last executing test programs: 3.763587936s ago: executing program 3 (id=306): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) 3.653678835s ago: executing program 3 (id=309): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x3000c003}, 0x80) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="44000000090601020000000000000000000000000900020073797a310000000005000100070000001c0007801800018014000240"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000083}, 0x80) 3.489610928s ago: executing program 3 (id=313): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r3, {0xc, 0x7}, {}, {0xffff, 0xf}}, [@TCA_CHAIN={0x8, 0xb, 0xfffff372}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x800) 3.21889394s ago: executing program 3 (id=318): r0 = socket(0x2a, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newtfilter={0x24, 0x2c, 0x601, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xffe0}, {}, {0xc, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x24000840) r2 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0) 3.099805409s ago: executing program 3 (id=321): bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x3, 0x0}, 0x8) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000040)={r0}, 0x4) 2.984821119s ago: executing program 3 (id=325): syz_emit_ethernet(0x9a, 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040), 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r2, &(0x7f0000000040)=""/74, 0x49) 2.684581273s ago: executing program 0 (id=328): syz_emit_vhci(0x0, 0x9) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000040)='net_prio.prioidx\x00', 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/140, 0x8c}], 0x1, 0x0, 0x0) 2.565287782s ago: executing program 0 (id=329): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r0, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000140)='-\t:\xfd\xff\xff\xff\xff\xff\a\x00\x00\x00SP\xb3\xc9\x9c\x9d\xd2\x1f,\xc6\xea/\x9d\x0f0KR\xc8\xe3,<$P\x91\x1fj_\xa35\x86\xe5\xechCGz\'\xa9\xb3\x86\r&\"\xff\xc8\x13\xc3e\xdf\x1bh\x031\xda\x1bNG\xac\xf3O\x02\x83\x96\x00\xfc\x00\x00\x00\x00\x00', 0x8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ff9000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) syz_io_uring_setup(0x2, &(0x7f0000000040)={0x0, 0x800389b, 0xc000, 0x1, 0x323}, 0x0, 0x0) 2.353681189s ago: executing program 0 (id=332): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='maps\x00') exit(0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') 1.417734205s ago: executing program 0 (id=339): r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r1 = fcntl$dupfd(r0, 0x406, r0) write$binfmt_script(r1, &(0x7f0000000100), 0xfffffd9d) write$P9_RXATTRWALK(r1, &(0x7f0000000000)={0xf, 0x1f, 0x2, 0x4}, 0xca80) write$RDMA_USER_CM_CMD_ACCEPT(r1, &(0x7f0000000280)={0x8, 0x120, 0xfa00, {0x4, {0xfffffffa, 0xd, "36b6f27d818aa81a5ae69d92d6cf4a8947b8d9415affecdaba2da1ca56b0818b40e8370e3892a54d4b48b6ad7709da7790b9bc696294ee5fbe2134a37affce3ae98ee2147318b0b8ca7a13f7006afbc0c514cdbbb739b44f14a8e993977d8f66ffb0a2d56b84bff8d5ee22b502a924f084d9e4ca1494a3ce2ef7992e7ec98e4e1d97febe0f41ee2148f1cccbf0f235487139384a40f1b70273afbed37d88951aadc1b9502b219850f0dc54e8fc74a664846a5f5deac2361599a28208c76a800486d1f58de65ccc031f97a7cdade2266f8041c749797d172cf0f087dc83a213f92d5e31d1f052b79d0ec1bca9d77a74320871181d2729e54e8d6db3944f03316c", 0x8c, 0x4, 0x30, 0xff, 0xa4, 0x9, 0x9, 0x1}}}, 0x128) 1.318662443s ago: executing program 0 (id=341): r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000000)=ANY=[], 0xffaf}, 0x1, 0x0, 0x0, 0x854}, 0x0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x1) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x50) fsopen(0x0, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000400)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) write$FUSE_INIT(r1, 0x0, 0x0) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01002bbd7000fbdbdf252100000008000300", @ANYRES32=r3, @ANYBLOB="0a00f7ff080211000001000004002a0008009e0008"], 0x34}, 0x1, 0x0, 0x0, 0x24004084}, 0x40000) 1.307366804s ago: executing program 4 (id=342): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001440)=@newtaction={0x5c, 0x30, 0xb, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xf, 0x0, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x604ff3648f564820}, 0x40) 1.163330495s ago: executing program 4 (id=345): bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="030300000000000000000600000008000300", @ANYRES32=r2], 0x1c}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000bc0), r0) 1.090017952s ago: executing program 0 (id=346): socket(0x10, 0x3, 0x0) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0) io_setup(0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x183a00) syz_usb_disconnect(r0) syz_usb_connect$cdc_ecm(0x2, 0x89, &(0x7f00000001c0)=ANY=[], 0x0) syz_usb_disconnect(0xffffffffffffffff) 1.006209628s ago: executing program 4 (id=349): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, 0x0, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x101, 0x1000}}) 902.006527ms ago: executing program 2 (id=350): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, 0x0, 0x810) sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x20, 0x1402, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000841}, 0x20000000) 893.042458ms ago: executing program 1 (id=351): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000d80)=ANY=[@ANYBLOB="0100000002f3ffff20000040"]) 840.870952ms ago: executing program 2 (id=352): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000004800000001"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x0, 0x0, 0x2) 761.938368ms ago: executing program 4 (id=353): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)={0x14, r1, 0x2586ad4018a3b31b}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 662.070226ms ago: executing program 2 (id=354): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0xc00, &(0x7f0000000300)={[{@quota}, {@grpquota_inode_hardlimit={'grpquota_inode_hardlimit', 0x3d, [0x37]}}]}) chdir(&(0x7f0000000240)='./file0\x00') mkdir(&(0x7f00000002c0)='./file2\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x20842, 0x100) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) 654.674027ms ago: executing program 1 (id=355): r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r0, 0xc0884123, &(0x7f0000000140)={0x3, "a164c2ff3a839d6225acc1c548a86660e2ce7077eb680232d934b62f7a7d1646bce0f7715f7ca40e6db4e75a0000008029e3cf2b510b5929147a0172a7a91837", {0x2}}) 565.959554ms ago: executing program 4 (id=356): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f00000005c0)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000001f40)={r1, 0x0, 0x25, 0x0, @val=@netkit={@void, @value=r1}}, 0x1c) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, 0x0) syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) 542.141446ms ago: executing program 1 (id=357): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r0, 0x0, 0x33, &(0x7f0000000040)=0x8001, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) 445.916324ms ago: executing program 4 (id=358): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f0000000000)=@ethtool_sfeatures={0x33, 0x2, [{0xfe}, {0xfbfffffa}]}}) 365.96667ms ago: executing program 1 (id=359): syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c9200c00080005002ef599db39e90605607659057d86ad1275f4dc27845c084268c66747bb5993723f96b4d86119c6bdb58131f5f854f35414354ca9"], 0x11) 365.85821ms ago: executing program 2 (id=360): creat(&(0x7f00000002c0)='./file0\x00', 0x109) r0 = open(&(0x7f0000000000)='./file0\x00', 0x88c040, 0x59) fcntl$setlease(r0, 0x400, 0x1) fcntl$setlease(r0, 0x400, 0x2) 288.288286ms ago: executing program 1 (id=361): sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000057c0)=[{{&(0x7f00000002c0)={0xa, 0x4e23, 0x509, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0x1c, 0x0}}], 0x1, 0x20004808) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010029bd7000ffdbdf25010000000806"], 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x404) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0) 132.522219ms ago: executing program 1 (id=362): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1b00000004086aa42d"], 0x30}}, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) bind$x25(r1, &(0x7f0000000040), 0x12) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0x80a00, 0x0) r2 = openat$ttyprintk(0xffffff9c, &(0x7f0000001b40), 0x101000, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x1, 0x0, 0x0, @vifc_lcl_ifindex, @dev={0xac, 0x14, 0x14, 0x2e}}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_MON_PEER_GET(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x20, r7, 0xb03, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7ff}]}]}, 0x20}}, 0x0) setsockopt$inet_mreq(r4, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0) close(0x3) setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) ioctl$TIOCGSOFTCAR(r2, 0x5419, &(0x7f0000001b80)) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)={0x130, r8, 0xa01, 0x70bd26, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r9}, @val={0xc, 0x99, {0x8, 0x47}}}}, [@NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0xffffff5a}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0x7}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x4}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0xfffffff9}, @NL80211_ATTR_VENDOR_ID={0x8, 0xc3, 0xff}, @NL80211_ATTR_VENDOR_DATA={0xdd, 0xc5, "07c4a48581fbe316007fec3fa896d4903bc6eda6a416061f7039b1106f0f4889b59966c1d0eaf0b5a8edecbc52253320fe9e704395752b94302d0d9989980a88a906f89f820a5ed234c2d395e29383ae117eb18aa92224cd62a4517dd0ef6861df08e3f731b7b7998cf49b9ed68961dd63a39673c6c16eeab556b819f491f4c914a4efe9a912e535cb97725bf32e601d37df50c82c6650f0a770f22f0624103cc5124045328f9b76f459ddbeb55f1f0ae64b6ad665edaff31b19fe8c16104bb3e20442f45a4a264f1f7ceb3305969a784ee6440aa144c25c83"}]}, 0x130}, 0x1, 0x0, 0x0, 0x40080}, 0x44000) 57.971065ms ago: executing program 2 (id=363): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000002300)={0x0, 0x0, &(0x7f00000022c0)={&(0x7f0000002240)=ANY=[@ANYBLOB="380000001014010026bd7000fbdbdf250800030001000000080001000000000008004b0013000000080015000200000008004a00"], 0x38}, 0x1, 0x0, 0x0, 0x24000000}, 0x20010014) 0s ago: executing program 2 (id=364): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$packet(0x11, 0x2, 0x300) sendmmsg$inet6(r0, &(0x7f0000000980)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x3, @loopback={0x0, 0x7ffffffe}, 0x5}, 0x1c, 0x0}}], 0x1, 0x20000001) kernel console output (not intermixed with test programs): ed mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 77.040760][ T4188] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 77.053675][ T4188] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.077026][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.123096][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 77.143542][ T4302] loop0: detected capacity change from 0 to 256 [ 77.167151][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.176961][ T4302] FAT-fs (loop0): Unrecognized mount option "szrtname=lower" or missing value [ 77.208850][ T4188] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.240183][ T4188] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.269801][ T4188] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.296628][ T4188] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.405587][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.453412][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.500986][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.507422][ T1275] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.551531][ T1275] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.602209][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.609536][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.619478][ T2284] Bluetooth: hci3: command 0x0419 tx timeout [ 77.625934][ T2284] Bluetooth: hci0: command 0x0419 tx timeout [ 77.626697][ T4229] Bluetooth: hci2: command 0x0419 tx timeout [ 77.636256][ T23] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 77.667242][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 77.707516][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.711071][ T4263] Bluetooth: hci4: command 0x0419 tx timeout [ 77.728907][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 77.749308][ T4263] Bluetooth: hci1: command 0x0419 tx timeout [ 77.765456][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 77.884485][ T4302] loop0: detected capacity change from 0 to 4096 [ 77.897925][ T1154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 77.942819][ T1275] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.034366][ T1275] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.083118][ T4302] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 78.089474][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 78.103511][ T4300] loop4: detected capacity change from 0 to 32768 [ 78.214330][ T4300] gfs2: fsid=([{{{+: Trying to join cluster "lock_nolock", "([{{{+" [ 78.214410][ T4300] gfs2: fsid=([{{{+: Now mounting FS (format 0)... [ 78.249228][ T4300] gfs2: Invalid block size shift [ 78.249254][ T4300] gfs2: fsid=([{{{+: can't read superblock: -22 [ 78.383512][ T4316] EXT4-fs error (device loop0): ext4_empty_dir:3154: inode #12: block 80: comm syz.0.1: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 78.399072][ T4316] EXT4-fs warning (device loop0): ext4_empty_dir:3156: inode #12: comm syz.0.1: directory missing '..' [ 78.646571][ T4319] loop2: detected capacity change from 0 to 1024 [ 78.886114][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 78.895308][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 78.905049][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 78.914860][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 78.925058][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 78.934668][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 78.944418][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 78.954138][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 78.964870][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 79.242957][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 80.278754][ T4329] loop4: detected capacity change from 0 to 128 [ 80.330976][ T4327] loop3: detected capacity change from 0 to 2048 [ 80.366207][ T4331] netlink: 'syz.0.8': attribute type 4 has an invalid length. [ 80.412088][ T4331] netlink: 17 bytes leftover after parsing attributes in process `syz.0.8'. [ 80.455239][ T4315] loop1: detected capacity change from 0 to 32768 [ 80.600587][ T4327] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 80.641383][ T4327] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 80.680991][ T4315] XFS: attr2 mount option is deprecated. [ 81.692796][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 81.852117][ T4335] loop0: detected capacity change from 0 to 32768 [ 81.861938][ T4327] overlayfs: './file0' not a directory [ 81.887814][ T4335] ======================================================= [ 81.887814][ T4335] WARNING: The mand mount option has been deprecated and [ 81.887814][ T4335] and is ignored by this kernel. Remove the mand [ 81.887814][ T4335] option from the mount to silence this warning. [ 81.887814][ T4335] ======================================================= [ 82.066497][ T4335] JBD2: Ignoring recovery information on journal [ 82.111251][ T4335] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 82.379524][ T23] usb 3-1: Using ep0 maxpacket: 16 [ 82.577689][ T23] usb 3-1: config 0 has an invalid descriptor of length 8, skipping remainder of the config [ 82.656897][ T2284] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 82.688607][ T23] usb 3-1: config 0 has no interfaces? [ 82.986928][ T23] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 83.070985][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.083231][ T2284] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 83.163456][ T2284] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 83.233364][ T23] usb 3-1: Product: syz [ 83.309657][ T23] usb 3-1: Manufacturer: syz [ 83.373331][ T23] usb 3-1: SerialNumber: syz [ 83.566969][ T2284] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 83.643998][ T2284] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.779966][ T23] usb 3-1: config 0 descriptor?? [ 83.812084][ T2284] usb 5-1: Product: syz [ 83.867652][ T2284] usb 5-1: Manufacturer: syz [ 83.952930][ T2284] usb 5-1: SerialNumber: syz [ 84.046469][ T23] usb 3-1: can't set config #0, error -71 [ 84.197365][ T23] usb 3-1: USB disconnect, device number 2 [ 84.227058][ T2284] usb 5-1: ath9k_htc: Device endpoint numbers are not the expected ones [ 84.646586][ T4248] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 84.658986][ T4187] ocfs2: Unmounting device (7,0) on (node local) [ 84.692480][ T26] audit: type=1326 audit(1756102227.013:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4382 comm="syz.2.14" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2666c54be9 code=0x0 [ 84.802308][ T4388] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 84.852712][ T4391] vivid-000: disconnect [ 84.859400][ T4390] vivid-000: reconnect [ 84.916384][ T4248] usb 4-1: Using ep0 maxpacket: 8 [ 85.050086][ T23] usb 5-1: USB disconnect, device number 2 [ 85.166785][ T4248] usb 4-1: unable to read config index 0 descriptor/all [ 85.178422][ T4248] usb 4-1: can't read configurations, error -71 [ 85.246806][ T4404] capability: warning: `syz.4.21' uses deprecated v2 capabilities in a way that may be insecure [ 85.265540][ T4402] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 85.685473][ T4400] loop0: detected capacity change from 0 to 32768 [ 85.864309][ T4400] JBD2: Ignoring recovery information on journal [ 85.864988][ T4409] loop2: detected capacity change from 0 to 1024 [ 85.934065][ T4405] loop3: detected capacity change from 0 to 32768 [ 86.004990][ T4400] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 86.042865][ T4405] XFS: noikeep mount option is deprecated. [ 86.134435][ T4419] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 86.273502][ T4405] XFS (loop3): Mounting V5 Filesystem [ 86.293361][ T4187] ocfs2: Unmounting device (7,0) on (node local) [ 86.301351][ T4409] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #3: block 1: comm syz.2.18: lblock 1 mapped to illegal pblock 1 (length 1) [ 86.383747][ T4409] Quota error (device loop2): write_blk: dquota write failed [ 86.526250][ T4409] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 86.548996][ T4405] XFS (loop3): Ending clean mount [ 86.565486][ T4431] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 86.573228][ T4409] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.18: Failed to acquire dquot type 0 [ 86.626415][ T4405] XFS (loop3): Quotacheck needed: Please wait. [ 86.707094][ T4409] EXT4-fs error (device loop2): ext4_free_blocks:6223: comm syz.2.18: Freeing blocks not in datazone - block = 0, count = 4096 [ 86.726251][ T4405] XFS (loop3): Quotacheck: Done. [ 86.817045][ T4409] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.18: Invalid inode bitmap blk 0 in block_group 0 [ 86.851429][ T4346] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 86.886455][ T4402] XFS (loop3): User initiated shutdown received. [ 86.899222][ T21] cfg80211: failed to load regulatory.db [ 86.910296][ T4402] XFS (loop3): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 86.966290][ T4402] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 87.026471][ T4409] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 87.137429][ T4346] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 87.148344][ T4346] EXT4-fs error (device loop2): ext4_release_dquot:6243: comm kworker/u4:8: Failed to release dquot type 0 [ 87.164440][ T4409] EXT4-fs (loop2): 1 orphan inode deleted [ 87.195626][ T4409] EXT4-fs (loop2): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 87.369591][ T4423] loop1: detected capacity change from 0 to 32768 [ 87.527074][ T4423] XFS: noikeep mount option is deprecated. [ 87.625992][ T4446] loop0: detected capacity change from 0 to 32768 [ 87.662491][ T4423] XFS (loop1): Mounting V5 Filesystem [ 87.716399][ T4190] XFS (loop3): Unmounting Filesystem [ 87.998853][ T4457] loop4: detected capacity change from 0 to 256 [ 88.016455][ T4423] XFS (loop1): Ending clean mount [ 88.052993][ T4423] XFS (loop1): Quotacheck needed: Please wait. [ 88.065960][ T4457] FAT-fs (loop4): Unrecognized mount option "szrtname=lower" or missing value [ 88.304645][ T4423] XFS (loop1): Quotacheck: Done. [ 88.572174][ T4243] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 88.688690][ T4457] loop4: detected capacity change from 0 to 4096 [ 88.864664][ T4457] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 88.932141][ T4465] vivid-002: disconnect [ 89.020664][ T4457] EXT4-fs error (device loop4): ext4_empty_dir:3154: inode #12: block 80: comm syz.4.31: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 89.043262][ T4464] vivid-002: reconnect [ 89.133392][ T4457] EXT4-fs warning (device loop4): ext4_empty_dir:3156: inode #12: comm syz.4.31: directory missing '..' [ 89.332295][ T4472] loop3: detected capacity change from 0 to 512 [ 89.401163][ T4472] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 89.514167][ T4472] EXT4-fs error (device loop3): ext4_orphan_get:1401: inode #15: comm syz.3.34: iget: bad i_size value: 360287970189639680 [ 89.565468][ T4472] EXT4-fs error (device loop3): ext4_orphan_get:1406: comm syz.3.34: couldn't read orphan inode 15 (err -117) [ 89.601977][ T4472] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 89.673990][ T4471] EXT4-fs error (device loop3): ext4_get_first_dir_block:3605: inode #12: block 13: comm syz.3.34: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=1 [ 89.742282][ T4471] EXT4-fs error (device loop3): ext4_get_first_dir_block:3608: inode #12: comm syz.3.34: directory missing '.' [ 89.789189][ T4419] XFS (loop1): User initiated shutdown received. [ 89.795900][ T4419] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 89.850307][ T4419] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 89.986510][ T4189] XFS (loop1): Unmounting Filesystem [ 90.540932][ T4485] FAULT_INJECTION: forcing a failure. [ 90.540932][ T4485] name failslab, interval 1, probability 0, space 0, times 1 [ 90.556191][ T4243] usb 5-1: device descriptor read/64, error -71 [ 90.585607][ T4485] CPU: 1 PID: 4485 Comm: syz.1.38 Not tainted 5.15.189-syzkaller #0 [ 90.593904][ T4485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 90.604857][ T4485] Call Trace: [ 90.608263][ T4485] [ 90.611489][ T4485] dump_stack_lvl+0x168/0x230 [ 90.616585][ T4485] ? show_regs_print_info+0x20/0x20 [ 90.622479][ T4485] ? load_image+0x3b0/0x3b0 [ 90.627413][ T4485] ? __lock_acquire+0x7c60/0x7c60 [ 90.632964][ T4485] should_fail+0x38c/0x4c0 [ 90.638449][ T4485] should_failslab+0x5/0x20 [ 90.643895][ T4485] slab_pre_alloc_hook+0x51/0xc0 [ 90.649157][ T4485] __kmalloc+0x6b/0x330 [ 90.653732][ T4485] ? __se_sys_memfd_create+0x142/0x430 [ 90.659437][ T4485] ? strnlen_user+0x19b/0x250 [ 90.664246][ T4485] __se_sys_memfd_create+0x142/0x430 [ 90.670279][ T4485] ? lock_chain_count+0x20/0x20 [ 90.675874][ T4485] ? __x64_sys_memfd_create+0x60/0x60 [ 90.681856][ T4485] ? lockdep_hardirqs_on+0x94/0x140 [ 90.687552][ T4485] do_syscall_64+0x4c/0xa0 [ 90.692361][ T4485] ? clear_bhb_loop+0x30/0x80 [ 90.697792][ T4485] ? clear_bhb_loop+0x30/0x80 [ 90.703042][ T4485] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 90.709800][ T4485] RIP: 0033:0x7fcb9f28cbe9 [ 90.715041][ T4485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 90.740569][ T4485] RSP: 002b:00007fcb9d4f3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 90.750095][ T4485] RAX: ffffffffffffffda RBX: 000000000000444c RCX: 00007fcb9f28cbe9 [ 90.758818][ T4485] RDX: 00007fcb9d4f3ef0 RSI: 0000000000000000 RDI: 00007fcb9f3107e8 [ 90.768256][ T4485] RBP: 000020000000cd40 R08: 00007fcb9d4f3bb7 R09: 00007fcb9d4f3e40 [ 90.776960][ T4485] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000004480 [ 90.785335][ T4485] R13: 00007fcb9d4f3ef0 R14: 00007fcb9d4f3eb0 R15: 00002000000000c0 [ 90.794503][ T4485] [ 90.826826][ T4480] loop3: detected capacity change from 0 to 32768 [ 90.858918][ T4480] JBD2: Ignoring recovery information on journal [ 90.866185][ T4243] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 90.922557][ T4480] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 91.074124][ T4489] loop1: detected capacity change from 0 to 2048 [ 91.131675][ T4483] loop2: detected capacity change from 0 to 32768 [ 91.202747][ T4489] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 91.207753][ T4483] debugfs: Directory '805FCE0CAC78492FAD66CD1BF6EB4F90' with parent 'ocfs2' already present! [ 91.266430][ T4243] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 91.277761][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 91.293908][ T4483] JBD2: Ignoring recovery information on journal [ 91.315698][ T4243] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.397079][ T4243] usb 5-1: config 0 descriptor?? [ 91.413043][ T4483] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 91.480485][ T4243] cp210x 5-1:0.0: cp210x converter detected [ 91.708122][ T4481] udc-core: couldn't find an available UDC or it's busy [ 91.729048][ T4481] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 92.180507][ T4243] usb 5-1: cp210x converter now attached to ttyUSB0 [ 92.770121][ T4504] loop0: detected capacity change from 0 to 1024 [ 92.991267][ T4493] loop1: detected capacity change from 0 to 32768 [ 93.119330][ T4504] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #3: block 1: comm syz.0.42: lblock 1 mapped to illegal pblock 1 (length 1) [ 93.136651][ T4504] Quota error (device loop0): write_blk: dquota write failed [ 93.144529][ T4504] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 93.155858][ T4504] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.42: Failed to acquire dquot type 0 [ 93.172144][ T4504] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.42: Freeing blocks not in datazone - block = 0, count = 4096 [ 93.190298][ T4504] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.42: Invalid inode bitmap blk 0 in block_group 0 [ 93.205907][ T4504] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 93.215462][ T4504] EXT4-fs (loop0): 1 orphan inode deleted [ 93.222134][ T4504] EXT4-fs (loop0): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 93.278311][ T4493] XFS: noikeep mount option is deprecated. [ 93.287237][ T144] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 93.305589][ T4229] usb 5-1: USB disconnect, device number 4 [ 93.315995][ T144] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 93.425795][ T144] EXT4-fs error (device loop0): ext4_release_dquot:6243: comm kworker/u4:1: Failed to release dquot type 0 [ 93.482978][ T4188] ocfs2: Unmounting device (7,2) on (node local) [ 93.488712][ T4229] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 93.517736][ T4517] loop4: detected capacity change from 0 to 128 [ 93.589437][ T4229] cp210x 5-1:0.0: device disconnected [ 93.763528][ T26] audit: type=1800 audit(1756102236.083:3): pid=4521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.45" name="bus" dev="loop4" ino=1048592 res=0 errno=0 [ 93.795535][ T4493] XFS (loop1): Mounting V5 Filesystem [ 94.549511][ T4531] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 94.586006][ T4493] XFS (loop1): Ending clean mount [ 94.662786][ T4493] XFS (loop1): Quotacheck needed: Please wait. [ 94.672697][ T4517] vivid-004: disconnect [ 94.740550][ T4513] vivid-004: reconnect [ 94.784089][ T4493] XFS (loop1): Quotacheck: Done. [ 94.806384][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 94.852978][ T4189] XFS (loop1): Unmounting Filesystem [ 95.036312][ T21] usb 1-1: device descriptor read/64, error -71 [ 95.306205][ T21] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 95.340168][ T4532] loop2: detected capacity change from 0 to 32768 [ 95.363985][ T4532] XFS: noikeep mount option is deprecated. [ 95.551744][ T4546] FAULT_INJECTION: forcing a failure. [ 95.551744][ T4546] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 95.572418][ T4546] CPU: 0 PID: 4546 Comm: syz.1.50 Not tainted 5.15.189-syzkaller #0 [ 95.574456][ T4541] loop4: detected capacity change from 0 to 32768 [ 95.581031][ T4546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 95.581050][ T4546] Call Trace: [ 95.581058][ T4546] [ 95.581066][ T4546] dump_stack_lvl+0x168/0x230 [ 95.581098][ T4546] ? show_regs_print_info+0x20/0x20 [ 95.615669][ T4546] ? load_image+0x3b0/0x3b0 [ 95.620330][ T4546] ? __lock_acquire+0x7c60/0x7c60 [ 95.625570][ T4546] should_fail+0x38c/0x4c0 [ 95.630080][ T4546] _copy_from_user+0x2e/0x170 [ 95.635087][ T4546] __se_sys_memfd_create+0x189/0x430 [ 95.640663][ T4546] ? __x64_sys_memfd_create+0x60/0x60 [ 95.646487][ T4546] ? lockdep_hardirqs_on+0x94/0x140 [ 95.652020][ T4546] do_syscall_64+0x4c/0xa0 [ 95.656665][ T4546] ? clear_bhb_loop+0x30/0x80 [ 95.661543][ T4546] ? clear_bhb_loop+0x30/0x80 [ 95.666440][ T4546] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 95.672555][ T4546] RIP: 0033:0x7fcb9f28cbe9 [ 95.677554][ T4546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 95.699249][ T4546] RSP: 002b:00007fcb9d4f3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 95.708225][ T4546] RAX: ffffffffffffffda RBX: 000000000000444c RCX: 00007fcb9f28cbe9 [ 95.717198][ T4546] RDX: 00007fcb9d4f3ef0 RSI: 0000000000000000 RDI: 00007fcb9f3107e8 [ 95.726336][ T4546] RBP: 000020000000cd40 R08: 00007fcb9d4f3bb7 R09: 00007fcb9d4f3e40 [ 95.734878][ T4546] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000004480 [ 95.743525][ T4546] R13: 00007fcb9d4f3ef0 R14: 00007fcb9d4f3eb0 R15: 00002000000000c0 [ 95.744047][ T4532] XFS (loop2): Mounting V5 Filesystem [ 95.752006][ T4546] [ 95.768431][ T21] usb 1-1: device descriptor read/64, error -71 [ 95.886352][ T21] usb usb1-port1: attempt power cycle [ 96.014449][ T4554] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 96.165312][ T4532] XFS (loop2): Ending clean mount [ 96.183490][ T4532] XFS (loop2): Quotacheck needed: Please wait. [ 96.238672][ T4532] XFS (loop2): Quotacheck: Done. [ 96.396150][ T21] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 96.499113][ T21] usb 1-1: device descriptor read/8, error -71 [ 96.776156][ T21] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 96.883201][ T4567] loop3: detected capacity change from 0 to 32768 [ 96.952062][ T4567] JBD2: Ignoring recovery information on journal [ 96.996729][ T21] usb 1-1: device descriptor read/8, error -71 [ 97.035322][ T4567] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 97.107370][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 97.131280][ T21] usb usb1-port1: unable to enumerate USB device [ 97.316358][ T4243] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.383714][ T4531] XFS (loop2): User initiated shutdown received. [ 97.396875][ T4531] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 97.570740][ T4576] loop0: detected capacity change from 0 to 1024 [ 97.848344][ T4531] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 97.950979][ T4576] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #3: block 1: comm syz.0.57: lblock 1 mapped to illegal pblock 1 (length 1) [ 97.968247][ T4576] Quota error (device loop0): write_blk: dquota write failed [ 97.976287][ T4576] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 97.988361][ T4576] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.57: Failed to acquire dquot type 0 [ 98.005647][ T4576] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.57: Freeing blocks not in datazone - block = 0, count = 4096 [ 98.026429][ T4576] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.57: Invalid inode bitmap blk 0 in block_group 0 [ 98.046490][ T4576] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 98.058611][ T4576] EXT4-fs (loop0): 1 orphan inode deleted [ 98.064467][ T4576] EXT4-fs (loop0): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 98.092459][ T4346] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 98.122560][ T4346] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 98.196240][ T4346] EXT4-fs error (device loop0): ext4_release_dquot:6243: comm kworker/u4:8: Failed to release dquot type 0 [ 98.246138][ T4243] usb 2-1: Using ep0 maxpacket: 16 [ 98.366383][ T4243] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 98.374916][ T4243] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.419212][ T4243] usb 2-1: config 0 has no interface number 0 [ 98.521756][ T4583] loop3: detected capacity change from 0 to 4096 [ 98.548896][ T4583] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 98.632803][ T4188] XFS (loop2): Unmounting Filesystem [ 98.649431][ T4243] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 98.688298][ T4243] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.712621][ T4243] usb 2-1: Product: syz [ 98.726516][ T4243] usb 2-1: Manufacturer: syz [ 98.734145][ T4243] usb 2-1: SerialNumber: syz [ 98.752747][ T4583] ntfs3: loop3: Failed to load $Extend. [ 98.753403][ T4243] usb 2-1: config 0 descriptor?? [ 98.809078][ T4243] usb 2-1: Found UVC 0.00 device syz (046d:08f3) [ 98.816200][ T4243] usb 2-1: No valid video chain found. [ 98.952744][ T4592] loop0: detected capacity change from 0 to 128 [ 99.012718][ T4569] loop1: detected capacity change from 0 to 24 [ 99.054049][ T4592] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 99.133747][ T4592] ext4 filesystem being mounted at /14/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 99.282419][ T4601] loop2: detected capacity change from 0 to 128 [ 99.376006][ T4603] FAULT_INJECTION: forcing a failure. [ 99.376006][ T4603] name failslab, interval 1, probability 0, space 0, times 0 [ 99.395929][ T26] audit: type=1800 audit(1756102241.713:4): pid=4601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.62" name="bus" dev="loop2" ino=1048594 res=0 errno=0 [ 99.484527][ T4603] CPU: 0 PID: 4603 Comm: syz.3.65 Not tainted 5.15.189-syzkaller #0 [ 99.493743][ T4603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 99.504545][ T4603] Call Trace: [ 99.507965][ T4603] [ 99.511024][ T4603] dump_stack_lvl+0x168/0x230 [ 99.516219][ T4603] ? show_regs_print_info+0x20/0x20 [ 99.521864][ T4603] ? load_image+0x3b0/0x3b0 [ 99.526635][ T4603] ? __might_sleep+0xf0/0xf0 [ 99.531340][ T4603] ? __lock_acquire+0x7c60/0x7c60 [ 99.536629][ T4603] should_fail+0x38c/0x4c0 [ 99.541096][ T4603] should_failslab+0x5/0x20 [ 99.545811][ T4603] slab_pre_alloc_hook+0x51/0xc0 [ 99.551154][ T4603] ? shmem_match+0x160/0x160 [ 99.556106][ T4603] ? shmem_alloc_inode+0x16/0x30 [ 99.561384][ T4603] kmem_cache_alloc+0x3d/0x290 [ 99.566808][ T4603] ? shmem_match+0x160/0x160 [ 99.571715][ T4603] shmem_alloc_inode+0x16/0x30 [ 99.576717][ T4603] new_inode_pseudo+0x5f/0x210 [ 99.581690][ T4603] new_inode+0x25/0x1c0 [ 99.585980][ T4603] shmem_get_inode+0x334/0xa90 [ 99.591009][ T4603] ? _raw_spin_unlock+0x24/0x40 [ 99.596185][ T4603] __shmem_file_setup+0x10b/0x290 [ 99.601770][ T4603] ? shmem_file_setup+0x13/0x30 [ 99.606898][ T4603] __se_sys_memfd_create+0x290/0x430 [ 99.612382][ T4603] ? __x64_sys_memfd_create+0x60/0x60 [ 99.612788][ T4601] vivid-000: disconnect [ 99.618664][ T4603] ? lockdep_hardirqs_on+0x94/0x140 [ 99.618699][ T4603] do_syscall_64+0x4c/0xa0 [ 99.618721][ T4603] ? clear_bhb_loop+0x30/0x80 [ 99.618739][ T4603] ? clear_bhb_loop+0x30/0x80 [ 99.618758][ T4603] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 99.618782][ T4603] RIP: 0033:0x7f72a98fcbe9 [ 99.655007][ T4603] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.676091][ T4603] RSP: 002b:00007f72a7b63e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 99.683209][ T4599] vivid-000: reconnect [ 99.684984][ T4603] RAX: ffffffffffffffda RBX: 000000000000444c RCX: 00007f72a98fcbe9 [ 99.698110][ T4603] RDX: 00007f72a7b63ef0 RSI: 0000000000000000 RDI: 00007f72a99807e8 [ 99.706661][ T4603] RBP: 000020000000cd40 R08: 00007f72a7b63bb7 R09: 00007f72a7b63e40 [ 99.715846][ T4603] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000004480 [ 99.724291][ T4603] R13: 00007f72a7b63ef0 R14: 00007f72a7b63eb0 R15: 00002000000000c0 [ 99.733035][ T4603] [ 100.386562][ T1325] usb 2-1: USB disconnect, device number 2 [ 100.992737][ T4634] loop4: detected capacity change from 0 to 32768 [ 101.024863][ T4622] loop3: detected capacity change from 0 to 32768 [ 101.034443][ T4638] loop1: detected capacity change from 0 to 512 [ 101.039253][ T4639] netlink: 52 bytes leftover after parsing attributes in process `syz.0.75'. [ 101.264788][ T4648] FAULT_INJECTION: forcing a failure. [ 101.264788][ T4648] name failslab, interval 1, probability 0, space 0, times 0 [ 101.281026][ T4638] EXT4-fs error (device loop1): ext4_orphan_get:1401: inode #15: comm syz.1.76: casefold flag without casefold feature [ 101.331608][ T4648] CPU: 1 PID: 4648 Comm: syz.0.77 Not tainted 5.15.189-syzkaller #0 [ 101.340257][ T4648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 101.350904][ T4648] Call Trace: [ 101.354306][ T4648] [ 101.357537][ T4648] dump_stack_lvl+0x168/0x230 [ 101.362541][ T4648] ? show_regs_print_info+0x20/0x20 [ 101.368177][ T4648] ? load_image+0x3b0/0x3b0 [ 101.373002][ T4648] ? __might_sleep+0xf0/0xf0 [ 101.377631][ T4648] ? __lock_acquire+0x7c60/0x7c60 [ 101.383057][ T4648] ? memset+0x1e/0x40 [ 101.387435][ T4648] should_fail+0x38c/0x4c0 [ 101.392167][ T4648] should_failslab+0x5/0x20 [ 101.397126][ T4648] slab_pre_alloc_hook+0x51/0xc0 [ 101.399001][ T4622] JBD2: Ignoring recovery information on journal [ 101.402186][ T4648] ? security_inode_alloc+0x30/0x110 [ 101.414630][ T4648] kmem_cache_alloc+0x3d/0x290 [ 101.419103][ T4638] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.76: couldn't read orphan inode 15 (err -117) [ 101.419789][ T4648] security_inode_alloc+0x30/0x110 [ 101.438475][ T4648] inode_init_always+0x8f4/0xcb0 [ 101.443538][ T4648] ? shmem_match+0x160/0x160 [ 101.448523][ T4648] new_inode_pseudo+0x8e/0x210 [ 101.453604][ T4648] new_inode+0x25/0x1c0 [ 101.458159][ T4648] shmem_get_inode+0x334/0xa90 [ 101.463321][ T4648] ? _raw_spin_unlock+0x24/0x40 [ 101.468487][ T4648] __shmem_file_setup+0x10b/0x290 [ 101.473800][ T4648] ? shmem_file_setup+0x13/0x30 [ 101.479154][ T4648] __se_sys_memfd_create+0x290/0x430 [ 101.484749][ T4648] ? __x64_sys_memfd_create+0x60/0x60 [ 101.490165][ T4648] ? lockdep_hardirqs_on+0x94/0x140 [ 101.495578][ T4648] do_syscall_64+0x4c/0xa0 [ 101.500138][ T4648] ? clear_bhb_loop+0x30/0x80 [ 101.505111][ T4648] ? clear_bhb_loop+0x30/0x80 [ 101.509875][ T4648] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 101.516075][ T4648] RIP: 0033:0x7f1e59e57be9 [ 101.519786][ T4638] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 101.520702][ T4648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 101.520723][ T4648] RSP: 002b:00007f1e580bee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 101.561468][ T4648] RAX: ffffffffffffffda RBX: 000000000000444c RCX: 00007f1e59e57be9 [ 101.570085][ T4648] RDX: 00007f1e580beef0 RSI: 0000000000000000 RDI: 00007f1e59edb7e8 [ 101.578899][ T4648] RBP: 000020000000cd40 R08: 00007f1e580bebb7 R09: 00007f1e580bee40 [ 101.587256][ T4648] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000004480 [ 101.595633][ T4648] R13: 00007f1e580beef0 R14: 00007f1e580beeb0 R15: 00002000000000c0 [ 101.604183][ T4648] [ 101.632159][ T4622] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 101.652813][ T4638] netlink: 60 bytes leftover after parsing attributes in process `syz.1.76'. [ 101.705224][ T4638] netlink: 'syz.1.76': attribute type 6 has an invalid length. [ 101.734310][ T4638] netlink: 140 bytes leftover after parsing attributes in process `syz.1.76'. [ 101.762023][ T4636] delete_channel: no stack [ 101.803092][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 101.962860][ T4659] loop3: detected capacity change from 0 to 128 [ 101.980012][ T4658] loop0: detected capacity change from 0 to 64 [ 102.215468][ T26] audit: type=1800 audit(1756102244.493:5): pid=4659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.78" name="bus" dev="loop3" ino=1048596 res=0 errno=0 [ 103.084293][ T4658] loop0: detected capacity change from 0 to 4096 [ 103.122693][ T4659] vivid-002: disconnect [ 103.147474][ T4655] vivid-002: reconnect [ 103.168090][ T4658] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 103.335857][ T4658] ntfs3: loop0: failed to convert "c46c" to iso8859-13 [ 104.014966][ T4666] loop1: detected capacity change from 0 to 32768 [ 104.120926][ T4666] (syz.1.81,4666,1):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 104.203105][ T4666] (syz.1.81,4666,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 104.678591][ T4686] xt_TCPMSS: Only works on TCP SYN packets [ 104.818033][ T1325] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 104.906875][ T4690] capability: warning: `syz.0.89' uses 32-bit capabilities (legacy support in use) [ 105.227244][ T1325] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 105.269458][ T1325] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.381036][ T1325] usb 2-1: config 0 interface 0 has no altsetting 0 [ 105.389238][ T1325] usb 2-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 105.399074][ T1325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.418483][ T1325] usb 2-1: config 0 descriptor?? [ 105.491032][ T4695] FAULT_INJECTION: forcing a failure. [ 105.491032][ T4695] name failslab, interval 1, probability 0, space 0, times 0 [ 105.536159][ T4695] CPU: 1 PID: 4695 Comm: syz.2.91 Not tainted 5.15.189-syzkaller #0 [ 105.544647][ T4695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 105.554917][ T4695] Call Trace: [ 105.558309][ T4695] [ 105.561249][ T4695] dump_stack_lvl+0x168/0x230 [ 105.565943][ T4695] ? show_regs_print_info+0x20/0x20 [ 105.571416][ T4695] ? load_image+0x3b0/0x3b0 [ 105.576253][ T4695] ? __might_sleep+0xf0/0xf0 [ 105.581143][ T4695] ? __lock_acquire+0x7c60/0x7c60 [ 105.586607][ T4695] ? mpol_shared_policy_init+0x15a/0x440 [ 105.592253][ T4695] should_fail+0x38c/0x4c0 [ 105.596690][ T4695] should_failslab+0x5/0x20 [ 105.601283][ T4695] slab_pre_alloc_hook+0x51/0xc0 [ 105.606413][ T4695] ? __d_alloc+0x2a/0x6f0 [ 105.611229][ T4695] kmem_cache_alloc+0x3d/0x290 [ 105.616289][ T4695] __d_alloc+0x2a/0x6f0 [ 105.620728][ T4695] ? current_time+0x197/0x2b0 [ 105.625714][ T4695] d_alloc_pseudo+0x19/0x70 [ 105.630432][ T4695] alloc_file_pseudo+0xc8/0x1f0 [ 105.635640][ T4695] ? alloc_empty_file_noaccount+0x80/0x80 [ 105.641740][ T4695] ? shmem_get_inode+0x8c6/0xa90 [ 105.646925][ T4695] __shmem_file_setup+0x1cf/0x290 [ 105.652072][ T4695] ? shmem_file_setup+0x13/0x30 [ 105.657108][ T4695] __se_sys_memfd_create+0x290/0x430 [ 105.662403][ T4695] ? __x64_sys_memfd_create+0x60/0x60 [ 105.668459][ T4695] ? lockdep_hardirqs_on+0x94/0x140 [ 105.673689][ T4695] do_syscall_64+0x4c/0xa0 [ 105.678122][ T4695] ? clear_bhb_loop+0x30/0x80 [ 105.682988][ T4695] ? clear_bhb_loop+0x30/0x80 [ 105.687942][ T4695] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 105.694308][ T4695] RIP: 0033:0x7f2666c54be9 [ 105.699171][ T4695] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 105.719518][ T4695] RSP: 002b:00007f2664ebbe18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 105.728238][ T4695] RAX: ffffffffffffffda RBX: 000000000000444c RCX: 00007f2666c54be9 [ 105.736443][ T4695] RDX: 00007f2664ebbef0 RSI: 0000000000000000 RDI: 00007f2666cd87e8 [ 105.744435][ T4695] RBP: 000020000000cd40 R08: 00007f2664ebbbb7 R09: 00007f2664ebbe40 [ 105.752674][ T4695] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000004480 [ 105.761142][ T4695] R13: 00007f2664ebbef0 R14: 00007f2664ebbeb0 R15: 00002000000000c0 [ 105.769702][ T4695] [ 105.892524][ T4690] loop0: detected capacity change from 0 to 32768 [ 106.019731][ T1325] zeroplus 0003:0C12:0005.0001: collection stack underflow [ 106.054507][ T1325] zeroplus 0003:0C12:0005.0001: item 0 1 0 12 parsing failed [ 106.065174][ T4699] netlink: 28 bytes leftover after parsing attributes in process `syz.0.94'. [ 106.082909][ T1325] zeroplus 0003:0C12:0005.0001: parse failed [ 106.089860][ T4699] netlink: 28 bytes leftover after parsing attributes in process `syz.0.94'. [ 106.111175][ T1325] zeroplus: probe of 0003:0C12:0005.0001 failed with error -22 [ 106.137467][ T4688] loop3: detected capacity change from 0 to 32768 [ 106.178333][ T4706] loop4: detected capacity change from 0 to 128 [ 106.230095][ T4248] usb 2-1: USB disconnect, device number 3 [ 106.274203][ T26] audit: type=1800 audit(1756102248.593:6): pid=4706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.92" name="bus" dev="loop4" ino=1048598 res=0 errno=0 [ 106.492841][ T4712] vivid-004: disconnect [ 106.510308][ T4701] vivid-004: reconnect [ 106.791024][ T4710] loop0: detected capacity change from 0 to 32768 [ 107.001465][ T4710] JBD2: Ignoring recovery information on journal [ 107.342621][ T4710] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 107.531277][ T4187] ocfs2: Unmounting device (7,0) on (node local) [ 107.978891][ T4731] loop0: detected capacity change from 0 to 32768 [ 108.134672][ T4735] loop4: detected capacity change from 0 to 1024 [ 108.216943][ T4738] FAULT_INJECTION: forcing a failure. [ 108.216943][ T4738] name failslab, interval 1, probability 0, space 0, times 0 [ 108.266146][ T4738] CPU: 1 PID: 4738 Comm: syz.2.103 Not tainted 5.15.189-syzkaller #0 [ 108.274820][ T4738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.285191][ T4738] Call Trace: [ 108.288971][ T4738] [ 108.292065][ T4738] dump_stack_lvl+0x168/0x230 [ 108.296832][ T4738] ? show_regs_print_info+0x20/0x20 [ 108.302073][ T4738] ? load_image+0x3b0/0x3b0 [ 108.306630][ T4738] ? __might_sleep+0xf0/0xf0 [ 108.311255][ T4738] ? __lock_acquire+0x7c60/0x7c60 [ 108.316513][ T4738] should_fail+0x38c/0x4c0 [ 108.321327][ T4738] should_failslab+0x5/0x20 [ 108.325852][ T4738] slab_pre_alloc_hook+0x51/0xc0 [ 108.331111][ T4738] ? __alloc_file+0x25/0x240 [ 108.336094][ T4738] kmem_cache_alloc+0x3d/0x290 [ 108.340987][ T4738] __alloc_file+0x25/0x240 [ 108.345697][ T4738] alloc_empty_file+0x90/0x180 [ 108.350809][ T4738] alloc_file+0x5b/0x4f0 [ 108.355092][ T4738] ? do_raw_spin_unlock+0x11d/0x230 [ 108.360705][ T4738] alloc_file_pseudo+0x17a/0x1f0 [ 108.365684][ T4738] ? alloc_empty_file_noaccount+0x80/0x80 [ 108.371627][ T4738] __shmem_file_setup+0x1cf/0x290 [ 108.376862][ T4738] ? shmem_file_setup+0x13/0x30 [ 108.381791][ T4738] __se_sys_memfd_create+0x290/0x430 [ 108.387298][ T4738] ? __x64_sys_memfd_create+0x60/0x60 [ 108.392981][ T4738] ? lockdep_hardirqs_on+0x94/0x140 [ 108.398304][ T4738] do_syscall_64+0x4c/0xa0 [ 108.402920][ T4738] ? clear_bhb_loop+0x30/0x80 [ 108.407704][ T4738] ? clear_bhb_loop+0x30/0x80 [ 108.412438][ T4738] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 108.418642][ T4738] RIP: 0033:0x7f2666c54be9 [ 108.423173][ T4738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.443103][ T4738] RSP: 002b:00007f2664ebbe18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 108.452258][ T4738] RAX: ffffffffffffffda RBX: 000000000000444c RCX: 00007f2666c54be9 [ 108.460822][ T4738] RDX: 00007f2664ebbef0 RSI: 0000000000000000 RDI: 00007f2666cd87e8 [ 108.469007][ T4738] RBP: 000020000000cd40 R08: 00007f2664ebbbb7 R09: 00007f2664ebbe40 [ 108.477531][ T4738] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000004480 [ 108.485968][ T4738] R13: 00007f2664ebbef0 R14: 00007f2664ebbeb0 R15: 00002000000000c0 [ 108.494072][ T4738] [ 108.624848][ T4718] loop1: detected capacity change from 0 to 32768 [ 108.639256][ T4718] XFS: noikeep mount option is deprecated. [ 108.643106][ T4735] EXT4-fs error (device loop4): ext4_map_blocks:739: inode #3: block 1: comm syz.4.98: lblock 1 mapped to illegal pblock 1 (length 1) [ 108.742497][ T4727] loop3: detected capacity change from 0 to 40427 [ 108.854779][ T4727] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 108.882459][ T4727] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 108.991920][ T4718] XFS (loop1): Mounting V5 Filesystem [ 109.061574][ T4727] F2FS-fs (loop3): invalid crc value [ 109.102126][ T4735] Quota error (device loop4): write_blk: dquota write failed [ 109.168593][ T4745] loop2: detected capacity change from 0 to 4096 [ 109.195609][ T4727] F2FS-fs (loop3): Found nat_bits in checkpoint [ 109.205077][ T4718] XFS (loop1): Ending clean mount [ 109.217027][ T4735] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 109.264923][ T4718] XFS (loop1): Quotacheck needed: Please wait. [ 109.337171][ T4735] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.98: Failed to acquire dquot type 0 [ 109.375496][ T4735] EXT4-fs error (device loop4): ext4_free_blocks:6223: comm syz.4.98: Freeing blocks not in datazone - block = 0, count = 4096 [ 109.415970][ T4718] XFS (loop1): Quotacheck: Done. [ 109.525423][ T4727] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 109.553842][ T4735] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.98: Invalid inode bitmap blk 0 in block_group 0 [ 109.556545][ T4727] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 109.580813][ T4368] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:9: lblock 1 mapped to illegal pblock 1 (length 1) [ 109.596964][ T4759] netlink: 12 bytes leftover after parsing attributes in process `syz.1.99'. [ 109.628442][ T4368] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 109.666019][ T4735] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 109.694241][ T4368] EXT4-fs error (device loop4): ext4_release_dquot:6243: comm kworker/u4:9: Failed to release dquot type 0 [ 109.742870][ T4735] EXT4-fs (loop4): 1 orphan inode deleted [ 109.834056][ T4735] EXT4-fs (loop4): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 110.006296][ T21] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 110.387019][ T21] usb 4-1: config 0 has an invalid interface number: 6 but max is 0 [ 110.406854][ T21] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 110.423562][ T21] usb 4-1: config 0 has no interface number 0 [ 110.434440][ T21] usb 4-1: config 0 interface 6 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 110.587754][ T4718] XFS (loop1): User initiated shutdown received. [ 110.607188][ T4718] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 110.636184][ T4718] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 110.677557][ T21] usb 4-1: New USB device found, idVendor=10cf, idProduct=8061, bcdDevice=b7.12 [ 110.697968][ T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.724883][ T21] usb 4-1: Product: syz [ 110.736976][ T21] usb 4-1: Manufacturer: syz [ 110.757491][ T21] usb 4-1: SerialNumber: syz [ 110.776012][ T21] usb 4-1: config 0 descriptor?? [ 110.806319][ T21] usb 4-1: can't set config #0, error -71 [ 110.817216][ T21] usb 4-1: USB disconnect, device number 4 [ 111.210945][ T4189] XFS (loop1): Unmounting Filesystem [ 111.241142][ T4764] loop4: detected capacity change from 0 to 32768 [ 111.439571][ T4769] ipt_CLUSTERIP: Please specify destination IP [ 111.488534][ T4770] loop3: detected capacity change from 0 to 128 [ 111.534158][ T4766] loop2: detected capacity change from 0 to 32768 [ 111.626829][ T4766] XFS: noikeep mount option is deprecated. [ 111.634470][ T26] audit: type=1800 audit(1756102253.953:7): pid=4770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.108" name="bus" dev="loop3" ino=1048600 res=0 errno=0 [ 111.864062][ T4770] vivid-002: disconnect [ 111.936552][ T4767] vivid-002: reconnect [ 112.075777][ T4766] XFS (loop2): Mounting V5 Filesystem [ 112.205831][ T4786] loop0: detected capacity change from 0 to 256 [ 112.394958][ T26] audit: type=1800 audit(1756102254.713:8): pid=4786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.110" name="r,rodir,rodir,debug,utf8=0,rodir,quiet,errors=remount-ro," dev="loop0" ino=1048602 res=0 errno=0 [ 112.405948][ T4766] XFS (loop2): Ending clean mount [ 112.567089][ T4766] XFS (loop2): Quotacheck needed: Please wait. [ 112.580096][ T4792] loop3: detected capacity change from 0 to 512 [ 112.702170][ T4792] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 112.736443][ T4792] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 112.757256][ T4766] XFS (loop2): Quotacheck: Done. [ 112.805978][ T4766] XFS (loop2): User initiated shutdown received. [ 112.828901][ T4766] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 112.842871][ T4781] loop1: detected capacity change from 0 to 32768 [ 112.902852][ T4781] JBD2: Ignoring recovery information on journal [ 112.946601][ T4766] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 112.957454][ T4766] netlink: 12 bytes leftover after parsing attributes in process `syz.2.107'. [ 112.969040][ T4799] FAULT_INJECTION: forcing a failure. [ 112.969040][ T4799] name failslab, interval 1, probability 0, space 0, times 0 [ 112.984721][ T4799] CPU: 0 PID: 4799 Comm: syz.0.114 Not tainted 5.15.189-syzkaller #0 [ 112.985785][ T4781] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 112.994774][ T4799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 112.994794][ T4799] Call Trace: [ 112.994804][ T4799] [ 112.994813][ T4799] dump_stack_lvl+0x168/0x230 [ 112.994844][ T4799] ? show_regs_print_info+0x20/0x20 [ 112.994866][ T4799] ? load_image+0x3b0/0x3b0 [ 112.994890][ T4799] ? __might_sleep+0xf0/0xf0 [ 112.994908][ T4799] ? __lock_acquire+0x7c60/0x7c60 [ 112.994935][ T4799] should_fail+0x38c/0x4c0 [ 113.054817][ T4799] should_failslab+0x5/0x20 [ 113.059723][ T4799] slab_pre_alloc_hook+0x51/0xc0 [ 113.065407][ T4799] ? security_file_alloc+0x30/0x110 [ 113.071710][ T4799] kmem_cache_alloc+0x3d/0x290 [ 113.076625][ T4799] ? rcu_is_watching+0x11/0xa0 [ 113.082691][ T4799] security_file_alloc+0x30/0x110 [ 113.088465][ T4799] __alloc_file+0xc2/0x240 [ 113.093658][ T4799] alloc_empty_file+0x90/0x180 [ 113.099184][ T4799] alloc_file+0x5b/0x4f0 [ 113.105047][ T4799] ? do_raw_spin_unlock+0x11d/0x230 [ 113.110739][ T4799] alloc_file_pseudo+0x17a/0x1f0 [ 113.116716][ T4799] ? alloc_empty_file_noaccount+0x80/0x80 [ 113.123728][ T4799] __shmem_file_setup+0x1cf/0x290 [ 113.130297][ T4799] ? shmem_file_setup+0x13/0x30 [ 113.136943][ T4799] __se_sys_memfd_create+0x290/0x430 [ 113.143561][ T4799] ? __x64_sys_memfd_create+0x60/0x60 [ 113.150122][ T4799] ? lockdep_hardirqs_on+0x94/0x140 [ 113.155903][ T4799] do_syscall_64+0x4c/0xa0 [ 113.161517][ T4799] ? clear_bhb_loop+0x30/0x80 [ 113.168630][ T4799] ? clear_bhb_loop+0x30/0x80 [ 113.175132][ T4799] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 113.182191][ T4799] RIP: 0033:0x7f1e59e57be9 [ 113.187233][ T4799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.214457][ T4799] RSP: 002b:00007f1e580bee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 113.223655][ T4799] RAX: ffffffffffffffda RBX: 000000000000444c RCX: 00007f1e59e57be9 [ 113.232375][ T4799] RDX: 00007f1e580beef0 RSI: 0000000000000000 RDI: 00007f1e59edb7e8 [ 113.240912][ T4799] RBP: 000020000000cd40 R08: 00007f1e580bebb7 R09: 00007f1e580bee40 [ 113.249201][ T4799] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000004480 [ 113.258519][ T4799] R13: 00007f1e580beef0 R14: 00007f1e580beeb0 R15: 00002000000000c0 [ 113.267279][ T4799] [ 113.316343][ T4189] ocfs2: Unmounting device (7,1) on (node local) [ 113.734517][ T4188] XFS (loop2): Unmounting Filesystem [ 113.827871][ T4809] loop4: detected capacity change from 0 to 256 [ 113.873739][ T4809] exfat: Deprecated parameter 'utf8' [ 113.911997][ T4809] exfat: Deprecated parameter 'utf8' [ 113.961640][ T4809] exfat: Deprecated parameter 'utf8' [ 114.088328][ T4809] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 114.485688][ T4805] loop0: detected capacity change from 0 to 32768 [ 114.565541][ T4805] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.117 (4805) [ 114.590352][ T4812] loop3: detected capacity change from 0 to 32768 [ 114.864336][ T4819] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 114.867595][ T4805] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 114.896549][ T4815] loop2: detected capacity change from 0 to 4096 [ 114.920347][ T4805] BTRFS info (device loop0): using free space tree [ 114.928357][ T4805] BTRFS info (device loop0): has skinny extents [ 115.165126][ T4815] ntfs3: loop2: ino=5, "/" directory corrupted [ 115.216451][ T4815] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 115.333706][ T4805] BTRFS info (device loop0): enabling ssd optimizations [ 115.664888][ T4819] loop4: detected capacity change from 0 to 32768 [ 115.710415][ T4819] XFS: noikeep mount option is deprecated. [ 115.738658][ T4847] loop2: detected capacity change from 0 to 128 [ 115.839694][ T26] audit: type=1800 audit(1756102258.163:9): pid=4847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.124" name="bus" dev="loop2" ino=1048604 res=0 errno=0 [ 116.095590][ T4857] vivid-000: disconnect [ 116.109615][ T4819] XFS (loop4): Mounting V5 Filesystem [ 116.228223][ T4844] vivid-000: reconnect [ 116.413962][ T4819] XFS (loop4): Ending clean mount [ 116.457427][ T4819] XFS (loop4): Quotacheck needed: Please wait. [ 116.508936][ T4874] netlink: 4 bytes leftover after parsing attributes in process `syz.1.125'. [ 116.546675][ T4819] XFS (loop4): Quotacheck: Done. [ 116.615436][ T4819] XFS (loop4): User initiated shutdown received. [ 116.636300][ T4819] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 116.654820][ T4819] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 116.765217][ T4879] FAULT_INJECTION: forcing a failure. [ 116.765217][ T4879] name failslab, interval 1, probability 0, space 0, times 0 [ 116.815406][ T4879] CPU: 1 PID: 4879 Comm: syz.1.127 Not tainted 5.15.189-syzkaller #0 [ 116.824406][ T4879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 116.835638][ T4879] Call Trace: [ 116.839138][ T4879] [ 116.842359][ T4879] dump_stack_lvl+0x168/0x230 [ 116.848278][ T4879] ? show_regs_print_info+0x20/0x20 [ 116.853972][ T4879] ? load_image+0x3b0/0x3b0 [ 116.858713][ T4879] ? __lock_acquire+0x7c60/0x7c60 [ 116.863852][ T4879] ? rcu_is_watching+0x11/0xa0 [ 116.869287][ T4879] should_fail+0x38c/0x4c0 [ 116.874648][ T4879] should_failslab+0x5/0x20 [ 116.879968][ T4879] slab_pre_alloc_hook+0x51/0xc0 [ 116.885417][ T4879] ? vm_area_alloc+0x20/0xe0 [ 116.890836][ T4879] kmem_cache_alloc+0x3d/0x290 [ 116.896409][ T4879] vm_area_alloc+0x20/0xe0 [ 116.901438][ T4879] mmap_region+0x945/0x15e0 [ 116.906408][ T4879] do_mmap+0x77a/0xdf0 [ 116.912095][ T4879] vm_mmap_pgoff+0x1b2/0x2b0 [ 116.916996][ T4879] ? account_locked_vm+0xe0/0xe0 [ 116.922320][ T4879] ? __lock_acquire+0x7c60/0x7c60 [ 116.928395][ T4879] ksys_mmap_pgoff+0x140/0x780 [ 116.933786][ T4879] ? mmap_region+0x15e0/0x15e0 [ 116.939134][ T4879] ? lockdep_hardirqs_on+0x94/0x140 [ 116.944570][ T4879] do_syscall_64+0x4c/0xa0 [ 116.949383][ T4879] ? clear_bhb_loop+0x30/0x80 [ 116.955141][ T4879] ? clear_bhb_loop+0x30/0x80 [ 116.960818][ T4879] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 116.967342][ T4879] RIP: 0033:0x7fcb9f28cc23 [ 116.972172][ T4879] Code: f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 41 89 ca 41 f7 c1 ff 0f 00 00 75 14 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 25 c3 0f 1f 40 00 48 c7 c0 a8 ff ff ff 64 c7 [ 116.997441][ T4879] RSP: 002b:00007fcb9d4f3e18 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 117.007109][ T4879] RAX: ffffffffffffffda RBX: 000000000000444a RCX: 00007fcb9f28cc23 [ 117.016215][ T4879] RDX: 0000000000000003 RSI: 0000000008400000 RDI: 0000000000000000 [ 117.024659][ T4879] RBP: 000020000000cd42 R08: 00000000ffffffff R09: 0000000000000000 [ 117.034192][ T4879] R10: 0000000000000022 R11: 0000000000000246 R12: 0000000000000004 [ 117.042293][ T4879] R13: 00007fcb9d4f3ef0 R14: 00007fcb9d4f3eb0 R15: 00002000000000c0 [ 117.051191][ T4879] [ 117.166264][ T4243] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 117.242404][ T4183] XFS (loop4): Unmounting Filesystem [ 117.432155][ T4243] usb 3-1: Using ep0 maxpacket: 32 [ 117.566584][ T4243] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 117.586454][ T4243] usb 3-1: config 0 has no interface number 0 [ 117.594062][ T4243] usb 3-1: config 0 interface 184 has no altsetting 0 [ 117.826442][ T4243] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 117.856157][ T4243] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.895289][ T4243] usb 3-1: Product: syz [ 117.901264][ T4243] usb 3-1: Manufacturer: syz [ 117.911421][ T4243] usb 3-1: SerialNumber: syz [ 117.929874][ T4885] loop1: detected capacity change from 0 to 32768 [ 117.939788][ T4243] usb 3-1: config 0 descriptor?? [ 118.007451][ T4243] smsc75xx v1.0.0 [ 118.063320][ T4885] JBD2: Ignoring recovery information on journal [ 118.276170][ T4885] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 118.380285][ T4189] ocfs2: Unmounting device (7,1) on (node local) [ 118.397596][ T4897] program syz.0.133 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 118.538092][ T4902] loop1: detected capacity change from 0 to 64 [ 118.594017][ T4881] loop2: detected capacity change from 0 to 8192 [ 118.599346][ T4902] hfs: unable to parse mount options [ 118.660517][ T4888] loop4: detected capacity change from 0 to 32768 [ 118.673338][ T4881] REISERFS warning (device loop2): super-6502 reiserfs_getopt: unknown mount option "hash=tea" [ 118.706854][ T4888] XFS: noikeep mount option is deprecated. [ 118.831598][ T4888] XFS (loop4): Mounting V5 Filesystem [ 118.898334][ T4243] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 118.941744][ T4243] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 118.972702][ T4243] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 119.003398][ T4243] smsc75xx: probe of 3-1:0.184 failed with error -71 [ 119.048047][ T4243] usb 3-1: USB disconnect, device number 3 [ 119.056431][ T4861] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 119.097895][ T4888] XFS (loop4): Ending clean mount [ 119.117381][ T4888] XFS (loop4): Quotacheck needed: Please wait. [ 119.258888][ T4888] XFS (loop4): Quotacheck: Done. [ 119.261553][ T4925] loop2: detected capacity change from 0 to 128 [ 119.296655][ T4861] usb 2-1: Using ep0 maxpacket: 32 [ 119.311692][ T4900] loop3: detected capacity change from 0 to 32768 [ 119.360577][ T4888] XFS (loop4): User initiated shutdown received. [ 119.394502][ T4888] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 119.394533][ T4926] netlink: 12 bytes leftover after parsing attributes in process `syz.4.129'. [ 119.394552][ T4888] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 119.420633][ T4861] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.428132][ T4900] (syz.3.132,4900,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "nˣKN(;^o!cl" or missing value [ 119.454855][ T4861] usb 2-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 119.472581][ T26] audit: type=1800 audit(1756102261.793:10): pid=4927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.137" name="bus" dev="loop2" ino=1048606 res=0 errno=0 [ 119.521343][ T4861] usb 2-1: config 0 interface 0 has no altsetting 0 [ 119.549920][ T4861] usb 2-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 119.564815][ T4900] (syz.3.132,4900,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 119.608938][ T4861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.625003][ T4861] usb 2-1: config 0 descriptor?? [ 119.648130][ T4925] vivid-000: disconnect [ 119.678416][ T4923] vivid-000: reconnect [ 119.736603][ T4931] loop0: detected capacity change from 0 to 1024 [ 119.923614][ T4931] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #3: block 1: comm syz.0.135: lblock 1 mapped to illegal pblock 1 (length 1) [ 119.941163][ T4931] Quota error (device loop0): write_blk: dquota write failed [ 119.950253][ T4931] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 119.963159][ T4931] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.135: Failed to acquire dquot type 0 [ 119.976880][ T4931] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.135: Freeing blocks not in datazone - block = 0, count = 4096 [ 119.991945][ T4931] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.135: Invalid inode bitmap blk 0 in block_group 0 [ 120.005498][ T4931] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 120.005502][ T1275] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 120.014697][ T4931] EXT4-fs (loop0): 1 orphan inode deleted [ 120.036201][ T4931] EXT4-fs (loop0): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 120.056457][ T1275] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 120.228304][ T4861] wacom 0003:056A:0094.0002: Using device in hidraw-only mode [ 120.246597][ T4183] XFS (loop4): Unmounting Filesystem [ 120.250448][ T1275] EXT4-fs error (device loop0): ext4_release_dquot:6243: comm kworker/u4:4: Failed to release dquot type 0 [ 120.317584][ T4861] wacom 0003:056A:0094.0002: hidraw0: USB HID v0.05 Device [HID 056a:0094] on usb-dummy_hcd.1-1/input0 [ 120.342002][ T4941] syz.2.139 uses obsolete (PF_INET,SOCK_PACKET) [ 120.400526][ T4904] loop1: detected capacity change from 0 to 512 [ 120.706322][ T1325] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 120.809690][ T4946] loop0: detected capacity change from 0 to 32768 [ 120.987935][ T1325] usb 3-1: Using ep0 maxpacket: 16 [ 121.000707][ T4939] loop3: detected capacity change from 0 to 32768 [ 121.096864][ T4939] XFS: noikeep mount option is deprecated. [ 121.119697][ T1325] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 121.142077][ T1325] usb 3-1: config 0 has no interface number 0 [ 121.156215][ T1325] usb 3-1: config 0 interface 113 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 121.213539][ T1325] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 121.229606][ T1325] usb 3-1: config 0 interface 113 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 121.243452][ T1325] usb 3-1: config 0 interface 113 has no altsetting 0 [ 121.263701][ T4939] XFS (loop3): Mounting V5 Filesystem [ 121.383300][ T4939] XFS (loop3): Ending clean mount [ 121.405337][ T4939] XFS (loop3): Quotacheck needed: Please wait. [ 121.426797][ T1325] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 121.448325][ T1325] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.494879][ T1325] usb 3-1: Product: syz [ 121.521753][ T1325] usb 3-1: Manufacturer: syz [ 121.528769][ T1325] usb 3-1: SerialNumber: syz [ 121.555762][ T1325] usb 3-1: config 0 descriptor?? [ 121.581052][ T4941] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 121.596586][ T4939] XFS (loop3): Quotacheck: Done. [ 121.624513][ T4298] usb 2-1: USB disconnect, device number 4 [ 121.646121][ C0] usb 3-1: NFC: Urb failure (status -71) [ 121.655438][ T1325] usb 3-1: NFC: Unable to get FW version [ 121.663703][ T1325] pn533_usb: probe of 3-1:0.113 failed with error -90 [ 121.732288][ T4960] vcan0: tx drop: invalid da for name 0x00000000000000ee [ 121.805470][ T4939] XFS (loop3): User initiated shutdown received. [ 121.813864][ T4963] FAULT_INJECTION: forcing a failure. [ 121.813864][ T4963] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 121.829345][ T4939] XFS (loop3): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 121.845186][ T4941] loop2: detected capacity change from 0 to 1024 [ 121.870058][ T4963] CPU: 1 PID: 4963 Comm: syz.4.144 Not tainted 5.15.189-syzkaller #0 [ 121.879136][ T4963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 121.890539][ T4963] Call Trace: [ 121.894019][ T4963] [ 121.897259][ T4963] dump_stack_lvl+0x168/0x230 [ 121.902254][ T4963] ? show_regs_print_info+0x20/0x20 [ 121.908213][ T4963] ? load_image+0x3b0/0x3b0 [ 121.914952][ T4963] ? __lock_acquire+0x7c60/0x7c60 [ 121.921167][ T4963] should_fail+0x38c/0x4c0 [ 121.926025][ T4963] prepare_alloc_pages+0x1e4/0x5f0 [ 121.932544][ T4963] __alloc_pages+0x10e/0x470 [ 121.937351][ T4963] ? zone_statistics+0x170/0x170 [ 121.942699][ T4963] ? alloc_pages+0x438/0x550 [ 121.948012][ T4963] pte_alloc_one+0x80/0x2f0 [ 121.953090][ T4963] ? rcu_lock_release+0x20/0x20 [ 121.958349][ T4963] ? count_memcg_event_mm+0x311/0x360 [ 121.964633][ T4963] ? remove_device_exclusive_entry+0xa70/0xa70 [ 121.971107][ T4963] ? __lock_acquire+0x7c60/0x7c60 [ 121.977284][ T4963] __pte_alloc+0x21/0x150 [ 121.982191][ T4963] handle_mm_fault+0x395c/0x43c0 [ 121.987825][ T4963] ? get_page+0xe0/0xe0 [ 121.992245][ T4963] ? vmacache_find+0x4f0/0x590 [ 121.997290][ T4963] ? vmacache_update+0xa0/0x100 [ 122.002857][ T4963] ? find_vma+0x1df/0x230 [ 122.007456][ T4963] do_user_addr_fault+0x489/0xc80 [ 122.012965][ T4963] exc_page_fault+0x60/0x100 [ 122.018136][ T4963] ? clear_bhb_loop+0x30/0x80 [ 122.023802][ T4963] asm_exc_page_fault+0x22/0x30 [ 122.029101][ T4963] RIP: 0033:0x7f855ef03ba3 [ 122.033618][ T4963] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 122.055846][ T4963] RSP: 002b:00007f855d2a84a0 EFLAGS: 00010202 [ 122.062469][ T4963] RAX: 0000000000000000 RBX: 00007f855d2a8540 RCX: 00007f8554e89000 [ 122.071779][ T4963] RDX: 00007f855d2a86e0 RSI: 0000000000000039 RDI: 00007f855d2a85e0 [ 122.080332][ T4963] RBP: 0000000000000136 R08: 0000000000000006 R09: 0000000000000020 [ 122.089022][ T4963] R10: 0000000000000024 R11: 00007f855d2a8540 R12: 00007f855d2a8540 [ 122.097793][ T4963] R13: 00007f855f0e0a20 R14: 0000000000000002 R15: 00007f855d2a85e0 [ 122.106220][ T4963] [ 122.115051][ T4939] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 122.242784][ T4963] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 122.356941][ T1325] usb 3-1: USB disconnect, device number 4 [ 122.366270][ T4298] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 122.606109][ T4298] usb 2-1: Using ep0 maxpacket: 16 [ 122.688818][ T4190] XFS (loop3): Unmounting Filesystem [ 122.766357][ T4298] usb 2-1: unable to get BOS descriptor or descriptor too short [ 122.846427][ T4298] usb 2-1: config 8 has an invalid interface number: 64 but max is 0 [ 122.864107][ T4298] usb 2-1: config 8 has no interface number 0 [ 122.883971][ T4298] usb 2-1: config 8 interface 64 altsetting 2 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 122.917711][ T4298] usb 2-1: config 8 interface 64 has no altsetting 0 [ 122.957316][ T4963] loop4: detected capacity change from 0 to 32768 [ 123.070018][ T4963] JBD2: Ignoring recovery information on journal [ 123.086422][ T4298] usb 2-1: New USB device found, idVendor=19d2, idProduct=64c6, bcdDevice= e.34 [ 123.099401][ T4298] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.108795][ T4298] usb 2-1: Product: syz [ 123.113467][ T4298] usb 2-1: Manufacturer: syz [ 123.119209][ T4298] usb 2-1: SerialNumber: syz [ 123.238610][ T4963] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 123.278131][ T4966] loop2: detected capacity change from 0 to 4096 [ 123.342606][ T4183] ocfs2: Unmounting device (7,4) on (node local) [ 123.493325][ T4972] IPVS: wrr: FWM 4 0x00000004 - no destination available [ 123.536968][ T4298] cdc_ether 2-1:8.64: invalid descriptor buffer length [ 123.544300][ T4298] usb 2-1: bad CDC descriptors [ 123.598911][ T4298] usb 2-1: USB disconnect, device number 5 [ 123.862746][ T4981] loop4: detected capacity change from 0 to 128 [ 123.985582][ T26] audit: type=1800 audit(1756102266.303:11): pid=4981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.149" name="bus" dev="loop4" ino=1048608 res=0 errno=0 [ 124.083135][ T4968] loop3: detected capacity change from 0 to 32768 [ 124.174180][ T4985] vivid-004: disconnect [ 124.216252][ T4968] (syz.3.145,4968,1):ocfs2_sb_probe:756 ERROR: incompatible version: 2.33686018 [ 124.234461][ T4968] (syz.3.145,4968,1):ocfs2_sb_probe:769 ERROR: This is an ocfs v1 filesystem which must be upgraded before mounting with ocfs v2 [ 124.253446][ T4968] (syz.3.145,4968,1):ocfs2_fill_super:991 ERROR: superblock probe failed! [ 124.263652][ T4968] (syz.3.145,4968,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 124.297973][ T4977] vivid-004: reconnect [ 124.713828][ T4994] loop0: detected capacity change from 0 to 8 [ 124.862332][ T4992] loop4: detected capacity change from 0 to 8192 [ 124.875606][ T4994] SQUASHFS error: Unable to read inode 0x127 [ 124.909246][ T4995] netlink: 8 bytes leftover after parsing attributes in process `syz.4.155'. [ 124.962932][ T4995] bond0: option miimon: invalid value (18446744073709551615) [ 124.994068][ T4995] bond0: option miimon: allowed values 0 - 2147483647 [ 125.002722][ T4313] loop4: AHDI p1 p2 p3 [ 125.127156][ T4998] loop2: detected capacity change from 0 to 1024 [ 125.307035][ T4992] loop4: AHDI p1 p2 p3 [ 125.361981][ T4998] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #3: block 1: comm syz.2.152: lblock 1 mapped to illegal pblock 1 (length 1) [ 125.380232][ T4998] Quota error (device loop2): write_blk: dquota write failed [ 125.388947][ T4998] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 125.401040][ T4998] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.152: Failed to acquire dquot type 0 [ 125.414905][ T4998] EXT4-fs error (device loop2): ext4_free_blocks:6223: comm syz.2.152: Freeing blocks not in datazone - block = 0, count = 4096 [ 125.446604][ T4998] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.152: Invalid inode bitmap blk 0 in block_group 0 [ 125.462628][ T4998] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 125.477053][ T4998] EXT4-fs (loop2): 1 orphan inode deleted [ 125.483513][ T4998] EXT4-fs (loop2): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 125.507696][ T1275] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 125.620530][ T4986] loop1: detected capacity change from 0 to 32768 [ 125.661909][ T1275] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 125.730093][ T1275] EXT4-fs error (device loop2): ext4_release_dquot:6243: comm kworker/u4:4: Failed to release dquot type 0 [ 125.756798][ T4986] XFS: noikeep mount option is deprecated. [ 125.951012][ T4986] XFS (loop1): Mounting V5 Filesystem [ 125.957576][ T5009] FAULT_INJECTION: forcing a failure. [ 125.957576][ T5009] name failslab, interval 1, probability 0, space 0, times 0 [ 126.004961][ T5009] CPU: 0 PID: 5009 Comm: syz.3.157 Not tainted 5.15.189-syzkaller #0 [ 126.013742][ T5009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 126.026075][ T5009] Call Trace: [ 126.029404][ T5009] [ 126.032646][ T5009] dump_stack_lvl+0x168/0x230 [ 126.037953][ T5009] ? show_regs_print_info+0x20/0x20 [ 126.044129][ T5009] ? load_image+0x3b0/0x3b0 [ 126.048953][ T5009] ? __might_sleep+0xf0/0xf0 [ 126.054361][ T5009] ? __lock_acquire+0x7c60/0x7c60 [ 126.059540][ T5009] should_fail+0x38c/0x4c0 [ 126.064537][ T5009] should_failslab+0x5/0x20 [ 126.069348][ T5009] slab_pre_alloc_hook+0x51/0xc0 [ 126.075381][ T5009] ? ptlock_alloc+0x1c/0x60 [ 126.080635][ T5009] kmem_cache_alloc+0x3d/0x290 [ 126.085966][ T5009] ptlock_alloc+0x1c/0x60 [ 126.090864][ T5009] pte_alloc_one+0xc5/0x2f0 [ 126.095693][ T5009] ? rcu_lock_release+0x20/0x20 [ 126.100782][ T5009] ? count_memcg_event_mm+0x311/0x360 [ 126.106548][ T5009] ? remove_device_exclusive_entry+0xa70/0xa70 [ 126.113772][ T5009] ? __lock_acquire+0x7c60/0x7c60 [ 126.119515][ T5009] __pte_alloc+0x21/0x150 [ 126.124348][ T5009] handle_mm_fault+0x395c/0x43c0 [ 126.130347][ T5009] ? get_page+0xe0/0xe0 [ 126.135011][ T5009] ? vmacache_find+0x4f0/0x590 [ 126.139985][ T5009] ? vmacache_update+0xa0/0x100 [ 126.145647][ T5009] ? find_vma+0x1df/0x230 [ 126.150081][ T5009] do_user_addr_fault+0x489/0xc80 [ 126.155220][ T5009] exc_page_fault+0x60/0x100 [ 126.159934][ T5009] ? clear_bhb_loop+0x30/0x80 [ 126.164638][ T5009] asm_exc_page_fault+0x22/0x30 [ 126.169678][ T5009] RIP: 0033:0x7f72a97beba3 [ 126.174518][ T5009] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 126.195278][ T5009] RSP: 002b:00007f72a7b634a0 EFLAGS: 00010202 [ 126.201645][ T5009] RAX: 0000000000000000 RBX: 00007f72a7b63540 RCX: 00007f729f744000 [ 126.209903][ T5009] RDX: 00007f72a7b636e0 RSI: 0000000000000039 RDI: 00007f72a7b635e0 [ 126.218089][ T5009] RBP: 0000000000000136 R08: 0000000000000006 R09: 0000000000000020 [ 126.226528][ T5009] R10: 0000000000000024 R11: 00007f72a7b63540 R12: 00007f72a7b63540 [ 126.235236][ T5009] R13: 00007f72a999ba20 R14: 0000000000000002 R15: 00007f72a7b635e0 [ 126.244308][ T5009] [ 126.437501][ T4986] XFS (loop1): Ending clean mount [ 126.483200][ T4986] XFS (loop1): Quotacheck needed: Please wait. [ 126.516536][ T5009] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 126.550864][ T5012] loop2: detected capacity change from 0 to 32768 [ 126.595009][ T4986] XFS (loop1): Quotacheck: Done. [ 126.626269][ T4994] loop0: detected capacity change from 0 to 32768 [ 126.637382][ T5012] XFS: noikeep mount option is deprecated. [ 126.665460][ T4986] XFS (loop1): User initiated shutdown received. [ 126.737624][ T4986] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 126.739321][ T5021] netlink: 12 bytes leftover after parsing attributes in process `syz.1.151'. [ 126.764589][ T4994] ERROR: (device loop0): dbAlloc: unable to allocate blocks [ 126.764589][ T4994] [ 126.794734][ T5012] XFS (loop2): Mounting V5 Filesystem [ 126.809222][ T4986] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 126.938989][ T4381] udevd[4381]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 126.972777][ T5012] XFS (loop2): Ending clean mount [ 126.976716][ T4997] loop4: detected capacity change from 0 to 32768 [ 127.020151][ T5012] XFS (loop2): Quotacheck needed: Please wait. [ 127.029907][ T4992] ialloc: diAlloc returned -5! [ 127.144285][ T5012] XFS (loop2): Quotacheck: Done. [ 127.214100][ T4381] udevd[4381]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory [ 127.228303][ T5012] XFS (loop2): User initiated shutdown received. [ 127.267831][ T5012] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 127.315698][ T5012] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 127.417080][ T4189] XFS (loop1): Unmounting Filesystem [ 127.480449][ T5009] loop3: detected capacity change from 0 to 32768 [ 127.559860][ T5009] JBD2: Ignoring recovery information on journal [ 127.730155][ T5030] tipc: Started in network mode [ 127.776318][ T5030] tipc: Node identity 9a9963dff89e, cluster identity 4711 [ 127.810155][ T5009] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 127.838596][ T5030] tipc: Enabled bearer , priority 0 [ 127.903386][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 127.941172][ T4188] XFS (loop2): Unmounting Filesystem [ 127.948384][ T5030] netlink: 232 bytes leftover after parsing attributes in process `syz.0.158'. [ 128.062900][ T5033] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.122669][ T5033] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.378364][ T5044] loop1: detected capacity change from 0 to 16 [ 128.487247][ T5044] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 128.555644][ T4347] udevd[4347]: incorrect cramfs checksum on /dev/loop1 [ 128.575742][ T5031] device syzkaller0 entered promiscuous mode [ 128.605578][ T5031] tipc: Resetting bearer [ 128.616269][ T5030] netlink: 4 bytes leftover after parsing attributes in process `syz.0.158'. [ 128.693590][ T4381] udevd[4381]: incorrect cramfs checksum on /dev/loop1 [ 128.834766][ T5046] loop3: detected capacity change from 0 to 32768 [ 128.867857][ T5029] tipc: Resetting bearer [ 128.955890][ T5029] tipc: Disabling bearer [ 129.375936][ T5055] netlink: 8 bytes leftover after parsing attributes in process `syz.2.161'. [ 129.427380][ T5060] loop4: detected capacity change from 0 to 128 [ 129.549728][ T26] audit: type=1800 audit(1756102271.873:12): pid=5060 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.165" name="bus" dev="loop4" ino=1048610 res=0 errno=0 [ 129.767789][ T5060] vivid-004: disconnect [ 129.782872][ T5056] vivid-004: reconnect [ 130.116091][ T5076] loop0: detected capacity change from 0 to 1024 [ 130.318086][ T5076] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #3: block 1: comm syz.0.166: lblock 1 mapped to illegal pblock 1 (length 1) [ 130.333652][ T5076] Quota error (device loop0): write_blk: dquota write failed [ 130.341741][ T5076] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 130.352537][ T5076] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.166: Failed to acquire dquot type 0 [ 130.369943][ T5076] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.166: Freeing blocks not in datazone - block = 0, count = 4096 [ 130.384960][ T5076] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.166: Invalid inode bitmap blk 0 in block_group 0 [ 130.400391][ T5076] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 130.413441][ T5076] EXT4-fs (loop0): 1 orphan inode deleted [ 130.427994][ T5076] EXT4-fs (loop0): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 130.442421][ T1275] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:4: lblock 1 mapped to illegal pblock 1 (length 1) [ 130.555351][ T1275] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 130.565161][ T1275] EXT4-fs error (device loop0): ext4_release_dquot:6243: comm kworker/u4:4: Failed to release dquot type 0 [ 130.682885][ T5072] loop2: detected capacity change from 0 to 32768 [ 130.776321][ T5072] JBD2: Ignoring recovery information on journal [ 130.888930][ T5075] loop4: detected capacity change from 0 to 32768 [ 130.930612][ T5075] XFS: noikeep mount option is deprecated. [ 130.971128][ T5072] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 130.987730][ T5088] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 130.991138][ T5075] XFS (loop4): Mounting V5 Filesystem [ 131.236905][ T5075] XFS (loop4): Ending clean mount [ 131.247500][ T5075] XFS (loop4): Quotacheck needed: Please wait. [ 131.313112][ T5075] XFS (loop4): Quotacheck: Done. [ 131.318837][ T4188] ocfs2: Unmounting device (7,2) on (node local) [ 131.435154][ T5075] XFS (loop4): User initiated shutdown received. [ 131.452319][ T5075] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 131.490800][ T5088] loop0: detected capacity change from 0 to 32768 [ 131.503543][ T5075] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 131.533570][ T5088] XFS: noikeep mount option is deprecated. [ 131.612911][ T5088] XFS (loop0): Mounting V5 Filesystem [ 131.620434][ T5103] FAULT_INJECTION: forcing a failure. [ 131.620434][ T5103] name failslab, interval 1, probability 0, space 0, times 0 [ 131.662110][ T5103] CPU: 1 PID: 5103 Comm: syz.2.172 Not tainted 5.15.189-syzkaller #0 [ 131.675537][ T5103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 131.687957][ T5103] Call Trace: [ 131.691359][ T5103] [ 131.694786][ T5103] dump_stack_lvl+0x168/0x230 [ 131.699869][ T5103] ? show_regs_print_info+0x20/0x20 [ 131.705379][ T5103] ? load_image+0x3b0/0x3b0 [ 131.711123][ T5103] ? __might_sleep+0xf0/0xf0 [ 131.716631][ T5103] ? __lock_acquire+0x7c60/0x7c60 [ 131.722680][ T5103] should_fail+0x38c/0x4c0 [ 131.727906][ T5103] should_failslab+0x5/0x20 [ 131.733117][ T5103] slab_pre_alloc_hook+0x51/0xc0 [ 131.738357][ T5103] ? __anon_vma_prepare+0x66/0x410 [ 131.743700][ T5103] kmem_cache_alloc+0x3d/0x290 [ 131.748596][ T5103] __anon_vma_prepare+0x66/0x410 [ 131.753644][ T5103] ? __pte_alloc+0x10f/0x150 [ 131.758594][ T5103] handle_mm_fault+0x3b86/0x43c0 [ 131.764128][ T5103] ? get_page+0xe0/0xe0 [ 131.768852][ T5103] ? vmacache_find+0x4f0/0x590 [ 131.774317][ T5103] ? vmacache_update+0xa0/0x100 [ 131.779916][ T5103] ? find_vma+0x1df/0x230 [ 131.784479][ T5103] do_user_addr_fault+0x489/0xc80 [ 131.789969][ T5103] exc_page_fault+0x60/0x100 [ 131.795307][ T5103] ? clear_bhb_loop+0x30/0x80 [ 131.800395][ T5103] asm_exc_page_fault+0x22/0x30 [ 131.805851][ T5103] RIP: 0033:0x7f2666b16ba3 [ 131.810577][ T5103] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 131.831954][ T5103] RSP: 002b:00007f2664ebb4a0 EFLAGS: 00010202 [ 131.838776][ T5103] RAX: 0000000000000000 RBX: 00007f2664ebb540 RCX: 00007f265ca9c000 [ 131.847505][ T5103] RDX: 00007f2664ebb6e0 RSI: 0000000000000039 RDI: 00007f2664ebb5e0 [ 131.856291][ T5103] RBP: 0000000000000136 R08: 0000000000000006 R09: 0000000000000020 [ 131.864942][ T5103] R10: 0000000000000024 R11: 00007f2664ebb540 R12: 00007f2664ebb540 [ 131.874161][ T5103] R13: 00007f2666cf3a20 R14: 0000000000000002 R15: 00007f2664ebb5e0 [ 131.883501][ T5103] [ 131.896014][ T5103] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 132.022564][ T5088] XFS (loop0): Ending clean mount [ 132.029249][ T5110] loop3: detected capacity change from 0 to 2048 [ 132.035785][ T5088] XFS (loop0): Quotacheck needed: Please wait. [ 132.080805][ T5110] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 132.102627][ T5110] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 132.142023][ T5110] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0x0b != 0xd4 [ 132.154978][ T5088] XFS (loop0): Quotacheck: Done. [ 132.234092][ T4183] XFS (loop4): Unmounting Filesystem [ 132.251535][ T5110] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.419852][ T5103] loop2: detected capacity change from 0 to 32768 [ 132.477215][ T5103] JBD2: Ignoring recovery information on journal [ 132.596811][ T5103] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 132.719733][ T4188] ocfs2: Unmounting device (7,2) on (node local) [ 132.998265][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.005046][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.126220][ T1325] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 133.373693][ T5088] XFS (loop0): User initiated shutdown received. [ 133.379921][ T5123] loop2: detected capacity change from 0 to 512 [ 133.395458][ T5088] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 133.439323][ T5088] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 133.481933][ T5123] EXT4-fs (loop2): Unrecognized mount option "measure" or missing value [ 133.526492][ T1325] usb 2-1: Using ep0 maxpacket: 8 [ 133.646598][ T1325] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 133.685372][ T1325] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 133.725025][ T1325] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 133.745171][ T1325] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 133.768422][ T5123] TCP: request_sock_TCP: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 133.774687][ T5134] loop3: detected capacity change from 0 to 128 [ 133.782369][ T1325] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 133.813475][ T1325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.861768][ T5135] loop4: detected capacity change from 0 to 1024 [ 133.914784][ T26] audit: type=1800 audit(1756102276.233:13): pid=5134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.181" name="bus" dev="loop3" ino=1048612 res=0 errno=0 [ 134.052976][ T5135] EXT4-fs error (device loop4): ext4_map_blocks:739: inode #3: block 1: comm syz.4.180: lblock 1 mapped to illegal pblock 1 (length 1) [ 134.083758][ T5135] Quota error (device loop4): write_blk: dquota write failed [ 134.091041][ T4187] XFS (loop0): Unmounting Filesystem [ 134.091610][ T5135] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 134.107810][ T5135] EXT4-fs error (device loop4): ext4_acquire_dquot:6207: comm syz.4.180: Failed to acquire dquot type 0 [ 134.146150][ T1325] usb 2-1: GET_CAPABILITIES returned 0 [ 134.151809][ T1325] usbtmc 2-1:16.0: can't read capabilities [ 134.183090][ T5135] EXT4-fs error (device loop4): ext4_free_blocks:6223: comm syz.4.180: Freeing blocks not in datazone - block = 0, count = 4096 [ 134.229415][ T5134] vivid-002: disconnect [ 134.234583][ T5135] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.180: Invalid inode bitmap blk 0 in block_group 0 [ 134.266506][ T4376] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:14: lblock 1 mapped to illegal pblock 1 (length 1) [ 134.289767][ T5132] vivid-002: reconnect [ 134.295019][ T4376] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 134.344393][ T4376] EXT4-fs error (device loop4): ext4_release_dquot:6243: comm kworker/u4:14: Failed to release dquot type 0 [ 134.350598][ T5135] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 134.406202][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.418406][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.418982][ T5135] EXT4-fs (loop4): 1 orphan inode deleted [ 134.428565][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.444313][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.454430][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.465392][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.475317][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.485100][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.488176][ T5135] EXT4-fs (loop4): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 134.494986][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.516373][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.526449][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.536095][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.545934][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.556047][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.565432][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.575136][ C0] usbtmc 2-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71 [ 134.586964][ T5116] usbtmc 2-1:16.0: Unable to send data, error -71 [ 134.948356][ T5138] loop2: detected capacity change from 0 to 32768 [ 134.996923][ T5138] (syz.2.182,5138,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 135.050239][ T5138] (syz.2.182,5138,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 135.116350][ T5138] (syz.2.182,5138,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x656d756e, computed 0xa7efa3e4. Applying ECC. [ 135.226741][ T5138] (syz.2.182,5138,1):ocfs2_verify_heartbeat:815 ERROR: Cannot heartbeat on a locally mounted device. [ 135.285353][ T5138] (syz.2.182,5138,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 135.363248][ T5147] loop0: detected capacity change from 0 to 32768 [ 135.709734][ T5142] loop1: detected capacity change from 0 to 40427 [ 135.773160][ T5142] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x1ffff [ 135.828885][ T5142] F2FS-fs (loop1): invalid crc value [ 135.856904][ T5142] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12) [ 135.920711][ T5154] udc-core: couldn't find an available UDC or it's busy [ 135.975192][ T5154] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 135.998661][ T1325] usb 2-1: USB disconnect, device number 6 [ 136.045093][ T5144] loop3: detected capacity change from 0 to 32768 [ 136.112841][ T5157] process 'syz.1.186' launched './file1' with NULL argv: empty string added [ 136.212702][ T5144] JBD2: Ignoring recovery information on journal [ 136.410569][ T5144] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 136.625299][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 136.859556][ T5169] FAULT_INJECTION: forcing a failure. [ 136.859556][ T5169] name failslab, interval 1, probability 0, space 0, times 0 [ 137.006171][ T5169] CPU: 1 PID: 5169 Comm: syz.3.189 Not tainted 5.15.189-syzkaller #0 [ 137.014743][ T5169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 137.025297][ T5169] Call Trace: [ 137.028954][ T5169] [ 137.032114][ T5169] dump_stack_lvl+0x168/0x230 [ 137.037023][ T5169] ? show_regs_print_info+0x20/0x20 [ 137.042924][ T5169] ? load_image+0x3b0/0x3b0 [ 137.048019][ T5169] ? __might_sleep+0xf0/0xf0 [ 137.052647][ T5169] ? __lock_acquire+0x7c60/0x7c60 [ 137.057742][ T5169] should_fail+0x38c/0x4c0 [ 137.062723][ T5169] should_failslab+0x5/0x20 [ 137.067793][ T5169] slab_pre_alloc_hook+0x51/0xc0 [ 137.073455][ T5169] ? __anon_vma_prepare+0xb0/0x410 [ 137.079293][ T5169] kmem_cache_alloc+0x3d/0x290 [ 137.084447][ T5169] ? find_mergeable_anon_vma+0x394/0x590 [ 137.090881][ T5169] __anon_vma_prepare+0xb0/0x410 [ 137.096491][ T5169] handle_mm_fault+0x3b86/0x43c0 [ 137.101747][ T5169] ? get_page+0xe0/0xe0 [ 137.106378][ T5169] ? vmacache_find+0x4f0/0x590 [ 137.111640][ T5169] ? vmacache_update+0xa0/0x100 [ 137.116627][ T5169] ? find_vma+0x1df/0x230 [ 137.120997][ T5169] do_user_addr_fault+0x489/0xc80 [ 137.126456][ T5169] exc_page_fault+0x60/0x100 [ 137.131185][ T5169] ? clear_bhb_loop+0x30/0x80 [ 137.136279][ T5169] asm_exc_page_fault+0x22/0x30 [ 137.141475][ T5169] RIP: 0033:0x7f72a97beba3 [ 137.147158][ T5169] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 137.167889][ T5169] RSP: 002b:00007f72a7b634a0 EFLAGS: 00010202 [ 137.174892][ T5169] RAX: 0000000000000000 RBX: 00007f72a7b63540 RCX: 00007f729f744000 [ 137.183603][ T5169] RDX: 00007f72a7b636e0 RSI: 0000000000000039 RDI: 00007f72a7b635e0 [ 137.191694][ T5169] RBP: 0000000000000136 R08: 0000000000000006 R09: 0000000000000020 [ 137.200602][ T5169] R10: 0000000000000024 R11: 00007f72a7b63540 R12: 00007f72a7b63540 [ 137.209069][ T5169] R13: 00007f72a999ba20 R14: 0000000000000002 R15: 00007f72a7b635e0 [ 137.217218][ T5169] [ 137.264612][ T5151] loop4: detected capacity change from 0 to 32768 [ 137.377016][ T5151] XFS: noikeep mount option is deprecated. [ 137.489394][ T5173] loop2: detected capacity change from 0 to 4096 [ 137.493586][ T5162] loop1: detected capacity change from 0 to 32768 [ 137.527140][ T5151] XFS (loop4): Mounting V5 Filesystem [ 137.564262][ T5169] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 137.627324][ T5162] (syz.1.187,5162,1):ocfs2_parse_options:1447 ERROR: Unrecognized mount option " )dz>Bβ3qfr՘@w"MB81/1kK " or missing value [ 137.721717][ T5162] (syz.1.187,5162,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 137.787557][ T5151] XFS (loop4): Ending clean mount [ 137.799421][ T5151] XFS (loop4): Quotacheck needed: Please wait. [ 138.016536][ T5151] XFS (loop4): Quotacheck: Done. [ 138.086276][ T5151] XFS (loop4): User initiated shutdown received. [ 138.104016][ T5151] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 138.181247][ T5151] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 138.632136][ T5169] loop3: detected capacity change from 0 to 32768 [ 138.647598][ T5197] loop0: detected capacity change from 0 to 128 [ 138.675314][ T5194] loop1: detected capacity change from 0 to 1024 [ 138.735645][ T5169] JBD2: Ignoring recovery information on journal [ 138.815967][ T26] audit: type=1800 audit(1756102281.133:14): pid=5197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.196" name="bus" dev="loop0" ino=1048614 res=0 errno=0 [ 138.867401][ T5183] loop2: detected capacity change from 0 to 32768 [ 138.887963][ T4183] XFS (loop4): Unmounting Filesystem [ 138.904139][ T5183] XFS: noikeep mount option is deprecated. [ 138.981637][ T5197] vivid-001: disconnect [ 138.992193][ T5169] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 139.008009][ T5194] EXT4-fs error (device loop1): ext4_map_blocks:739: inode #3: block 1: comm syz.1.195: lblock 1 mapped to illegal pblock 1 (length 1) [ 139.026683][ T5194] Quota error (device loop1): write_blk: dquota write failed [ 139.039967][ T5194] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 139.047048][ T5193] vivid-001: reconnect [ 139.067353][ T5183] XFS (loop2): Mounting V5 Filesystem [ 139.099157][ T5194] EXT4-fs error (device loop1): ext4_acquire_dquot:6207: comm syz.1.195: Failed to acquire dquot type 0 [ 139.113724][ T5194] EXT4-fs error (device loop1): ext4_free_blocks:6223: comm syz.1.195: Freeing blocks not in datazone - block = 0, count = 4096 [ 139.131585][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 139.147327][ T5194] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz.1.195: Invalid inode bitmap blk 0 in block_group 0 [ 139.162611][ T5194] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 139.172800][ T154] EXT4-fs error (device loop1): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 139.195820][ T154] Quota error (device loop1): remove_tree: Can't read quota data block 1 [ 139.215394][ T5194] EXT4-fs (loop1): 1 orphan inode deleted [ 139.246213][ T154] EXT4-fs error (device loop1): ext4_release_dquot:6243: comm kworker/u4:2: Failed to release dquot type 0 [ 139.311512][ T5194] EXT4-fs (loop1): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 139.336489][ T5183] XFS (loop2): Ending clean mount [ 139.344184][ T5183] XFS (loop2): Quotacheck needed: Please wait. [ 139.494854][ T5183] XFS (loop2): Quotacheck: Done. [ 139.732804][ T5183] XFS (loop2): User initiated shutdown received. [ 139.771657][ T5183] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 139.787365][ T5222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'. [ 139.841978][ T5222] netlink: 8 bytes leftover after parsing attributes in process `syz.0.201'. [ 139.846407][ T5183] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 140.363959][ T5233] loop0: detected capacity change from 0 to 32768 [ 140.557481][ T4188] XFS (loop2): Unmounting Filesystem [ 140.852817][ T5235] loop4: detected capacity change from 0 to 32768 [ 141.039201][ T5235] JBD2: Ignoring recovery information on journal [ 141.174618][ T5241] loop1: detected capacity change from 0 to 4096 [ 141.203290][ T5241] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 141.217361][ T5235] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 141.345398][ T4183] ocfs2: Unmounting device (7,4) on (node local) [ 141.437416][ T5250] ntfs3: Cannot use different iocharset when remounting! [ 142.295690][ T5253] loop2: detected capacity change from 0 to 32768 [ 142.377006][ T5253] XFS: noikeep mount option is deprecated. [ 142.617161][ T5253] XFS (loop2): Mounting V5 Filesystem [ 142.621200][ T5265] FAULT_INJECTION: forcing a failure. [ 142.621200][ T5265] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 142.647976][ T5262] 9pnet: Insufficient options for proto=fd [ 142.676587][ T5265] CPU: 1 PID: 5265 Comm: syz.3.210 Not tainted 5.15.189-syzkaller #0 [ 142.685302][ T5265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 142.696278][ T5265] Call Trace: [ 142.700276][ T5265] [ 142.703397][ T5265] dump_stack_lvl+0x168/0x230 [ 142.709673][ T5265] ? show_regs_print_info+0x20/0x20 [ 142.715573][ T5265] ? load_image+0x3b0/0x3b0 [ 142.721358][ T5265] ? __lock_acquire+0x7c60/0x7c60 [ 142.726624][ T5265] should_fail+0x38c/0x4c0 [ 142.731522][ T5265] prepare_alloc_pages+0x1e4/0x5f0 [ 142.736794][ T5265] __alloc_pages+0x10e/0x470 [ 142.741863][ T5265] ? zone_statistics+0x170/0x170 [ 142.747446][ T5265] ? __lock_acquire+0x7c60/0x7c60 [ 142.752695][ T5265] ? __rwlock_init+0x140/0x140 [ 142.757752][ T5265] ? preempt_count_add+0x8d/0x190 [ 142.763081][ T5265] ? up_write+0x1bb/0x420 [ 142.767710][ T5265] alloc_pages_vma+0x393/0x7c0 [ 142.772801][ T5265] handle_mm_fault+0x2382/0x43c0 [ 142.778228][ T5265] ? get_page+0xe0/0xe0 [ 142.780612][ T5262] loop4: detected capacity change from 0 to 128 [ 142.782479][ T5265] ? vmacache_find+0x4f0/0x590 [ 142.794763][ T5265] ? vmacache_update+0xa0/0x100 [ 142.799921][ T5265] ? find_vma+0x1df/0x230 [ 142.804299][ T5265] do_user_addr_fault+0x489/0xc80 [ 142.809640][ T5265] exc_page_fault+0x60/0x100 [ 142.814787][ T5265] ? clear_bhb_loop+0x30/0x80 [ 142.820037][ T5265] asm_exc_page_fault+0x22/0x30 [ 142.825110][ T5265] RIP: 0033:0x7f72a97beba3 [ 142.829921][ T5265] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 142.850818][ T5265] RSP: 002b:00007f72a7b634a0 EFLAGS: 00010202 [ 142.857731][ T5265] RAX: 0000000000000000 RBX: 00007f72a7b63540 RCX: 00007f729f744000 [ 142.866174][ T5265] RDX: 00007f72a7b636e0 RSI: 0000000000000039 RDI: 00007f72a7b635e0 [ 142.874986][ T5265] RBP: 0000000000000136 R08: 0000000000000006 R09: 0000000000000020 [ 142.883480][ T5265] R10: 0000000000000024 R11: 00007f72a7b63540 R12: 00007f72a7b63540 [ 142.891750][ T5265] R13: 00007f72a999ba20 R14: 0000000000000002 R15: 00007f72a7b635e0 [ 142.900352][ T5265] [ 142.936105][ T5265] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 142.945316][ T5253] XFS (loop2): Ending clean mount [ 142.953159][ T26] audit: type=1800 audit(1756102285.273:15): pid=5262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.209" name="bus" dev="loop4" ino=1048616 res=0 errno=0 [ 142.994826][ T5253] XFS (loop2): Quotacheck needed: Please wait. [ 143.097590][ T5253] XFS (loop2): Quotacheck: Done. [ 143.872181][ T5265] loop3: detected capacity change from 0 to 32768 [ 143.982274][ T5273] loop1: detected capacity change from 0 to 32768 [ 144.142792][ T5265] JBD2: Ignoring recovery information on journal [ 144.199200][ T5253] XFS (loop2): User initiated shutdown received. [ 144.248903][ T5293] SET target dimension over the limit! [ 144.377412][ T5273] XFS (loop1): Mounting V5 Filesystem [ 144.401450][ T5253] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 144.766261][ T5253] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 144.896559][ T5265] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 144.910254][ T5273] XFS (loop1): Ending clean mount [ 144.923571][ T5273] XFS (loop1): Quotacheck needed: Please wait. [ 145.034315][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 145.102867][ T5273] XFS (loop1): Quotacheck: Done. [ 145.224030][ T4189] XFS (loop1): Unmounting Filesystem [ 145.396628][ T4188] XFS (loop2): Unmounting Filesystem [ 145.461786][ T4860] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 145.611200][ T5300] loop0: detected capacity change from 0 to 32768 [ 145.677034][ T5300] XFS: noikeep mount option is deprecated. [ 145.746147][ T4860] usb 4-1: Using ep0 maxpacket: 32 [ 145.866318][ T4860] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 145.882310][ T5300] XFS (loop0): Mounting V5 Filesystem [ 145.946581][ T4860] usb 4-1: config 0 has no interface number 0 [ 145.982032][ T4860] usb 4-1: config 0 interface 12 has no altsetting 0 [ 146.133812][ T5300] XFS (loop0): Ending clean mount [ 146.166533][ T4860] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=70.40 [ 146.168726][ T5300] XFS (loop0): Quotacheck needed: Please wait. [ 146.202603][ T4860] usb 4-1: New USB device strings: Mfr=231, Product=2, SerialNumber=3 [ 146.379464][ T5300] XFS (loop0): Quotacheck: Done. [ 146.386152][ T4860] usb 4-1: Product: syz [ 146.391222][ T4860] usb 4-1: Manufacturer: syz [ 146.396716][ T4860] usb 4-1: SerialNumber: syz [ 146.403743][ T4860] usb 4-1: config 0 descriptor?? [ 146.473693][ T5300] XFS (loop0): User initiated shutdown received. [ 146.501411][ T5300] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 146.550879][ T5300] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 146.642960][ T5317] loop2: detected capacity change from 0 to 32768 [ 146.719638][ T5317] JBD2: Ignoring recovery information on journal [ 146.910954][ T5317] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 147.041857][ T4188] ocfs2: Unmounting device (7,2) on (node local) [ 147.104167][ T5332] loop4: detected capacity change from 0 to 128 [ 147.131078][ T4187] XFS (loop0): Unmounting Filesystem [ 147.218480][ T26] audit: type=1800 audit(1756102289.543:16): pid=5332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.222" name="bus" dev="loop4" ino=1048618 res=0 errno=0 [ 147.376633][ T5332] vivid-004: disconnect [ 147.399851][ T5329] vivid-004: reconnect [ 147.711283][ T5338] loop4: detected capacity change from 0 to 2048 [ 147.714792][ T5339] netlink: 32 bytes leftover after parsing attributes in process `syz.0.224'. [ 147.747106][ T5339] netlink: 'syz.0.224': attribute type 2 has an invalid length. [ 147.911213][ T5302] loop3: detected capacity change from 0 to 4096 [ 147.935999][ T5340] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 148.032617][ T5302] ntfs: (device loop3): check_mft_mirror(): Incomplete multi sector transfer detected in mft record 2. [ 148.055810][ T5334] loop2: detected capacity change from 0 to 32768 [ 148.078189][ T5302] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 148.133713][ T26] audit: type=1800 audit(1756102290.413:17): pid=5338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.225" name="bus" dev="loop4" ino=2097152 res=0 errno=0 [ 148.173637][ T5302] ntfs: volume version 3.1. [ 148.218977][ T5302] ntfs: (device loop3): map_mft_record_page(): Mft record 0x2 is corrupt. Run chkdsk. [ 148.283301][ T5302] ntfs: (device loop3): map_mft_record(): Failed with error code 5. [ 148.312622][ T5302] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 148.446154][ T5302] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 148.563923][ T5302] ntfs: (device loop3): ntfs_read_locked_inode(): Index block size (0) < NTFS_BLOCK_SIZE (512) is not supported. Sorry. [ 148.662804][ T5348] udc-core: couldn't find an available UDC or it's busy [ 148.673984][ T5302] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -95. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 148.756379][ T5348] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 148.974976][ T5339] loop0: detected capacity change from 0 to 32768 [ 149.039079][ T5355] vxcan1: tx drop: invalid sa for name 0x0000000000000004 [ 149.109894][ T5339] (syz.0.224,5339,0):ocfs2_parse_options:1447 ERROR: Unrecognized mount option "heartbeat=nonal_async_commit" or missing value [ 149.138294][ T5352] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 149.157819][ T5339] (syz.0.224,5339,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 149.217988][ T4860] f81534 4-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 149.231923][ T4860] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 149.269834][ T4860] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 149.292416][ T4860] f81534: probe of 4-1:0.12 failed with error -71 [ 149.358580][ T4860] usb 4-1: USB disconnect, device number 5 [ 149.411633][ T5365] loop1: detected capacity change from 0 to 764 [ 149.633232][ T5365] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 150.852642][ T5361] netlink: 12 bytes leftover after parsing attributes in process `syz.4.230'. [ 150.865875][ T5371] loop3: detected capacity change from 0 to 32768 [ 150.881480][ T5370] loop1: detected capacity change from 0 to 32768 [ 150.904404][ T5370] XFS: noikeep mount option is deprecated. [ 150.943010][ T5371] JBD2: Ignoring recovery information on journal [ 151.002259][ T5370] XFS (loop1): Mounting V5 Filesystem [ 151.034129][ T5371] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 151.164946][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 151.174410][ T5370] XFS (loop1): Ending clean mount [ 151.242535][ T5370] XFS (loop1): Quotacheck needed: Please wait. [ 151.446666][ T5370] XFS (loop1): Quotacheck: Done. [ 151.702416][ T5395] loop3: detected capacity change from 0 to 128 [ 151.986557][ T5397] loop2: detected capacity change from 0 to 1024 [ 152.017802][ T5398] vivid-002: disconnect [ 152.038507][ T5391] vivid-002: reconnect [ 152.122397][ T5397] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #3: block 1: comm syz.2.240: lblock 1 mapped to illegal pblock 1 (length 1) [ 152.152281][ T5397] EXT4-fs error (device loop2): ext4_acquire_dquot:6207: comm syz.2.240: Failed to acquire dquot type 0 [ 152.166503][ T5397] EXT4-fs error (device loop2): ext4_free_blocks:6223: comm syz.2.240: Freeing blocks not in datazone - block = 0, count = 4096 [ 152.183522][ T5397] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.240: Invalid inode bitmap blk 0 in block_group 0 [ 152.199827][ T5397] EXT4-fs error (device loop2) in ext4_free_inode:362: Corrupt filesystem [ 152.208859][ T5397] EXT4-fs (loop2): 1 orphan inode deleted [ 152.214898][ T5397] EXT4-fs (loop2): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 152.232596][ T4343] EXT4-fs error (device loop2): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 152.351398][ T4343] __quota_error: 3 callbacks suppressed [ 152.351414][ T4343] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 152.383479][ T4343] EXT4-fs error (device loop2): ext4_release_dquot:6243: comm kworker/u4:7: Failed to release dquot type 0 [ 152.724431][ T5370] XFS (loop1): User initiated shutdown received. [ 152.736787][ T5370] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 152.773392][ T5370] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 153.078572][ T5409] xt_cluster: node mask cannot exceed total number of nodes [ 153.746243][ T5416] loop2: detected capacity change from 0 to 2048 [ 153.759461][ T4189] XFS (loop1): Unmounting Filesystem [ 153.824049][ T5418] device veth0 entered promiscuous mode [ 153.830185][ T5418] device macvlan1 entered promiscuous mode [ 153.947020][ T5388] device macvlan1 left promiscuous mode [ 153.974225][ T5388] device veth0 left promiscuous mode [ 154.153560][ T5404] loop3: detected capacity change from 0 to 32768 [ 154.312617][ T5404] JBD2: Ignoring recovery information on journal [ 154.453109][ T5404] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 154.583419][ T5430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'. [ 154.636353][ T4190] ocfs2: Unmounting device (7,3) on (node local) [ 154.962539][ T5422] loop2: detected capacity change from 0 to 32768 [ 155.047118][ T5435] sp0: Synchronizing with TNC [ 155.111502][ T5438] sp0: Found TNC [ 155.159485][ T5435] binder: 5434:5435 ioctl 4018f514 200000000100 returned -22 [ 155.485935][ T5433] loop1: detected capacity change from 0 to 32768 [ 155.630934][ T5440] loop0: detected capacity change from 0 to 1024 [ 155.658541][ T5433] JBD2: Ignoring recovery information on journal [ 155.942112][ T5440] EXT4-fs error (device loop0): ext4_map_blocks:739: inode #3: block 1: comm syz.0.252: lblock 1 mapped to illegal pblock 1 (length 1) [ 155.957776][ T5440] Quota error (device loop0): write_blk: dquota write failed [ 155.965305][ T5440] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 155.976311][ T5440] EXT4-fs error (device loop0): ext4_acquire_dquot:6207: comm syz.0.252: Failed to acquire dquot type 0 [ 156.002441][ T5440] EXT4-fs error (device loop0): ext4_free_blocks:6223: comm syz.0.252: Freeing blocks not in datazone - block = 0, count = 4096 [ 156.003690][ T5433] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 156.036301][ T5440] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.252: Invalid inode bitmap blk 0 in block_group 0 [ 156.049816][ T5440] EXT4-fs error (device loop0) in ext4_free_inode:362: Corrupt filesystem [ 156.079959][ T5440] EXT4-fs (loop0): 1 orphan inode deleted [ 156.086254][ T5440] EXT4-fs (loop0): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 156.090543][ T4372] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:13: lblock 1 mapped to illegal pblock 1 (length 1) [ 156.137007][ T4372] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 156.162003][ T4372] EXT4-fs error (device loop0): ext4_release_dquot:6243: comm kworker/u4:13: Failed to release dquot type 0 [ 156.323118][ T4189] ocfs2: Unmounting device (7,1) on (node local) [ 156.494136][ T5458] loop0: detected capacity change from 0 to 128 [ 156.603523][ T5437] loop3: detected capacity change from 0 to 32768 [ 156.654681][ T26] audit: type=1800 audit(1756102298.973:19): pid=5458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.254" name="bus" dev="loop0" ino=1048622 res=0 errno=0 [ 156.697078][ T5437] XFS: noikeep mount option is deprecated. [ 156.799064][ T5460] vivid-001: disconnect [ 156.813746][ T5437] XFS (loop3): Mounting V5 Filesystem [ 156.884814][ T5453] vivid-001: reconnect [ 157.035601][ T5437] XFS (loop3): Ending clean mount [ 157.043789][ T5437] XFS (loop3): Quotacheck needed: Please wait. [ 157.120433][ T5437] XFS (loop3): Quotacheck: Done. [ 157.214661][ T5437] XFS (loop3): User initiated shutdown received. [ 157.236508][ T5470] netlink: 12 bytes leftover after parsing attributes in process `syz.3.249'. [ 157.276183][ T5437] XFS (loop3): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 157.331668][ T5437] XFS (loop3): Please unmount the filesystem and rectify the problem(s) [ 157.564033][ T5456] loop1: detected capacity change from 0 to 32768 [ 157.725686][ T5456] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 157.882558][ T5469] loop0: detected capacity change from 0 to 32768 [ 157.926622][ T4190] XFS (loop3): Unmounting Filesystem [ 157.936876][ T5469] XFS: noikeep mount option is deprecated. [ 158.070615][ T5487] nftables ruleset with unbound chain [ 158.100331][ T5469] XFS (loop0): Mounting V5 Filesystem [ 158.113187][ C0] Unknown status report in ack skb [ 158.335847][ T5469] XFS (loop0): Ending clean mount [ 158.353439][ T5469] XFS (loop0): Quotacheck needed: Please wait. [ 158.441292][ T5500] Zero length message leads to an empty skb [ 158.458652][ T5469] XFS (loop0): Quotacheck: Done. [ 158.563366][ T5469] XFS (loop0): User initiated shutdown received. [ 158.596172][ T5469] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x101/0x150 (fs/xfs/xfs_fsops.c:481). Shutting down filesystem. [ 158.650202][ T5469] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 158.676330][ T5503] loop3: detected capacity change from 0 to 1024 [ 158.877701][ T5503] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 159.069919][ T26] audit: type=1326 audit(1756102301.393:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.199019][ T26] audit: type=1326 audit(1756102301.413:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.266443][ T26] audit: type=1326 audit(1756102301.413:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.293668][ T26] audit: type=1326 audit(1756102301.413:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.305913][ T4187] XFS (loop0): Unmounting Filesystem [ 159.317866][ T26] audit: type=1326 audit(1756102301.413:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.435408][ T26] audit: type=1326 audit(1756102301.413:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.494399][ T26] audit: type=1326 audit(1756102301.413:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.551690][ T26] audit: type=1326 audit(1756102301.423:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.663050][ T26] audit: type=1326 audit(1756102301.563:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 159.703822][ T26] audit: type=1326 audit(1756102301.563:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5509 comm="syz.3.263" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72a98fcbe9 code=0x7ffc0000 [ 160.286399][ T5528] loop0: detected capacity change from 0 to 128 [ 160.463813][ T5522] loop2: detected capacity change from 0 to 32768 [ 160.486105][ T5528] vivid-001: disconnect [ 160.510402][ T5526] vivid-001: reconnect [ 160.542642][ T5519] netlink: 12 bytes leftover after parsing attributes in process `syz.4.268'. [ 161.394414][ T5543] 9pnet: Insufficient options for proto=fd [ 161.436145][ T5545] sctp: [Deprecated]: syz.4.275 (pid 5545) Use of int in max_burst socket option deprecated. [ 161.436145][ T5545] Use struct sctp_assoc_value instead [ 161.464945][ T5535] loop0: detected capacity change from 0 to 32768 [ 161.630971][ T5535] JBD2: Ignoring recovery information on journal [ 161.769540][ T5535] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 161.789753][ T5552] loop3: detected capacity change from 0 to 128 [ 161.851722][ T5552] EXT4-fs (loop3): Ignoring removed nobh option [ 161.903299][ T4187] ocfs2: Unmounting device (7,0) on (node local) [ 161.911412][ T5552] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,abort,nogrpid,nodiscard,user_xattr,,errors=continue. Quota mode: none. [ 161.936576][ T5552] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.015619][ T5585] netlink: 348 bytes leftover after parsing attributes in process `syz.4.286'. [ 163.244498][ T5587] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 163.256708][ T5587] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 163.646193][ T1325] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 163.750270][ T5605] batman_adv: batadv0: Adding interface: dummy0 [ 163.762442][ T5605] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.813588][ T5605] batman_adv: batadv0: Interface activated: dummy0 [ 163.879890][ T5607] fuse: Bad value for 'fd' [ 163.901937][ T5607] overlayfs: failed to clone upperpath [ 164.046537][ T1325] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 164.058088][ T1325] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.070093][ T1325] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.081017][ T1325] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 164.094765][ T1325] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.00 [ 164.105462][ T1325] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.125078][ T1325] usb 3-1: config 0 descriptor?? [ 164.226203][ T7] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 164.333021][ T5615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.297'. [ 164.343872][ T5615] netlink: 'syz.3.297': attribute type 20 has an invalid length. [ 164.357143][ T5615] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.366880][ T5615] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.376967][ T5615] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.386320][ T5615] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 164.398385][ T5615] netlink: 12 bytes leftover after parsing attributes in process `syz.3.297'. [ 164.407807][ T5615] netlink: 'syz.3.297': attribute type 20 has an invalid length. [ 164.455197][ T5616] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 164.496211][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 164.607580][ T1325] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 164.617024][ T7] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 164.625570][ T7] usb 1-1: config 0 has no interface number 0 [ 164.634814][ T1325] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0003/input/input5 [ 164.734303][ T1325] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 164.812983][ T1325] usb 3-1: USB disconnect, device number 6 [ 164.836579][ T7] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 164.854574][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.865256][ T7] usb 1-1: Product: syz [ 164.873089][ T7] usb 1-1: Manufacturer: syz [ 164.880788][ T7] usb 1-1: SerialNumber: syz [ 164.901613][ T7] usb 1-1: config 0 descriptor?? [ 164.951507][ T7] smsc95xx v2.0.0 [ 165.310639][ T5640] overlayfs: failed to clone lowerpath [ 165.333213][ T5640] overlayfs: failed to clone upperpath [ 165.464794][ T5648] overlayfs: failed to clone upperpath [ 165.591741][ T7] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 165.606467][ T7] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 165.661100][ T7] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 165.679468][ T7] smsc95xx: probe of 1-1:0.67 failed with error -71 [ 165.701675][ T7] usb 1-1: USB disconnect, device number 7 [ 165.962507][ T5671] loop7: detected capacity change from 0 to 7 [ 166.010870][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.022787][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.057425][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.069087][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.103595][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.115038][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.149032][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.160248][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.177539][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.188879][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.190097][ T5680] tmpfs: Unknown parameter 'usrquota' [ 166.207928][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.219775][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.230430][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.242004][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.263345][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.275141][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.283731][ T5671] ldm_validate_partition_table(): Disk read failed. [ 166.292053][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.303886][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.335450][ C0] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.346899][ C0] Buffer I/O error on dev loop7, logical block 0, async page read [ 166.367624][ T5671] Dev loop7: unable to read RDB block 0 [ 166.394204][ T5671] loop7: unable to read partition table [ 166.414008][ T5671] loop7: partition table beyond EOD, truncated [ 166.426121][ T4298] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 166.466211][ T5671] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 166.497434][ T4189] ocfs2: Unmounting device (7,1) on (node local) [ 166.679013][ T4298] usb 4-1: Using ep0 maxpacket: 8 [ 166.806716][ T4298] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 166.828617][ T4298] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 166.870662][ T4298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.910400][ T4298] usb 4-1: config 0 descriptor?? [ 167.200237][ T4298] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 168.196186][ T4860] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 168.356310][ T5743] tmpfs: Unknown parameter 'quota' [ 168.568514][ T4860] usb 1-1: config index 0 descriptor too short (expected 39, got 27) [ 168.594786][ T4860] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 168.606577][ T5752] netdevsim netdevsim4: Direct firmware load for failed with error -2 [ 168.615516][ T5752] netdevsim netdevsim4: Falling back to sysfs fallback for: [ 168.622684][ T4860] usb 1-1: config 0 interface 0 has no altsetting 0 [ 168.731049][ T5756] netlink: 'syz.1.361': attribute type 2 has an invalid length. [ 168.760075][ T5756] netlink: 'syz.1.361': attribute type 2 has an invalid length. [ 168.798590][ T4860] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 168.830548][ T4860] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 168.890611][ T4860] usb 1-1: Product: syz [ 168.895327][ T4860] usb 1-1: Manufacturer: syz [ 168.910124][ T4860] usb 1-1: SerialNumber: syz [ 168.921399][ T4860] usb 1-1: config 0 descriptor?? [ 168.962173][ T5759] [ 168.971634][ T5759] ============================= [ 168.989879][ T4860] hub 1-1:0.0: bad descriptor, ignoring hub [ 168.990687][ T5759] WARNING: suspicious RCU usage [ 169.024279][ T4860] hub: probe of 1-1:0.0 failed with error -5 [ 169.025862][ T5759] 5.15.189-syzkaller #0 Not tainted [ 169.055838][ T4860] usb 1-1: selecting invalid altsetting 0 [ 169.060002][ T5759] ----------------------------- [ 169.079861][ T5759] include/linux/rhashtable.h:594 suspicious rcu_dereference_check() usage! [ 169.100624][ T5759] [ 169.100624][ T5759] other info that might help us debug this: [ 169.100624][ T5759] [ 169.123167][ T5759] [ 169.123167][ T5759] rcu_scheduler_active = 2, debug_locks = 1 [ 169.135078][ T4243] usb 4-1: USB disconnect, device number 6 [ 169.160503][ T5759] 1 lock held by syz.1.362/5759: [ 169.170185][ T5759] #0: ffffffff8d235f48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 169.193716][ T5759] [ 169.193716][ T5759] stack backtrace: [ 169.222896][ T5759] CPU: 0 PID: 5759 Comm: syz.1.362 Not tainted 5.15.189-syzkaller #0 [ 169.231641][ T5759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.242295][ T5759] Call Trace: [ 169.245794][ T5759] [ 169.248843][ T5759] dump_stack_lvl+0x168/0x230 [ 169.254304][ T5759] ? load_image+0x3b0/0x3b0 [ 169.259008][ T5759] ? show_regs_print_info+0x20/0x20 [ 169.259132][ T4860] usb 1-1: USB disconnect, device number 8 [ 169.264430][ T5759] ? lockdep_rcu_suspicious+0x110/0x180 [ 169.264464][ T5759] ? local_bh_enable+0x20/0x20 [ 169.264488][ T5759] rhltable_lookup+0x77b/0x790 [ 169.286539][ T5759] ? lock_chain_count+0x20/0x20 [ 169.292088][ T5759] ? mr_mfc_find_parent+0x190/0x190 [ 169.297442][ T5759] ? local_bh_enable+0x20/0x20 [ 169.302599][ T5759] ? preempt_schedule+0xa7/0xb0 [ 169.307678][ T5759] ? ipmr_mfc_add+0x21ad/0x2eb0 [ 169.313361][ T5759] ? preempt_schedule+0xa7/0xb0 [ 169.318438][ T5759] ? schedule_preempt_disabled+0x20/0x20 [ 169.324206][ T5759] ? lock_chain_count+0x20/0x20 [ 169.329195][ T5759] mr_mfc_find_any_parent+0xb6/0x1e0 [ 169.334724][ T5759] ? local_bh_enable+0x20/0x20 [ 169.339709][ T5759] ip_mr_forward+0x24c/0xf90 [ 169.344829][ T5759] ipmr_mfc_add+0x2466/0x2eb0 [ 169.349914][ T5759] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 169.355468][ T5759] ? __lock_acquire+0x7c60/0x7c60 [ 169.360872][ T5759] ip_mroute_setsockopt+0xe33/0x11a0 [ 169.366575][ T5759] ? ipmr_rule_default+0x70/0x70 [ 169.371992][ T5759] ? __might_sleep+0xf0/0xf0 [ 169.377649][ T5759] ip_setsockopt+0x4ad/0x3070 [ 169.382657][ T5759] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 169.388863][ T5759] ? aa_sk_perm+0x7b4/0x8f0 [ 169.393883][ T5759] ? aa_af_perm+0x2b0/0x2b0 [ 169.398625][ T5759] ? __fget_files+0x40f/0x480 [ 169.403798][ T5759] ? aa_sock_opt_perm+0x74/0x100 [ 169.409064][ T5759] ? sock_common_setsockopt+0x32/0xb0 [ 169.414835][ T5759] ? raw_setsockopt+0xc5/0x180 [ 169.420684][ T5759] ? sock_common_recvmsg+0x1b0/0x1b0 [ 169.426392][ T5759] __sys_setsockopt+0x2bf/0x3d0 [ 169.431646][ T5759] __x64_sys_setsockopt+0xb1/0xc0 [ 169.437086][ T5759] do_syscall_64+0x4c/0xa0 [ 169.442129][ T5759] ? clear_bhb_loop+0x30/0x80 [ 169.447022][ T5759] ? clear_bhb_loop+0x30/0x80 [ 169.453019][ T5759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 169.459446][ T5759] RIP: 0033:0x7fcb9f28cbe9 [ 169.464458][ T5759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.485503][ T5759] RSP: 002b:00007fcb9d4f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 169.494666][ T5759] RAX: ffffffffffffffda RBX: 00007fcb9f4b3fa0 RCX: 00007fcb9f28cbe9 [ 169.502944][ T5759] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000009 [ 169.511145][ T5759] RBP: 00007fcb9f30fe19 R08: 000000000000003c R09: 0000000000000000 [ 169.519503][ T5759] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 169.527761][ T5759] R13: 00007fcb9f4b4038 R14: 00007fcb9f4b3fa0 R15: 00007fff33f4fae8 [ 169.536373][ T5759] [ 169.575737][ T5759] [ 169.581595][ T5759] ============================= [ 169.587380][ T5759] WARNING: suspicious RCU usage [ 169.592815][ T5759] 5.15.189-syzkaller #0 Not tainted [ 169.599168][ T5759] ----------------------------- [ 169.604654][ T5759] include/linux/rhashtable.h:369 suspicious rcu_dereference_check() usage! [ 169.615903][ T5759] [ 169.615903][ T5759] other info that might help us debug this: [ 169.615903][ T5759] [ 169.628203][ T5759] [ 169.628203][ T5759] rcu_scheduler_active = 2, debug_locks = 1 [ 169.637345][ T5759] 1 lock held by syz.1.362/5759: [ 169.642890][ T5759] #0: ffffffff8d235f48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 169.653721][ T5759] [ 169.653721][ T5759] stack backtrace: [ 169.662580][ T5759] CPU: 1 PID: 5759 Comm: syz.1.362 Not tainted 5.15.189-syzkaller #0 [ 169.671119][ T5759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 169.681752][ T5759] Call Trace: [ 169.685072][ T5759] [ 169.688036][ T5759] dump_stack_lvl+0x168/0x230 [ 169.692759][ T5759] ? load_image+0x3b0/0x3b0 [ 169.697445][ T5759] ? show_regs_print_info+0x20/0x20 [ 169.703010][ T5759] ? lockdep_rcu_suspicious+0x110/0x180 [ 169.708808][ T5759] ? local_bh_enable+0x20/0x20 [ 169.713896][ T5759] rhltable_lookup+0x504/0x790 [ 169.719432][ T5759] ? local_bh_enable+0x20/0x20 [ 169.724638][ T5759] ? mr_mfc_find_parent+0x190/0x190 [ 169.729974][ T5759] ? local_bh_enable+0x20/0x20 [ 169.735040][ T5759] ? preempt_schedule+0xa7/0xb0 [ 169.739940][ T5759] ? ipmr_mfc_add+0x21ad/0x2eb0 [ 169.745013][ T5759] ? preempt_schedule+0xa7/0xb0 [ 169.750095][ T5759] ? schedule_preempt_disabled+0x20/0x20 [ 169.755764][ T5759] ? lock_chain_count+0x20/0x20 [ 169.760635][ T5759] mr_mfc_find_any_parent+0xb6/0x1e0 [ 169.766147][ T5759] ? local_bh_enable+0x20/0x20 [ 169.771047][ T5759] ip_mr_forward+0x24c/0xf90 [ 169.775693][ T5759] ipmr_mfc_add+0x2466/0x2eb0 [ 169.780610][ T5759] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 169.785586][ T5759] ? __lock_acquire+0x7c60/0x7c60 [ 169.790700][ T5759] ip_mroute_setsockopt+0xe33/0x11a0 [ 169.796040][ T5759] ? ipmr_rule_default+0x70/0x70 [ 169.801244][ T5759] ? __might_sleep+0xf0/0xf0 [ 169.805973][ T5759] ip_setsockopt+0x4ad/0x3070 [ 169.810882][ T5759] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 169.816526][ T5759] ? aa_sk_perm+0x7b4/0x8f0 [ 169.821183][ T5759] ? aa_af_perm+0x2b0/0x2b0 [ 169.825823][ T5759] ? __fget_files+0x40f/0x480 [ 169.830543][ T5759] ? aa_sock_opt_perm+0x74/0x100 [ 169.835605][ T5759] ? sock_common_setsockopt+0x32/0xb0 [ 169.841017][ T5759] ? raw_setsockopt+0xc5/0x180 [ 169.846140][ T5759] ? sock_common_recvmsg+0x1b0/0x1b0 [ 169.851475][ T5759] __sys_setsockopt+0x2bf/0x3d0 [ 169.856724][ T5759] __x64_sys_setsockopt+0xb1/0xc0 [ 169.861797][ T5759] do_syscall_64+0x4c/0xa0 [ 169.866873][ T5759] ? clear_bhb_loop+0x30/0x80 [ 169.871943][ T5759] ? clear_bhb_loop+0x30/0x80 [ 169.876838][ T5759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 169.883404][ T5759] RIP: 0033:0x7fcb9f28cbe9 [ 169.887961][ T5759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.908665][ T5759] RSP: 002b:00007fcb9d4f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 169.917385][ T5759] RAX: ffffffffffffffda RBX: 00007fcb9f4b3fa0 RCX: 00007fcb9f28cbe9 [ 169.925740][ T5759] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000009 [ 169.934223][ T5759] RBP: 00007fcb9f30fe19 R08: 000000000000003c R09: 0000000000000000 [ 169.942692][ T5759] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 169.951105][ T5759] R13: 00007fcb9f4b4038 R14: 00007fcb9f4b3fa0 R15: 00007fff33f4fae8 [ 169.959790][ T5759] [ 169.976155][ T5759] [ 169.978653][ T5759] ============================= [ 169.984523][ T5759] WARNING: suspicious RCU usage [ 170.002551][ T5759] 5.15.189-syzkaller #0 Not tainted [ 170.030335][ T5759] ----------------------------- [ 170.035648][ T5759] include/linux/rhashtable.h:614 suspicious rcu_dereference_check() usage! [ 170.045804][ T5759] [ 170.045804][ T5759] other info that might help us debug this: [ 170.045804][ T5759] [ 170.057750][ T5759] [ 170.057750][ T5759] rcu_scheduler_active = 2, debug_locks = 1 [ 170.067360][ T5759] 1 lock held by syz.1.362/5759: [ 170.072659][ T5759] #0: ffffffff8d235f48 (rtnl_mutex){+.+.}-{3:3}, at: ip_mroute_setsockopt+0x105/0x11a0 [ 170.084176][ T5759] [ 170.084176][ T5759] stack backtrace: [ 170.090761][ T5759] CPU: 1 PID: 5759 Comm: syz.1.362 Not tainted 5.15.189-syzkaller #0 [ 170.099215][ T5759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 170.109692][ T5759] Call Trace: [ 170.113005][ T5759] [ 170.116375][ T5759] dump_stack_lvl+0x168/0x230 [ 170.121710][ T5759] ? load_image+0x3b0/0x3b0 [ 170.126261][ T5759] ? show_regs_print_info+0x20/0x20 [ 170.131605][ T5759] ? lockdep_rcu_suspicious+0x110/0x180 [ 170.137185][ T5759] ? local_bh_enable+0x20/0x20 [ 170.142031][ T5759] rhltable_lookup+0x5f8/0x790 [ 170.147264][ T5759] ? local_bh_enable+0x20/0x20 [ 170.152264][ T5759] ? mr_mfc_find_parent+0x190/0x190 [ 170.157712][ T5759] ? local_bh_enable+0x20/0x20 [ 170.162946][ T5759] ? preempt_schedule+0xa7/0xb0 [ 170.168012][ T5759] ? ipmr_mfc_add+0x21ad/0x2eb0 [ 170.173169][ T5759] ? preempt_schedule+0xa7/0xb0 [ 170.178581][ T5759] ? schedule_preempt_disabled+0x20/0x20 [ 170.184445][ T5759] ? lock_chain_count+0x20/0x20 [ 170.189854][ T5759] mr_mfc_find_any_parent+0xb6/0x1e0 [ 170.195376][ T5759] ? local_bh_enable+0x20/0x20 [ 170.200392][ T5759] ip_mr_forward+0x24c/0xf90 [ 170.205156][ T5759] ipmr_mfc_add+0x2466/0x2eb0 [ 170.210439][ T5759] ? ipmr_mfc_delete+0x5c0/0x5c0 [ 170.215799][ T5759] ? __lock_acquire+0x7c60/0x7c60 [ 170.221177][ T5759] ip_mroute_setsockopt+0xe33/0x11a0 [ 170.226544][ T5759] ? ipmr_rule_default+0x70/0x70 [ 170.231733][ T5759] ? __might_sleep+0xf0/0xf0 [ 170.236469][ T5759] ip_setsockopt+0x4ad/0x3070 [ 170.241438][ T5759] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 170.247142][ T5759] ? aa_sk_perm+0x7b4/0x8f0 [ 170.251793][ T5759] ? aa_af_perm+0x2b0/0x2b0 [ 170.256426][ T5759] ? __fget_files+0x40f/0x480 [ 170.261256][ T5759] ? aa_sock_opt_perm+0x74/0x100 [ 170.266518][ T5759] ? sock_common_setsockopt+0x32/0xb0 [ 170.271937][ T5759] ? raw_setsockopt+0xc5/0x180 [ 170.276755][ T5759] ? sock_common_recvmsg+0x1b0/0x1b0 [ 170.283055][ T5759] __sys_setsockopt+0x2bf/0x3d0 [ 170.288325][ T5759] __x64_sys_setsockopt+0xb1/0xc0 [ 170.293486][ T5759] do_syscall_64+0x4c/0xa0 [ 170.298670][ T5759] ? clear_bhb_loop+0x30/0x80 [ 170.304021][ T5759] ? clear_bhb_loop+0x30/0x80 [ 170.308865][ T5759] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 170.315330][ T5759] RIP: 0033:0x7fcb9f28cbe9 [ 170.320005][ T5759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 170.341509][ T5759] RSP: 002b:00007fcb9d4f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 170.350914][ T5759] RAX: ffffffffffffffda RBX: 00007fcb9f4b3fa0 RCX: 00007fcb9f28cbe9 [ 170.359442][ T5759] RDX: 00000000000000d2 RSI: 0000000000000000 RDI: 0000000000000009 [ 170.367791][ T5759] RBP: 00007fcb9f30fe19 R08: 000000000000003c R09: 0000000000000000 [ 170.376320][ T5759] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000000 [ 170.385192][ T5759] R13: 00007fcb9f4b4038 R14: 00007fcb9f4b3fa0 R15: 00007fff33f4fae8 [ 170.393750][ T5759] [ 170.466312][ T4860] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 170.866352][ T4860] usb 1-1: config index 0 descriptor too short (expected 39, got 27) [ 170.875074][ T4860] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 170.886464][ T4860] usb 1-1: config 0 interface 0 has no altsetting 0 [ 170.926264][ T4860] usb 1-1: string descriptor 0 read error: -71 [ 170.932984][ T4860] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 170.944189][ T4860] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 170.957621][ T4860] usb 1-1: config 0 descriptor?? [ 170.976407][ T4860] usb 1-1: can't set config #0, error -71 [ 170.985055][ T4304] udevd[4304]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 171.003400][ T4860] usb 1-1: USB disconnect, device number 9 [ 171.938718][ T4298] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 171.948824][ T4298] Bluetooth: hci3: Injecting HCI hardware error event [ 171.958801][ T4201] Bluetooth: hci3: hardware error 0x00 [ 172.736325][ T4298] Bluetooth: hci1: command 0x0406 tx timeout