872][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.493941][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.493984][ T6137] ? __lock_acquire+0xb8a/0x1c90 [ 946.494045][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 946.494104][ T6137] do_writepages+0x27a/0x600 [ 946.494169][ T6137] ? __pfx_do_writepages+0x10/0x10 [ 946.494225][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.494268][ T6137] ? reacquire_held_locks+0xcd/0x1f0 [ 946.494333][ T6137] ? writeback_sb_inodes+0x3a4/0xf90 [ 946.494399][ T6137] __writeback_single_inode+0x160/0xfb0 [ 946.494462][ T6137] ? __pfx___writeback_single_inode+0x10/0x10 [ 946.494519][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.494563][ T6137] ? do_raw_spin_unlock+0x172/0x230 [ 946.494605][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.494656][ T6137] writeback_sb_inodes+0x601/0xf90 [ 946.494736][ T6137] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 946.494793][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.494903][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.494946][ T6137] ? rcu_is_watching+0x12/0xc0 [ 946.494993][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495036][ T6137] ? queue_io+0x3f6/0x520 [ 946.495093][ T6137] wb_writeback+0x419/0xb70 [ 946.495159][ T6137] ? __pfx_wb_writeback+0x10/0x10 [ 946.495215][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495272][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495327][ T6137] ? mark_held_locks+0x49/0x80 [ 946.495395][ T6137] wb_workfn+0x14d/0xbe0 [ 946.495433][ T6137] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 946.495489][ T6137] ? __pfx_wb_workfn+0x10/0x10 [ 946.495526][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495574][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495624][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495667][ T6137] ? rcu_is_watching+0x12/0xc0 [ 946.495723][ T6137] process_one_work+0x9cf/0x1b70 [ 946.495783][ T6137] ? __pfx_process_one_work+0x10/0x10 [ 946.495823][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495878][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.495920][ T6137] ? assign_work+0x1a0/0x250 [ 946.495961][ T6137] worker_thread+0x6c8/0xf10 [ 946.496010][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.496056][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.496098][ T6137] ? __kthread_parkme+0x19e/0x250 [ 946.496150][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.496197][ T6137] ? __pfx_worker_thread+0x10/0x10 [ 946.496237][ T6137] kthread+0x3c5/0x780 [ 946.496273][ T6137] ? __pfx_kthread+0x10/0x10 [ 946.496316][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 946.496359][ T6137] ? rcu_is_watching+0x12/0xc0 [ 946.496406][ T6137] ? __pfx_kthread+0x10/0x10 [ 946.496444][ T6137] ret_from_fork+0x5d7/0x6f0 [ 946.496499][ T6137] ? __pfx_kthread+0x10/0x10 [ 946.496536][ T6137] ret_from_fork_asm+0x1a/0x30 [ 946.496600][ T6137] [ 946.497021][ T6137] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 947.293068][ T6137] CPU: 1 UID: 0 PID: 6137 Comm: kworker/u8:13 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 947.293117][ T6137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 947.293142][ T6137] Workqueue: writeback wb_workfn (flush-7:0) [ 947.293184][ T6137] Call Trace: [ 947.293196][ T6137] [ 947.293209][ T6137] dump_stack_lvl+0x16c/0x1f0 [ 947.293269][ T6137] f2fs_handle_critical_error+0x621/0x9f0 [ 947.293317][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.293360][ T6137] ? f2fs_build_fault_attr+0x53/0x1f0 [ 947.293409][ T6137] f2fs_write_end_io+0x785/0xc20 [ 947.293463][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 947.293518][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.293573][ T6137] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 947.293620][ T6137] bio_endio+0x70d/0x850 [ 947.293659][ T6137] submit_bio_noacct+0x56d/0x1eb0 [ 947.293718][ T6137] __submit_merged_bio+0x33c/0x770 [ 947.293779][ T6137] __submit_merged_write_cond+0x319/0x3f0 [ 947.293848][ T6137] f2fs_write_cache_pages+0x2067/0x2570 [ 947.293940][ T6137] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 947.294004][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.294067][ T6137] ? __pfx_f2fs_sync_meta_pages+0x10/0x10 [ 947.294238][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.294291][ T6137] f2fs_write_data_pages+0x4ad/0xd90 [ 947.294357][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 947.294426][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.294471][ T6137] ? __lock_acquire+0xb8a/0x1c90 [ 947.294532][ T6137] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 947.294591][ T6137] do_writepages+0x27a/0x600 [ 947.294658][ T6137] ? __pfx_do_writepages+0x10/0x10 [ 947.294715][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.294758][ T6137] ? reacquire_held_locks+0xcd/0x1f0 [ 947.294817][ T6137] ? writeback_sb_inodes+0x3a4/0xf90 [ 947.294884][ T6137] __writeback_single_inode+0x160/0xfb0 [ 947.294950][ T6137] ? __pfx___writeback_single_inode+0x10/0x10 [ 947.295010][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.295060][ T6137] ? do_raw_spin_unlock+0x172/0x230 [ 947.295105][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.295158][ T6137] writeback_sb_inodes+0x601/0xf90 [ 947.295246][ T6137] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 947.295304][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.295429][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.295473][ T6137] ? rcu_is_watching+0x12/0xc0 [ 947.295521][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.295570][ T6137] ? queue_io+0x3f6/0x520 [ 947.295629][ T6137] wb_writeback+0x419/0xb70 [ 947.295701][ T6137] ? __pfx_wb_writeback+0x10/0x10 [ 947.295756][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.295815][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.295859][ T6137] ? mark_held_locks+0x49/0x80 [ 947.295927][ T6137] wb_workfn+0x14d/0xbe0 [ 947.295968][ T6137] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 947.296026][ T6137] ? __pfx_wb_workfn+0x10/0x10 [ 947.296081][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296132][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296182][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296226][ T6137] ? rcu_is_watching+0x12/0xc0 [ 947.296284][ T6137] process_one_work+0x9cf/0x1b70 [ 947.296347][ T6137] ? __pfx_process_one_work+0x10/0x10 [ 947.296388][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296450][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296494][ T6137] ? assign_work+0x1a0/0x250 [ 947.296537][ T6137] worker_thread+0x6c8/0xf10 [ 947.296591][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296637][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296681][ T6137] ? __kthread_parkme+0x19e/0x250 [ 947.296733][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296781][ T6137] ? __pfx_worker_thread+0x10/0x10 [ 947.296821][ T6137] kthread+0x3c5/0x780 [ 947.296859][ T6137] ? __pfx_kthread+0x10/0x10 [ 947.296898][ T6137] ? srso_alias_return_thunk+0x5/0xfbef5 [ 947.296941][ T6137] ? rcu_is_watching+0x12/0xc0 [ 947.296991][ T6137] ? __pfx_kthread+0x10/0x10 [ 947.297029][ T6137] ret_from_fork+0x5d7/0x6f0 [ 947.297092][ T6137] ? __pfx_kthread+0x10/0x10 [ 947.297130][ T6137] ret_from_fork_asm+0x1a/0x30 [ 947.297201][ T6137] [ 947.299985][T10865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 947.308008][ T6137] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 947.760115][T10865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 947.789124][T10865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 947.826936][T11009] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 947.829815][T10865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 947.836562][T11009] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 947.836607][T11009] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 947.862412][ T30] audit: type=1800 audit(1751952289.365:120): pid=11009 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.939" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 947.892975][T10865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 947.924599][T10865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 947.952768][T10792] hsr_slave_0: entered promiscuous mode [ 947.961726][T10792] hsr_slave_1: entered promiscuous mode [ 947.968884][T10792] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 947.977043][T10792] Cannot create hsr debugfs directory [ 948.530222][T10865] hsr_slave_0: entered promiscuous mode [ 948.555216][T10865] hsr_slave_1: entered promiscuous mode [ 948.562097][T10865] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 948.594072][T10865] Cannot create hsr debugfs directory [ 949.573641][T11028] netlink: 12 bytes leftover after parsing attributes in process `syz.0.943'. [ 950.011633][T11033] loop5: detected capacity change from 0 to 512 [ 950.241874][T11033] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e028, mo2=0002] [ 950.276327][T11033] System zones: 1-12 [ 950.331840][T11033] EXT4-fs error (device loop5): ext4_get_branch:178: inode #11: block 33261: comm syz.5.945: invalid block [ 950.396072][T11033] EXT4-fs (loop5): Remounting filesystem read-only [ 950.435659][T11033] EXT4-fs (loop5): 1 truncate cleaned up [ 950.444457][T10718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 950.453668][ T3554] bridge_slave_1: left allmulticast mode [ 950.462029][ T3554] bridge_slave_1: left promiscuous mode [ 950.470769][T11033] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 950.486168][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.527646][ T3554] bridge_slave_0: left allmulticast mode [ 950.533343][ T3554] bridge_slave_0: left promiscuous mode [ 950.550509][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 950.638957][ T3554] bridge_slave_1: left allmulticast mode [ 950.653422][ T5856] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 950.686155][ T3554] bridge_slave_1: left promiscuous mode [ 950.724093][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 950.746362][ T3554] bridge_slave_0: left allmulticast mode [ 950.788540][ T3554] bridge_slave_0: left promiscuous mode [ 950.830788][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.336783][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 951.363222][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 951.410174][ T3554] bond0 (unregistering): Released all slaves [ 951.841127][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.5.947'. [ 953.382387][T11049] netlink: 12 bytes leftover after parsing attributes in process `syz.4.948'. [ 953.405949][T11050] netlink: 8 bytes leftover after parsing attributes in process `syz.0.949'. [ 953.555019][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 953.601319][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 953.859184][ T3554] bond0 (unregistering): Released all slaves [ 954.271643][T11061] netlink: 4 bytes leftover after parsing attributes in process `syz.0.951'. [ 954.414186][T11063] netlink: 4 bytes leftover after parsing attributes in process `syz.0.951'. [ 954.576951][ T3554] hsr_slave_0: left promiscuous mode [ 954.592391][ T3554] hsr_slave_1: left promiscuous mode [ 954.634683][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 954.664528][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 954.756433][ T3554] hsr_slave_0: left promiscuous mode [ 954.773998][ T3554] hsr_slave_1: left promiscuous mode [ 954.780502][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 954.809690][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 955.520651][ T3554] team0 (unregistering): Port device team_slave_1 removed [ 955.705536][ T3554] team0 (unregistering): Port device team_slave_0 removed [ 955.844167][T11077] loop4: detected capacity change from 0 to 1024 [ 956.023002][T11077] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 956.052864][ T30] audit: type=1800 audit(1751952297.585:121): pid=11077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.952" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 956.709110][T11084] netlink: 4 bytes leftover after parsing attributes in process `syz.5.953'. [ 956.932763][T11087] netlink: 4 bytes leftover after parsing attributes in process `syz.5.953'. [ 957.942343][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 958.090247][ T3554] team0 (unregistering): Port device team_slave_1 removed [ 958.161322][T11090] netlink: 12 bytes leftover after parsing attributes in process `syz.4.954'. [ 958.175729][ T3554] team0 (unregistering): Port device team_slave_0 removed [ 959.286099][T11094] netlink: 12 bytes leftover after parsing attributes in process `syz.0.955'. [ 959.668034][T10718] 8021q: adding VLAN 0 to HW filter on device team0 [ 959.760683][ T6031] bridge0: port 1(bridge_slave_0) entered blocking state [ 959.767967][ T6031] bridge0: port 1(bridge_slave_0) entered forwarding state [ 959.910806][T11099] netlink: 12 bytes leftover after parsing attributes in process `syz.4.956'. [ 960.588175][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 960.595418][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 961.934976][T10718] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 961.946652][T10718] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 963.134164][T11122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.960'. [ 963.536326][T11130] netlink: 4 bytes leftover after parsing attributes in process `syz.0.960'. [ 964.378024][T10718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 964.535542][T11141] netlink: 4 bytes leftover after parsing attributes in process `syz.4.962'. [ 964.695229][T11146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.963'. [ 964.813023][T11148] netlink: 12 bytes leftover after parsing attributes in process `syz.5.964'. [ 964.832713][T11145] netlink: 4 bytes leftover after parsing attributes in process `syz.4.962'. [ 965.547816][T11154] netlink: 12 bytes leftover after parsing attributes in process `syz.4.965'. [ 965.750120][T10792] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 965.826766][T10792] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 966.037603][T10792] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 966.144581][T10792] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 966.460957][T10865] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 966.521293][T10865] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 966.610196][T10865] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 966.631358][T10865] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 967.244520][T10792] 8021q: adding VLAN 0 to HW filter on device bond0 [ 967.373229][T10792] 8021q: adding VLAN 0 to HW filter on device team0 [ 967.431121][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state [ 967.438380][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 967.830153][T11189] netlink: 12 bytes leftover after parsing attributes in process `syz.5.967'. [ 968.414538][ T6031] bridge0: port 2(bridge_slave_1) entered blocking state [ 968.421806][ T6031] bridge0: port 2(bridge_slave_1) entered forwarding state [ 969.474391][T10865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 971.437800][T11203] netlink: 12 bytes leftover after parsing attributes in process `syz.5.970'. [ 971.901920][T10865] 8021q: adding VLAN 0 to HW filter on device team0 [ 972.648202][ T1034] bridge0: port 1(bridge_slave_0) entered blocking state [ 972.655491][ T1034] bridge0: port 1(bridge_slave_0) entered forwarding state [ 972.756507][T11217] netlink: 12 bytes leftover after parsing attributes in process `syz.4.972'. [ 973.324507][ T5863] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 973.339374][ T5863] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 973.347599][ T5863] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 973.368085][ T5863] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 973.397834][ T5863] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 973.863695][ T1034] bridge0: port 2(bridge_slave_1) entered blocking state [ 973.870982][ T1034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 975.064396][ T3554] bridge_slave_1: left allmulticast mode [ 975.070108][ T3554] bridge_slave_1: left promiscuous mode [ 975.115582][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 975.180759][ T3554] bridge_slave_0: left allmulticast mode [ 975.193266][ T3554] bridge_slave_0: left promiscuous mode [ 975.219233][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 975.443066][ T5864] Bluetooth: hci1: command tx timeout [ 977.539440][ T5864] Bluetooth: hci1: command tx timeout [ 979.587922][ T5863] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 979.605392][ T5863] Bluetooth: hci1: command tx timeout [ 979.611033][ T5863] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 979.625575][ T5863] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 979.640332][ T5863] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 979.665095][ T5863] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 979.747108][T11273] netlink: 8 bytes leftover after parsing attributes in process `syz.5.981'. [ 979.831207][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 979.845906][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 979.876166][ T3554] bond0 (unregistering): Released all slaves [ 981.709774][ T5863] Bluetooth: hci1: command tx timeout [ 981.742882][ T3554] hsr_slave_0: left promiscuous mode [ 981.754286][ T3554] hsr_slave_1: left promiscuous mode [ 981.764377][ T5863] Bluetooth: hci2: command tx timeout [ 981.767470][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 982.734818][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 984.074538][ T5863] Bluetooth: hci2: command tx timeout [ 985.544007][ T3554] team0 (unregistering): Port device team_slave_1 removed [ 985.601615][ T3554] team0 (unregistering): Port device team_slave_0 removed [ 985.961443][T11220] chnl_net:caif_netlink_parms(): no params data found [ 986.163939][ T5863] Bluetooth: hci2: command tx timeout [ 986.359414][T11220] bridge0: port 1(bridge_slave_0) entered blocking state [ 986.423975][T11220] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.431311][T11220] bridge_slave_0: entered allmulticast mode [ 986.537234][T11220] bridge_slave_0: entered promiscuous mode [ 986.577413][T11220] bridge0: port 2(bridge_slave_1) entered blocking state [ 986.624095][T11220] bridge0: port 2(bridge_slave_1) entered disabled state [ 986.631443][T11220] bridge_slave_1: entered allmulticast mode [ 986.683554][T11220] bridge_slave_1: entered promiscuous mode [ 987.927596][T11338] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 987.930240][T11220] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 987.937799][T11338] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 987.953873][ T30] audit: type=1800 audit(1751952329.465:122): pid=11338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.989" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 987.955996][T11338] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 988.151667][T11220] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 988.235442][ T5863] Bluetooth: hci2: command tx timeout [ 990.002714][ T5864] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 990.013636][ T5864] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 990.024904][ T5864] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 990.036368][ T5864] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 990.047715][ T5864] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 990.640093][T11361] netlink: 8 bytes leftover after parsing attributes in process `syz.5.993'. [ 990.767057][T11220] team0: Port device team_slave_0 added [ 990.877412][T11220] team0: Port device team_slave_1 added [ 992.014916][T11220] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 992.043769][T11220] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 992.074316][ T5864] Bluetooth: hci5: command tx timeout [ 992.105060][T11220] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 994.167434][ T5864] Bluetooth: hci5: command tx timeout [ 994.209928][T11220] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 994.222616][T11220] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 994.284845][T11220] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 994.431869][T11269] chnl_net:caif_netlink_parms(): no params data found [ 996.280993][ T5864] Bluetooth: hci5: command tx timeout [ 996.966806][T11220] hsr_slave_0: entered promiscuous mode [ 997.014016][T11220] hsr_slave_1: entered promiscuous mode [ 997.083644][T11220] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 997.888866][T11220] Cannot create hsr debugfs directory [ 997.994020][ T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 998.017260][T11421] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1004'. [ 998.324148][ T5864] Bluetooth: hci5: command tx timeout [ 998.366142][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 998.399318][ T10] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 998.496330][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 998.549193][ T10] usb 1-1: Product: syz [ 998.553450][ T10] usb 1-1: Manufacturer: syz [ 998.594330][ T10] usb 1-1: SerialNumber: syz [ 998.648735][ T10] usb 1-1: config 0 descriptor?? [ 998.678287][ T10] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 998.729379][T11269] bridge0: port 1(bridge_slave_0) entered blocking state [ 998.751716][T11269] bridge0: port 1(bridge_slave_0) entered disabled state [ 998.765243][T11269] bridge_slave_0: entered allmulticast mode [ 998.777979][T11269] bridge_slave_0: entered promiscuous mode [ 998.831791][T11269] bridge0: port 2(bridge_slave_1) entered blocking state [ 998.864396][T11269] bridge0: port 2(bridge_slave_1) entered disabled state [ 998.880058][T11269] bridge_slave_1: entered allmulticast mode [ 998.905092][T11269] bridge_slave_1: entered promiscuous mode [ 998.934833][T11354] chnl_net:caif_netlink_parms(): no params data found [ 999.074274][T11056] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 999.244519][T11056] usb 5-1: Using ep0 maxpacket: 8 [ 999.261832][T11056] usb 5-1: config 0 has an invalid interface number: 151 but max is 1 [ 999.270683][T11269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 999.282402][T11056] usb 5-1: config 0 has no interface number 1 [ 999.309731][T11269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 999.313127][T11056] usb 5-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 999.345933][T11056] usb 5-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83 [ 999.368214][T11056] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024 [ 999.401896][T11056] usb 5-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 999.473035][T11056] usb 5-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 999.533902][T11056] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC9, changing to 0x89 [ 999.577933][T11056] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 999.622026][T11056] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 999.688259][T11056] usb 5-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7 [ 999.723833][T11056] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 999.731897][T11056] usb 5-1: Product: syz [ 999.785159][T11056] usb 5-1: Manufacturer: syz [ 999.789853][T11056] usb 5-1: SerialNumber: syz [ 999.825319][T11056] usb 5-1: config 0 descriptor?? [ 999.831662][T11438] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 999.892290][T11056] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 999.996482][T11056] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1000.150860][ T10] gspca_ov534_9: reg_r err -71 [ 1000.222441][T11269] team0: Port device team_slave_0 added [ 1000.285733][T11269] team0: Port device team_slave_1 added [ 1000.384242][T11056] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -12 [ 1000.411119][T11056] usb 5-1: USB disconnect, device number 2 [ 1000.434035][ T10] gspca_ov534_9: Unknown sensor 0000 [ 1000.434159][ T10] ov534_9 1-1:0.0: probe with driver ov534_9 failed with error -22 [ 1000.503357][ T10] usb 1-1: USB disconnect, device number 2 [ 1000.684987][T11471] udevd[11471]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1000.774438][T11354] bridge0: port 1(bridge_slave_0) entered blocking state [ 1000.782409][T11354] bridge0: port 1(bridge_slave_0) entered disabled state [ 1000.802923][T11354] bridge_slave_0: entered allmulticast mode [ 1000.829166][T11354] bridge_slave_0: entered promiscuous mode [ 1000.840558][T11354] bridge0: port 2(bridge_slave_1) entered blocking state [ 1000.851024][T11354] bridge0: port 2(bridge_slave_1) entered disabled state [ 1000.874577][T11354] bridge_slave_1: entered allmulticast mode [ 1000.897652][T11354] bridge_slave_1: entered promiscuous mode [ 1001.136736][T11269] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1001.153666][T11269] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1001.182533][T11269] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1001.336555][T11269] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1001.343573][T11269] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1001.373876][ T5921] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1001.383524][T11269] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1001.403712][T11354] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1001.417773][T11354] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1001.524256][ T5921] usb 5-1: Using ep0 maxpacket: 8 [ 1001.538718][ T5921] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1001.567898][ T5921] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1001.589686][ T5864] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201' [ 1001.601660][ T5864] CPU: 0 UID: 0 PID: 5864 Comm: kworker/u9:8 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 1001.601710][ T5864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1001.601736][ T5864] Workqueue: hci4 hci_rx_work [ 1001.601771][ T5864] Call Trace: [ 1001.601783][ T5864] [ 1001.601796][ T5864] dump_stack_lvl+0x16c/0x1f0 [ 1001.601858][ T5864] sysfs_warn_dup+0x7f/0xa0 [ 1001.601904][ T5864] sysfs_create_dir_ns+0x24b/0x2b0 [ 1001.601949][ T5864] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1001.601993][ T5864] ? find_held_lock+0x2b/0x80 [ 1001.602049][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.602100][ T5864] ? do_raw_spin_unlock+0x172/0x230 [ 1001.602148][ T5864] kobject_add_internal+0x2c4/0x9b0 [ 1001.602194][ T5864] kobject_add+0x16e/0x240 [ 1001.602230][ T5864] ? __pfx_kobject_add+0x10/0x10 [ 1001.602269][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.602314][ T5864] ? do_raw_spin_unlock+0x172/0x230 [ 1001.602358][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.602402][ T5864] ? kobject_put+0xab/0x5a0 [ 1001.602465][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.602521][ T5864] device_add+0x288/0x1a70 [ 1001.602560][ T5864] ? __pfx_dev_set_name+0x10/0x10 [ 1001.602606][ T5864] ? __pfx_device_add+0x10/0x10 [ 1001.602644][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.602693][ T5864] ? mgmt_send_event_skb+0x2fb/0x460 [ 1001.602765][ T5864] hci_conn_add_sysfs+0x17e/0x230 [ 1001.602804][ T5864] le_conn_complete_evt+0x1075/0x1d70 [ 1001.602873][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.602919][ T5864] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1001.602975][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.603028][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.603080][ T5864] hci_le_conn_complete_evt+0x23c/0x370 [ 1001.603189][ T5864] hci_le_meta_evt+0x357/0x5e0 [ 1001.603251][ T5864] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1001.603315][ T5864] hci_event_packet+0x685/0x11c0 [ 1001.603373][ T5864] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1001.603438][ T5864] ? __pfx_hci_event_packet+0x10/0x10 [ 1001.603496][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.603545][ T5864] ? kcov_remote_start+0x3c9/0x6d0 [ 1001.603587][ T5864] ? lockdep_hardirqs_on+0x7c/0x110 [ 1001.603642][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.603699][ T5864] hci_rx_work+0x2c5/0x16b0 [ 1001.603735][ T5864] ? rcu_is_watching+0x12/0xc0 [ 1001.603792][ T5864] process_one_work+0x9cf/0x1b70 [ 1001.603853][ T5864] ? __pfx_process_one_work+0x10/0x10 [ 1001.603895][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.603952][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.603997][ T5864] ? assign_work+0x1a0/0x250 [ 1001.604039][ T5864] worker_thread+0x6c8/0xf10 [ 1001.604108][ T5864] ? __pfx_worker_thread+0x10/0x10 [ 1001.604149][ T5864] kthread+0x3c5/0x780 [ 1001.604187][ T5864] ? __pfx_kthread+0x10/0x10 [ 1001.604225][ T5864] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1001.604270][ T5864] ? rcu_is_watching+0x12/0xc0 [ 1001.604320][ T5864] ? __pfx_kthread+0x10/0x10 [ 1001.604358][ T5864] ret_from_fork+0x5d7/0x6f0 [ 1001.604415][ T5864] ? __pfx_kthread+0x10/0x10 [ 1001.604453][ T5864] ret_from_fork_asm+0x1a/0x30 [ 1001.604520][ T5864] [ 1001.911648][ T5864] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 1001.926884][ T5864] Bluetooth: hci4: failed to register connection device [ 1001.939059][ T5921] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1001.949390][ T5921] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1001.962983][ T5921] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1001.972665][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1002.057761][T11354] team0: Port device team_slave_0 added [ 1002.108855][T11354] team0: Port device team_slave_1 added [ 1002.202012][ T5921] usb 5-1: GET_CAPABILITIES returned 0 [ 1002.207712][ T5921] usbtmc 5-1:16.0: can't read capabilities [ 1002.357460][T11269] hsr_slave_0: entered promiscuous mode [ 1002.400123][T11269] hsr_slave_1: entered promiscuous mode [ 1002.411388][T11269] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1002.420184][ T5921] usb 5-1: USB disconnect, device number 3 [ 1002.446286][T11269] Cannot create hsr debugfs directory [ 1002.528045][T11354] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1002.568298][T11354] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1002.599388][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1002.606436][ T1296] ieee802154 phy1 wpan1: encryption failed: -22 [ 1002.634543][T11354] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1002.760812][T11354] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1002.781110][T11354] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1002.853928][T11354] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1003.113567][T11354] hsr_slave_0: entered promiscuous mode [ 1003.136828][T11354] hsr_slave_1: entered promiscuous mode [ 1003.143409][T11354] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1003.183894][T11354] Cannot create hsr debugfs directory [ 1003.434032][ T8066] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1003.584155][ T3554] bridge_slave_1: left allmulticast mode [ 1003.589880][ T3554] bridge_slave_1: left promiscuous mode [ 1003.610181][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 1003.621004][ T3554] bridge_slave_0: left allmulticast mode [ 1003.627374][ T8066] usb 5-1: Using ep0 maxpacket: 32 [ 1003.632711][ T3554] bridge_slave_0: left promiscuous mode [ 1003.641995][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 1003.653534][ T8066] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 1003.666121][ T8066] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1003.678397][ T8066] usb 5-1: Product: syz [ 1003.682653][ T8066] usb 5-1: Manufacturer: syz [ 1003.689966][ T8066] usb 5-1: SerialNumber: syz [ 1003.816363][ T8066] usb 5-1: config 0 descriptor?? [ 1003.858719][ T3554] bridge_slave_1: left allmulticast mode [ 1003.971071][ T3554] bridge_slave_1: left promiscuous mode [ 1004.084103][ T3554] bridge0: port 2(bridge_slave_1) entered disabled state [ 1004.119977][ T8066] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 1004.429426][ T3554] bridge_slave_0: left allmulticast mode [ 1004.446222][ T3554] bridge_slave_0: left promiscuous mode [ 1004.462478][ T3554] bridge0: port 1(bridge_slave_0) entered disabled state [ 1004.747846][T11498] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1015'. [ 1004.848047][ T5992] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 1005.022215][ T5992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1005.041911][ T5992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1005.051817][ T5992] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 1005.072362][ T5992] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 1005.082394][ T5992] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1005.092264][ T5992] usb 6-1: Product: syz [ 1005.096705][ T5992] usb 6-1: Manufacturer: syz [ 1005.101400][ T5992] usb 6-1: SerialNumber: syz [ 1005.123271][ T5992] usb 6-1: config 0 descriptor?? [ 1005.164536][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1005.178206][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1005.190115][ T3554] bond0 (unregistering): Released all slaves [ 1005.400391][ T5992] adutux 6-1:0.0: ADU208 now attached to /dev/usb/adutux0 [ 1005.435321][ T5992] usb 6-1: USB disconnect, device number 3 [ 1005.615623][ T3554] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1005.632576][ T3554] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1005.650458][ T3554] bond0 (unregistering): Released all slaves [ 1005.674578][ T8066] gspca_ov534_9: reg_r err -71 [ 1005.841395][T11220] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1006.053388][ T3554] hsr_slave_0: left promiscuous mode [ 1006.075405][ T3554] hsr_slave_1: left promiscuous mode [ 1006.095022][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1006.122774][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1006.163762][ T3554] hsr_slave_0: left promiscuous mode [ 1006.184039][ T8066] gspca_ov534_9: Unknown sensor 0000 [ 1006.184153][ T8066] ov534_9 5-1:0.0: probe with driver ov534_9 failed with error -22 [ 1006.198946][ T3554] hsr_slave_1: left promiscuous mode [ 1006.218807][ T8066] usb 5-1: USB disconnect, device number 4 [ 1006.245171][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1006.273811][ T3554] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1007.860061][ T3554] team0 (unregistering): Port device team_slave_1 removed [ 1007.992038][ T3554] team0 (unregistering): Port device team_slave_0 removed [ 1008.079997][ T30] audit: type=1326 audit(1751952349.615:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11515 comm="syz.5.1020" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4f56b8e929 code=0x0 [ 1009.556486][ T5856] ================================================================== [ 1009.564638][ T5856] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x1d4/0x200 [ 1009.573893][ T5856] Read of size 8 at addr ffff888063841558 by task syz-executor/5856 [ 1009.581947][ T5856] [ 1009.584317][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 1009.584372][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1009.584390][ T5856] Call Trace: [ 1009.584400][ T5856] [ 1009.584412][ T5856] dump_stack_lvl+0x116/0x1f0 [ 1009.584459][ T5856] print_report+0xcd/0x680 [ 1009.584493][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1009.584528][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1009.584562][ T5856] ? __phys_addr+0xe8/0x180 [ 1009.584597][ T5856] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 1009.584627][ T5856] kasan_report+0xe0/0x110 [ 1009.584662][ T5856] ? __list_del_entry_valid_or_report+0x1d4/0x200 [ 1009.584696][ T5856] __list_del_entry_valid_or_report+0x1d4/0x200 [ 1009.584726][ T5856] bt_accept_unlink+0x34/0x2e0 [ 1009.584769][ T5856] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 1009.584802][ T5856] l2cap_chan_del+0xbd/0x8f0 [ 1009.584838][ T5856] l2cap_conn_del+0x37a/0x730 [ 1009.584875][ T5856] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 1009.584908][ T5856] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1009.584943][ T5856] l2cap_disconn_cfm+0x96/0xd0 [ 1009.584979][ T5856] hci_conn_hash_flush+0x10e/0x260 [ 1009.585012][ T5856] hci_dev_close_sync+0x602/0x11d0 [ 1009.585045][ T5856] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 1009.585073][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1009.585109][ T5856] ? up_write+0x1b2/0x520 [ 1009.585142][ T5856] hci_dev_do_close+0x2e/0x90 [ 1009.585170][ T5856] hci_unregister_dev+0x227/0x640 [ 1009.585200][ T5856] ? __pfx_vhci_release+0x10/0x10 [ 1009.585241][ T5856] vhci_release+0x79/0xf0 [ 1009.585282][ T5856] __fput+0x402/0xb70 [ 1009.585326][ T5856] task_work_run+0x150/0x240 [ 1009.585362][ T5856] ? __pfx_task_work_run+0x10/0x10 [ 1009.585391][ T5856] ? switch_task_namespaces+0xeb/0x100 [ 1009.585435][ T5856] do_exit+0x86c/0x2bd0 [ 1009.585479][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1009.585512][ T5856] ? do_raw_spin_lock+0x12c/0x2b0 [ 1009.585546][ T5856] ? __pfx_do_exit+0x10/0x10 [ 1009.585588][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1009.585622][ T5856] ? rcu_is_watching+0x12/0xc0 [ 1009.585661][ T5856] do_group_exit+0xd3/0x2a0 [ 1009.585705][ T5856] __x64_sys_exit_group+0x3e/0x50 [ 1009.585749][ T5856] x64_sys_call+0x1530/0x1730 [ 1009.585780][ T5856] do_syscall_64+0xcd/0x4c0 [ 1009.585825][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.585854][ T5856] RIP: 0033:0x7f4f56b8e929 [ 1009.585889][ T5856] Code: Unable to access opcode bytes at 0x7f4f56b8e8ff. [ 1009.585903][ T5856] RSP: 002b:00007ffc346fb458 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1009.585929][ T5856] RAX: ffffffffffffffda RBX: 00007f4f56c10931 RCX: 00007f4f56b8e929 [ 1009.585948][ T5856] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1009.585965][ T5856] RBP: 0000000000000059 R08: 00007ffc346f91f6 R09: 00007ffc346fc710 [ 1009.585984][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc346fc710 [ 1009.586001][ T5856] R13: 00007f4f56c10925 R14: 00000000000f6503 R15: 00007ffc34701ba0 [ 1009.586030][ T5856] [ 1009.586039][ T5856] [ 1009.878998][ T5856] Allocated by task 11475: [ 1009.883418][ T5856] kasan_save_stack+0x33/0x60 [ 1009.888128][ T5856] kasan_save_track+0x14/0x30 [ 1009.892840][ T5856] __kasan_kmalloc+0xaa/0xb0 [ 1009.897453][ T5856] __kmalloc_noprof+0x223/0x510 [ 1009.902325][ T5856] sk_prot_alloc+0x1a8/0x2a0 [ 1009.906940][ T5856] sk_alloc+0x36/0xc20 [ 1009.911038][ T5856] bt_sock_alloc+0x3b/0x3a0 [ 1009.915597][ T5856] l2cap_sock_alloc.constprop.0+0x33/0x1d0 [ 1009.921418][ T5856] l2cap_sock_create+0x123/0x1f0 [ 1009.926402][ T5856] bt_sock_create+0x185/0x350 [ 1009.931112][ T5856] __sock_create+0x338/0x8d0 [ 1009.935720][ T5856] __sys_socket+0x14d/0x260 [ 1009.940244][ T5856] __x64_sys_socket+0x72/0xb0 [ 1009.944973][ T5856] do_syscall_64+0xcd/0x4c0 [ 1009.949516][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1009.955432][ T5856] [ 1009.957757][ T5856] Freed by task 11475: [ 1009.961913][ T5856] kasan_save_stack+0x33/0x60 [ 1009.966614][ T5856] kasan_save_track+0x14/0x30 [ 1009.971316][ T5856] kasan_save_free_info+0x3b/0x60 [ 1009.976385][ T5856] __kasan_slab_free+0x51/0x70 [ 1009.981175][ T5856] kfree+0x2b4/0x4d0 [ 1009.985085][ T5856] __sk_destruct+0x740/0x980 [ 1009.989705][ T5856] sk_destruct+0xc2/0xf0 [ 1009.993977][ T5856] __sk_free+0xf4/0x3e0 [ 1009.998169][ T5856] sk_free+0x6a/0x90 [ 1010.002098][ T5856] l2cap_sock_kill+0x171/0x2d0 [ 1010.006889][ T5856] l2cap_sock_release+0x189/0x210 [ 1010.011947][ T5856] __sock_release+0xb3/0x270 [ 1010.016584][ T5856] sock_close+0x1c/0x30 [ 1010.020782][ T5856] __fput+0x402/0xb70 [ 1010.024800][ T5856] task_work_run+0x150/0x240 [ 1010.029413][ T5856] get_signal+0x1d1/0x26d0 [ 1010.033860][ T5856] arch_do_signal_or_restart+0x8f/0x7d0 [ 1010.039445][ T5856] exit_to_user_mode_loop+0x84/0x110 [ 1010.044761][ T5856] do_syscall_64+0x3f6/0x4c0 [ 1010.049403][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.055343][ T5856] [ 1010.057671][ T5856] The buggy address belongs to the object at ffff888063841000 [ 1010.057671][ T5856] which belongs to the cache kmalloc-2k of size 2048 [ 1010.071753][ T5856] The buggy address is located 1368 bytes inside of [ 1010.071753][ T5856] freed 2048-byte region [ffff888063841000, ffff888063841800) [ 1010.085755][ T5856] [ 1010.088087][ T5856] The buggy address belongs to the physical page: [ 1010.094508][ T5856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63840 [ 1010.103382][ T5856] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1010.111911][ T5856] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1010.119481][ T5856] page_type: f5(slab) [ 1010.123517][ T5856] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 1010.132151][ T5856] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1010.140772][ T5856] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 1010.149480][ T5856] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1010.158221][ T5856] head: 00fff00000000003 ffffea00018e1001 00000000ffffffff 00000000ffffffff [ 1010.166918][ T5856] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1010.175598][ T5856] page dumped because: kasan: bad access detected [ 1010.182016][ T5856] page_owner tracks the page as allocated [ 1010.187743][ T5856] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6139, tgid 6139 (kworker/u8:14), ts 731712959935, free_ts 731656859152 [ 1010.208813][ T5856] post_alloc_hook+0x1c0/0x230 [ 1010.213646][ T5856] get_page_from_freelist+0x1321/0x3890 [ 1010.219233][ T5856] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1010.225166][ T5856] alloc_pages_mpol+0x1fb/0x550 [ 1010.230051][ T5856] new_slab+0x23b/0x330 [ 1010.234248][ T5856] ___slab_alloc+0xd9c/0x1940 [ 1010.238984][ T5856] __slab_alloc.constprop.0+0x56/0xb0 [ 1010.244409][ T5856] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 1010.250859][ T5856] kmalloc_reserve+0xef/0x2c0 [ 1010.255565][ T5856] __alloc_skb+0x166/0x380 [ 1010.260037][ T5856] inet6_ifinfo_notify+0x77/0x150 [ 1010.265097][ T5856] addrconf_notify+0x81a/0x19e0 [ 1010.270069][ T5856] notifier_call_chain+0xbc/0x410 [ 1010.275137][ T5856] call_netdevice_notifiers_info+0xbe/0x140 [ 1010.281064][ T5856] netif_state_change+0x165/0x3b0 [ 1010.286123][ T5856] linkwatch_do_dev+0x12b/0x160 [ 1010.291001][ T5856] page last free pid 9697 tgid 9697 stack trace: [ 1010.297343][ T5856] __free_frozen_pages+0x7fe/0x1180 [ 1010.302633][ T5856] qlist_free_all+0x4d/0x120 [ 1010.307257][ T5856] kasan_quarantine_reduce+0x195/0x1e0 [ 1010.312748][ T5856] __kasan_slab_alloc+0x69/0x90 [ 1010.317633][ T5856] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1010.323128][ T5856] vm_area_dup+0x27/0x8d0 [ 1010.327489][ T5856] __split_vma+0x18e/0x1070 [ 1010.332018][ T5856] vms_gather_munmap_vmas+0x392/0x1310 [ 1010.337507][ T5856] __mmap_region+0x3c7/0x25e0 [ 1010.342215][ T5856] mmap_region+0x1ab/0x3f0 [ 1010.346667][ T5856] do_mmap+0xa3e/0x1210 [ 1010.350904][ T5856] vm_mmap_pgoff+0x281/0x450 [ 1010.355537][ T5856] ksys_mmap_pgoff+0x32c/0x5c0 [ 1010.360349][ T5856] __x64_sys_mmap+0x125/0x190 [ 1010.365075][ T5856] do_syscall_64+0xcd/0x4c0 [ 1010.369621][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.375551][ T5856] [ 1010.377882][ T5856] Memory state around the buggy address: [ 1010.383531][ T5856] ffff888063841400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1010.391624][ T5856] ffff888063841480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1010.399717][ T5856] >ffff888063841500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1010.407810][ T5856] ^ [ 1010.414763][ T5856] ffff888063841580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1010.422841][ T5856] ffff888063841600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1010.430913][ T5856] ================================================================== [ 1010.442388][ T5856] Disabling lock debugging due to kernel taint [ 1010.448634][ T5856] ================================================================== [ 1010.456720][ T5856] BUG: KASAN: slab-use-after-free in __list_del_entry_valid_or_report+0x1e1/0x200 [ 1010.465958][ T5856] Read of size 8 at addr ffff888063841560 by task syz-executor/5856 [ 1010.473970][ T5856] [ 1010.476321][ T5856] CPU: 0 UID: 0 PID: 5856 Comm: syz-executor Tainted: G B 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 1010.476382][ T5856] Tainted: [B]=BAD_PAGE [ 1010.476395][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1010.476418][ T5856] Call Trace: [ 1010.476430][ T5856] [ 1010.476443][ T5856] dump_stack_lvl+0x116/0x1f0 [ 1010.476504][ T5856] print_report+0xcd/0x680 [ 1010.476548][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1010.476594][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1010.476639][ T5856] ? __phys_addr+0xe8/0x180 [ 1010.476685][ T5856] ? __list_del_entry_valid_or_report+0x1e1/0x200 [ 1010.476724][ T5856] kasan_report+0xe0/0x110 [ 1010.476771][ T5856] ? __list_del_entry_valid_or_report+0x1e1/0x200 [ 1010.476816][ T5856] __list_del_entry_valid_or_report+0x1e1/0x200 [ 1010.476856][ T5856] bt_accept_unlink+0x34/0x2e0 [ 1010.476913][ T5856] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 1010.476955][ T5856] l2cap_chan_del+0xbd/0x8f0 [ 1010.477004][ T5856] l2cap_conn_del+0x37a/0x730 [ 1010.477052][ T5856] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 1010.477095][ T5856] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1010.477144][ T5856] l2cap_disconn_cfm+0x96/0xd0 [ 1010.477191][ T5856] hci_conn_hash_flush+0x10e/0x260 [ 1010.477236][ T5856] hci_dev_close_sync+0x602/0x11d0 [ 1010.477279][ T5856] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 1010.477318][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1010.477368][ T5856] ? up_write+0x1b2/0x520 [ 1010.477412][ T5856] hci_dev_do_close+0x2e/0x90 [ 1010.477448][ T5856] hci_unregister_dev+0x227/0x640 [ 1010.477487][ T5856] ? __pfx_vhci_release+0x10/0x10 [ 1010.477537][ T5856] vhci_release+0x79/0xf0 [ 1010.477591][ T5856] __fput+0x402/0xb70 [ 1010.477650][ T5856] task_work_run+0x150/0x240 [ 1010.477691][ T5856] ? __pfx_task_work_run+0x10/0x10 [ 1010.477729][ T5856] ? switch_task_namespaces+0xeb/0x100 [ 1010.477789][ T5856] do_exit+0x86c/0x2bd0 [ 1010.477847][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1010.477905][ T5856] ? do_raw_spin_lock+0x12c/0x2b0 [ 1010.477947][ T5856] ? __pfx_do_exit+0x10/0x10 [ 1010.478000][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1010.478045][ T5856] ? rcu_is_watching+0x12/0xc0 [ 1010.478097][ T5856] do_group_exit+0xd3/0x2a0 [ 1010.478155][ T5856] __x64_sys_exit_group+0x3e/0x50 [ 1010.478213][ T5856] x64_sys_call+0x1530/0x1730 [ 1010.478254][ T5856] do_syscall_64+0xcd/0x4c0 [ 1010.478315][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.478357][ T5856] RIP: 0033:0x7f4f56b8e929 [ 1010.478384][ T5856] Code: Unable to access opcode bytes at 0x7f4f56b8e8ff. [ 1010.478402][ T5856] RSP: 002b:00007ffc346fb458 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1010.478437][ T5856] RAX: ffffffffffffffda RBX: 00007f4f56c10931 RCX: 00007f4f56b8e929 [ 1010.478463][ T5856] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1010.478486][ T5856] RBP: 0000000000000059 R08: 00007ffc346f91f6 R09: 00007ffc346fc710 [ 1010.478510][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc346fc710 [ 1010.478534][ T5856] R13: 00007f4f56c10925 R14: 00000000000f6503 R15: 00007ffc34701ba0 [ 1010.478570][ T5856] [ 1010.478582][ T5856] [ 1010.777709][ T5856] Allocated by task 11475: [ 1010.782153][ T5856] kasan_save_stack+0x33/0x60 [ 1010.786882][ T5856] kasan_save_track+0x14/0x30 [ 1010.791588][ T5856] __kasan_kmalloc+0xaa/0xb0 [ 1010.796201][ T5856] __kmalloc_noprof+0x223/0x510 [ 1010.801089][ T5856] sk_prot_alloc+0x1a8/0x2a0 [ 1010.805704][ T5856] sk_alloc+0x36/0xc20 [ 1010.809808][ T5856] bt_sock_alloc+0x3b/0x3a0 [ 1010.814357][ T5856] l2cap_sock_alloc.constprop.0+0x33/0x1d0 [ 1010.820198][ T5856] l2cap_sock_create+0x123/0x1f0 [ 1010.825167][ T5856] bt_sock_create+0x185/0x350 [ 1010.829878][ T5856] __sock_create+0x338/0x8d0 [ 1010.834497][ T5856] __sys_socket+0x14d/0x260 [ 1010.839031][ T5856] __x64_sys_socket+0x72/0xb0 [ 1010.843738][ T5856] do_syscall_64+0xcd/0x4c0 [ 1010.848285][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.854236][ T5856] [ 1010.856563][ T5856] Freed by task 11475: [ 1010.860659][ T5856] kasan_save_stack+0x33/0x60 [ 1010.865366][ T5856] kasan_save_track+0x14/0x30 [ 1010.870095][ T5856] kasan_save_free_info+0x3b/0x60 [ 1010.875181][ T5856] __kasan_slab_free+0x51/0x70 [ 1010.880145][ T5856] kfree+0x2b4/0x4d0 [ 1010.884174][ T5856] __sk_destruct+0x740/0x980 [ 1010.888797][ T5856] sk_destruct+0xc2/0xf0 [ 1010.893071][ T5856] __sk_free+0xf4/0x3e0 [ 1010.897262][ T5856] sk_free+0x6a/0x90 [ 1010.901193][ T5856] l2cap_sock_kill+0x171/0x2d0 [ 1010.905985][ T5856] l2cap_sock_release+0x189/0x210 [ 1010.911033][ T5856] __sock_release+0xb3/0x270 [ 1010.915669][ T5856] sock_close+0x1c/0x30 [ 1010.919869][ T5856] __fput+0x402/0xb70 [ 1010.923888][ T5856] task_work_run+0x150/0x240 [ 1010.928511][ T5856] get_signal+0x1d1/0x26d0 [ 1010.932961][ T5856] arch_do_signal_or_restart+0x8f/0x7d0 [ 1010.938544][ T5856] exit_to_user_mode_loop+0x84/0x110 [ 1010.943863][ T5856] do_syscall_64+0x3f6/0x4c0 [ 1010.948497][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.954413][ T5856] [ 1010.956742][ T5856] The buggy address belongs to the object at ffff888063841000 [ 1010.956742][ T5856] which belongs to the cache kmalloc-2k of size 2048 [ 1010.970820][ T5856] The buggy address is located 1376 bytes inside of [ 1010.970820][ T5856] freed 2048-byte region [ffff888063841000, ffff888063841800) [ 1010.984822][ T5856] [ 1010.987157][ T5856] The buggy address belongs to the physical page: [ 1010.993567][ T5856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63840 [ 1011.002358][ T5856] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1011.010880][ T5856] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1011.018461][ T5856] page_type: f5(slab) [ 1011.022468][ T5856] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 1011.031087][ T5856] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1011.039712][ T5856] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 1011.048415][ T5856] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1011.057201][ T5856] head: 00fff00000000003 ffffea00018e1001 00000000ffffffff 00000000ffffffff [ 1011.065919][ T5856] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1011.074603][ T5856] page dumped because: kasan: bad access detected [ 1011.081026][ T5856] page_owner tracks the page as allocated [ 1011.086748][ T5856] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6139, tgid 6139 (kworker/u8:14), ts 731712959935, free_ts 731656859152 [ 1011.107811][ T5856] post_alloc_hook+0x1c0/0x230 [ 1011.112604][ T5856] get_page_from_freelist+0x1321/0x3890 [ 1011.118180][ T5856] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1011.124108][ T5856] alloc_pages_mpol+0x1fb/0x550 [ 1011.128997][ T5856] new_slab+0x23b/0x330 [ 1011.133195][ T5856] ___slab_alloc+0xd9c/0x1940 [ 1011.138001][ T5856] __slab_alloc.constprop.0+0x56/0xb0 [ 1011.143414][ T5856] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 1011.149856][ T5856] kmalloc_reserve+0xef/0x2c0 [ 1011.154553][ T5856] __alloc_skb+0x166/0x380 [ 1011.159005][ T5856] inet6_ifinfo_notify+0x77/0x150 [ 1011.164091][ T5856] addrconf_notify+0x81a/0x19e0 [ 1011.168975][ T5856] notifier_call_chain+0xbc/0x410 [ 1011.174034][ T5856] call_netdevice_notifiers_info+0xbe/0x140 [ 1011.179964][ T5856] netif_state_change+0x165/0x3b0 [ 1011.185008][ T5856] linkwatch_do_dev+0x12b/0x160 [ 1011.189882][ T5856] page last free pid 9697 tgid 9697 stack trace: [ 1011.196220][ T5856] __free_frozen_pages+0x7fe/0x1180 [ 1011.201472][ T5856] qlist_free_all+0x4d/0x120 [ 1011.206085][ T5856] kasan_quarantine_reduce+0x195/0x1e0 [ 1011.211568][ T5856] __kasan_slab_alloc+0x69/0x90 [ 1011.216448][ T5856] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1011.221933][ T5856] vm_area_dup+0x27/0x8d0 [ 1011.226280][ T5856] __split_vma+0x18e/0x1070 [ 1011.230810][ T5856] vms_gather_munmap_vmas+0x392/0x1310 [ 1011.236295][ T5856] __mmap_region+0x3c7/0x25e0 [ 1011.241006][ T5856] mmap_region+0x1ab/0x3f0 [ 1011.245444][ T5856] do_mmap+0xa3e/0x1210 [ 1011.249634][ T5856] vm_mmap_pgoff+0x281/0x450 [ 1011.254257][ T5856] ksys_mmap_pgoff+0x32c/0x5c0 [ 1011.259060][ T5856] __x64_sys_mmap+0x125/0x190 [ 1011.263779][ T5856] do_syscall_64+0xcd/0x4c0 [ 1011.268330][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1011.274251][ T5856] [ 1011.276578][ T5856] Memory state around the buggy address: [ 1011.282217][ T5856] ffff888063841400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1011.290297][ T5856] ffff888063841480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1011.298388][ T5856] >ffff888063841500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1011.306463][ T5856] ^ [ 1011.313669][ T5856] ffff888063841580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1011.321752][ T5856] ffff888063841600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1011.329831][ T5856] ================================================================== [ 1011.402798][ T5856] ================================================================== [ 1011.410936][ T5856] BUG: KASAN: slab-use-after-free in bt_accept_unlink+0x2c5/0x2e0 [ 1011.418803][ T5856] Write of size 8 at addr ffff888063841560 by task syz-executor/5856 [ 1011.426905][ T5856] [ 1011.429256][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor Tainted: G B 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 1011.429312][ T5856] Tainted: [B]=BAD_PAGE [ 1011.429326][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1011.429347][ T5856] Call Trace: [ 1011.429357][ T5856] [ 1011.429369][ T5856] dump_stack_lvl+0x116/0x1f0 [ 1011.429429][ T5856] print_report+0xcd/0x680 [ 1011.429473][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1011.429520][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1011.429565][ T5856] ? __phys_addr+0xe8/0x180 [ 1011.429612][ T5856] ? bt_accept_unlink+0x2c5/0x2e0 [ 1011.429667][ T5856] kasan_report+0xe0/0x110 [ 1011.429714][ T5856] ? bt_accept_unlink+0x2c5/0x2e0 [ 1011.429774][ T5856] bt_accept_unlink+0x2c5/0x2e0 [ 1011.429830][ T5856] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 1011.429873][ T5856] l2cap_chan_del+0xbd/0x8f0 [ 1011.429922][ T5856] l2cap_conn_del+0x37a/0x730 [ 1011.429970][ T5856] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 1011.430012][ T5856] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1011.430059][ T5856] l2cap_disconn_cfm+0x96/0xd0 [ 1011.430117][ T5856] hci_conn_hash_flush+0x10e/0x260 [ 1011.430162][ T5856] hci_dev_close_sync+0x602/0x11d0 [ 1011.430204][ T5856] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 1011.430243][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1011.430288][ T5856] ? up_write+0x1b2/0x520 [ 1011.430336][ T5856] hci_dev_do_close+0x2e/0x90 [ 1011.430460][ T5856] hci_unregister_dev+0x227/0x640 [ 1011.430510][ T5856] ? __pfx_vhci_release+0x10/0x10 [ 1011.430577][ T5856] vhci_release+0x79/0xf0 [ 1011.430644][ T5856] __fput+0x402/0xb70 [ 1011.430713][ T5856] task_work_run+0x150/0x240 [ 1011.430763][ T5856] ? __pfx_task_work_run+0x10/0x10 [ 1011.430809][ T5856] ? switch_task_namespaces+0xeb/0x100 [ 1011.430881][ T5856] do_exit+0x86c/0x2bd0 [ 1011.430952][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1011.431007][ T5856] ? do_raw_spin_lock+0x12c/0x2b0 [ 1011.431060][ T5856] ? __pfx_do_exit+0x10/0x10 [ 1011.431125][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1011.431181][ T5856] ? rcu_is_watching+0x12/0xc0 [ 1011.431245][ T5856] do_group_exit+0xd3/0x2a0 [ 1011.431315][ T5856] __x64_sys_exit_group+0x3e/0x50 [ 1011.431405][ T5856] x64_sys_call+0x1530/0x1730 [ 1011.431457][ T5856] do_syscall_64+0xcd/0x4c0 [ 1011.431531][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1011.431577][ T5856] RIP: 0033:0x7f4f56b8e929 [ 1011.431609][ T5856] Code: Unable to access opcode bytes at 0x7f4f56b8e8ff. [ 1011.431630][ T5856] RSP: 002b:00007ffc346fb458 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1011.431672][ T5856] RAX: ffffffffffffffda RBX: 00007f4f56c10931 RCX: 00007f4f56b8e929 [ 1011.431703][ T5856] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1011.431732][ T5856] RBP: 0000000000000059 R08: 00007ffc346f91f6 R09: 00007ffc346fc710 [ 1011.431762][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc346fc710 [ 1011.431792][ T5856] R13: 00007f4f56c10925 R14: 00000000000f6503 R15: 00007ffc34701ba0 [ 1011.431838][ T5856] [ 1011.431853][ T5856] [ 1011.721848][ T5856] Allocated by task 11475: [ 1011.726268][ T5856] kasan_save_stack+0x33/0x60 [ 1011.730975][ T5856] kasan_save_track+0x14/0x30 [ 1011.735672][ T5856] __kasan_kmalloc+0xaa/0xb0 [ 1011.740456][ T5856] __kmalloc_noprof+0x223/0x510 [ 1011.745324][ T5856] sk_prot_alloc+0x1a8/0x2a0 [ 1011.749932][ T5856] sk_alloc+0x36/0xc20 [ 1011.754046][ T5856] bt_sock_alloc+0x3b/0x3a0 [ 1011.758594][ T5856] l2cap_sock_alloc.constprop.0+0x33/0x1d0 [ 1011.764420][ T5856] l2cap_sock_create+0x123/0x1f0 [ 1011.769372][ T5856] bt_sock_create+0x185/0x350 [ 1011.774080][ T5856] __sock_create+0x338/0x8d0 [ 1011.778689][ T5856] __sys_socket+0x14d/0x260 [ 1011.783219][ T5856] __x64_sys_socket+0x72/0xb0 [ 1011.787918][ T5856] do_syscall_64+0xcd/0x4c0 [ 1011.792458][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1011.798370][ T5856] [ 1011.800699][ T5856] Freed by task 11475: [ 1011.804770][ T5856] kasan_save_stack+0x33/0x60 [ 1011.809476][ T5856] kasan_save_track+0x14/0x30 [ 1011.814180][ T5856] kasan_save_free_info+0x3b/0x60 [ 1011.819241][ T5856] __kasan_slab_free+0x51/0x70 [ 1011.824116][ T5856] kfree+0x2b4/0x4d0 [ 1011.828029][ T5856] __sk_destruct+0x740/0x980 [ 1011.832646][ T5856] sk_destruct+0xc2/0xf0 [ 1011.836917][ T5856] __sk_free+0xf4/0x3e0 [ 1011.841099][ T5856] sk_free+0x6a/0x90 [ 1011.845020][ T5856] l2cap_sock_kill+0x171/0x2d0 [ 1011.849804][ T5856] l2cap_sock_release+0x189/0x210 [ 1011.854852][ T5856] __sock_release+0xb3/0x270 [ 1011.859512][ T5856] sock_close+0x1c/0x30 [ 1011.863719][ T5856] __fput+0x402/0xb70 [ 1011.867737][ T5856] task_work_run+0x150/0x240 [ 1011.872394][ T5856] get_signal+0x1d1/0x26d0 [ 1011.876836][ T5856] arch_do_signal_or_restart+0x8f/0x7d0 [ 1011.882415][ T5856] exit_to_user_mode_loop+0x84/0x110 [ 1011.887728][ T5856] do_syscall_64+0x3f6/0x4c0 [ 1011.892356][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1011.898264][ T5856] [ 1011.900590][ T5856] The buggy address belongs to the object at ffff888063841000 [ 1011.900590][ T5856] which belongs to the cache kmalloc-2k of size 2048 [ 1011.914671][ T5856] The buggy address is located 1376 bytes inside of [ 1011.914671][ T5856] freed 2048-byte region [ffff888063841000, ffff888063841800) [ 1011.928687][ T5856] [ 1011.931018][ T5856] The buggy address belongs to the physical page: [ 1011.937437][ T5856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x63840 [ 1011.946308][ T5856] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1011.954828][ T5856] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1011.962389][ T5856] page_type: f5(slab) [ 1011.966390][ T5856] raw: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 1011.975019][ T5856] raw: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1011.983618][ T5856] head: 00fff00000000040 ffff88801b842000 dead000000000100 dead000000000122 [ 1011.992308][ T5856] head: 0000000000000000 0000000000080008 00000000f5000000 0000000000000000 [ 1012.001003][ T5856] head: 00fff00000000003 ffffea00018e1001 00000000ffffffff 00000000ffffffff [ 1012.009710][ T5856] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1012.018392][ T5856] page dumped because: kasan: bad access detected [ 1012.024805][ T5856] page_owner tracks the page as allocated [ 1012.030543][ T5856] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 6139, tgid 6139 (kworker/u8:14), ts 731712959935, free_ts 731656859152 [ 1012.051601][ T5856] post_alloc_hook+0x1c0/0x230 [ 1012.056405][ T5856] get_page_from_freelist+0x1321/0x3890 [ 1012.061976][ T5856] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1012.067892][ T5856] alloc_pages_mpol+0x1fb/0x550 [ 1012.072786][ T5856] new_slab+0x23b/0x330 [ 1012.076996][ T5856] ___slab_alloc+0xd9c/0x1940 [ 1012.081709][ T5856] __slab_alloc.constprop.0+0x56/0xb0 [ 1012.087143][ T5856] __kmalloc_node_track_caller_noprof+0x2ee/0x510 [ 1012.093581][ T5856] kmalloc_reserve+0xef/0x2c0 [ 1012.098283][ T5856] __alloc_skb+0x166/0x380 [ 1012.102827][ T5856] inet6_ifinfo_notify+0x77/0x150 [ 1012.107878][ T5856] addrconf_notify+0x81a/0x19e0 [ 1012.112751][ T5856] notifier_call_chain+0xbc/0x410 [ 1012.117810][ T5856] call_netdevice_notifiers_info+0xbe/0x140 [ 1012.123747][ T5856] netif_state_change+0x165/0x3b0 [ 1012.128799][ T5856] linkwatch_do_dev+0x12b/0x160 [ 1012.133677][ T5856] page last free pid 9697 tgid 9697 stack trace: [ 1012.140009][ T5856] __free_frozen_pages+0x7fe/0x1180 [ 1012.145253][ T5856] qlist_free_all+0x4d/0x120 [ 1012.149860][ T5856] kasan_quarantine_reduce+0x195/0x1e0 [ 1012.155346][ T5856] __kasan_slab_alloc+0x69/0x90 [ 1012.160219][ T5856] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 1012.165703][ T5856] vm_area_dup+0x27/0x8d0 [ 1012.170050][ T5856] __split_vma+0x18e/0x1070 [ 1012.174566][ T5856] vms_gather_munmap_vmas+0x392/0x1310 [ 1012.180057][ T5856] __mmap_region+0x3c7/0x25e0 [ 1012.184751][ T5856] mmap_region+0x1ab/0x3f0 [ 1012.189185][ T5856] do_mmap+0xa3e/0x1210 [ 1012.193372][ T5856] vm_mmap_pgoff+0x281/0x450 [ 1012.198001][ T5856] ksys_mmap_pgoff+0x32c/0x5c0 [ 1012.202795][ T5856] __x64_sys_mmap+0x125/0x190 [ 1012.207507][ T5856] do_syscall_64+0xcd/0x4c0 [ 1012.212045][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.217955][ T5856] [ 1012.220276][ T5856] Memory state around the buggy address: [ 1012.225908][ T5856] ffff888063841400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1012.233982][ T5856] ffff888063841480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1012.242058][ T5856] >ffff888063841500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1012.250129][ T5856] ^ [ 1012.257331][ T5856] ffff888063841580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1012.265411][ T5856] ffff888063841600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1012.273484][ T5856] ================================================================== [ 1012.337435][ T5856] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 1012.345237][ T5856] CPU: 1 UID: 0 PID: 5856 Comm: syz-executor Tainted: G B 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 1012.357263][ T5856] Tainted: [B]=BAD_PAGE [ 1012.361433][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1012.371597][ T5856] Call Trace: [ 1012.374894][ T5856] [ 1012.377840][ T5856] dump_stack_lvl+0x3d/0x1f0 [ 1012.382484][ T5856] panic+0x71c/0x800 [ 1012.386435][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1012.392130][ T5856] ? __pfx_panic+0x10/0x10 [ 1012.396601][ T5856] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1012.402623][ T5856] ? bt_accept_unlink+0x2c5/0x2e0 [ 1012.407702][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1012.413379][ T5856] ? preempt_schedule_common+0x44/0xc0 [ 1012.418890][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1012.424571][ T5856] ? preempt_schedule_thunk+0x16/0x30 [ 1012.430001][ T5856] ? bt_accept_unlink+0x2c5/0x2e0 [ 1012.435100][ T5856] end_report+0x159/0x170 [ 1012.439494][ T5856] kasan_report+0xee/0x110 [ 1012.444001][ T5856] ? bt_accept_unlink+0x2c5/0x2e0 [ 1012.449091][ T5856] bt_accept_unlink+0x2c5/0x2e0 [ 1012.453997][ T5856] l2cap_sock_teardown_cb+0x1a3/0x3c0 [ 1012.459412][ T5856] l2cap_chan_del+0xbd/0x8f0 [ 1012.464051][ T5856] l2cap_conn_del+0x37a/0x730 [ 1012.468785][ T5856] ? hci_cmd_sync_dequeue+0x191/0x1f0 [ 1012.474202][ T5856] ? __pfx_l2cap_disconn_cfm+0x10/0x10 [ 1012.479699][ T5856] l2cap_disconn_cfm+0x96/0xd0 [ 1012.484510][ T5856] hci_conn_hash_flush+0x10e/0x260 [ 1012.489659][ T5856] hci_dev_close_sync+0x602/0x11d0 [ 1012.494808][ T5856] ? __pfx_hci_dev_close_sync+0x10/0x10 [ 1012.500392][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1012.506077][ T5856] ? up_write+0x1b2/0x520 [ 1012.510454][ T5856] hci_dev_do_close+0x2e/0x90 [ 1012.515170][ T5856] hci_unregister_dev+0x227/0x640 [ 1012.520232][ T5856] ? __pfx_vhci_release+0x10/0x10 [ 1012.525282][ T5856] vhci_release+0x79/0xf0 [ 1012.529641][ T5856] __fput+0x402/0xb70 [ 1012.533653][ T5856] task_work_run+0x150/0x240 [ 1012.538300][ T5856] ? __pfx_task_work_run+0x10/0x10 [ 1012.543431][ T5856] ? switch_task_namespaces+0xeb/0x100 [ 1012.548913][ T5856] do_exit+0x86c/0x2bd0 [ 1012.553100][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1012.558748][ T5856] ? do_raw_spin_lock+0x12c/0x2b0 [ 1012.563787][ T5856] ? __pfx_do_exit+0x10/0x10 [ 1012.568503][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1012.574159][ T5856] ? rcu_is_watching+0x12/0xc0 [ 1012.578963][ T5856] do_group_exit+0xd3/0x2a0 [ 1012.583512][ T5856] __x64_sys_exit_group+0x3e/0x50 [ 1012.588579][ T5856] x64_sys_call+0x1530/0x1730 [ 1012.593283][ T5856] do_syscall_64+0xcd/0x4c0 [ 1012.597840][ T5856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.603757][ T5856] RIP: 0033:0x7f4f56b8e929 [ 1012.608191][ T5856] Code: Unable to access opcode bytes at 0x7f4f56b8e8ff. [ 1012.615213][ T5856] RSP: 002b:00007ffc346fb458 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1012.623652][ T5856] RAX: ffffffffffffffda RBX: 00007f4f56c10931 RCX: 00007f4f56b8e929 [ 1012.631643][ T5856] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1012.639633][ T5856] RBP: 0000000000000059 R08: 00007ffc346f91f6 R09: 00007ffc346fc710 [ 1012.647622][ T5856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc346fc710 [ 1012.655609][ T5856] R13: 00007f4f56c10925 R14: 00000000000f6503 R15: 00007ffc34701ba0 [ 1012.663610][ T5856] [ 1012.666845][ T5856] Kernel Offset: disabled [ 1012.671177][ T5856] Rebooting in 86400 seconds..