last executing test programs: 1.724604743s ago: executing program 3 (id=1545): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001a80)={0x140, r2, 0x5, 0x70bd2a, 0x25dfdbfd, {}, [@WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}, @WGDEVICE_A_PEERS={0x11c, 0x8, 0x0, 0x1, [{0x90, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x1, @mcast1, 0x2}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}]}, {0x88, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x60, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @local}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5}}]}]}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r3}]}, 0x140}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 1.352439649s ago: executing program 3 (id=1550): r0 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) ioctl$HIDIOCGFEATURE(r0, 0xc0404807, &(0x7f0000000040)={0x4, "11988c7ba5bb888131cac156c94e0a000000000000df5be03664724d1dd748c3fa198dcd95bf761a3a4c868b46327ff700000000000000005026b76100"}) 1.176344492s ago: executing program 2 (id=1551): r0 = syz_io_uring_setup(0x95, &(0x7f0000000140), &(0x7f0000000240)=0x0, &(0x7f0000000100)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x24102}, &(0x7f0000000500)='./file0\x00', 0x18}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500), 0x101, 0x0) io_uring_enter(r0, 0x47f6, 0xbacc, 0x0, 0x0, 0x0) 1.088611614s ago: executing program 1 (id=1553): write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x9, 0x0, 0x1, 0x400}, 0x36, [0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f1, 0x0, 0xfffffffe, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x40000, 0x687, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x51, 0xfffffffc, 0xfffffff8, 0x0, 0x0, 0x1, 0x0, 0x80, 0x0, 0x4, 0x3, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x6], [0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0xfffffffd, 0x2000000, 0x40, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x8000, 0x0, 0x3, 0xfffffffd, 0x0, 0x1, 0x0, 0x0, 0x40, 0x0, 0x2], [0x0, 0x0, 0x0, 0x0, 0x0, 0xbd8f, 0x0, 0x4, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x6, 0x0, 0x0, 0x0, 0x7fe, 0xa, 0x0, 0x0, 0x800000, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffe, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x1, 0x7ff, 0x0, 0x0, 0x4, 0x2000000, 0x0, 0x4], [0x4, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0xffffffff, 0x5, 0x0, 0x0, 0x0, 0x80, 0x4, 0x0, 0x3, 0x0, 0x0, 0x8f3]}, 0x45c) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) writev(0xffffffffffffffff, &(0x7f0000000500)=[{&(0x7f0000000140)="b7a2", 0x2}, {0x0}], 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10) write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac) 1.024380634s ago: executing program 2 (id=1556): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, 0x0, 0x40) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$FOU_CMD_ADD(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="090204000000fedbdf250100000008000600ac1414bb06000a004e23000004000500080008"], 0x50}}, 0x0) 964.579755ms ago: executing program 0 (id=1557): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000045c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r0, 0x2e1f0000) syz_open_procfs(0x0, &(0x7f0000000080)='net/ip6_flowlabel\x00') mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 964.393345ms ago: executing program 1 (id=1558): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x600) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000040)={0x8, 0x100, 0x800, 0x7, 0xd7, 0x3}) 906.968816ms ago: executing program 1 (id=1560): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_GET_KEY(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x28, r2, 0x1, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x40000) 804.633558ms ago: executing program 2 (id=1561): r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x3, &(0x7f00000000c0), 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000440)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "0000000000000003"}, 0x10}}, 0x0) 783.146758ms ago: executing program 4 (id=1562): r0 = socket(0x10, 0x3, 0x6) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x6}, {0xffff, 0xffff}, {0xfff3}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0xff, [0x1, 0x0, 0x0, 0x4, 0x7, 0x4, 0x3, 0xfe, 0x7, 0x0, 0x3, 0x10, 0x0, 0x0, 0x0, 0x2], 0xfd, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x4000, 0xa18, 0x0, 0x3dc], [0x0, 0x4, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7, 0x80, 0x80]}}}}]}, 0x88}}, 0x8014) 765.939398ms ago: executing program 1 (id=1563): r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r1, 0x12) 708.651789ms ago: executing program 2 (id=1564): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r1) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000240)={'wpan1\x00', 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, &(0x7f0000000040)={0x0, 0x33, &(0x7f0000000340)={&(0x7f00000000c0)={0x3c, r2, 0x60b, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}, @IEEE802154_ATTR_LLSEC_SECLEVELS={0x5}, @IEEE802154_ATTR_LLSEC_FRAME_TYPE={0x5, 0x33, 0x3}, @IEEE802154_ATTR_LLSEC_CMD_FRAME_ID={0x5}]}, 0x3c}}, 0x0) 687.708139ms ago: executing program 4 (id=1565): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x2, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"]) chdir(&(0x7f00000000c0)='./file0\x00') r0 = open_tree(0xffffffffffffff9c, &(0x7f0000001c80)='.\x00', 0x0) symlinkat(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r0, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') open(&(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x16) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) 639.98535ms ago: executing program 2 (id=1566): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r1) sendmsg$IEEE802154_ASSOCIATE_RESP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r2, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@IEEE802154_ATTR_STATUS={0x5, 0x3, 0xad}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20008080) 564.670921ms ago: executing program 1 (id=1567): r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000000c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r0, &(0x7f00000001c0)={0x0, 0x3}, 0x2) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000240)={0x1, 0x1}, 0x2) 564.418491ms ago: executing program 4 (id=1568): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x2, 0x5, 0x3}) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb}) dup(r2) close_range(r0, 0xffffffffffffffff, 0x0) 526.963502ms ago: executing program 2 (id=1569): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x394}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x20000) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, 0x0) 477.055033ms ago: executing program 0 (id=1570): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket(0x2b, 0x1, 0x1) listen(r0, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "f2bf71b11ace1088", "ee32bc52871f4e64af6c7d79ef58c98e", "16686528", "e374a09523d3c0cc"}, 0x28) 376.729774ms ago: executing program 3 (id=1571): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) 376.508214ms ago: executing program 4 (id=1572): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008001c000000000005000b"], 0x3c}}, 0x0) 376.370554ms ago: executing program 0 (id=1573): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000002100)='numa_maps\x00') read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2020) 338.692655ms ago: executing program 4 (id=1574): ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl(r0, 0x8b2c, &(0x7f0000000040)) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r2, &(0x7f0000000080), 0x10) sendmsg$can_bcm(r2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, 0x0) socket$packet(0x11, 0x3, 0x300) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r3, 0x8910, &(0x7f0000000000)={'vlan0\x00', @ifru_settings={0x6, 0x6, @fr=&(0x7f00000000c0)={0x6, 0x8, 0x3, 0xae, 0x2, 0x1, 0x7}}}) ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000)) 273.037136ms ago: executing program 1 (id=1575): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500e1fd08001400000060ec970001983a00fc000018c6ba35000000000000000700ff020000000000000000000000000001"], 0xfdef) 208.671217ms ago: executing program 0 (id=1576): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000300000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) close(r0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="18020000000000000000000000000003850000002c000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x3, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 208.426707ms ago: executing program 3 (id=1577): r0 = socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000001500010000000000000000000500000008000100", @ANYRES16=r1], 0x1c}, 0x1, 0x0, 0x0, 0x48001}, 0x0) 180.562557ms ago: executing program 3 (id=1578): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet6_int(r0, 0x29, 0x33, 0x0, &(0x7f0000001c80)) 111.067598ms ago: executing program 0 (id=1579): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000)=0x1000, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "560400", 0x14, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x200, 0x0, 0x4}}}}}}}, 0x0) 48.587439ms ago: executing program 3 (id=1580): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000001400), 0x1, 0x2001) syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e1a0d15"], 0x1d) keyctl$dh_compute(0x17, &(0x7f00000001c0), 0x0, 0x0, 0x0) 8.61007ms ago: executing program 0 (id=1581): r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x0, 0x2, 0x1}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0) 0s ago: executing program 4 (id=1582): socket$igmp(0x2, 0x3, 0x2) socket$inet(0x2, 0x3, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00') preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000040)=""/153, 0x99}, {&(0x7f0000000100)=""/170, 0xaa}], 0x2, 0xd, 0x0) kernel console output (not intermixed with test programs): 834545][ T4638] Call trace: [ 82.835359][ T4638] dump_backtrace+0x0/0x530 [ 82.836540][ T4638] show_stack+0x2c/0x3c [ 82.837509][ T4638] dump_stack_lvl+0x108/0x170 [ 82.838692][ T4638] dump_stack+0x1c/0x58 [ 82.839820][ T4638] should_fail+0x3b8/0x514 [ 82.840958][ T4638] __should_failslab+0xbc/0x110 [ 82.842090][ T4638] should_failslab+0x10/0x28 [ 82.843234][ T4638] slab_pre_alloc_hook+0x64/0xe8 [ 82.844441][ T4638] __kmalloc+0xc0/0x4c8 [ 82.845478][ T4638] tomoyo_realpath_from_path+0xd0/0x508 [ 82.847005][ T4638] tomoyo_check_open_permission+0x1dc/0x3f4 [ 82.848432][ T4638] tomoyo_file_open+0x138/0x1b0 [ 82.849661][ T4638] security_file_open+0x6c/0xb0 [ 82.850820][ T4638] do_dentry_open+0x29c/0xed8 [ 82.851940][ T4638] vfs_open+0x7c/0x90 [ 82.852870][ T4638] path_openat+0x1ea0/0x26cc [ 82.854058][ T4638] do_filp_open+0x1a8/0x3b4 [ 82.855210][ T4638] do_sys_openat2+0x128/0x3e0 [ 82.856282][ T4638] __arm64_sys_openat+0x1f0/0x240 [ 82.857538][ T4638] invoke_syscall+0x98/0x2b8 [ 82.858668][ T4638] el0_svc_common+0x138/0x258 [ 82.859940][ T4638] do_el0_svc+0x58/0x14c [ 82.861040][ T4638] el0_svc+0x7c/0x1f0 [ 82.862065][ T4638] el0t_64_sync_handler+0x84/0xe4 [ 82.863412][ T4638] el0t_64_sync+0x1a0/0x1a4 [ 82.864682][ C0] vkms_vblank_simulate: vblank timer overrun [ 82.871569][ T9] hfsplus: b-tree write err: -5, ino 4 [ 82.875033][ T4638] ERROR: Out of memory at tomoyo_realpath_from_path. [ 82.880778][ T4632] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 82.886839][ T4632] REISERFS (device loop4): using ordered data mode [ 82.891415][ T4632] reiserfs: using flush barriers [ 82.898760][ T4632] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 82.906570][ T4632] REISERFS (device loop4): checking transaction log (loop4) [ 82.992564][ T4644] overlayfs: failed to resolve './file0/../file0': -2 [ 83.006811][ T4646] loop0: detected capacity change from 0 to 8 [ 83.035092][ T4646] unable to read inode lookup table [ 83.300919][ T4632] REISERFS (device loop4): Using tea hash to sort names [ 83.324677][ T4632] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 83.370439][ T4654] loop1: detected capacity change from 0 to 1024 [ 83.533453][ T4659] loop3: detected capacity change from 0 to 4096 [ 84.682070][ T4668] loop0: detected capacity change from 0 to 1024 [ 84.723746][ T9] hfsplus: b-tree write err: -5, ino 4 [ 84.852378][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 84.876624][ T4685] loop1: detected capacity change from 0 to 8 [ 84.924449][ T4687] loop3: detected capacity change from 0 to 256 [ 84.976419][ T4689] loop0: detected capacity change from 0 to 1024 [ 84.995135][ T4681] overlayfs: failed to resolve './file0/../file0': -2 [ 85.053575][ T4685] unable to read inode lookup table [ 85.075789][ T4694] udc-core: couldn't find an available UDC or it's busy [ 85.077497][ T4694] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 86.045993][ T4701] loop3: detected capacity change from 0 to 1024 [ 86.077260][ T4139] hfsplus: b-tree write err: -5, ino 4 [ 86.090500][ T4704] loop4: detected capacity change from 0 to 1024 [ 86.100870][ T4701] hfsplus: keylen 65060 too large [ 87.255430][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 87.405138][ T4730] loop4: detected capacity change from 0 to 1024 [ 87.408496][ T4731] loop0: detected capacity change from 0 to 2048 [ 87.496792][ T4736] loop1: detected capacity change from 0 to 256 [ 87.534872][ T4731] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 87.561571][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 87.806131][ T4742] loop3: detected capacity change from 0 to 8 [ 87.819336][ T4731] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 87.908909][ T4742] unable to read inode lookup table [ 88.015674][ T26] audit: type=1326 audit(87.960:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff94731d28 code=0x7ffc0000 [ 88.120184][ T26] audit: type=1326 audit(87.960:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff94730254 code=0x7ffc0000 [ 88.539522][ T26] audit: type=1326 audit(87.970:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffff9473388c code=0x7ffc0000 [ 88.590576][ T26] audit: type=1326 audit(87.970:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff94731d28 code=0x7ffc0000 [ 88.603203][ T26] audit: type=1326 audit(87.970:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffff9473388c code=0x7ffc0000 [ 88.623817][ T26] audit: type=1326 audit(87.980:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffff9473062c code=0x7ffc0000 [ 88.639344][ T26] audit: type=1326 audit(87.980:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff94731d28 code=0x7ffc0000 [ 88.672198][ T26] audit: type=1326 audit(87.980:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff94731d28 code=0x7ffc0000 [ 88.694957][ T26] audit: type=1326 audit(87.980:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff94731d28 code=0x7ffc0000 [ 88.751443][ T26] audit: type=1326 audit(87.980:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4740 comm="syz.4.204" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff94731d28 code=0x7ffc0000 [ 88.758482][ T4755] capability: warning: `syz.4.208' uses 32-bit capabilities (legacy support in use) [ 88.784922][ T4754] loop0: detected capacity change from 0 to 1024 [ 88.873310][ T4761] loop1: detected capacity change from 0 to 1024 [ 89.000821][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 89.102708][ T4764] loop4: detected capacity change from 0 to 2048 [ 89.206351][ T4778] loop0: detected capacity change from 0 to 2048 [ 89.323539][ T4778] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 89.359572][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 89.374339][ T4764] hpfs: filesystem error: improperly stopped; already mounted read-only [ 89.376379][ T4764] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 89.378348][ T4764] hpfs: filesystem error: sector(s) 'dir_band_bitmap' badly placed at 7b318cc4 [ 89.383357][ T4778] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 89.476269][ T4783] loop1: detected capacity change from 0 to 256 [ 89.756221][ T4794] loop4: detected capacity change from 0 to 8 [ 89.808028][ T4794] unable to read inode lookup table [ 89.811776][ T4801] loop0: detected capacity change from 0 to 47 [ 90.065328][ T4805] loop0: detected capacity change from 0 to 1024 [ 90.178442][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 90.200365][ T4811] netlink: 20 bytes leftover after parsing attributes in process `syz.4.228'. [ 90.287261][ T4815] loop4: detected capacity change from 0 to 1024 [ 90.505964][ T4819] loop1: detected capacity change from 0 to 2048 [ 90.550365][ T4817] loop0: detected capacity change from 0 to 8192 [ 90.585539][ T4817] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 90.587906][ T4817] REISERFS (device loop0): using ordered data mode [ 90.589524][ T4817] reiserfs: using flush barriers [ 90.623515][ T4819] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 90.624126][ T4817] REISERFS warning (device loop0): sh-459 journal_init: unable to read journal header [ 90.628927][ T4817] REISERFS warning (device loop0): sh-2022 reiserfs_fill_super: unable to initialize journal space [ 90.724508][ T4819] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 90.949513][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 91.011262][ T4831] loop3: detected capacity change from 0 to 8 [ 91.048103][ T4831] unable to read inode lookup table [ 91.094984][ T4835] loop1: detected capacity change from 0 to 1024 [ 91.116927][ T4829] loop4: detected capacity change from 0 to 8192 [ 91.142376][ T4829] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 91.147769][ T4829] REISERFS (device loop4): using ordered data mode [ 91.151275][ T4829] reiserfs: using flush barriers [ 91.162991][ T4829] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 91.167543][ T4829] REISERFS (device loop4): checking transaction log (loop4) [ 91.284260][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 91.387627][ T4840] loop0: detected capacity change from 0 to 2048 [ 91.397926][ T4829] REISERFS (device loop4): Using tea hash to sort names [ 91.400094][ T4829] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 91.445785][ T4840] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 91.460029][ T4846] loop1: detected capacity change from 0 to 256 [ 91.757932][ T9] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 91.778868][ T9] EXT4-fs (loop0): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 2 with error 28 [ 91.801086][ T9] EXT4-fs (loop0): This should not happen!! Data will be lost [ 91.801086][ T9] [ 91.808127][ T9] EXT4-fs (loop0): Total free blocks count 0 [ 91.810248][ T9] EXT4-fs (loop0): Free/Dirty block details [ 91.811945][ T9] EXT4-fs (loop0): free_blocks=2415919104 [ 91.816340][ T9] EXT4-fs (loop0): dirty_blocks=16 [ 91.817778][ T9] EXT4-fs (loop0): Block reservation details [ 91.819342][ T9] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 91.965124][ T4857] loop4: detected capacity change from 0 to 2048 [ 92.206123][ T4857] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 92.282999][ T4857] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 92.529049][ T4877] loop4: detected capacity change from 0 to 1024 [ 92.556330][ T4879] loop1: detected capacity change from 0 to 8 [ 92.574003][ T4880] netlink: 20 bytes leftover after parsing attributes in process `syz.2.251'. [ 92.626098][ T4879] unable to read inode lookup table [ 92.706606][ T9] hfsplus: b-tree write err: -5, ino 4 [ 92.793649][ T4888] loop4: detected capacity change from 0 to 128 [ 92.978983][ T4896] loop1: detected capacity change from 0 to 2048 [ 93.123366][ T4896] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 93.216047][ T4896] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 93.730120][ T4912] loop3: detected capacity change from 0 to 1024 [ 93.968467][ T4918] ucma_write: process 180 (syz.2.265) changed security contexts after opening file descriptor, this is not allowed. [ 94.002958][ T4920] loop1: detected capacity change from 0 to 1024 [ 94.006154][ T4900] loop4: detected capacity change from 0 to 40427 [ 94.010679][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 94.026294][ T4900] F2FS-fs (loop4): Wrong SSA boundary, start(3584) end(4096) blocks(0) [ 94.030413][ T4900] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 94.082487][ T4900] F2FS-fs (loop4): invalid crc value [ 94.115567][ T4900] F2FS-fs (loop4): Found nat_bits in checkpoint [ 94.144659][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 94.174467][ T4900] F2FS-fs (loop4): Start checkpoint disabled! [ 94.198607][ T4900] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 94.200439][ T4900] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 94.292400][ T4932] loop3: detected capacity change from 0 to 2048 [ 94.392546][ T9] attempt to access beyond end of device [ 94.392546][ T9] loop4: rw=2049, want=40976, limit=40427 [ 94.403483][ T4932] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 94.416158][ T4940] loop0: detected capacity change from 0 to 256 [ 94.487154][ T4932] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 94.628202][ T4950] FAULT_INJECTION: forcing a failure. [ 94.628202][ T4950] name failslab, interval 1, probability 0, space 0, times 0 [ 94.631526][ T4950] CPU: 1 PID: 4950 Comm: syz.4.274 Not tainted 5.15.179-syzkaller #0 [ 94.633529][ T4950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 94.635972][ T4950] Call trace: [ 94.636869][ T4950] dump_backtrace+0x0/0x530 [ 94.637986][ T4950] show_stack+0x2c/0x3c [ 94.639075][ T4950] dump_stack_lvl+0x108/0x170 [ 94.640227][ T4950] dump_stack+0x1c/0x58 [ 94.641305][ T4950] should_fail+0x3b8/0x514 [ 94.642500][ T4950] __should_failslab+0xbc/0x110 [ 94.643766][ T4950] should_failslab+0x10/0x28 [ 94.644920][ T4950] slab_pre_alloc_hook+0x64/0xe8 [ 94.646175][ T4950] kmem_cache_alloc_trace+0x9c/0x47c [ 94.647596][ T4950] v9fs_mount+0x74/0x780 [ 94.648747][ T4950] legacy_get_tree+0xd4/0x16c [ 94.650018][ T4950] vfs_get_tree+0x90/0x274 [ 94.651101][ T4950] do_new_mount+0x278/0x8fc [ 94.652205][ T4950] path_mount+0x594/0x101c [ 94.653282][ T4950] __arm64_sys_mount+0x510/0x5e0 [ 94.654582][ T4950] invoke_syscall+0x98/0x2b8 [ 94.655806][ T4950] el0_svc_common+0x138/0x258 [ 94.657053][ T4950] do_el0_svc+0x58/0x14c [ 94.658117][ T4950] el0_svc+0x7c/0x1f0 [ 94.659138][ T4950] el0t_64_sync_handler+0x84/0xe4 [ 94.660336][ T4950] el0t_64_sync+0x1a0/0x1a4 [ 94.744579][ T4948] loop1: detected capacity change from 0 to 4096 [ 94.832542][ T4954] loop4: detected capacity change from 0 to 1024 [ 95.210330][ T4948] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 95.222923][ T4948] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 95.225704][ T4948] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 95.227946][ T4948] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 95.231547][ T4948] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 95.351692][ T4948] ntfs: volume version 3.1. [ 95.372238][ T4948] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index buffer (VCN 0x0) of directory inode 0x5 has a size (24) differing from the directory specified size (4096). Directory inode is corrupt or driver bug. [ 95.379911][ T148] hfsplus: b-tree write err: -5, ino 4 [ 95.389553][ T4948] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 95.392535][ T4948] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 95.432270][ T4963] netlink: 20 bytes leftover after parsing attributes in process `syz.0.282'. [ 95.515214][ T4967] IPVS: set_ctl: invalid protocol: 58 224.0.0.1:20000 [ 95.653576][ T4973] loop4: detected capacity change from 0 to 8 [ 95.673974][ T4964] loop0: detected capacity change from 0 to 8192 [ 95.704524][ T4973] unable to read inode lookup table [ 95.733246][ T4964] REISERFS warning (device loop0): sh-2021 reiserfs_fill_super: can not find reiserfs on loop0 [ 95.862956][ T4983] overlayfs: failed to resolve './file1': -2 [ 95.962448][ T4990] loop4: detected capacity change from 0 to 1024 [ 96.298207][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 96.391761][ T5004] loop4: detected capacity change from 0 to 256 [ 96.462577][ T5004] FAT-fs (loop4): Directory bread(block 64) failed [ 96.464613][ T5004] FAT-fs (loop4): Directory bread(block 65) failed [ 96.466171][ T5004] FAT-fs (loop4): Directory bread(block 66) failed [ 96.467604][ T5004] FAT-fs (loop4): Directory bread(block 67) failed [ 96.469145][ T5004] FAT-fs (loop4): Directory bread(block 68) failed [ 96.470651][ T5004] FAT-fs (loop4): Directory bread(block 69) failed [ 96.492851][ T5004] FAT-fs (loop4): Directory bread(block 70) failed [ 96.494915][ T5004] FAT-fs (loop4): Directory bread(block 71) failed [ 96.496537][ T5004] FAT-fs (loop4): Directory bread(block 72) failed [ 96.498095][ T5004] FAT-fs (loop4): Directory bread(block 73) failed [ 96.608039][ T4948] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index buffer (VCN 0x0) of directory inode 0x5 has a size (24) differing from the directory specified size (4096). Directory inode is corrupt or driver bug. [ 96.613037][ T4948] ntfs: (device loop1): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 96.939677][ T5019] loop1: detected capacity change from 0 to 8 [ 96.974997][ T4995] loop3: detected capacity change from 0 to 40427 [ 97.105827][ T5021] netlink: 8 bytes leftover after parsing attributes in process `syz.3.295'. [ 97.324125][ T5023] overlayfs: failed to resolve './file1': -2 [ 97.627860][ T5021] loop3: detected capacity change from 0 to 8192 [ 97.681279][ T5028] loop0: detected capacity change from 0 to 256 [ 97.689824][ T5019] unable to read inode lookup table [ 97.696261][ T5004] netlink: 8 bytes leftover after parsing attributes in process `syz.4.298'. [ 97.698524][ T5004] netlink: 24 bytes leftover after parsing attributes in process `syz.4.298'. [ 98.829273][ T5039] loop3: detected capacity change from 0 to 1024 [ 98.985426][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 99.095744][ T5055] loop4: detected capacity change from 0 to 1024 [ 99.161500][ T5057] overlayfs: failed to resolve './file1': -2 [ 99.199937][ T5067] netlink: 32 bytes leftover after parsing attributes in process `syz.1.317'. [ 99.237573][ T9] hfsplus: b-tree write err: -5, ino 4 [ 99.300578][ T5072] loop1: detected capacity change from 0 to 256 [ 99.324225][ T5075] loop3: detected capacity change from 0 to 8 [ 99.389105][ T5076] FAULT_INJECTION: forcing a failure. [ 99.389105][ T5076] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 99.392548][ T5076] CPU: 0 PID: 5076 Comm: syz.4.320 Not tainted 5.15.179-syzkaller #0 [ 99.394548][ T5076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.396945][ T5076] Call trace: [ 99.397773][ T5076] dump_backtrace+0x0/0x530 [ 99.398904][ T5076] show_stack+0x2c/0x3c [ 99.399912][ T5076] dump_stack_lvl+0x108/0x170 [ 99.401101][ T5076] dump_stack+0x1c/0x58 [ 99.402125][ T5076] should_fail+0x3b8/0x514 [ 99.403285][ T5076] should_fail_usercopy+0x20/0x30 [ 99.404506][ T5076] strncpy_from_user+0x48/0x580 [ 99.405650][ T5076] getname_flags+0x104/0x480 [ 99.406782][ T5076] __arm64_sys_symlinkat+0x94/0xbc [ 99.408100][ T5076] invoke_syscall+0x98/0x2b8 [ 99.409232][ T5076] el0_svc_common+0x138/0x258 [ 99.410426][ T5076] do_el0_svc+0x58/0x14c [ 99.411516][ T5076] el0_svc+0x7c/0x1f0 [ 99.412592][ T5076] el0t_64_sync_handler+0x84/0xe4 [ 99.413778][ T5076] el0t_64_sync+0x1a0/0x1a4 [ 99.462420][ T5075] unable to read inode lookup table [ 99.656666][ T5094] loop1: detected capacity change from 0 to 512 [ 99.750695][ T5094] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 99.800522][ T5102] overlayfs: failed to resolve './file0/../file0': -2 [ 99.802495][ T5094] EXT4-fs (loop1): orphan cleanup on readonly fs [ 99.805318][ T5094] EXT4-fs error (device loop1): ext4_quota_enable:6384: comm syz.1.327: Bad quota inum: 11, type: 1 [ 99.810422][ T5101] loop4: detected capacity change from 0 to 1024 [ 99.823489][ T5094] EXT4-fs warning (device loop1): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 99.827618][ T5094] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 99.829310][ T5094] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 99.837826][ T5094] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 99.869112][ T5098] loop0: detected capacity change from 0 to 8192 [ 99.878437][ T5094] EXT4-fs error (device loop1): ext4_quota_enable:6384: comm syz.1.327: Bad quota inum: 11, type: 1 [ 99.908483][ T5094] EXT4-fs warning (device loop1): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 99.924648][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 99.955963][ T5106] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 99.961271][ T5098] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 99.974694][ T5098] REISERFS (device loop0): using journaled data mode [ 99.976193][ T5098] reiserfs: using flush barriers [ 100.002771][ T5098] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 100.008487][ T5106] EXT4-fs error (device loop1): ext4_quota_enable:6384: comm syz.1.327: Bad quota inum: 11, type: 1 [ 100.012207][ T5106] EXT4-fs warning (device loop1): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 100.024629][ T5098] REISERFS (device loop0): checking transaction log (loop0) [ 100.038853][ T5098] REISERFS (device loop0): Using r5 hash to sort names [ 100.040974][ T5098] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 100.044532][ T5116] loop4: detected capacity change from 0 to 1024 [ 100.067085][ T5098] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 100.081533][ T5098] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 100.085756][ T5098] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 100.089842][ T5098] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 100.154179][ T5118] IPVS: sync thread started: state = BACKUP, mcast_ifn = vxcan1, syncid = 3, id = 0 [ 100.201546][ T5123] loop3: detected capacity change from 0 to 256 [ 100.235283][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 100.305612][ T5122] netlink: 196 bytes leftover after parsing attributes in process `syz.2.337'. [ 100.357188][ T5128] loop1: detected capacity change from 0 to 1024 [ 100.488911][ T5137] overlayfs: failed to resolve './file0/../file0': -2 [ 100.521557][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 100.673107][ T5148] loop1: detected capacity change from 0 to 1024 [ 100.790786][ T5153] loop4: detected capacity change from 0 to 1024 [ 100.972855][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 101.170543][ T9] hfsplus: b-tree write err: -5, ino 4 [ 101.224855][ T5141] loop3: detected capacity change from 0 to 32768 [ 101.294352][ T5141] overlayfs: './file2' not a directory [ 101.311645][ T5158] loop1: detected capacity change from 0 to 256 [ 101.482787][ T5164] loop1: detected capacity change from 0 to 1024 [ 101.520021][ T5168] loop0: detected capacity change from 0 to 8 [ 101.612162][ T5168] unable to read inode lookup table [ 101.615822][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 101.636918][ T5155] loop4: detected capacity change from 0 to 32768 [ 101.667116][ T5155] ======================================================= [ 101.667116][ T5155] WARNING: The mand mount option has been deprecated and [ 101.667116][ T5155] and is ignored by this kernel. Remove the mand [ 101.667116][ T5155] option from the mount to silence this warning. [ 101.667116][ T5155] ======================================================= [ 101.786234][ T5155] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 101.835190][ T5155] netlink: 'syz.4.352': attribute type 15 has an invalid length. [ 101.836961][ T5155] netlink: 176 bytes leftover after parsing attributes in process `syz.4.352'. [ 102.022348][ T4022] ocfs2: Unmounting device (7,4) on (node local) [ 102.189675][ T5191] overlayfs: failed to resolve './file0/../file0': -2 [ 102.228266][ T5189] loop4: detected capacity change from 0 to 1024 [ 102.290713][ T5195] loop3: detected capacity change from 0 to 256 [ 102.389021][ T5197] loop1: detected capacity change from 0 to 256 [ 102.501899][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 102.928951][ T5216] loop1: detected capacity change from 0 to 1024 [ 103.753887][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 103.836959][ T5226] loop4: detected capacity change from 0 to 256 [ 103.895240][ T5224] overlayfs: failed to resolve './file0/../file0': -2 [ 104.000043][ T5230] loop4: detected capacity change from 0 to 256 [ 104.002820][ T5228] loop1: detected capacity change from 0 to 1024 [ 104.561856][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 104.899407][ T5243] loop1: detected capacity change from 0 to 8 [ 104.960995][ T5243] unable to read inode lookup table [ 104.985362][ T5245] FAULT_INJECTION: forcing a failure. [ 104.985362][ T5245] name failslab, interval 1, probability 0, space 0, times 0 [ 104.988568][ T5245] CPU: 1 PID: 5245 Comm: syz.2.387 Not tainted 5.15.179-syzkaller #0 [ 104.990672][ T5245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 104.993139][ T5245] Call trace: [ 104.993897][ T5245] dump_backtrace+0x0/0x530 [ 104.995145][ T5245] show_stack+0x2c/0x3c [ 104.996161][ T5245] dump_stack_lvl+0x108/0x170 [ 104.997306][ T5245] dump_stack+0x1c/0x58 [ 104.998309][ T5245] should_fail+0x3b8/0x514 [ 104.999466][ T5245] __should_failslab+0xbc/0x110 [ 105.000720][ T5245] should_failslab+0x10/0x28 [ 105.001888][ T5245] slab_pre_alloc_hook+0x64/0xe8 [ 105.003150][ T5245] kmem_cache_alloc+0x98/0x45c [ 105.004385][ T5245] __inet_hash_connect+0x738/0xd3c [ 105.005699][ T5245] inet_hash_connect+0xc4/0x158 [ 105.006973][ T5245] tcp_v4_connect+0x9d8/0x1638 [ 105.008187][ T5245] __inet_stream_connect+0x204/0xc00 [ 105.009538][ T5245] inet_stream_connect+0x74/0xb0 [ 105.010818][ T5245] kernel_connect+0x114/0x164 [ 105.012000][ T5245] smc_connect+0x3d4/0x828 [ 105.013124][ T5245] __sys_connect+0x268/0x290 [ 105.014278][ T5245] __arm64_sys_connect+0x7c/0x94 [ 105.015556][ T5245] invoke_syscall+0x98/0x2b8 [ 105.016733][ T5245] el0_svc_common+0x138/0x258 [ 105.017948][ T5245] do_el0_svc+0x58/0x14c [ 105.019011][ T5245] el0_svc+0x7c/0x1f0 [ 105.020051][ T5245] el0t_64_sync_handler+0x84/0xe4 [ 105.021362][ T5245] el0t_64_sync+0x1a0/0x1a4 [ 105.233347][ T5251] netlink: 36 bytes leftover after parsing attributes in process `syz.1.389'. [ 105.371759][ T5260] loop0: detected capacity change from 0 to 1024 [ 105.400590][ T5258] loop1: detected capacity change from 0 to 2048 [ 105.483435][ T5258] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 105.570542][ T5258] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 106.003430][ T5274] loop1: detected capacity change from 0 to 8 [ 106.005903][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 106.058062][ T5274] unable to read inode lookup table [ 106.210838][ T5279] loop4: detected capacity change from 0 to 1024 [ 106.227152][ T5281] loop0: detected capacity change from 0 to 164 [ 106.360593][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 106.463489][ T5290] loop4: detected capacity change from 0 to 1024 [ 106.481290][ T5293] kAFS: unable to lookup cell '' [ 106.524256][ T5298] loop1: detected capacity change from 0 to 2048 [ 106.592070][ T9] hfsplus: b-tree write err: -5, ino 4 [ 106.611905][ T5300] loop3: detected capacity change from 0 to 1024 [ 106.653546][ T5298] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 106.697239][ T5298] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 106.705128][ T5302] loop4: detected capacity change from 0 to 512 [ 106.712506][ T5298] overlayfs: failed to resolve './file1': -2 [ 106.720289][ T9] Bluetooth: hci5: Frame reassembly failed (-84) [ 106.728468][ T5302] EXT4-fs (loop4): Ignoring removed oldalloc option [ 106.751566][ T5270] netlink: 16 bytes leftover after parsing attributes in process `syz.2.397'. [ 106.786829][ T5302] EXT4-fs error (device loop4): ext4_xattr_inode_iget:400: comm syz.4.411: Parent and EA inode have the same ino 15 [ 106.794039][ T5302] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 106.798786][ T5302] EXT4-fs error (device loop4): ext4_xattr_inode_iget:400: comm syz.4.411: Parent and EA inode have the same ino 15 [ 106.818682][ T5302] EXT4-fs (loop4): 1 orphan inode deleted [ 106.820905][ T5302] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,bsdgroups,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,bsdgroups,oldalloc,resuid=0x000000000000ee01,,errors=continue. Quota mode: none. [ 106.895486][ T5302] EXT4-fs error (device loop4): ext4_lookup:1862: inode #2: comm syz.4.411: deleted inode referenced: 15 [ 107.092584][ T5311] loop1: detected capacity change from 0 to 256 [ 107.161729][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 107.180276][ T5310] loop4: detected capacity change from 0 to 8 [ 107.206673][ T5310] unable to read inode lookup table [ 108.353182][ T5321] sctp: [Deprecated]: syz.3.416 (pid 5321) Use of struct sctp_assoc_value in delayed_ack socket option. [ 108.353182][ T5321] Use struct sctp_sack_info instead [ 108.381350][ T5324] loop0: detected capacity change from 0 to 1024 [ 108.453935][ T5321] loop3: detected capacity change from 0 to 2048 [ 108.470193][ T148] hfsplus: b-tree write err: -5, ino 4 [ 108.530290][ T5321] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,lazytime,data_err=abort,errors=remount-ro,. Quota mode: writeback. [ 108.686720][ T5335] loop0: detected capacity change from 0 to 1024 [ 108.753356][ T4072] Bluetooth: hci5: command 0x1003 tx timeout [ 108.754956][ T144] Bluetooth: hci5: sending frame failed (-49) [ 108.783453][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 108.913980][ T5342] loop0: detected capacity change from 0 to 2048 [ 108.930376][ T5344] loop3: detected capacity change from 0 to 1024 [ 109.013565][ T5342] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 109.104877][ T5342] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 109.123266][ T5342] overlayfs: failed to resolve './file1': -2 [ 109.179368][ T5336] loop4: detected capacity change from 0 to 32768 [ 109.299456][ T5336] JBD2: Ignoring recovery information on journal [ 109.371412][ T5349] FAULT_INJECTION: forcing a failure. [ 109.371412][ T5349] name failslab, interval 1, probability 0, space 0, times 0 [ 109.376841][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 109.390646][ T5336] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 109.410038][ T5349] CPU: 1 PID: 5349 Comm: syz.0.426 Not tainted 5.15.179-syzkaller #0 [ 109.412174][ T5349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.414616][ T5349] Call trace: [ 109.415403][ T5349] dump_backtrace+0x0/0x530 [ 109.416559][ T5349] show_stack+0x2c/0x3c [ 109.417606][ T5349] dump_stack_lvl+0x108/0x170 [ 109.418875][ T5349] dump_stack+0x1c/0x58 [ 109.419909][ T5349] should_fail+0x3b8/0x514 [ 109.420996][ T5349] __should_failslab+0xbc/0x110 [ 109.422134][ T5349] should_failslab+0x10/0x28 [ 109.423305][ T5349] slab_pre_alloc_hook+0x64/0xe8 [ 109.424536][ T5349] kmem_cache_alloc_trace+0x9c/0x47c [ 109.425907][ T5349] ucma_alloc_ctx+0x5c/0x270 [ 109.427009][ T5349] ucma_create_id+0x294/0x62c [ 109.428198][ T5349] ucma_write+0x34c/0x4a4 [ 109.429274][ T5349] do_iter_write+0x33c/0x66c [ 109.430552][ T5349] do_writev+0x220/0x3ec [ 109.431566][ T5349] __arm64_sys_writev+0x80/0x94 [ 109.432786][ T5349] invoke_syscall+0x98/0x2b8 [ 109.433969][ T5349] el0_svc_common+0x138/0x258 [ 109.435199][ T5349] do_el0_svc+0x58/0x14c [ 109.436275][ T5349] el0_svc+0x7c/0x1f0 [ 109.437259][ T5349] el0t_64_sync_handler+0x84/0xe4 [ 109.438535][ T5349] el0t_64_sync+0x1a0/0x1a4 [ 109.560262][ T5361] loop1: detected capacity change from 0 to 8 [ 109.571080][ T5359] loop0: detected capacity change from 0 to 1024 [ 109.604995][ T5365] loop3: detected capacity change from 0 to 512 [ 109.619548][ T5361] unable to read inode lookup table [ 109.657338][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 109.671584][ T4022] ocfs2: Unmounting device (7,4) on (node local) [ 109.685576][ T5365] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier=0x0000000000000005,mb_optimize_scan=0x0000000000000001,abort,,errors=continue. Quota mode: writeback. [ 109.729789][ T5372] loop0: detected capacity change from 0 to 1024 [ 109.850012][ T9] hfsplus: b-tree write err: -5, ino 4 [ 110.049826][ T5385] loop0: detected capacity change from 0 to 1024 [ 110.053024][ T5389] loop4: detected capacity change from 0 to 256 [ 110.065055][ T5384] loop3: detected capacity change from 0 to 2048 [ 110.183222][ T5384] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 110.295425][ T5384] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 110.342004][ T5384] overlayfs: failed to resolve './file1': -2 [ 110.421628][ T148] hfsplus: b-tree write err: -5, ino 4 [ 110.555385][ T5398] FAULT_INJECTION: forcing a failure. [ 110.555385][ T5398] name failslab, interval 1, probability 0, space 0, times 0 [ 110.558498][ T5398] CPU: 0 PID: 5398 Comm: syz.3.440 Not tainted 5.15.179-syzkaller #0 [ 110.559561][ T5397] loop0: detected capacity change from 0 to 512 [ 110.560575][ T5398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 110.564631][ T5398] Call trace: [ 110.565433][ T5398] dump_backtrace+0x0/0x530 [ 110.566524][ T5398] show_stack+0x2c/0x3c [ 110.567389][ T5398] dump_stack_lvl+0x108/0x170 [ 110.568596][ T5398] dump_stack+0x1c/0x58 [ 110.569661][ T5398] should_fail+0x3b8/0x514 [ 110.570747][ T5398] __should_failslab+0xbc/0x110 [ 110.571930][ T5398] should_failslab+0x10/0x28 [ 110.572987][ T5398] slab_pre_alloc_hook+0x64/0xe8 [ 110.574260][ T5398] kmem_cache_alloc+0x98/0x45c [ 110.575435][ T5398] __alloc_file+0x30/0x240 [ 110.576493][ T5398] alloc_empty_file+0xa8/0x198 [ 110.577677][ T5398] alloc_file+0x64/0x494 [ 110.578731][ T5398] alloc_file_pseudo+0x1e0/0x278 [ 110.579985][ T5398] sock_alloc_file+0xb8/0x230 [ 110.581156][ T5398] do_accept+0x344/0x5d0 [ 110.582223][ T5398] __sys_accept4+0x100/0x17c [ 110.583377][ T5398] __arm64_sys_accept4+0x9c/0xb8 [ 110.584646][ T5398] invoke_syscall+0x98/0x2b8 [ 110.585759][ T5398] el0_svc_common+0x138/0x258 [ 110.586960][ T5398] do_el0_svc+0x58/0x14c [ 110.588044][ T5398] el0_svc+0x7c/0x1f0 [ 110.589027][ T5398] el0t_64_sync_handler+0x84/0xe4 [ 110.590227][ T5398] el0t_64_sync+0x1a0/0x1a4 [ 110.673391][ T5397] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 110.678553][ T5397] EXT4-fs (loop0): can't mount with commit=2, fs mounted w/o journal [ 110.710846][ T5400] loop3: detected capacity change from 0 to 256 [ 110.823299][ T4072] Bluetooth: hci5: command 0x1001 tx timeout [ 110.824733][ T144] Bluetooth: hci5: sending frame failed (-49) [ 110.841358][ T5402] netlink: 24 bytes leftover after parsing attributes in process `syz.3.443'. [ 110.971112][ T5407] loop0: detected capacity change from 0 to 1024 [ 110.971175][ T5406] loop1: detected capacity change from 0 to 1024 [ 110.975962][ T5408] loop3: detected capacity change from 0 to 8 [ 111.024362][ T5408] unable to read inode lookup table [ 111.072401][ T9] hfsplus: b-tree write err: -5, ino 4 [ 111.087366][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 111.185878][ T5415] FAULT_INJECTION: forcing a failure. [ 111.185878][ T5415] name failslab, interval 1, probability 0, space 0, times 0 [ 111.188895][ T5415] CPU: 0 PID: 5415 Comm: syz.0.448 Not tainted 5.15.179-syzkaller #0 [ 111.190780][ T5415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 111.193180][ T5415] Call trace: [ 111.193994][ T5415] dump_backtrace+0x0/0x530 [ 111.195114][ T5415] show_stack+0x2c/0x3c [ 111.196091][ T5415] dump_stack_lvl+0x108/0x170 [ 111.197243][ T5415] dump_stack+0x1c/0x58 [ 111.198267][ T5415] should_fail+0x3b8/0x514 [ 111.199312][ T5415] __should_failslab+0xbc/0x110 [ 111.200543][ T5415] should_failslab+0x10/0x28 [ 111.201643][ T5415] slab_pre_alloc_hook+0x64/0xe8 [ 111.202821][ T5415] kmem_cache_alloc+0x98/0x45c [ 111.203954][ T5415] shmem_alloc_inode+0x20/0x38 [ 111.205057][ T5415] new_inode_pseudo+0x68/0x200 [ 111.206278][ T5415] new_inode+0x38/0x174 [ 111.207284][ T5415] shmem_get_inode+0x31c/0xa04 [ 111.208477][ T5415] __shmem_file_setup+0xf8/0x26c [ 111.209607][ T5415] shmem_file_setup+0x40/0x54 [ 111.210760][ T5415] __arm64_sys_memfd_create+0x374/0x610 [ 111.212140][ T5415] invoke_syscall+0x98/0x2b8 [ 111.213239][ T5415] el0_svc_common+0x138/0x258 [ 111.214342][ T5415] do_el0_svc+0x58/0x14c [ 111.215423][ T5415] el0_svc+0x7c/0x1f0 [ 111.216455][ T5415] el0t_64_sync_handler+0x84/0xe4 [ 111.217719][ T5415] el0t_64_sync+0x1a0/0x1a4 [ 111.289238][ T5421] loop3: detected capacity change from 0 to 1024 [ 111.452328][ T5425] netlink: 24 bytes leftover after parsing attributes in process `syz.0.453'. [ 111.456493][ T5423] loop1: detected capacity change from 0 to 2048 [ 111.586322][ T5423] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 111.586719][ T5432] loop0: detected capacity change from 0 to 256 [ 111.624442][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 111.652057][ T5423] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 111.722683][ T5436] loop3: detected capacity change from 0 to 256 [ 111.809680][ T5436] netlink: 56 bytes leftover after parsing attributes in process `syz.3.456'. [ 111.912740][ T5444] loop1: detected capacity change from 0 to 1024 [ 111.974489][ T5446] loop0: detected capacity change from 0 to 8 [ 112.000386][ T5448] loop3: detected capacity change from 0 to 1024 [ 112.024760][ T5446] unable to read inode lookup table [ 112.059020][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 112.086185][ T148] hfsplus: b-tree write err: -5, ino 4 [ 112.106857][ T5450] FAULT_INJECTION: forcing a failure. [ 112.106857][ T5450] name failslab, interval 1, probability 0, space 0, times 0 [ 112.110056][ T5450] CPU: 1 PID: 5450 Comm: syz.4.461 Not tainted 5.15.179-syzkaller #0 [ 112.112160][ T5450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 112.114676][ T5450] Call trace: [ 112.115517][ T5450] dump_backtrace+0x0/0x530 [ 112.116642][ T5450] show_stack+0x2c/0x3c [ 112.117740][ T5450] dump_stack_lvl+0x108/0x170 [ 112.118885][ T5450] dump_stack+0x1c/0x58 [ 112.119951][ T5450] should_fail+0x3b8/0x514 [ 112.121077][ T5450] __should_failslab+0xbc/0x110 [ 112.122410][ T5450] should_failslab+0x10/0x28 [ 112.123569][ T5450] slab_pre_alloc_hook+0x64/0xe8 [ 112.124788][ T5450] kmem_cache_alloc+0x98/0x45c [ 112.126058][ T5450] dst_alloc+0xf8/0x170 [ 112.127107][ T5450] ip_route_output_key_hash_rcu+0xfb4/0x1f88 [ 112.128676][ T5450] ip_route_output_key_hash+0x1b0/0x31c [ 112.130154][ T5450] ip_route_output_flow+0x3c/0x160 [ 112.131502][ T5450] udp_sendmsg+0x13c4/0x25b8 [ 112.132678][ T5450] udpv6_sendmsg+0x668/0x2850 [ 112.133862][ T5450] inet6_sendmsg+0xb4/0xd8 [ 112.135014][ T5450] ____sys_sendmsg+0x584/0x870 [ 112.136217][ T5450] ___sys_sendmsg+0x214/0x294 [ 112.137460][ T5450] __sys_sendmmsg+0x23c/0x648 [ 112.138682][ T5450] __arm64_sys_sendmmsg+0xa0/0xbc [ 112.139989][ T5450] invoke_syscall+0x98/0x2b8 [ 112.141124][ T5450] el0_svc_common+0x138/0x258 [ 112.142234][ T5450] do_el0_svc+0x58/0x14c [ 112.143342][ T5450] el0_svc+0x7c/0x1f0 [ 112.144379][ T5450] el0t_64_sync_handler+0x84/0xe4 [ 112.145719][ T5450] el0t_64_sync+0x1a0/0x1a4 [ 112.212253][ T5458] netlink: 'syz.1.465': attribute type 1 has an invalid length. [ 112.303794][ T5462] loop3: detected capacity change from 0 to 2048 [ 112.330886][ T5464] loop4: detected capacity change from 0 to 1024 [ 112.403663][ T5462] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 112.592454][ T5462] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 113.224715][ T5469] loop1: detected capacity change from 0 to 2048 [ 113.243383][ T4072] Bluetooth: hci5: command 0x1009 tx timeout [ 113.324915][ T5469] UDF-fs: bad mount option "volume=000000?0000000000001" or missing value [ 113.342916][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 113.386721][ T5481] loop0: detected capacity change from 0 to 1024 [ 113.459236][ T5484] loop3: detected capacity change from 0 to 1024 [ 113.477090][ T5485] loop4: detected capacity change from 0 to 256 [ 113.511473][ T5487] loop1: detected capacity change from 0 to 8 [ 113.562232][ T148] hfsplus: b-tree write err: -5, ino 4 [ 113.577977][ T5487] unable to read inode lookup table [ 113.660408][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 114.056109][ T5505] netlink: 28 bytes leftover after parsing attributes in process `syz.0.480'. [ 114.066069][ T5492] loop3: detected capacity change from 0 to 512 [ 114.074270][ T5492] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 114.102999][ T5492] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=8003e119, mo2=0000] [ 114.104878][ T5506] loop1: detected capacity change from 0 to 512 [ 114.126319][ T5506] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 114.147573][ T5512] loop0: detected capacity change from 0 to 1024 [ 114.156954][ T5492] EXT4-fs (loop3): 1 truncate cleaned up [ 114.158447][ T5492] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,noblock_validity,nombcache,norecovery,acl,resgid=0x000000000000ee01,norecovery,noauto_da_alloc,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 114.169266][ T5506] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=8003e119, mo2=0000] [ 114.184154][ T4268] __quota_error: 2 callbacks suppressed [ 114.184165][ T4268] Quota error (device loop3): free_dqentry: Quota structure has offset to other block (1) than it should (5) [ 114.188924][ T4268] EXT4-fs error (device loop3): ext4_release_dquot:6220: comm kworker/u4:11: Failed to release dquot type 1 [ 114.358905][ T5506] EXT4-fs (loop1): 1 truncate cleaned up [ 114.360290][ T5506] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodelalloc,noblock_validity,nombcache,norecovery,acl,resgid=0x000000000000ee01,norecovery,noauto_da_alloc,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 114.384444][ T148] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5) [ 114.387454][ T148] EXT4-fs error (device loop1): ext4_release_dquot:6220: comm kworker/u4:2: Failed to release dquot type 1 [ 114.405893][ T5499] netlink: 192 bytes leftover after parsing attributes in process `syz.1.478'. [ 114.408220][ T5499] netlink: 56 bytes leftover after parsing attributes in process `syz.1.478'. [ 114.604204][ T9] hfsplus: b-tree write err: -5, ino 4 [ 114.726692][ T5516] loop0: detected capacity change from 0 to 2048 [ 114.813330][ T5516] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 114.856690][ T5520] loop3: detected capacity change from 0 to 1024 [ 115.027484][ T5516] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 115.086869][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 115.177889][ T5529] loop4: detected capacity change from 0 to 8 [ 115.190828][ T5529] unable to read inode lookup table [ 115.488011][ T5535] device lo entered promiscuous mode [ 115.495085][ T5535] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 115.568132][ T5540] FAULT_INJECTION: forcing a failure. [ 115.568132][ T5540] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 115.571687][ T5540] CPU: 0 PID: 5540 Comm: syz.4.492 Not tainted 5.15.179-syzkaller #0 [ 115.573522][ T5540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 115.575999][ T5540] Call trace: [ 115.576759][ T5540] dump_backtrace+0x0/0x530 [ 115.577839][ T5540] show_stack+0x2c/0x3c [ 115.578867][ T5540] dump_stack_lvl+0x108/0x170 [ 115.579991][ T5540] dump_stack+0x1c/0x58 [ 115.581048][ T5540] should_fail+0x3b8/0x514 [ 115.582132][ T5540] should_fail_usercopy+0x20/0x30 [ 115.583337][ T5540] put_user_ifreq+0x8c/0x1c4 [ 115.584427][ T5540] sock_do_ioctl+0x274/0x2dc [ 115.585608][ T5540] sock_ioctl+0x4f4/0x8b0 [ 115.586758][ T5540] __arm64_sys_ioctl+0x14c/0x1c8 [ 115.587929][ T5540] invoke_syscall+0x98/0x2b8 [ 115.589096][ T5540] el0_svc_common+0x138/0x258 [ 115.590196][ T5540] do_el0_svc+0x58/0x14c [ 115.591261][ T5540] el0_svc+0x7c/0x1f0 [ 115.592281][ T5540] el0t_64_sync_handler+0x84/0xe4 [ 115.593387][ T5540] el0t_64_sync+0x1a0/0x1a4 [ 115.673996][ T5542] loop3: detected capacity change from 0 to 1024 [ 116.179121][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 116.338673][ T5549] loop4: detected capacity change from 0 to 1024 [ 116.386032][ T5545] loop1: detected capacity change from 0 to 32768 [ 116.824112][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 117.082332][ T5565] loop4: detected capacity change from 0 to 256 [ 117.120238][ T5567] loop1: detected capacity change from 0 to 256 [ 118.011277][ T5580] netlink: 4 bytes leftover after parsing attributes in process `syz.3.496'. [ 118.268942][ T5583] loop4: detected capacity change from 0 to 1024 [ 118.329692][ T5581] netlink: 'syz.3.496': attribute type 3 has an invalid length. [ 118.342839][ T5583] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 118.344960][ T5583] EXT4-fs (loop4): Unrecognized mount option "euid<00000000000000000000" or missing value [ 118.395277][ T5583] netlink: 4595 bytes leftover after parsing attributes in process `syz.4.508'. [ 118.526010][ T5586] loop4: detected capacity change from 0 to 256 [ 118.580052][ T5586] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad258, utbl_chksum : 0xe619d30d) [ 119.576167][ T5605] netlink: 'syz.1.519': attribute type 1 has an invalid length. [ 119.578011][ T5605] netlink: 'syz.1.519': attribute type 2 has an invalid length. [ 119.998206][ T5610] loop1: detected capacity change from 0 to 2048 [ 120.083419][ T5615] loop3: detected capacity change from 0 to 1024 [ 120.209768][ T5610] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 120.291550][ T26] audit: type=1326 audit(120.260:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 120.297778][ T26] audit: type=1326 audit(120.260:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 120.307687][ T26] audit: type=1326 audit(120.260:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff85a4d254 code=0x7ffc0000 [ 120.329474][ T26] audit: type=1326 audit(120.260:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffff85a5088c code=0x7ffc0000 [ 120.340624][ T26] audit: type=1326 audit(120.260:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 120.384966][ T26] audit: type=1326 audit(120.260:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffff85a5088c code=0x7ffc0000 [ 120.395873][ T26] audit: type=1326 audit(120.260:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffff85a4d62c code=0x7ffc0000 [ 120.426712][ T26] audit: type=1326 audit(120.260:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 120.436065][ T26] audit: type=1326 audit(120.260:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 120.445217][ T26] audit: type=1326 audit(120.270:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.1.520" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 120.445330][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 120.527060][ T5630] trusted_key: encrypted_key: keylen parameter is missing [ 120.533966][ T5631] trusted_key: encrypted_key: keylen parameter is missing [ 120.720873][ T5638] loop4: detected capacity change from 0 to 256 [ 121.005296][ T5644] input: syz0 as /devices/virtual/input/input2 [ 121.067770][ T4072] kernel write not supported for file /uinput (pid: 4072 comm: kworker/0:6) [ 121.307132][ T5656] loop1: detected capacity change from 0 to 256 [ 121.395981][ T5656] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad258, utbl_chksum : 0xe619d30d) [ 121.976322][ T5667] loop3: detected capacity change from 0 to 4096 [ 124.240315][ T5718] loop1: detected capacity change from 0 to 1024 [ 124.549330][ T5723] x_tables: duplicate underflow at hook 2 [ 124.550904][ T5723] x_tables: duplicate underflow at hook 2 [ 124.552328][ T5723] x_tables: duplicate underflow at hook 2 [ 124.562762][ T5723] x_tables: duplicate underflow at hook 2 [ 124.611312][ T5724] ipt_CLUSTERIP: Please specify destination IP [ 124.665032][ T5723] x_tables: duplicate underflow at hook 2 [ 124.676400][ T5723] x_tables: duplicate underflow at hook 2 [ 124.687615][ T5723] x_tables: duplicate underflow at hook 2 [ 124.752520][ T5723] x_tables: duplicate underflow at hook 2 [ 124.772803][ T5723] x_tables: duplicate underflow at hook 2 [ 124.794941][ T5723] x_tables: duplicate underflow at hook 2 [ 125.166333][ T5732] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 125.517150][ T5742] loop4: detected capacity change from 0 to 8 [ 125.559527][ T5742] unable to read inode lookup table [ 125.916273][ T5755] device syzkaller0 entered promiscuous mode [ 126.007106][ T5755] futex_wake_op: syz.4.570 tries to shift op by -1; fix this program [ 126.890088][ T5785] overlayfs: missing 'lowerdir' [ 127.098000][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 127.722318][ T5793] FAULT_INJECTION: forcing a failure. [ 127.722318][ T5793] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 127.741163][ T5793] CPU: 0 PID: 5793 Comm: syz.2.584 Not tainted 5.15.179-syzkaller #0 [ 127.743079][ T5793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 127.745689][ T5793] Call trace: [ 127.746493][ T5793] dump_backtrace+0x0/0x530 [ 127.747674][ T5793] show_stack+0x2c/0x3c [ 127.748717][ T5793] dump_stack_lvl+0x108/0x170 [ 127.749751][ T5793] dump_stack+0x1c/0x58 [ 127.750727][ T5793] should_fail+0x3b8/0x514 [ 127.751800][ T5793] should_fail_usercopy+0x20/0x30 [ 127.752986][ T5793] simple_read_from_buffer+0xd8/0x26c [ 127.754382][ T5793] proc_fail_nth_read+0x1a0/0x248 [ 127.755585][ T5793] vfs_read+0x278/0xb18 [ 127.756579][ T5793] ksys_read+0x15c/0x26c [ 127.757546][ T5793] __arm64_sys_read+0x7c/0x90 [ 127.758765][ T5793] invoke_syscall+0x98/0x2b8 [ 127.760013][ T5793] el0_svc_common+0x138/0x258 [ 127.761135][ T5793] do_el0_svc+0x58/0x14c [ 127.762246][ T5793] el0_svc+0x7c/0x1f0 [ 127.763232][ T5793] el0t_64_sync_handler+0x84/0xe4 [ 127.764481][ T5793] el0t_64_sync+0x1a0/0x1a4 [ 128.171353][ T5816] loop1: detected capacity change from 0 to 1024 [ 128.478907][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 128.799301][ T5823] loop1: detected capacity change from 0 to 2048 [ 129.782560][ T5844] netlink: 104 bytes leftover after parsing attributes in process `syz.2.601'. [ 130.768816][ T5856] loop3: detected capacity change from 0 to 40427 [ 130.846604][ T5856] F2FS-fs (loop3): Unrecognized mount option "./file1" or missing value [ 131.083592][ T2052] ieee802154 phy0 wpan0: encryption failed: -22 [ 131.085162][ T2052] ieee802154 phy1 wpan1: encryption failed: -22 [ 131.278545][ T5872] loop3: detected capacity change from 0 to 1024 [ 131.419532][ T148] hfsplus: b-tree write err: -5, ino 4 [ 131.489089][ T5876] loop4: detected capacity change from 0 to 2048 [ 131.707987][ T5876] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv0,errors=remount-ro,. Quota mode: none. [ 133.235203][ T5887] loop3: detected capacity change from 0 to 40427 [ 133.706120][ T5875] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 133.712462][ T5875] EXT4-fs (loop4): Remounting filesystem read-only [ 133.929362][ T5906] loop4: detected capacity change from 0 to 256 [ 134.049393][ T5910] netlink: 'syz.2.625': attribute type 8 has an invalid length. [ 134.111319][ T5823] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 134.164297][ T5906] FAT-fs (loop4): Directory bread(block 64) failed [ 134.165994][ T5906] FAT-fs (loop4): Directory bread(block 65) failed [ 134.169363][ T5906] FAT-fs (loop4): Directory bread(block 66) failed [ 134.170972][ T5906] FAT-fs (loop4): Directory bread(block 67) failed [ 134.185420][ T5906] FAT-fs (loop4): Directory bread(block 68) failed [ 134.187068][ T5906] FAT-fs (loop4): Directory bread(block 69) failed [ 134.196999][ T5906] FAT-fs (loop4): Directory bread(block 70) failed [ 134.199797][ T5906] FAT-fs (loop4): Directory bread(block 71) failed [ 134.201428][ T5906] FAT-fs (loop4): Directory bread(block 72) failed [ 134.203040][ T5906] FAT-fs (loop4): Directory bread(block 73) failed [ 134.295182][ T5906] netlink: 'syz.4.623': attribute type 8 has an invalid length. [ 134.460693][ T5914] loop4: detected capacity change from 0 to 1024 [ 134.631952][ T303] hfsplus: b-tree write err: -5, ino 4 [ 135.439728][ T5919] device netdevsim0 entered promiscuous mode [ 135.696477][ T5925] fuse: Bad value for 'group_id' [ 136.206586][ T5823] EXT4-fs warning (device loop1): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop1. [ 136.312858][ T5944] loop3: detected capacity change from 0 to 8 [ 137.016775][ T5951] binder: 5950:5951 tried to acquire reference to desc 0, got 1 instead [ 137.069491][ T1534] binder: undelivered transaction 5, process died. [ 137.152431][ T5953] loop4: detected capacity change from 0 to 1024 [ 137.346622][ T148] hfsplus: b-tree write err: -5, ino 4 [ 137.439516][ T5955] loop4: detected capacity change from 0 to 1024 [ 137.945437][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 138.371092][ T5959] loop4: detected capacity change from 0 to 512 [ 138.457098][ T5959] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 138.480688][ T5959] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=8003e119, mo2=0000] [ 138.492886][ T5959] EXT4-fs (loop4): 1 truncate cleaned up [ 138.496208][ T5959] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodelalloc,noblock_validity,nombcache,norecovery,acl,resgid=0x000000000000ee01,norecovery,noauto_da_alloc,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 138.512420][ T148] __quota_error: 2 callbacks suppressed [ 138.512433][ T148] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5) [ 138.516889][ T148] EXT4-fs error (device loop4): ext4_release_dquot:6220: comm kworker/u4:2: Failed to release dquot type 1 [ 138.521188][ T5959] netlink: 192 bytes leftover after parsing attributes in process `syz.4.645'. [ 138.523771][ T5959] netlink: 56 bytes leftover after parsing attributes in process `syz.4.645'. [ 139.016783][ T5982] x_tables: ip_tables: socket match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT [ 139.196563][ T5944] unable to read inode lookup table [ 140.890145][ T6010] overlayfs: missing 'lowerdir' [ 141.960785][ T6024] fuse: Bad value for 'group_id' [ 142.022339][ T6026] loop1: detected capacity change from 0 to 1024 [ 142.220980][ T6036] loop4: detected capacity change from 0 to 256 [ 142.457703][ T303] hfsplus: b-tree write err: -5, ino 4 [ 142.572367][ T6041] device geneve2 entered promiscuous mode [ 143.809082][ T6033] loop3: detected capacity change from 0 to 512 [ 144.361562][ T6033] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.669: inode #1: comm syz.3.669: iget: illegal inode # [ 144.389291][ T6033] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.669: error while reading EA inode 1 err=-117 [ 144.399939][ T6033] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.669: inode #1: comm syz.3.669: iget: illegal inode # [ 144.416755][ T6033] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.669: error while reading EA inode 1 err=-117 [ 144.426185][ T6033] EXT4-fs (loop3): 1 orphan inode deleted [ 144.432944][ T6033] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback. [ 145.558371][ T6073] binder: tried to use weak ref as strong ref [ 145.563476][ T6073] binder: 6072:6073 Acquire 1 refcount change on invalid ref 0 ret -22 [ 145.571149][ T6073] binder: 6072:6073 got transaction to invalid handle, 1 [ 145.593466][ T6073] binder: 6072:6073 transaction failed 29201/-22, size 72-0 line 2917 [ 145.750469][ T6075] loop4: detected capacity change from 0 to 1024 [ 146.010005][ T6087] loop1: detected capacity change from 0 to 8 [ 146.704144][ T6087] unable to read inode lookup table [ 146.803675][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 147.760486][ T6101] loop4: detected capacity change from 0 to 256 [ 148.618109][ T6113] overlayfs: missing 'lowerdir' [ 148.704187][ T6112] kAFS: Can only specify source 'none' with -o dyn [ 148.848254][ T6119] loop1: detected capacity change from 0 to 1024 [ 148.965406][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 149.054720][ T6130] fuse: Bad value for 'group_id' [ 149.077339][ T6131] loop1: detected capacity change from 0 to 1024 [ 149.412679][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 149.644936][ T6136] netlink: 52 bytes leftover after parsing attributes in process `syz.2.708'. [ 149.922196][ T6121] loop4: detected capacity change from 0 to 32768 [ 149.938200][ T6140] netlink: 61967 bytes leftover after parsing attributes in process `syz.1.707'. [ 149.990224][ T6139] overlayfs: missing 'lowerdir' [ 150.053409][ T6140] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 150.054030][ T6121] ea_get: invalid extended attribute [ 150.057160][ T6121] 00000000c4140547: 04 00 00 00 .... [ 150.064025][ T6140] udc-core: couldn't find an available UDC or it's busy [ 150.065777][ T6140] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 151.162140][ T6151] fuse: Bad value for 'fd' [ 151.416299][ T6121] netlink: 72 bytes leftover after parsing attributes in process `syz.4.698'. [ 151.436458][ T6121] ea_get: invalid extended attribute [ 151.437953][ T6121] 00000000c4140547: 04 00 00 00 .... [ 151.451342][ T6163] loop1: detected capacity change from 0 to 1024 [ 151.469114][ T6121] ea_get: invalid extended attribute [ 151.470587][ T6121] 00000000c4140547: 04 00 00 00 .... [ 151.589336][ T4148] hfsplus: b-tree write err: -5, ino 4 [ 151.661372][ T6165] loop1: detected capacity change from 0 to 8 [ 151.719865][ T6165] unable to read inode lookup table [ 152.071571][ T6173] loop1: detected capacity change from 0 to 1024 [ 152.370463][ T4148] hfsplus: b-tree write err: -5, ino 4 [ 152.480140][ T6189] loop1: detected capacity change from 0 to 256 [ 153.641417][ T6199] loop1: detected capacity change from 0 to 1024 [ 153.690789][ T6205] loop4: detected capacity change from 0 to 8 [ 153.739200][ T4167] hfsplus: b-tree write err: -5, ino 4 [ 153.786016][ T6205] unable to read inode lookup table [ 154.401193][ T6225] loop4: detected capacity change from 0 to 512 [ 154.549567][ T6225] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 154.607794][ T6225] netlink: 16 bytes leftover after parsing attributes in process `syz.4.739'. [ 156.272744][ T6263] FAULT_INJECTION: forcing a failure. [ 156.272744][ T6263] name failslab, interval 1, probability 0, space 0, times 0 [ 156.276202][ T6263] CPU: 1 PID: 6263 Comm: syz.1.749 Not tainted 5.15.179-syzkaller #0 [ 156.278293][ T6263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 156.280852][ T6263] Call trace: [ 156.281625][ T6263] dump_backtrace+0x0/0x530 [ 156.282819][ T6263] show_stack+0x2c/0x3c [ 156.283910][ T6263] dump_stack_lvl+0x108/0x170 [ 156.285135][ T6263] dump_stack+0x1c/0x58 [ 156.286165][ T6263] should_fail+0x3b8/0x514 [ 156.287230][ T6263] __should_failslab+0xbc/0x110 [ 156.288509][ T6263] should_failslab+0x10/0x28 [ 156.289601][ T6263] slab_pre_alloc_hook+0x64/0xe8 [ 156.290815][ T6263] kmem_cache_alloc+0x98/0x45c [ 156.292030][ T6263] mm_alloc+0x28/0xb8 [ 156.293036][ T6263] alloc_bprm+0x1a0/0x604 [ 156.294143][ T6263] do_execveat_common+0x154/0x814 [ 156.295375][ T6263] __arm64_sys_execveat+0xd0/0xec [ 156.296691][ T6263] invoke_syscall+0x98/0x2b8 [ 156.297874][ T6263] el0_svc_common+0x138/0x258 [ 156.299035][ T6263] do_el0_svc+0x58/0x14c [ 156.300101][ T6263] el0_svc+0x7c/0x1f0 [ 156.301177][ T6263] el0t_64_sync_handler+0x84/0xe4 [ 156.302443][ T6263] el0t_64_sync+0x1a0/0x1a4 [ 157.461419][ T6270] fuse: Bad value for 'group_id' [ 157.631241][ T6273] loop1: detected capacity change from 0 to 1024 [ 157.715757][ T6254] FAULT_INJECTION: forcing a failure. [ 157.715757][ T6254] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 157.719456][ T6254] CPU: 0 PID: 6254 Comm: syz.2.748 Not tainted 5.15.179-syzkaller #0 [ 157.721462][ T6254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 157.723742][ T6254] Call trace: [ 157.724565][ T6254] dump_backtrace+0x0/0x530 [ 157.725799][ T6254] show_stack+0x2c/0x3c [ 157.726876][ T6254] dump_stack_lvl+0x108/0x170 [ 157.728014][ T6254] dump_stack+0x1c/0x58 [ 157.728970][ T6254] should_fail+0x3b8/0x514 [ 157.730096][ T6254] should_fail_usercopy+0x20/0x30 [ 157.731353][ T6254] kstrtouint_from_user+0xd8/0x384 [ 157.732651][ T6254] proc_fail_nth_write+0xa8/0x288 [ 157.733860][ T6254] vfs_write+0x280/0xb44 [ 157.734956][ T6254] ksys_write+0x15c/0x26c [ 157.736068][ T6254] __arm64_sys_write+0x7c/0x90 [ 157.737189][ T6254] invoke_syscall+0x98/0x2b8 [ 157.738396][ T6254] el0_svc_common+0x138/0x258 [ 157.739569][ T6254] do_el0_svc+0x58/0x14c [ 157.740613][ T6254] el0_svc+0x7c/0x1f0 [ 157.741589][ T6254] el0t_64_sync_handler+0x84/0xe4 [ 157.742760][ T6254] el0t_64_sync+0x1a0/0x1a4 [ 157.824208][ T303] hfsplus: b-tree write err: -5, ino 4 [ 157.993420][ T6284] loop1: detected capacity change from 0 to 1024 [ 159.094074][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 159.145691][ T6293] loop4: detected capacity change from 0 to 128 [ 159.184796][ T6293] FAT-fs (loop4): Unrecognized mount option "¿·HT´ra†[hÐ'ËÓ!²o¥QD…Œ²ƒÆp‘þk­'ä"=Y?í³¼ØÄvKìýØ”?>ÃûˆlÁD»½Ò‘aò$çšõIG9’&è¢Õ" or missing value [ 159.221201][ T6295] loop1: detected capacity change from 0 to 256 [ 159.660098][ T6299] input: syz1 as /devices/virtual/input/input3 [ 159.758773][ T6299] netlink: 'syz.4.762': attribute type 1 has an invalid length. [ 160.093237][ T6303] fuse: Bad value for 'group_id' [ 160.374297][ T6308] loop4: detected capacity change from 0 to 1024 [ 160.528854][ T148] hfsplus: b-tree write err: -5, ino 4 [ 160.780776][ T6325] loop4: detected capacity change from 0 to 1024 [ 160.808488][ T6327] netlink: 3 bytes leftover after parsing attributes in process `syz.0.772'. [ 161.019930][ T1600] hfsplus: b-tree write err: -5, ino 4 [ 161.132848][ T6335] fuse: Bad value for 'group_id' [ 161.381604][ T6342] netlink: 'syz.0.779': attribute type 2 has an invalid length. [ 161.655081][ T6356] binder: tried to use weak ref as strong ref [ 161.656726][ T6356] binder: 6355:6356 Acquire 1 refcount change on invalid ref 0 ret -22 [ 161.663748][ T6356] binder: 6355:6356 got transaction to invalid handle, 1 [ 161.665568][ T6356] binder: 6355:6356 transaction failed 29201/-22, size 72-0 line 2917 [ 161.775382][ T6362] fuse: Bad value for 'group_id' [ 161.848681][ T6367] netlink: 6732 bytes leftover after parsing attributes in process `syz.4.789'. [ 162.088124][ T6380] netlink: 24 bytes leftover after parsing attributes in process `syz.0.796'. [ 162.264859][ T6384] loop3: detected capacity change from 0 to 1024 [ 162.463403][ T4148] hfsplus: b-tree write err: -5, ino 4 [ 163.185811][ T6404] 9pnet_virtio: no channels available for device syz [ 164.021197][ T6407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.806'. [ 164.048540][ T6412] netlink: 8 bytes leftover after parsing attributes in process `syz.1.806'. [ 164.186575][ T6392] loop3: detected capacity change from 0 to 32768 [ 164.207467][ T6418] loop1: detected capacity change from 0 to 1024 [ 164.242933][ T6392] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.801 (6392) [ 164.268031][ T6425] loop4: detected capacity change from 0 to 512 [ 164.379106][ T6421] fuse: Bad value for 'rootmode' [ 164.392943][ T6427] overlayfs: missing 'workdir' [ 164.422213][ T6425] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 164.430979][ T6392] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 164.444309][ T6425] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002] [ 164.446409][ T6425] System zones: 1-12 [ 164.465665][ T6425] EXT4-fs (loop4): 1 truncate cleaned up [ 164.469464][ T6392] BTRFS info (device loop3): using free space tree [ 164.473493][ T6425] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,nouid32,debug,lazytime,quota,,errors=continue. Quota mode: writeback. [ 164.480625][ T6392] BTRFS info (device loop3): has skinny extents [ 164.488975][ T4148] hfsplus: b-tree write err: -5, ino 4 [ 164.570335][ T6445] No such timeout policy "syz0" [ 165.543009][ T6392] BTRFS info (device loop3): enabling ssd optimizations [ 165.645132][ T6464] loop1: detected capacity change from 0 to 1024 [ 165.733015][ T6468] udc-core: couldn't find an available UDC or it's busy [ 165.734962][ T6468] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 165.810964][ T6464] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 166.052381][ T6483] loop1: detected capacity change from 0 to 256 [ 166.185625][ T6466] loop4: detected capacity change from 0 to 32768 [ 166.248719][ T6466] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.820 (6466) [ 166.310040][ T6466] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 166.321611][ T6466] BTRFS info (device loop4): force clearing of disk cache [ 166.333123][ T6466] BTRFS info (device loop4): setting nodatasum [ 166.335019][ T6466] BTRFS info (device loop4): use zlib compression, level 3 [ 166.336817][ T6466] BTRFS info (device loop4): allowing degraded mounts [ 166.356360][ T6466] BTRFS info (device loop4): enabling ssd optimizations [ 166.358046][ T6466] BTRFS info (device loop4): using free space tree [ 166.369062][ T6466] BTRFS info (device loop4): has skinny extents [ 166.618539][ T6512] loop1: detected capacity change from 0 to 512 [ 166.679163][ T6487] loop3: detected capacity change from 0 to 32768 [ 166.692003][ T6466] BTRFS info (device loop4): clearing free space tree [ 166.695806][ T6466] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.696765][ T6512] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 166.699199][ T6466] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.738701][ T6466] BTRFS info (device loop4): creating free space tree [ 166.742782][ T6466] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 166.748166][ T6512] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002] [ 166.750170][ T6512] System zones: 1-12 [ 166.752259][ T6466] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 166.765479][ T6512] EXT4-fs (loop1): 1 truncate cleaned up [ 166.766913][ T6512] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,nouid32,debug,lazytime,quota,,errors=continue. Quota mode: writeback. [ 167.966609][ T6520] raw_sendmsg: syz.4.820 forgot to set AF_INET. Fix it! [ 168.092558][ T6532] fuse: Bad value for 'group_id' [ 168.641992][ T6557] loop4: detected capacity change from 0 to 8 [ 168.651446][ T6552] overlayfs: missing 'workdir' [ 168.983960][ T6538] Bluetooth: hci1: command 0x0406 tx timeout [ 168.987374][ T6538] Bluetooth: hci0: command 0x0406 tx timeout [ 168.989001][ T6538] Bluetooth: hci2: command 0x0406 tx timeout [ 168.990547][ T6538] Bluetooth: hci3: command 0x0406 tx timeout [ 168.993714][ T6538] Bluetooth: hci4: command 0x0406 tx timeout [ 169.064340][ T6564] FAULT_INJECTION: forcing a failure. [ 169.064340][ T6564] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 169.068008][ T6564] CPU: 0 PID: 6564 Comm: syz.1.844 Not tainted 5.15.179-syzkaller #0 [ 169.070040][ T6564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 169.072330][ T6564] Call trace: [ 169.073141][ T6564] dump_backtrace+0x0/0x530 [ 169.074291][ T6564] show_stack+0x2c/0x3c [ 169.075310][ T6564] dump_stack_lvl+0x108/0x170 [ 169.076460][ T6564] dump_stack+0x1c/0x58 [ 169.077589][ T6564] should_fail+0x3b8/0x514 [ 169.078606][ T6564] should_fail_alloc_page+0x74/0xa8 [ 169.080002][ T6564] prepare_alloc_pages+0x160/0x460 [ 169.081313][ T6564] __alloc_pages+0x138/0x674 [ 169.082498][ T6564] alloc_pages+0x368/0x5d4 [ 169.083586][ T6564] new_slab+0xec/0x56c [ 169.084689][ T6564] ___slab_alloc+0x6bc/0xdbc [ 169.085835][ T6564] kmem_cache_alloc+0x2d8/0x45c [ 169.087035][ T6564] p9_client_prepare_req+0x308/0xd50 [ 169.088349][ T6564] p9_client_rpc+0x138/0xf68 [ 169.089543][ T6564] p9_client_attach+0x138/0x3b8 [ 169.090729][ T6564] v9fs_fid_lookup_with_uid+0x440/0x6b4 [ 169.092163][ T6564] v9fs_fid_lookup+0x140/0x184 [ 169.093444][ T6564] v9fs_file_open+0x204/0x618 [ 169.094664][ T6564] do_dentry_open+0x780/0xed8 [ 169.095803][ T6564] vfs_open+0x7c/0x90 [ 169.096792][ T6564] path_openat+0x1ea0/0x26cc [ 169.097963][ T6564] do_filp_open+0x1a8/0x3b4 [ 169.099101][ T6564] do_sys_openat2+0x128/0x3e0 [ 169.100284][ T6564] __arm64_sys_openat+0x1f0/0x240 [ 169.101572][ T6564] invoke_syscall+0x98/0x2b8 [ 169.102748][ T6564] el0_svc_common+0x138/0x258 [ 169.104011][ T6564] do_el0_svc+0x58/0x14c [ 169.105051][ T6564] el0_svc+0x7c/0x1f0 [ 169.106055][ T6564] el0t_64_sync_handler+0x84/0xe4 [ 169.107162][ T6564] el0t_64_sync+0x1a0/0x1a4 [ 169.203005][ T6555] loop3: detected capacity change from 0 to 32768 [ 170.627624][ T6573] 9pnet: Insufficient options for proto=fd [ 170.806291][ T6580] Cannot find set identified by id 4 to match [ 170.808892][ T6582] loop1: detected capacity change from 0 to 256 [ 171.088683][ T6595] loop4: detected capacity change from 0 to 1024 [ 171.233683][ T4148] hfsplus: b-tree write err: -5, ino 4 [ 171.343450][ T6602] loop4: detected capacity change from 0 to 512 [ 171.352038][ T6602] EXT2-fs (loop4): warning: mounting ext3 filesystem as ext2 [ 171.381068][ T6602] netlink: 4 bytes leftover after parsing attributes in process `syz.4.859'. [ 172.525402][ T6609] loop4: detected capacity change from 0 to 512 [ 172.813004][ T6609] EXT2-fs (loop4): warning: mounting ext3 filesystem as ext2 [ 172.850043][ T6616] netlink: 4 bytes leftover after parsing attributes in process `syz.3.860'. [ 172.912959][ T6621] loop3: detected capacity change from 0 to 8 [ 172.987054][ T6621] unable to read inode lookup table [ 173.100420][ T6631] netlink: 52 bytes leftover after parsing attributes in process `syz.0.869'. [ 173.229923][ T6636] FAULT_INJECTION: forcing a failure. [ 173.229923][ T6636] name failslab, interval 1, probability 0, space 0, times 0 [ 173.232953][ T6636] CPU: 0 PID: 6636 Comm: syz.4.871 Not tainted 5.15.179-syzkaller #0 [ 173.234866][ T6636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 173.237335][ T6636] Call trace: [ 173.238116][ T6636] dump_backtrace+0x0/0x530 [ 173.239283][ T6636] show_stack+0x2c/0x3c [ 173.240278][ T6636] dump_stack_lvl+0x108/0x170 [ 173.241457][ T6636] dump_stack+0x1c/0x58 [ 173.242548][ T6636] should_fail+0x3b8/0x514 [ 173.243590][ T6636] __should_failslab+0xbc/0x110 [ 173.244766][ T6636] should_failslab+0x10/0x28 [ 173.245961][ T6636] slab_pre_alloc_hook+0x64/0xe8 [ 173.247075][ T6636] kmem_cache_alloc_trace+0x9c/0x47c [ 173.248398][ T6636] alloc_pipe_info+0xfc/0x518 [ 173.249494][ T6636] splice_direct_to_actor+0x818/0x9a0 [ 173.250730][ T6636] do_splice_direct+0x1f4/0x334 [ 173.251924][ T6636] do_sendfile+0x4c0/0xcb0 [ 173.253022][ T6636] __arm64_sys_sendfile64+0x160/0x408 [ 173.254308][ T6636] invoke_syscall+0x98/0x2b8 [ 173.255501][ T6636] el0_svc_common+0x138/0x258 [ 173.256675][ T6636] do_el0_svc+0x58/0x14c [ 173.257711][ T6636] el0_svc+0x7c/0x1f0 [ 173.258702][ T6636] el0t_64_sync_handler+0x84/0xe4 [ 173.259942][ T6636] el0t_64_sync+0x1a0/0x1a4 [ 173.532421][ T6646] netlink: 'syz.4.876': attribute type 1 has an invalid length. [ 173.553243][ T6646] netlink: 'syz.4.876': attribute type 4 has an invalid length. [ 173.557725][ T6646] netlink: 15334 bytes leftover after parsing attributes in process `syz.4.876'. [ 173.580539][ T6646] loop4: detected capacity change from 0 to 47 [ 173.715424][ T6660] netlink: 52 bytes leftover after parsing attributes in process `syz.3.882'. [ 173.826886][ T6666] loop3: detected capacity change from 0 to 8 [ 173.851809][ T6666] unable to read inode lookup table [ 173.891716][ T6668] fuse: Bad value for 'group_id' [ 174.645903][ T6662] loop1: detected capacity change from 0 to 32768 [ 175.441915][ T6662] BTRFS: device fsid 16bad5ef-498e-43ba-8a30-25ddcaa179c7 devid 1 transid 8 /dev/loop1 scanned by syz.1.883 (6662) [ 175.482509][ T6685] loop3: detected capacity change from 0 to 2048 [ 175.516803][ T6662] BTRFS info (device loop1): using sha256 (sha256-ce) checksum algorithm [ 175.519177][ T6662] BTRFS info (device loop1): using free space tree [ 175.520728][ T6662] BTRFS info (device loop1): has skinny extents [ 175.524807][ T6685] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 175.663762][ T6685] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 175.816347][ T6717] netlink: 52 bytes leftover after parsing attributes in process `syz.0.895'. [ 175.823945][ T6662] BTRFS info (device loop1): enabling ssd optimizations [ 175.880769][ T6671] loop4: detected capacity change from 0 to 40427 [ 175.919095][ T6671] F2FS-fs (loop4): invalid crc value [ 175.956709][ T6723] loop3: detected capacity change from 0 to 1024 [ 175.957605][ T6671] F2FS-fs (loop4): Found nat_bits in checkpoint [ 176.011431][ T6728] overlayfs: failed to clone upperpath [ 176.088144][ T6671] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 176.150822][ T391] hfsplus: b-tree write err: -5, ino 4 [ 177.448026][ T4022] attempt to access beyond end of device [ 177.448026][ T4022] loop4: rw=2051, want=131072, limit=40427 [ 177.451268][ T4022] attempt to access beyond end of device [ 177.451268][ T4022] loop4: rw=2051, want=45064, limit=40427 [ 177.485277][ T4022] F2FS-fs (loop4): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 177.485329][ T4022] F2FS-fs (loop4): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 177.853653][ T6748] loop1: detected capacity change from 0 to 40427 [ 177.898728][ T6748] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 177.900678][ T6748] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 177.907388][ T6748] F2FS-fs (loop1): invalid crc value [ 177.922243][ T6748] F2FS-fs (loop1): Found nat_bits in checkpoint [ 177.961081][ T6756] loop4: detected capacity change from 0 to 4096 [ 177.970272][ T6748] F2FS-fs (loop1): recover fsync data on readonly fs [ 177.992898][ T6748] F2FS-fs (loop1): Try to recover 1th superblock, ret: -30 [ 177.995166][ T6756] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 178.002509][ T6756] ntfs: (device loop4): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 178.005894][ T6756] ntfs: (device loop4): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 178.016765][ T6756] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 178.018937][ T6756] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 178.023618][ T6756] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 178.025742][ T6756] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 178.026899][ T6748] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 178.030439][ T6756] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 178.034770][ T6756] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 178.039697][ T6756] ntfs: (device loop4): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 178.043652][ T6756] ntfs: volume version 3.1. [ 178.068051][ T6756] 9pnet: Insufficient options for proto=fd [ 178.082692][ T6748] udc-core: couldn't find an available UDC or it's busy [ 178.104040][ T6748] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 178.135071][ T6748] netlink: 'syz.1.901': attribute type 3 has an invalid length. [ 178.137079][ T6748] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.901'. [ 178.145997][ T6758] overlayfs: failed to clone upperpath [ 178.157678][ T6748] F2FS-fs (loop1): Corrupted max_depth of 3: 1537 [ 178.256878][ T6761] netlink: 52 bytes leftover after parsing attributes in process `syz.0.906'. [ 178.263387][ T6538] Bluetooth: hci4: command 0x0405 tx timeout [ 178.340543][ T6764] loop4: detected capacity change from 0 to 128 [ 178.520613][ T6770] loop4: detected capacity change from 0 to 1024 [ 178.646245][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 178.739603][ T6776] netlink: 20 bytes leftover after parsing attributes in process `syz.4.912'. [ 179.983594][ T6782] loop4: detected capacity change from 0 to 2048 [ 180.008792][ T6784] loop1: detected capacity change from 0 to 4096 [ 180.038616][ T6784] ntfs: volume version 3.1. [ 180.073478][ T6782] EXT4-fs (loop4): Ignoring removed mblk_io_submit option [ 180.162263][ T6782] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,usrjquota=,errors=remount-ro,norecovery,auto_da_alloc,mblk_io_submit,minixdf,barrier=0x0000000000000000,grpjquota=,bsddf,. Quota mode: none. [ 180.264731][ T6784] loop1: detected capacity change from 0 to 4096 [ 180.296632][ T6784] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512) [ 180.316784][ T6789] netlink: 52 bytes leftover after parsing attributes in process `syz.3.919'. [ 180.381243][ T6793] binder: BINDER_SET_CONTEXT_MGR already set [ 180.387742][ T6793] binder: 6792:6793 ioctl 4018620d 20000040 returned -16 [ 180.403344][ T6793] binder: 6792:6793 got transaction to invalid handle, 1 [ 180.410413][ T6793] binder: 6792:6793 transaction failed 29201/-22, size 72-0 line 2917 [ 180.444415][ T6795] fuse: Bad value for 'group_id' [ 180.542424][ T6768] netlink: 28 bytes leftover after parsing attributes in process `syz.0.909'. [ 180.620406][ T6800] loop4: detected capacity change from 0 to 1024 [ 180.727410][ T4268] hfsplus: b-tree write err: -5, ino 4 [ 180.862617][ T6819] fuse: Bad value for 'group_id' [ 180.957840][ T6822] 9pnet: Insufficient options for proto=fd [ 180.960453][ T6818] overlayfs: failed to clone upperpath [ 181.180208][ T6833] binder: BINDER_SET_CONTEXT_MGR already set [ 181.181795][ T6833] binder: 6826:6833 ioctl 4018620d 20000040 returned -16 [ 181.213750][ T6833] binder: 6826:6833 got transaction to invalid handle, 1 [ 181.215619][ T6833] binder: 6826:6833 transaction failed 29201/-22, size 72-0 line 2917 [ 181.220121][ T6835] netlink: 44 bytes leftover after parsing attributes in process `syz.1.930'. [ 181.360319][ T6841] loop4: detected capacity change from 0 to 512 [ 181.393885][ T6807] loop3: detected capacity change from 0 to 32768 [ 181.433457][ T6841] EXT2-fs (loop4): warning: mounting ext3 filesystem as ext2 [ 181.452446][ T6807] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.923 (6807) [ 181.506146][ T6807] BTRFS info (device loop3): using sha256 (sha256-ce) checksum algorithm [ 181.511081][ T6807] BTRFS info (device loop3): using free space tree [ 181.512877][ T6807] BTRFS info (device loop3): has skinny extents [ 181.567975][ T6841] EXT2-fs (loop4): error: ext2_check_page: bad entry in directory #11: : inode out of bounds - offset=1024, inode=4294901760, rec_len=1024, name_len=0 [ 181.598619][ T6841] device batadv_slave_1 entered promiscuous mode [ 181.647910][ T6838] device batadv_slave_1 left promiscuous mode [ 182.615958][ T6867] fuse: Bad value for 'group_id' [ 182.686078][ T6865] overlayfs: failed to resolve './file0/../file0': -2 [ 182.745449][ T6807] BTRFS info (device loop3): enabling ssd optimizations [ 183.001596][ T6870] loop4: detected capacity change from 0 to 40427 [ 183.036162][ T6870] F2FS-fs (loop4): Wrong SSA boundary, start(3584) end(4096) blocks(0) [ 183.036833][ T6885] binder: 6884:6885 got transaction to invalid handle, 1 [ 183.038402][ T6870] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 183.040186][ T6885] binder: 6884:6885 transaction failed 29201/-22, size 72-0 line 2917 [ 183.057558][ T6870] F2FS-fs (loop4): invalid crc value [ 183.064512][ T6870] F2FS-fs (loop4): Found nat_bits in checkpoint [ 183.115935][ T6870] F2FS-fs (loop4): Start checkpoint disabled! [ 183.194932][ T6870] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 183.196749][ T6870] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 183.200206][ T6889] loop1: detected capacity change from 0 to 1024 [ 183.414403][ T6896] loop3: detected capacity change from 0 to 1024 [ 183.452313][ T6894] netlink: 24 bytes leftover after parsing attributes in process `syz.1.951'. [ 184.368741][ T391] hfsplus: b-tree write err: -5, ino 4 [ 184.390653][ T4106] attempt to access beyond end of device [ 184.390653][ T4106] loop4: rw=2049, want=40976, limit=40427 [ 185.437220][ T6903] overlayfs: failed to resolve './file0/../file0': -2 [ 185.491982][ T6912] fuse: Bad value for 'group_id' [ 185.585382][ T6915] udc-core: couldn't find an available UDC or it's busy [ 185.587153][ T6915] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 185.607798][ T6915] Injecting memory failure for pfn 0x1b0bcc at process virtual address 0x20ffd000 [ 185.629981][ T6917] binder: 6916:6917 got transaction to invalid handle, 1 [ 185.631803][ T6917] binder: 6916:6917 transaction failed 29201/-22, size 72-0 line 2917 [ 185.634390][ T6915] Memory failure: 0x1b0bcc: recovery action for reserved kernel page: Ignored [ 185.635596][ T6920] loop3: detected capacity change from 0 to 512 [ 185.668990][ T6923] loop4: detected capacity change from 0 to 8 [ 185.842907][ T6932] loop4: detected capacity change from 0 to 64 [ 185.864152][ T6920] EXT4-fs (loop3): orphan cleanup on readonly fs [ 185.866097][ T6920] EXT4-fs error (device loop3): ext4_quota_enable:6384: comm syz.3.961: Bad quota inum: 11, type: 1 [ 185.869525][ T6920] EXT4-fs warning (device loop3): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 185.885800][ T6920] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 185.888475][ T6920] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 185.895603][ T6920] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 186.617114][ T6920] EXT4-fs error (device loop3): ext4_quota_enable:6384: comm syz.3.961: Bad quota inum: 11, type: 1 [ 186.631501][ T6920] EXT4-fs warning (device loop3): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 186.699843][ T6932] Trying to free block not in datazone [ 186.870515][ T6937] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 186.899876][ T6937] EXT4-fs error (device loop3): ext4_quota_enable:6384: comm syz.3.961: Bad quota inum: 11, type: 1 [ 186.902877][ T6937] EXT4-fs warning (device loop3): ext4_enable_quotas:6432: Failed to enable quota tracking (type=1, err=-117, ino=11). Please run e2fsck to fix. [ 186.947836][ T6943] loop4: detected capacity change from 0 to 256 [ 186.970202][ T6943] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 187.226910][ T6946] loop4: detected capacity change from 0 to 2048 [ 187.354930][ T6946] EXT4-fs (loop4): mounted filesystem without journal. Opts: acl,,errors=continue. Quota mode: none. [ 187.407370][ T6946] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 187.447370][ T6946] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 187.450770][ T6946] EXT4-fs (loop4): This should not happen!! Data will be lost [ 187.450770][ T6946] [ 187.539263][ T6946] EXT4-fs (loop4): Total free blocks count 0 [ 187.540676][ T6946] EXT4-fs (loop4): Free/Dirty block details [ 187.542068][ T6946] EXT4-fs (loop4): free_blocks=2415919104 [ 187.573193][ T6946] EXT4-fs (loop4): dirty_blocks=16 [ 187.574577][ T6946] EXT4-fs (loop4): Block reservation details [ 187.576151][ T6946] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 187.590083][ T6963] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 187.615306][ T6963] EXT4-fs (loop4): This should not happen!! Data will be lost [ 187.615306][ T6963] [ 187.641777][ T6972] fuse: Bad value for 'group_id' [ 187.642011][ T6971] binder: 6970:6971 got transaction to invalid handle, 1 [ 187.659697][ T6971] binder: 6970:6971 transaction failed 29201/-22, size 72-0 line 2917 [ 187.758199][ T6978] FAULT_INJECTION: forcing a failure. [ 187.758199][ T6978] name failslab, interval 1, probability 0, space 0, times 0 [ 187.761744][ T6978] CPU: 1 PID: 6978 Comm: syz.2.973 Not tainted 5.15.179-syzkaller #0 [ 187.763739][ T6978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 187.766257][ T6978] Call trace: [ 187.767119][ T6978] dump_backtrace+0x0/0x530 [ 187.768264][ T6978] show_stack+0x2c/0x3c [ 187.769345][ T6978] dump_stack_lvl+0x108/0x170 [ 187.770558][ T6978] dump_stack+0x1c/0x58 [ 187.771634][ T6978] should_fail+0x3b8/0x514 [ 187.772771][ T6978] __should_failslab+0xbc/0x110 [ 187.774061][ T6978] should_failslab+0x10/0x28 [ 187.775192][ T6978] slab_pre_alloc_hook+0x64/0xe8 [ 187.775932][ T6979] loop1: detected capacity change from 0 to 512 [ 187.776427][ T6978] kmem_cache_alloc+0x98/0x45c [ 187.779164][ T6978] dst_alloc+0xf8/0x170 [ 187.780243][ T6978] ip_route_output_key_hash_rcu+0xfb4/0x1f88 [ 187.781857][ T6978] ip_route_output_key_hash+0x1b0/0x31c [ 187.783292][ T6978] ip_route_output_flow+0x3c/0x160 [ 187.784652][ T6978] ip_route_newports+0x164/0x21c [ 187.785958][ T6978] tcp_v4_connect+0xa74/0x1638 [ 187.787149][ T6978] __inet_stream_connect+0x204/0xc00 [ 187.788460][ T6978] inet_stream_connect+0x74/0xb0 [ 187.789733][ T6978] kernel_connect+0x114/0x164 [ 187.790903][ T6978] smc_connect+0x3d4/0x828 [ 187.792041][ T6978] __sys_connect+0x268/0x290 [ 187.793173][ T6978] __arm64_sys_connect+0x7c/0x94 [ 187.794396][ T6978] invoke_syscall+0x98/0x2b8 [ 187.795553][ T6978] el0_svc_common+0x138/0x258 [ 187.796895][ T6978] do_el0_svc+0x58/0x14c [ 187.797881][ T6978] el0_svc+0x7c/0x1f0 [ 187.798837][ T6978] el0t_64_sync_handler+0x84/0xe4 [ 187.800119][ T6978] el0t_64_sync+0x1a0/0x1a4 [ 188.004609][ T6979] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 188.021166][ T6979] EXT4-fs (loop1): 1 truncate cleaned up [ 188.022600][ T6979] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,resuid=0x0000000000000000,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 188.872970][ T6998] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #2: block 13: comm syz.1.974: bad entry in directory: inode out of bounds - offset=24, inode=589835, rec_len=20, size=1024 fake=0 [ 190.072965][ T7021] fuse: Bad value for 'group_id' [ 190.088170][ T7025] binder: BINDER_SET_CONTEXT_MGR already set [ 190.089701][ T7025] binder: 7018:7025 ioctl 4018620d 20000040 returned -16 [ 190.092172][ T7025] binder: 7018:7025 got transaction to invalid handle, 1 [ 190.093976][ T7025] binder: 7018:7025 transaction failed 29201/-22, size 72-0 line 2917 [ 190.297932][ T7036] loop1: detected capacity change from 0 to 1024 [ 190.354200][ T7036] hfsplus: unable to parse mount options [ 190.403262][ T7044] netlink: 52 bytes leftover after parsing attributes in process `syz.2.989'. [ 190.441709][ T7010] loop4: detected capacity change from 0 to 32768 [ 190.593535][ T7010] JFS: charset not found [ 190.625034][ T7058] fuse: Bad value for 'group_id' [ 190.714171][ T7051] loop1: detected capacity change from 0 to 8192 [ 190.872476][ T7051] loop1: AHDI p2 p3 [ 190.880640][ T7051] loop1: p2 start 4278386945 is beyond EOD, truncated [ 192.564843][ T2052] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.566521][ T2052] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.581388][ T7070] loop3: detected capacity change from 0 to 2048 [ 192.614894][ T7010] loop4: detected capacity change from 0 to 4096 [ 192.665379][ T7070] EXT4-fs (loop3): mounted filesystem without journal. Opts: acl,,errors=continue. Quota mode: none. [ 192.692593][ T7070] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 192.731206][ T7070] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 192.773258][ T7070] EXT4-fs (loop3): This should not happen!! Data will be lost [ 192.773258][ T7070] [ 192.788468][ T7070] EXT4-fs (loop3): Total free blocks count 0 [ 192.790026][ T7070] EXT4-fs (loop3): Free/Dirty block details [ 192.813419][ T7070] EXT4-fs (loop3): free_blocks=2415919104 [ 192.814929][ T7070] EXT4-fs (loop3): dirty_blocks=16 [ 192.816217][ T7070] EXT4-fs (loop3): Block reservation details [ 192.817685][ T7070] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 192.824120][ T3641] loop1: AHDI p2 p3 [ 192.825865][ T3641] loop1: p2 start 4278386945 is beyond EOD, truncated [ 192.864499][ T7080] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 192.868195][ T7080] EXT4-fs (loop3): This should not happen!! Data will be lost [ 192.868195][ T7080] [ 192.870803][ T7079] overlayfs: failed to clone upperpath [ 192.986314][ T7083] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1002'. [ 193.023787][ T3641] loop1: AHDI p2 p3 [ 193.024950][ T3641] loop1: p2 start 4278386945 is beyond EOD, truncated [ 193.201337][ T7092] loop1: detected capacity change from 0 to 256 [ 193.328338][ T7096] fuse: Bad value for 'group_id' [ 193.343526][ T7094] loop3: detected capacity change from 0 to 8 [ 193.385108][ T7094] unable to read inode lookup table [ 193.670258][ T7107] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1012'. [ 193.672588][ T7107] device syz_tun entered promiscuous mode [ 193.677686][ T7107] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1012'. [ 193.799880][ T7111] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1014'. [ 193.961760][ T7115] loop1: detected capacity change from 0 to 2048 [ 194.030887][ T7115] EXT4-fs (loop1): mounted filesystem without journal. Opts: acl,,errors=continue. Quota mode: none. [ 194.055782][ T7115] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 194.082176][ T7115] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 194.086085][ T7115] EXT4-fs (loop1): This should not happen!! Data will be lost [ 194.086085][ T7115] [ 194.088398][ T7115] EXT4-fs (loop1): Total free blocks count 0 [ 194.089884][ T7115] EXT4-fs (loop1): Free/Dirty block details [ 194.091555][ T7115] EXT4-fs (loop1): free_blocks=2415919104 [ 194.092932][ T7115] EXT4-fs (loop1): dirty_blocks=16 [ 194.094441][ T7115] EXT4-fs (loop1): Block reservation details [ 194.095836][ T7115] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 194.120190][ T7115] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28 [ 194.152182][ T7115] EXT4-fs (loop1): This should not happen!! Data will be lost [ 194.152182][ T7115] [ 194.157324][ T7113] loop3: detected capacity change from 0 to 512 [ 194.174026][ T7124] loop4: detected capacity change from 0 to 1024 [ 194.220791][ T7126] fuse: Bad value for 'group_id' [ 194.257683][ T4106] hfsplus: b-tree write err: -5, ino 4 [ 194.282230][ T7113] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 194.333417][ T7113] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=8003e119, mo2=0000] [ 194.339999][ T7131] loop1: detected capacity change from 0 to 256 [ 194.359624][ T7113] EXT4-fs (loop3): 1 truncate cleaned up [ 194.360961][ T7113] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodelalloc,noblock_validity,nombcache,norecovery,acl,resgid=0x000000000000ee01,norecovery,noauto_da_alloc,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 194.382490][ T7134] loop4: detected capacity change from 0 to 128 [ 194.385994][ T391] __quota_error: 23 callbacks suppressed [ 194.386005][ T391] Quota error (device loop3): free_dqentry: Quota structure has offset to other block (1) than it should (5) [ 194.389981][ T391] EXT4-fs error (device loop3): ext4_release_dquot:6220: comm kworker/u4:4: Failed to release dquot type 1 [ 194.408049][ T7131] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 194.503965][ T7131] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1020'. [ 194.778709][ T7147] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1025'. [ 194.798420][ T7151] loop4: detected capacity change from 0 to 512 [ 194.862164][ T7153] FAULT_INJECTION: forcing a failure. [ 194.862164][ T7153] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.867089][ T7153] CPU: 1 PID: 7153 Comm: syz.2.1026 Not tainted 5.15.179-syzkaller #0 [ 194.869220][ T7153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 194.871792][ T7153] Call trace: [ 194.872563][ T7153] dump_backtrace+0x0/0x530 [ 194.873742][ T7153] show_stack+0x2c/0x3c [ 194.874806][ T7153] dump_stack_lvl+0x108/0x170 [ 194.875913][ T7153] dump_stack+0x1c/0x58 [ 194.876961][ T7153] should_fail+0x3b8/0x514 [ 194.878055][ T7153] should_fail_usercopy+0x20/0x30 [ 194.879367][ T7153] simple_read_from_buffer+0xd8/0x26c [ 194.880807][ T7153] proc_fail_nth_read+0x1a0/0x248 [ 194.882121][ T7153] vfs_read+0x278/0xb18 [ 194.883198][ T7153] ksys_read+0x15c/0x26c [ 194.884245][ T7153] __arm64_sys_read+0x7c/0x90 [ 194.885449][ T7153] invoke_syscall+0x98/0x2b8 [ 194.886564][ T7153] el0_svc_common+0x138/0x258 [ 194.887746][ T7153] do_el0_svc+0x58/0x14c [ 194.888860][ T7153] el0_svc+0x7c/0x1f0 [ 194.889828][ T7153] el0t_64_sync_handler+0x84/0xe4 [ 194.891085][ T7153] el0t_64_sync+0x1a0/0x1a4 [ 195.127610][ T7151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.1027: inode #1: comm syz.4.1027: iget: illegal inode # [ 195.137480][ T7151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1027: error while reading EA inode 1 err=-117 [ 195.151143][ T7151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.1027: inode #1: comm syz.4.1027: iget: illegal inode # [ 195.165469][ T7151] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1027: error while reading EA inode 1 err=-117 [ 195.175495][ T7151] EXT4-fs (loop4): 1 orphan inode deleted [ 195.177245][ T7151] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,dioread_lock,norecovery,noinit_itable,resgid=0x0000000000000000,minixdf,usrjquota=,debug_want_extra_isize=0x000000000000005c,jqfmt=vfsold,dioread_lock,resuid=0x0000000000000000,noquota,i_version,,errors=continue. Quota mode: none. [ 195.218395][ T7166] loop3: detected capacity change from 0 to 256 [ 195.274050][ T7151] EXT4-fs error (device loop4): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.4.1027: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 195.296858][ T7166] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad258, utbl_chksum : 0xe619d30d) [ 195.480771][ T7173] netlink: 272 bytes leftover after parsing attributes in process `syz.2.1036'. [ 195.501701][ T7173] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 195.508612][ T7173] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 195.651341][ T7180] loop4: detected capacity change from 0 to 256 [ 195.701437][ T7180] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad258, utbl_chksum : 0xe619d30d) [ 195.853849][ T7186] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1039'. [ 195.890446][ T7191] loop1: detected capacity change from 0 to 128 [ 196.037962][ T7202] loop3: detected capacity change from 0 to 1024 [ 196.105226][ T7191] EXT4-fs (loop1): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback. [ 196.326370][ T4139] hfsplus: b-tree write err: -5, ino 4 [ 196.601059][ T7216] overlayfs: upper fs does not support tmpfile. [ 197.006725][ T7227] loop4: detected capacity change from 0 to 1024 [ 198.359552][ T4148] hfsplus: b-tree write err: -5, ino 4 [ 198.600963][ T7249] loop3: detected capacity change from 0 to 512 [ 199.246142][ T7267] loop1: detected capacity change from 0 to 512 [ 199.330086][ T7273] loop4: detected capacity change from 0 to 8 [ 200.543360][ T7267] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 200.551259][ T7273] unable to read inode lookup table [ 200.602561][ T7267] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002] [ 200.604630][ T7267] System zones: 1-12 [ 200.606812][ T7267] EXT4-fs (loop1): 1 truncate cleaned up [ 200.615822][ T7267] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,nouid32,debug,lazytime,quota,,errors=continue. Quota mode: writeback. [ 200.678303][ T6538] kernel write not supported for file [eventfd] (pid: 6538 comm: kworker/1:9) [ 200.773337][ T7285] EXT4-fs warning (device loop1): verify_group_input:147: Cannot add at group 1768304430 (only 1 groups) [ 201.220085][ T7293] fuse: Unknown parameter 'Ero6Ùxd' [ 201.254794][ T7293] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 203.498533][ T7291] loop4: detected capacity change from 0 to 32768 [ 204.439368][ T7249] EXT4-fs: failed to create workqueue [ 204.440725][ T7249] EXT4-fs (loop3): mount failed [ 206.612963][ T7374] loop3: detected capacity change from 0 to 512 [ 206.888381][ T7374] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 206.897731][ T7370] 9pnet: Could not find request transport: f [ 208.541395][ T7399] netlink: 272 bytes leftover after parsing attributes in process `syz.4.1111'. [ 208.626713][ T7399] siw: device registration error -23 [ 208.709322][ T7404] loop3: detected capacity change from 0 to 1024 [ 208.712876][ T7399] loop4: detected capacity change from 0 to 2048 [ 209.357684][ T7412] sp0: Synchronizing with TNC [ 209.559825][ T7399] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 209.684164][ T148] hfsplus: b-tree write err: -5, ino 4 [ 210.795497][ T7432] fuse: Bad value for 'group_id' [ 210.893432][ T7435] netlink: 'syz.3.1122': attribute type 8 has an invalid length. [ 211.096701][ T7438] loop1: detected capacity change from 0 to 4096 [ 212.083474][ T7449] loop3: detected capacity change from 0 to 256 [ 212.360430][ T7450] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 213.434357][ T7456] loop1: detected capacity change from 0 to 1024 [ 213.539698][ T4139] hfsplus: b-tree write err: -5, ino 4 [ 213.659440][ T26] audit: type=1326 audit(213.620:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7463 comm="syz.1.1130" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x0 [ 215.782616][ T7478] fuse: Bad value for 'group_id' [ 216.033207][ T7484] device geneve2 entered promiscuous mode [ 216.908140][ T7488] loop1: detected capacity change from 0 to 1024 [ 216.953394][ T7488] FAULT_INJECTION: forcing a failure. [ 216.953394][ T7488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.956724][ T7488] CPU: 1 PID: 7488 Comm: syz.1.1141 Not tainted 5.15.179-syzkaller #0 [ 216.958818][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 216.961400][ T7488] Call trace: [ 216.962202][ T7488] dump_backtrace+0x0/0x530 [ 216.963310][ T7488] show_stack+0x2c/0x3c [ 216.964330][ T7488] dump_stack_lvl+0x108/0x170 [ 216.965526][ T7488] dump_stack+0x1c/0x58 [ 216.966560][ T7488] should_fail+0x3b8/0x514 [ 216.967750][ T7488] should_fail_usercopy+0x20/0x30 [ 216.969012][ T7488] __copy_msghdr_from_user+0xbc/0x5d0 [ 216.970418][ T7488] ___sys_sendmsg+0x154/0x294 [ 216.971555][ T7488] __sys_sendmmsg+0x23c/0x648 [ 216.972845][ T7488] __arm64_sys_sendmmsg+0xa0/0xbc [ 216.974104][ T7488] invoke_syscall+0x98/0x2b8 [ 216.975312][ T7488] el0_svc_common+0x138/0x258 [ 216.976507][ T7488] do_el0_svc+0x58/0x14c [ 216.977496][ T7488] el0_svc+0x7c/0x1f0 [ 216.978533][ T7488] el0t_64_sync_handler+0x84/0xe4 [ 216.979891][ T7488] el0t_64_sync+0x1a0/0x1a4 [ 217.027732][ T303] hfsplus: b-tree write err: -5, ino 4 [ 217.659420][ T7494] loop4: detected capacity change from 0 to 1024 [ 217.698449][ T7496] 9pnet: Insufficient options for proto=fd [ 217.750494][ T7498] netlink: 272 bytes leftover after parsing attributes in process `syz.0.1145'. [ 217.768733][ T7498] siw: device registration error -23 [ 218.651855][ T7502] xt_CT: No such helper "pptp" [ 218.779045][ T7510] fuse: Bad value for 'group_id' [ 218.821033][ T7512] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1148'. [ 219.003478][ T7519] loop3: detected capacity change from 0 to 4096 [ 219.030485][ T7517] tipc: Enabling of bearer rejected, already enabled [ 219.035062][ T7517] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1148'. [ 219.209145][ T7523] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 220.384361][ T7535] loop3: detected capacity change from 0 to 1024 [ 220.469820][ T391] hfsplus: b-tree write err: -5, ino 4 [ 220.662628][ T7542] fuse: Bad value for 'group_id' [ 220.696687][ T391] hfsplus: b-tree write err: -5, ino 4 [ 220.923840][ T7548] vivid-000: ================= START STATUS ================= [ 220.926556][ T7548] vivid-000: Test Pattern: 75% Colorbar [ 220.928204][ T7548] vivid-000: Fill Percentage of Frame: 100 [ 220.929711][ T7548] vivid-000: Horizontal Movement: No Movement [ 220.932415][ T7548] vivid-000: Vertical Movement: No Movement [ 220.935244][ T7548] vivid-000: OSD Text Mode: All [ 220.936473][ T7548] vivid-000: Show Border: false [ 220.937691][ T7548] vivid-000: Show Square: false [ 220.938902][ T7548] vivid-000: Sensor Flipped Horizontally: false [ 220.940403][ T7548] vivid-000: Sensor Flipped Vertically: false [ 220.941872][ T7548] vivid-000: Insert SAV Code in Image: false [ 220.973728][ T7548] vivid-000: Insert EAV Code in Image: false [ 220.975253][ T7548] vivid-000: Reduced Framerate: false [ 220.976614][ T7548] vivid-000: Enable Capture Cropping: true grabbed [ 220.978241][ T7548] vivid-000: Enable Capture Composing: true grabbed [ 220.979936][ T7548] vivid-000: Enable Capture Scaler: true grabbed [ 220.981519][ T7548] vivid-000: Timestamp Source: End of Frame [ 221.238437][ T7548] vivid-000: Colorspace: sRGB [ 221.250196][ T7548] vivid-000: Transfer Function: Default [ 221.312297][ T7548] vivid-000: Y'CbCr Encoding: Default [ 221.328549][ T7548] vivid-000: HSV Encoding: Hue 0-179 [ 221.393603][ T7548] vivid-000: Quantization: Default [ 221.418312][ T7548] vivid-000: Apply Alpha To Red Only: false [ 221.443868][ T7548] vivid-000: Standard Aspect Ratio: 4x3 [ 221.468881][ T7548] vivid-000: DV Timings Signal Mode: Current DV Timings inactive [ 221.522639][ T7548] vivid-000: DV Timings: 640x480p59 inactive [ 221.743503][ T7548] vivid-000: DV Timings Aspect Ratio: Source Width x Height [ 221.745413][ T7548] vivid-000: Maximum EDID Blocks: 2 [ 221.746791][ T7548] vivid-000: Limited RGB Range (16-235): false [ 221.748259][ T7548] vivid-000: Rx RGB Quantization Range: Automatic [ 221.749855][ T7548] vivid-000: Power Present: 0x00000001 [ 221.751244][ T7548] tpg source WxH: 640x360 (Y'CbCr) [ 221.752534][ T7548] tpg field: 1 [ 221.783690][ T7548] tpg crop: 640x360@0x0 [ 221.784796][ T7548] tpg compose: 640x360@0x0 [ 221.785903][ T7548] tpg colorspace: 8 [ 221.786910][ T7548] tpg transfer function: 0/2 [ 221.788055][ T7548] tpg Y'CbCr encoding: 0/1 [ 221.789142][ T7548] tpg quantization: 0/2 [ 221.790119][ T7548] tpg RGB range: 0/2 [ 221.791107][ T7548] vivid-000: ================== END STATUS ================== [ 221.879567][ T7557] device geneve2 entered promiscuous mode [ 222.145536][ T7565] loop3: detected capacity change from 0 to 1024 [ 222.343259][ T7571] fuse: Bad value for 'group_id' [ 222.377830][ T148] hfsplus: b-tree write err: -5, ino 4 [ 224.159383][ T7555] loop4: detected capacity change from 0 to 32768 [ 225.605063][ T7597] xt_CT: No such helper "pptp" [ 225.689602][ T7606] loop3: detected capacity change from 0 to 1024 [ 225.718655][ T7608] fuse: Bad value for 'group_id' [ 225.796905][ T148] hfsplus: b-tree write err: -5, ino 4 [ 228.520821][ T7638] fuse: Bad value for 'group_id' [ 228.810301][ T7648] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1202'. [ 228.813749][ T7648] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 230.794397][ T7672] loop1: detected capacity change from 0 to 512 [ 232.349244][ T7693] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1218'. [ 232.351574][ T7693] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 232.377260][ T7693] loop3: detected capacity change from 0 to 764 [ 232.478826][ T7695] loop1: detected capacity change from 0 to 1024 [ 232.602148][ T7693] Symlink component flag not implemented [ 232.612106][ T7693] Symlink component flag not implemented [ 232.619070][ T7693] Symlink component flag not implemented (129) [ 232.620737][ T7693] Symlink component flag not implemented (6) [ 232.697553][ T7695] 9pnet: Insufficient options for proto=fd [ 232.761809][ T4139] hfsplus: b-tree write err: -5, ino 4 [ 232.874022][ T7697] loop3: detected capacity change from 0 to 4096 [ 233.998363][ T7709] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 235.003283][ T7715] fuse: Bad value for 'group_id' [ 235.427674][ T7728] loop4: detected capacity change from 0 to 1024 [ 235.467946][ T7724] loop3: detected capacity change from 0 to 4096 [ 235.723298][ T7732] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1233'. [ 235.806422][ T7732] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 235.837871][ T7724] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 235.866426][ T7728] 9pnet: Insufficient options for proto=fd [ 235.926626][ T148] hfsplus: b-tree write err: -5, ino 4 [ 235.954358][ T7724] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 235.957572][ T7724] ntfs3: loop3: Failed to load $MFT. [ 237.780688][ T7745] loop1: detected capacity change from 0 to 4096 [ 238.030533][ T7757] fuse: Bad value for 'group_id' [ 238.142393][ T7761] dccp_invalid_packet: P.Data Offset(0) too small [ 238.147813][ T4139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.230155][ T7763] 9pnet: Insufficient options for proto=fd [ 239.643920][ T7738] loop4: detected capacity change from 0 to 256 [ 241.604977][ T7793] fuse: Bad value for 'group_id' [ 241.680177][ T7799] 9pnet: Insufficient options for proto=fd [ 243.627340][ T7819] binder: 7818:7819 ioctl c0306201 0 returned -14 [ 243.631284][ T7819] binder: 7818:7819 got transaction to invalid handle, 1 [ 243.640497][ T7819] binder: 7818:7819 transaction failed 29201/-22, size 72-0 line 2917 [ 243.880434][ T7822] loop3: detected capacity change from 0 to 256 [ 245.597476][ T7835] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1270'. [ 246.224123][ T7842] fuse: Bad value for 'group_id' [ 249.365982][ T7867] loop4: detected capacity change from 0 to 4096 [ 249.526930][ T7871] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 249.704355][ T7875] fuse: Bad value for 'group_id' [ 249.785815][ T7879] loop4: detected capacity change from 0 to 256 [ 249.829054][ T7884] binder: 7883:7884 got transaction to invalid handle, 1 [ 249.831390][ T7884] binder: 7883:7884 transaction failed 29201/-22, size 72-0 line 2917 [ 249.853542][ T7885] input: syz0 as /devices/virtual/input/input5 [ 251.098455][ T7901] loop3: detected capacity change from 0 to 1024 [ 251.900514][ T7901] 9pnet: Insufficient options for proto=fd [ 251.951530][ T303] hfsplus: b-tree write err: -5, ino 4 [ 251.957371][ T7910] netlink: 'syz.0.1297': attribute type 2 has an invalid length. [ 251.975419][ T7908] fuse: Bad value for 'group_id' [ 252.088138][ T7913] binder: 7911:7913 got transaction to invalid handle, 1 [ 252.089826][ T7913] binder: 7911:7913 transaction failed 29201/-22, size 72-0 line 2917 [ 253.654103][ T7932] netlink: 72 bytes leftover after parsing attributes in process `syz.0.1304'. [ 253.944842][ T2052] ieee802154 phy0 wpan0: encryption failed: -22 [ 253.946435][ T2052] ieee802154 phy1 wpan1: encryption failed: -22 [ 254.068050][ T7941] loop3: detected capacity change from 0 to 512 [ 254.173711][ T7939] loop4: detected capacity change from 0 to 4096 [ 254.197946][ T7941] EXT4-fs (loop3): Unrecognized mount option "dont_appraise" or missing value [ 254.340734][ T7945] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 254.570517][ T7941] loop3: detected capacity change from 0 to 8192 [ 254.617428][ T7941] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 254.619668][ T7941] REISERFS (device loop3): using ordered data mode [ 254.621254][ T7941] reiserfs: using flush barriers [ 254.630759][ T7916] loop1: detected capacity change from 0 to 32768 [ 254.684102][ T7941] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 254.689518][ T7941] REISERFS (device loop3): checking transaction log (loop3) [ 254.958749][ T7941] REISERFS (device loop3): Using tea hash to sort names [ 254.960742][ T7941] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 255.411392][ T7953] fuse: Bad value for 'group_id' [ 255.456744][ T7957] FAULT_INJECTION: forcing a failure. [ 255.456744][ T7957] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 255.460278][ T7957] CPU: 1 PID: 7957 Comm: syz.2.1313 Not tainted 5.15.179-syzkaller #0 [ 255.462481][ T7957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 255.465070][ T7957] Call trace: [ 255.465878][ T7957] dump_backtrace+0x0/0x530 [ 255.467071][ T7957] show_stack+0x2c/0x3c [ 255.468114][ T7957] dump_stack_lvl+0x108/0x170 [ 255.469288][ T7957] dump_stack+0x1c/0x58 [ 255.470387][ T7957] should_fail+0x3b8/0x514 [ 255.471473][ T7957] should_fail_alloc_page+0x74/0xa8 [ 255.472796][ T7957] prepare_alloc_pages+0x160/0x460 [ 255.474070][ T7957] __alloc_pages+0x138/0x674 [ 255.475330][ T7957] alloc_pages_vma+0x294/0x7c0 [ 255.476483][ T7957] alloc_zeroed_user_highpage_movable+0x9c/0xd8 [ 255.478150][ T7957] handle_mm_fault+0x1ee8/0x33a8 [ 255.479410][ T7957] do_page_fault+0x700/0xb60 [ 255.480693][ T7957] do_translation_fault+0xe8/0x138 [ 255.481959][ T7957] do_mem_abort+0x70/0x1d8 [ 255.483089][ T7957] el0_da+0x94/0x20c [ 255.484125][ T7957] el0t_64_sync_handler+0xc0/0xe4 [ 255.485330][ T7957] el0t_64_sync+0x1a0/0x1a4 [ 255.497841][ T7957] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 255.831355][ T7963] loop4: detected capacity change from 0 to 1024 [ 257.524812][ T7963] 9pnet: Insufficient options for proto=fd [ 257.559894][ T148] hfsplus: b-tree write err: -5, ino 4 [ 257.816341][ T7990] loop1: detected capacity change from 0 to 256 [ 260.721444][ T8009] fuse: Bad value for 'group_id' [ 261.895676][ T8023] netlink: 412 bytes leftover after parsing attributes in process `syz.2.1334'. [ 261.979565][ T8029] udc-core: couldn't find an available UDC or it's busy [ 261.981419][ T8029] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 262.153313][ T8034] IPv6: NLM_F_REPLACE set, but no existing node found! [ 262.355167][ T8036] binder: 8035:8036 got transaction to invalid handle, 1 [ 262.357055][ T8036] binder: 8035:8036 transaction failed 29201/-22, size 72-0 line 2917 [ 262.455619][ T8038] loop1: detected capacity change from 0 to 256 [ 263.840902][ T8046] fuse: Bad value for 'group_id' [ 266.259260][ T8078] fuse: Bad value for 'group_id' [ 266.352597][ T8082] overlayfs: missing 'lowerdir' [ 268.647036][ T8107] netlink: 'syz.1.1362': attribute type 1 has an invalid length. [ 268.648942][ T8107] netlink: 'syz.1.1362': attribute type 4 has an invalid length. [ 268.650761][ T8107] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.1362'. [ 268.771786][ T8112] Cannot find set identified by id 4 to match [ 269.552836][ T8115] fuse: Bad value for 'group_id' [ 269.660095][ T8121] binder: tried to use weak ref as strong ref [ 269.661573][ T8121] binder: 8118:8121 Acquire 1 refcount change on invalid ref 0 ret -22 [ 269.675404][ T8121] binder: 8118:8121 got transaction to invalid handle, 1 [ 269.677183][ T8121] binder: 8118:8121 transaction failed 29201/-22, size 72-0 line 2917 [ 272.383564][ T8144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1376'. [ 272.823596][ T26] audit: type=1326 audit(272.760:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 272.837175][ T26] audit: type=1326 audit(272.760:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=56 compat=0 ip=0xffff85a4d254 code=0x7ffc0000 [ 273.264737][ T26] audit: type=1326 audit(272.770:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffff85a5088c code=0x7ffc0000 [ 273.269808][ T26] audit: type=1326 audit(272.770:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=198 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 273.283173][ T26] audit: type=1326 audit(272.770:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=268 compat=0 ip=0xffff85a5088c code=0x7ffc0000 [ 273.294347][ T26] audit: type=1326 audit(272.780:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=57 compat=0 ip=0xffff85a4d62c code=0x7ffc0000 [ 273.303435][ T26] audit: type=1326 audit(272.780:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 273.308770][ T26] audit: type=1326 audit(272.780:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=211 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 273.323162][ T26] audit: type=1326 audit(272.780:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 273.329141][ T26] audit: type=1326 audit(272.780:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8147 comm="syz.1.1377" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff85a4ed28 code=0x7ffc0000 [ 273.337959][ T8141] loop4: detected capacity change from 0 to 65536 [ 273.565431][ T8141] XFS (loop4): Mounting V5 Filesystem [ 273.652598][ T8167] fuse: Bad value for 'group_id' [ 273.712035][ T8141] XFS (loop4): Ending clean mount [ 273.832958][ T4066] XFS (loop4): Metadata CRC error detected at xfs_agf_read_verify+0x190/0x24c, xfs_agf block 0x1 [ 273.837242][ T4066] XFS (loop4): Unmount and run xfs_repair [ 273.838783][ T4066] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 273.840627][ T4066] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00 XAGF..........@. [ 273.850240][ T4066] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01 ................ [ 273.852380][ T4066] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 273.855106][ T4066] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00 ......?...?..... [ 273.857299][ T4066] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 273.859754][ T4066] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 ................ [ 273.877754][ T4066] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 273.880331][ T4066] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 273.882678][ T8141] XFS (loop4): metadata I/O error in "xfs_read_agf+0x234/0x584" at daddr 0x1 len 1 error 74 [ 273.900818][ T8141] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x81c/0x12f4 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 273.910367][ T8141] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 273.940898][ T4022] XFS (loop4): Unmounting Filesystem [ 274.029677][ T8173] loop3: detected capacity change from 0 to 256 [ 274.212144][ T8179] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1386'. [ 274.329085][ T8186] binder: 8184:8186 ioctl 4018620d 0 returned -22 [ 274.331214][ T8186] binder: tried to use weak ref as strong ref [ 274.336278][ T8186] binder: 8184:8186 Acquire 1 refcount change on invalid ref 0 ret -22 [ 274.339052][ T8186] binder: 8184:8186 got transaction to invalid handle, 1 [ 274.362170][ T8186] binder: 8184:8186 transaction failed 29201/-22, size 72-0 line 2917 [ 275.328269][ T8191] fuse: Bad value for 'group_id' [ 276.660336][ T8210] loop1: detected capacity change from 0 to 2048 [ 277.334357][ T8219] binder: 8218:8219 ioctl 4018620d 0 returned -22 [ 277.345659][ T8219] binder: tried to use weak ref as strong ref [ 277.347397][ T8219] binder: 8218:8219 Acquire 1 refcount change on invalid ref 0 ret -22 [ 277.360130][ T8219] binder: 8218:8219 got transaction to invalid handle, 1 [ 277.361996][ T8219] binder: 8218:8219 transaction failed 29201/-22, size 72-0 line 2917 [ 277.479405][ T8223] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1403'. [ 277.678252][ T8210] hpfs: filesystem error: improperly stopped; already mounted read-only [ 277.680260][ T8210] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 277.682104][ T8210] hpfs: filesystem error: sector(s) 'dir_band_bitmap' badly placed at 7b318cc4 [ 278.457182][ T8234] binder: 8233:8234 ioctl 4018620d 0 returned -22 [ 278.459383][ T8234] binder: tried to use weak ref as strong ref [ 278.460934][ T8234] binder: 8233:8234 Acquire 1 refcount change on invalid ref 0 ret -22 [ 278.494795][ T8234] binder: 8233:8234 got transaction to invalid handle, 1 [ 278.496495][ T8234] binder: 8233:8234 transaction failed 29201/-22, size 72-0 line 2917 [ 278.557892][ T8236] loop3: detected capacity change from 0 to 4096 [ 280.158975][ T8236] ntfs: volume version 3.1. [ 280.257363][ T8254] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1412'. [ 281.252478][ T8259] loop3: detected capacity change from 0 to 8192 [ 281.491764][ T8259] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 281.494246][ T8259] REISERFS (device loop3): using ordered data mode [ 281.495855][ T8259] reiserfs: using flush barriers [ 281.724976][ T8259] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 282.023623][ T8259] REISERFS (device loop3): checking transaction log (loop3) [ 282.285328][ T8275] binder: 8274:8275 IncRefs 0 refcount change on invalid ref 0 ret -22 [ 282.289601][ T8275] binder: 8274:8275 ioctl c0306201 0 returned -14 [ 282.291337][ T8275] binder: 8274:8275 got transaction to invalid handle, 1 [ 282.293005][ T8275] binder: 8274:8275 transaction failed 29201/-22, size 72-0 line 2917 [ 282.657463][ T8287] loop4: detected capacity change from 0 to 256 [ 282.666612][ T8259] REISERFS (device loop3): Using tea hash to sort names [ 282.668597][ T8259] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 288.990344][ T8603] udc-core: couldn't find an available UDC or it's busy [ 288.992015][ T8603] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 289.027575][ T8605] 9pnet_virtio: no channels available for device syz [ 289.072954][ T8610] 9pnet_virtio: no channels available for device syz [ 289.489833][ T8618] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1549'. [ 289.786575][ T8637] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1556'. [ 289.904600][ T8642] use of bytesused == 0 is deprecated and will be removed in the future, [ 289.907012][ T8642] use the actual size instead. [ 290.125648][ T8655] 9pnet_virtio: no channels available for device syz [ 290.232948][ T8659] misc userio: Can't change port type on an already running userio instance [ 290.276559][ T8663] udc-core: couldn't find an available UDC or it's busy [ 290.278352][ T8663] misc raw-gadget: fail, usb_gadget_probe_driver returned -19 [ 290.770526][ T144] Bluetooth: hci3: Unknown advertising packet type: 0x7470 [ 290.770700][ T144] ================================================================== [ 290.774869][ T144] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0xde8/0x31c0 [ 290.776787][ T144] Read of size 1 at addr ffff0000e80d7204 by task kworker/u5:0/144 [ 290.778801][ T144] [ 290.779350][ T144] CPU: 1 PID: 144 Comm: kworker/u5:0 Not tainted 5.15.179-syzkaller #0 [ 290.781505][ T144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 290.784086][ T144] Workqueue: hci3 hci_rx_work [ 290.785294][ T144] Call trace: [ 290.786121][ T144] dump_backtrace+0x0/0x530 [ 290.787320][ T144] show_stack+0x2c/0x3c [ 290.788359][ T144] dump_stack_lvl+0x108/0x170 [ 290.789562][ T144] print_address_description+0x7c/0x3f0 [ 290.790942][ T144] kasan_report+0x174/0x1e4 [ 290.792091][ T144] __asan_report_load1_noabort+0x44/0x50 [ 290.793484][ T144] hci_le_meta_evt+0xde8/0x31c0 [ 290.794680][ T144] hci_event_packet+0xd34/0x12b4 [ 290.795967][ T144] hci_rx_work+0x1d0/0x830 [ 290.797099][ T144] process_one_work+0x790/0x11b8 [ 290.798375][ T144] worker_thread+0x910/0x1034 [ 290.799501][ T144] kthread+0x37c/0x45c [ 290.800589][ T144] ret_from_fork+0x10/0x20 [ 290.801665][ T144] [ 290.802293][ T144] Allocated by task 8693: [ 290.803310][ T144] ____kasan_kmalloc+0xbc/0xfc [ 290.804513][ T144] __kasan_kmalloc+0x10/0x1c [ 290.805624][ T144] __kmalloc_node_track_caller+0x234/0x448 [ 290.807062][ T144] kmalloc_reserve+0xe8/0x270 [ 290.807201][ T8698] 9pnet_virtio: no channels available for device syz [ 290.808274][ T144] __alloc_skb+0x1a4/0x584 [ 290.810887][ T144] vhci_write+0xb8/0x3b8 [ 290.811950][ T144] vfs_write+0x884/0xb44 [ 290.813046][ T144] ksys_write+0x15c/0x26c [ 290.814110][ T144] __arm64_sys_write+0x7c/0x90 [ 290.815231][ T144] invoke_syscall+0x98/0x2b8 [ 290.816415][ T144] el0_svc_common+0x138/0x258 [ 290.817577][ T144] do_el0_svc+0x58/0x14c [ 290.818597][ T144] el0_svc+0x7c/0x1f0 [ 290.819662][ T144] el0t_64_sync_handler+0x84/0xe4 [ 290.820850][ T144] el0t_64_sync+0x1a0/0x1a4 [ 290.822005][ T144] [ 290.822536][ T144] The buggy address belongs to the object at ffff0000e80d7000 [ 290.822536][ T144] which belongs to the cache kmalloc-512 of size 512 [ 290.826140][ T144] The buggy address is located 4 bytes to the right of [ 290.826140][ T144] 512-byte region [ffff0000e80d7000, ffff0000e80d7200) [ 290.829517][ T144] The buggy address belongs to the page: [ 290.830909][ T144] page:00000000bd425ef6 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1280d4 [ 290.833519][ T144] head:00000000bd425ef6 order:2 compound_mapcount:0 compound_pincount:0 [ 290.835725][ T144] flags: 0x5ffc00000010200(slab|head|node=0|zone=2|lastcpupid=0x7ff) [ 290.837823][ T144] raw: 05ffc00000010200 dead000000000100 dead000000000122 ffff0000c0002600 [ 290.839977][ T144] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 290.842236][ T144] page dumped because: kasan: bad access detected [ 290.843792][ T144] [ 290.844388][ T144] Memory state around the buggy address: [ 290.845724][ T144] ffff0000e80d7100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.847798][ T144] ffff0000e80d7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 290.849886][ T144] >ffff0000e80d7200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 290.851963][ T144] ^ [ 290.852989][ T144] ffff0000e80d7280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 290.855093][ T144] ffff0000e80d7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 290.857115][ T144] ================================================================== [ 290.859134][ T144] Disabling lock debugging due to kernel taint