last executing test programs: 17.63701972s ago: executing program 1 (id=669): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) 12.824236161s ago: executing program 1 (id=685): socket$l2tp6(0xa, 0x2, 0x73) socket$nl_route(0x10, 0x3, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp1\x00', 0x1) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f0000000140)={r1}, 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='task\x00') fchdir(r4) r5 = syz_clone(0x0, 0x0, 0x21, 0x0, 0x0, 0x0) timer_create(0x1, &(0x7f0000000040)={0x0, 0x17, 0x4}, &(0x7f0000000080)) syz_open_procfs(r5, &(0x7f0000000180)='fdinfo/3\x00') r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4004, r6, 0x2}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000240)={0x4, 0x1ce, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x5, 0xffffffffffffffff, 0x9, 0x0, 0x1, 0x1000000080000006}, 0x0, 0x0) r7 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) ioctl$FE_SET_FRONTEND(r7, 0x40246f4c, 0x0) 12.213306477s ago: executing program 3 (id=686): syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000e80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000, &(0x7f00000000c0)=ANY=[@ANYBLOB='uni_xlate=0,iocharset=ep866,errors=continue,utf8=0,shortname=mixed,shortname=win95,nonumtail=0,uni_xlate=1,iocharset=cp857,shortname=mixed,utf8=1,uni_xlate=0,shortname=win95,codepage=936,utf8=1,utf8=0,\x00'], 0xfd, 0x2a8, &(0x7f0000000580)="$eJzs3c9qK1UcB/DfpGkSdZEsXInigC5cXW7vE6RIL1zMSslCXah4b0GaILRQ8A/GrgRXblz6BILQnS/hxjfwAQR3dlE4MslMk9Q07UDT+ufz2fT0nPOd8zuTaUsXOfnw5fHB0zz2T778LTqdLBr96MdZFr1oROXrWNL/LgCAf7OzlOKPNFMnl0VEZ3NlAQAbVPvv/+nGSwIANuydd997a3cw2Hs7zzvxePzN8bD4z774Ohvf3Y9PYhTP4mF04zwiXZi1H6eUJs280IvXx5PjYZEcf/BLef3d3yOm+Z3oRm/atZx/MtjbyWcW8pOijufL9ftF/lF048UV6z8Z7D1akY9hK954baH+B9GNXz+OT2MUT6dFzPNf7eT5m+n7P794vyivyGeT42F7Om8ubd3xSwMAAAAAAAAAAAAAAAAAAAAAwH/Yg/LsnHZMz+8pusrzd7bOi2+2I6/0ls/nmeWz6kKXzgeapPihOl/nYZ7nqZw4zzfjpWY072fXAAAAAAAAAAAAAAAAAAAA8M9y9NnnBx+NRs8Ob6VRnQZQva2//nVOp6n+Qs+rsT7Vnq/VKJtrloitak4WsbaeYhO3dFuuazx3Vc0//lT3gp3r52wXa3VucRfVy73QE1VPtvoeti8md6qH5OeqJ6WUWnHD1VtXDaVaj19r5VC39t1ovTBtTNbMieyqwr59Zf5zWQ5ll3fRWrrPS43tsrEQv/Rs1Hqe//67InNaBwAAAAAAAAAAAAAAAAAAbNT8Tb8rBk/WRhupvbGyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBOzT//v0ZjUoZvMLkVh0f3vEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+B/4KAAD//+KpXP8=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$netlink(0x10, 0x3, 0x15) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4050) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file1\x00', 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) mknodat(r4, &(0x7f0000000100)='./file0/file0\x00', 0x8910, 0x4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x400, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="1b00000000000000000000000004000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000002050000de0500000400000000000000000000499b68f90549fb2be22f747eecf344f15a6d9c7817c43d21c1e515c34d637a572fa19b3c021e2444734ac015ae52d39ce15eef63cd0d"], 0x50) getdents64(r5, &(0x7f0000000080)=""/78, 0x4e) 11.913854914s ago: executing program 2 (id=688): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r7, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0xf0}, 0x1}, 0x18) sendmsg$can_j1939(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 11.076020313s ago: executing program 3 (id=689): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x8080, @dev={0xfe, 0x80, '\x00', 0x29}, 0x4}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)='L', 0x1}], 0x1}}], 0x1, 0x4040001) shutdown(r1, 0x1) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100)={0x8f, 0xaa, 0x9, 0xc, 0x64, 0x0, 0x29, 0x7, 0x0, 0x4, 0x9, 0x4, 0x8, 0xb2}, 0xe) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0) timerfd_create(0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000080)={0x3ff, 0x7, 0x100000, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) 11.046146765s ago: executing program 1 (id=690): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x80000, 0x0, 0xc8}, 0x9c) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(0x0, 0x83) socket$pppl2tp(0x18, 0x1, 0x1) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(&(0x7f00000000c0)={[0xffffffffffff8518]}, 0x0, 0x0, 0x8) 10.222057293s ago: executing program 2 (id=692): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x80000, 0x0, 0xc8}, 0x9c) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(0x0, 0x83) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) inotify_init1(0x800) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000340)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x4, 0x3, {0xa, 0x4e22, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2b9d}}}, 0x3a) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 7.522071771s ago: executing program 1 (id=695): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) 7.455173894s ago: executing program 2 (id=696): openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x800, 0x0) epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 7.453706815s ago: executing program 3 (id=697): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000000000/0x4000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() r2 = syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x4cafa2) ioctl$CEC_TRANSMIT(r2, 0xc0386105, &(0x7f00000001c0)={0x6, 0x7c24, 0x7, 0x1, 0x6, 0x6b, "8c2af5354de0720dee32a53dbf5ccb13", 0x9, 0x7, 0xc3, 0x9, 0x5, 0x9, 0x9}) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x80000, 0x20, 0x11}, 0x18) openat(r6, &(0x7f0000000180)='./file0\x00', 0x10000, 0x63962b33e358844d) ioctl$SIOCX25SFACILITIES(r5, 0x89e3, &(0x7f0000000540)={0x70, 0x1ff, 0xa, 0x6, 0x80}) r7 = syz_open_procfs(r1, &(0x7f0000000040)='status\x00') lseek(r7, 0x1000000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x4, 0x55a}) 7.343787011s ago: executing program 0 (id=699): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r7, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0xf0}, 0x1}, 0x18) sendmsg$can_j1939(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 6.864019619s ago: executing program 4 (id=700): syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000e80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000, &(0x7f00000000c0)=ANY=[@ANYBLOB='uni_xlate=0,iocharset=ep866,errors=continue,utf8=0,shortname=mixed,shortname=win95,nonumtail=0,uni_xlate=1,iocharset=cp857,shortname=mixed,utf8=1,uni_xlate=0,shortname=win95,codepage=936,utf8=1,utf8=0,\x00'], 0xfd, 0x2a8, &(0x7f0000000580)="$eJzs3c9qK1UcB/DfpGkSdZEsXInigC5cXW7vE6RIL1zMSslCXah4b0GaILRQ8A/GrgRXblz6BILQnS/hxjfwAQR3dlE4MslMk9Q07UDT+ufz2fT0nPOd8zuTaUsXOfnw5fHB0zz2T778LTqdLBr96MdZFr1oROXrWNL/LgCAf7OzlOKPNFMnl0VEZ3NlAQAbVPvv/+nGSwIANuydd997a3cw2Hs7zzvxePzN8bD4z774Ohvf3Y9PYhTP4mF04zwiXZi1H6eUJs280IvXx5PjYZEcf/BLef3d3yOm+Z3oRm/atZx/MtjbyWcW8pOijufL9ftF/lF048UV6z8Z7D1akY9hK954baH+B9GNXz+OT2MUT6dFzPNf7eT5m+n7P794vyivyGeT42F7Om8ubd3xSwMAAAAAAAAAAAAAAAAAAAAAwH/Yg/LsnHZMz+8pusrzd7bOi2+2I6/0ls/nmeWz6kKXzgeapPihOl/nYZ7nqZw4zzfjpWY072fXAAAAAAAAAAAAAAAAAAAA8M9y9NnnBx+NRs8Ob6VRnQZQva2//nVOp6n+Qs+rsT7Vnq/VKJtrloitak4WsbaeYhO3dFuuazx3Vc0//lT3gp3r52wXa3VucRfVy73QE1VPtvoeti8md6qH5OeqJ6WUWnHD1VtXDaVaj19r5VC39t1ovTBtTNbMieyqwr59Zf5zWQ5ll3fRWrrPS43tsrEQv/Rs1Hqe//67InNaBwAAAAAAAAAAAAAAAAAAbNT8Tb8rBk/WRhupvbGyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBOzT//v0ZjUoZvMLkVh0f3vEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+B/4KAAD//+KpXP8=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$netlink(0x10, 0x3, 0x15) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4050) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file1\x00', 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) mknodat(r4, &(0x7f0000000100)='./file0/file0\x00', 0x8910, 0x4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x400, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="1b00000000000000000000000004000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000002050000de0500000400000000000000000000499b68f90549fb2be22f747eecf344f15a6d9c7817c43d21c1e515c34d637a572fa19b3c021e2444734ac015ae52d39ce15eef63cd0d"], 0x50) getdents64(r5, &(0x7f0000000080)=""/78, 0x4e) 6.257505385s ago: executing program 0 (id=701): socket$l2tp6(0xa, 0x2, 0x73) socket$nl_route(0x10, 0x3, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp1\x00', 0x1) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f0000000140)={r1}, 0x1) r4 = syz_open_procfs(0x0, &(0x7f0000000080)='task\x00') fchdir(r4) r5 = syz_clone(0x0, 0x0, 0x21, 0x0, 0x0, 0x0) timer_create(0x1, &(0x7f0000000040)={0x0, 0x17, 0x4}, &(0x7f0000000080)) syz_open_procfs(r5, &(0x7f0000000180)='fdinfo/3\x00') r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4004, r6, 0x2}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000240)={0x4, 0x1ce, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x5, 0xffffffffffffffff, 0x9, 0x0, 0x1, 0x1000000080000006}, 0x0, 0x0) r7 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) ioctl$FE_SET_FRONTEND(r7, 0x40246f4c, 0x0) 5.595304343s ago: executing program 4 (id=702): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r7, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0xf0}, 0x1}, 0x18) sendmsg$can_j1939(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 5.356186278s ago: executing program 0 (id=703): syz_usb_connect(0x0, 0x0, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, 0x0, 0xc2882, 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000040)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x40, 0x80, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x7, 0x1, 0x3, 0x7f, "", {{{0x9, 0x5, 0x1, 0x2, 0x49b9dbeca8101603, 0x8, 0x3, 0xf2}}}}}]}}]}}, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x5, &(0x7f0000000100)=@string={0x5, 0x3, "f5ca66"}}, {0x41, &(0x7f00000001c0)=@string={0x41, 0x3, "4aecca1db2b2c5300fe9c1032a2488985fcf4e754fcf25bc017303eb7b3850c2c7a977209c22b3c70eb025baf5b0fd7ad7d477ee884a7cb44645aadb0edf1d"}}]}) 4.510804047s ago: executing program 4 (id=704): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {0x0, 0x0, 0x4}}, 0x18) close_range(r1, 0xffffffffffffffff, 0x0) 3.310086117s ago: executing program 4 (id=705): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r6, &(0x7f0000000080)={0x1d, r7, 0x0, {0x0, 0xf0}, 0x1}, 0x18) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 3.280288659s ago: executing program 2 (id=706): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x80000, 0x0, 0xc8}, 0x9c) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(0x0, 0x83) socket$pppl2tp(0x18, 0x1, 0x1) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait(&(0x7f00000000c0)={[0xffffffffffff8518]}, 0x0, 0x0, 0x8) 3.24712259s ago: executing program 3 (id=707): openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r1, &(0x7f0000006bc0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x8080, @dev={0xfe, 0x80, '\x00', 0x29}, 0x4}, 0x1c, &(0x7f0000000040)=[{&(0x7f0000000180)='L', 0x1}], 0x1}}], 0x1, 0x4040001) shutdown(r1, 0x1) setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100)={0x8f, 0xaa, 0x9, 0xc, 0x64, 0x0, 0x29, 0x7, 0x0, 0x4, 0x9, 0x4, 0x8, 0xb2}, 0xe) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0) timerfd_create(0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f0000000080)={0x3ff, 0x7, 0x100000, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) 3.144332137s ago: executing program 1 (id=708): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), r0) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="980000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf2503"], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000) 1.227266089s ago: executing program 4 (id=709): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x80000, 0x0, 0xc8}, 0x9c) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @loopback, 0x3}, 0x7e) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) mkdir(0x0, 0x83) r1 = socket$pppl2tp(0x18, 0x1, 0x1) r2 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e) inotify_init1(0x800) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000340)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x2, 0x2, 0x4, 0x3, {0xa, 0x4e22, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x2b9d}}}, 0x3a) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.137212714s ago: executing program 0 (id=710): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) connect$can_j1939(r1, &(0x7f0000000080)={0x1d, r2, 0x0, {0x0, 0xf0}, 0x1}, 0x18) sendmsg$can_j1939(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) 1.088051216s ago: executing program 2 (id=711): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r7, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0xf0}, 0x1}, 0x18) sendmsg$can_j1939(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 1.062232618s ago: executing program 3 (id=712): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xe, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x200, 0x71, 0x11, 0x63}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @ldst={0x0, 0x1, 0x1, 0x1, 0x0, 0x18, 0xfffffffffffffffe}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000140)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x60, '\x00', 0x0, @sk_skb=0x20, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) r0 = socket$isdn(0x22, 0x3, 0x2) getsockname(r0, &(0x7f00000000c0)=@isdn, &(0x7f0000000040)=0x80) 1.000001072s ago: executing program 0 (id=713): syz_mount_image$vfat(&(0x7f0000000380), &(0x7f0000000e80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000, &(0x7f00000000c0)=ANY=[@ANYBLOB='uni_xlate=0,iocharset=ep866,errors=continue,utf8=0,shortname=mixed,shortname=win95,nonumtail=0,uni_xlate=1,iocharset=cp857,shortname=mixed,utf8=1,uni_xlate=0,shortname=win95,codepage=936,utf8=1,utf8=0,\x00'], 0xfd, 0x2a8, &(0x7f0000000580)="$eJzs3c9qK1UcB/DfpGkSdZEsXInigC5cXW7vE6RIL1zMSslCXah4b0GaILRQ8A/GrgRXblz6BILQnS/hxjfwAQR3dlE4MslMk9Q07UDT+ufz2fT0nPOd8zuTaUsXOfnw5fHB0zz2T778LTqdLBr96MdZFr1oROXrWNL/LgCAf7OzlOKPNFMnl0VEZ3NlAQAbVPvv/+nGSwIANuydd997a3cw2Hs7zzvxePzN8bD4z774Ohvf3Y9PYhTP4mF04zwiXZi1H6eUJs280IvXx5PjYZEcf/BLef3d3yOm+Z3oRm/atZx/MtjbyWcW8pOijufL9ftF/lF048UV6z8Z7D1akY9hK954baH+B9GNXz+OT2MUT6dFzPNf7eT5m+n7P794vyivyGeT42F7Om8ubd3xSwMAAAAAAAAAAAAAAAAAAAAAwH/Yg/LsnHZMz+8pusrzd7bOi2+2I6/0ls/nmeWz6kKXzgeapPihOl/nYZ7nqZw4zzfjpWY072fXAAAAAAAAAAAAAAAAAAAA8M9y9NnnBx+NRs8Ob6VRnQZQva2//nVOp6n+Qs+rsT7Vnq/VKJtrloitak4WsbaeYhO3dFuuazx3Vc0//lT3gp3r52wXa3VucRfVy73QE1VPtvoeti8md6qH5OeqJ6WUWnHD1VtXDaVaj19r5VC39t1ovTBtTNbMieyqwr59Zf5zWQ5ll3fRWrrPS43tsrEQv/Rs1Hqe//67InNaBwAAAAAAAAAAAAAAAAAAbNT8Tb8rBk/WRhupvbGyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBOzT//v0ZjUoZvMLkVh0f3vEUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+B/4KAAD//+KpXP8=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept$packet(0xffffffffffffffff, 0x0, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$netlink(0x10, 0x3, 0x15) socket$inet6_mptcp(0xa, 0x1, 0x106) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x4000001}, 0x4050) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181) openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file1\x00', 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) mknodat(r4, &(0x7f0000000100)='./file0/file0\x00', 0x8910, 0x4) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x400, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="1b00000000000000000000000004000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000002050000de0500000400000000000000000000499b68f90549fb2be22f747eecf344f15a6d9c7817c43d21c1e515c34d637a572fa19b3c021e2444734ac015ae52d39ce15eef63cd0d"], 0x50) getdents64(r5, &(0x7f0000000080)=""/78, 0x4e) 940.741375ms ago: executing program 1 (id=714): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@gettaction={0x20, 0x5a, 0x1, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc, 0x2, {0x1}}]}, 0x20}}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r7, &(0x7f0000000100)={0x1d, r8, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r7, &(0x7f0000000080)={0x1d, r8, 0x0, {0x0, 0xf0}, 0x1}, 0x18) sendmsg$can_j1939(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)='.', 0x1a000}}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) 547.960189ms ago: executing program 3 (id=715): socket$l2tp6(0xa, 0x2, 0x73) socket$nl_route(0x10, 0x3, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) userfaultfd(0x80001) socket$netlink(0x10, 0x3, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) write$dsp(r0, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp1\x00', 0x1) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0) r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r3, 0x1e, &(0x7f0000000140)={r1}, 0x1) syz_open_procfs(0x0, &(0x7f0000000080)='task\x00') mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) r4 = syz_clone(0x0, 0x0, 0x21, 0x0, 0x0, 0x0) timer_create(0x1, &(0x7f0000000040)={0x0, 0x17, 0x4}, &(0x7f0000000080)) syz_open_procfs(r4, &(0x7f0000000180)='fdinfo/3\x00') r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000100)={0x4004, r5, 0x2}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000240)={0x4, 0x1ce, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x5, 0xffffffffffffffff, 0x9, 0x0, 0x1, 0x1000000080000006}, 0x0, 0x0) r6 = syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002) ioctl$FE_SET_FRONTEND(r6, 0x40246f4c, 0x0) 98.841184ms ago: executing program 2 (id=716): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$iso9660(&(0x7f0000000fc0), &(0x7f0000000000)='./file1\x00', 0x8800, &(0x7f0000000d80)=ANY=[], 0x23, 0x7f3, &(0x7f0000001800)="$eJzs3U9oHOfZAPBnFMmWFfAX8n3kM8ZxxnZKbeoqu1KiVOSQbFYjeRJpV+yuik0pSYhtMJaTEBPS+NDEl6QtLaWnHtNcQy6FHgo9lPbQFgqF5tBLD4VATiWFFkpLCajM7K71x1pJTmQrTX8/Yb2z7z7zzjOzo3l21ruzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEUp+pVKrJwYhYOpsOVp9pNRe2uL8/3s/XNVssNyIp/sXoaBzqdh36v9W77yt+HY8j3VtHYrRoRuPa3ffd89j/Dg/1598ioU/q2A7jkog3iqQuPzcUcTsSuYO+87NbnuWfK8XvuayRt5v5Qm0uS/N2M52emqo8dGa2nc7m81n7XLuTLaT1VlbrNFvpyfqptDo9PZlm4+eaS425mdp81u989MsTlcpU+tT4YlZrtZuNh54ab9fP5PPzeWOujJmovBpFzKPFjvh03kk7WW0hTS9eWr4wuV2qRVB1Xc/+dY/XkQfv+fCVD/526UKxQw4aJOntmBPV6sREdeqR6UcerVSGJyoT6zsqG8SNiBiKKCJuy07LZ92B1YPE7h284VMa6tb/iPnIoxFLcTbSSGOo/L36MxKjMROtaMZCcfsPIxvuv6n+f+Ghv/xuq+WW9futoqiP3qjyh1bvPhxl/T/avXV0QP0vDsob89jZz4FbnePKbyPe62aztv9qvBbX4nI8F8uxHBfi5U+Yzx37Gdph3Gj/kdg6bi6yaEQe7WhGHgtRK3vSXk8a0zEVU1GJZ+JMzEY70piNPOYji3aci3Z0Iiv3qHq0IotadKIZrUjjZNTjVKRRjemYjslII4vxOBfNWIpGzMVM1MpRLsalcrtPbsjrvm8+m7zx+w/fLqZvBFW3WJGkeDJXBP11Xff6/aRXzB+IHdX/A70tuD4iiXR4j2sRu6r/p7LT+F04asPuWCnr//BepwEAAADcRkn56nsSESNxfzk1m89nX9vrtAAAAIBdVL6v+UjRjBRT90dSnP9XNol8/47nBgAAAOyOpPyMXRIRY/FAd6r/canNXgQAAAAA/gOV//9/tGjGIl4vO5z/AwAAwOfMtwZdY/+Dfb1r7LcX9yd39aIXzz6YXKkVU7Urvb5e89UbI3ZmDycHe4OUzdTwtbuTiBiuZ0eS/tUvP97fbT8qRzi8egHCQdf6T1qtkeT64ARi6wTKW/HdONaNOXa+257v39NdythsPp+N15vzj1WT3osjnVdeuPSNiGLp324sHEzi4qXlC+PPv7h8vszlejHK9Su9y8Mnt5DLSm8LxP2br/FI+UGM3nLHusutrF3/oe7sQ1svM1m7zDfjeDfm+Fi3HVu//qPFMqvjj1WjVjs41MnOdl5ZWbP2vSyqn3LN34wT3ZgTJ090m02ymFiXxQs3ZzGxNoudbYstsyj0s3j72Otn//6rZpJNbpfF5KfMAmCvXCyv+rNahQ6UVehfK11F/d9Qd/tXNd/0KPfFn/SOoRuOchdXn2X0519T64Zjd6r7m3GyDPnFye7zieHD6+rKE2VdqWxyRH/p0ku/7h3RH373hz/6+tHf/Hi1um04Rj/RfVYwOIt341Q3stfEvb+8qboVQ1TLLfu9DVX1nWKOdwZW1fb8RDISESv/c+Pu8nGKiInJqcrDlcojEzFSPlXoNYMz3b/zvQSAz5ttv2NnB9/C8/DmZ9XRr3j33nhLwXg8Hy/GcpyP0+WnDSLigc1HHVvzNoTT25y1jq35hpfT25xbrsZObIzdfyKJAbGTa7bY//+gbP5x+x4TALjdjm9Th3dS/0/3zrtj8/PuDbX8VPeLc/tnxzG4lm/mK7d7gwDAf4Gs9VEy1nkrabXyxWeq09PVWudMlraa9afTVj4zl6V5o5O16mdqjbksXWw1O816/wXxmaydtpcWF5sfd9LZZitdbLbzs+U3v6e9r35vZwu1xqtRby/OZ7V2ltabjU6t3kln8nY9XVx6cj5vn8la5cztxayez+b1WidvNtJ2c6lVz8bTtJ1lawLzmazRyWfzYrKRLrbyhVrrekTMLy1k6UzWrrfyxU6zO2B/WXljttlaqA1Y/T/fwU0NAJ8ZV1+7dvm55eULL6+fWEk29mw+8ccdxFyNWNnr1QQA1lhbpQEAAAAAAAAAAAAAgM+mmz+uV/Ru+5G+tRMjcQvBGyb2xyeZ6/M78aX3ug/Lbgy4yTj7tpzrrtWeA+se0329nWXvt88tTzz7+OOXB8U8+fqhM3/KIrYfZ/O/lKt337T3xlsHI/b99Pvdnifu1Jq+H921iOFbmn0l2SJmzw5JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDQvwMAAP//wexOyQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) keyctl$setperm(0x5, 0x0, 0x3000) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x18000}, 0x0) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000044c0)={'vxcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000100)={0x1d, r7, 0x0, {0x0, 0x0, 0x4}}, 0x18) close_range(r1, 0xffffffffffffffff, 0x0) 21.832069ms ago: executing program 0 (id=717): openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi4\x00', 0x800, 0x0) epoll_create1(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 0s ago: executing program 4 (id=718): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000000000/0x4000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() r2 = syz_open_dev$cec(0x0, 0xffffffffffffffff, 0x4cafa2) ioctl$CEC_TRANSMIT(r2, 0xc0386105, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0) r6 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x80000, 0x20, 0x11}, 0x18) openat(r6, &(0x7f0000000180)='./file0\x00', 0x10000, 0x63962b33e358844d) ioctl$SIOCX25SFACILITIES(r5, 0x89e3, &(0x7f0000000540)={0x70, 0x1ff, 0xa, 0x6, 0x80}) r7 = syz_open_procfs(r1, &(0x7f0000000040)='status\x00') lseek(r7, 0x1000000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x40505330, &(0x7f0000000bc0)={0x800100, 0x0, 0x0, 0x724f, 0x4, 0x55a}) kernel console output (not intermixed with test programs): [ 119.105353][ T4807] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 119.121936][ T4810] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.97 (4810) [ 119.149358][ T4807] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 119.165928][ T4807] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 119.175398][ T4250] usb 3-1: Using ep0 maxpacket: 32 [ 119.182677][ T4807] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 119.196463][ T4810] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 119.206050][ T4810] BTRFS info (device loop1): setting nodatacow, compression disabled [ 119.214868][ T4810] BTRFS info (device loop1): enabling auto defrag [ 119.221666][ T4810] BTRFS info (device loop1): max_inline at 0 [ 119.227658][ T4810] BTRFS info (device loop1): using free space tree [ 119.234216][ T4810] BTRFS info (device loop1): has skinny extents [ 119.243712][ T4807] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 119.311520][ T4807] ntfs: volume version 3.1. [ 119.334211][ T4807] ntfs: (device loop4): ntfs_read_locked_inode(): Inode is not in use! [ 119.399586][ T4807] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 119.480152][ T4807] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 119.516641][ T4807] ntfs: (device loop4): ntfs_read_locked_inode(): $INDEX_ROOT attribute is missing. [ 119.527902][ T4807] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 119.598686][ T4829] netlink: 'syz.0.102': attribute type 2 has an invalid length. [ 120.199450][ T4250] usb 3-1: unable to get BOS descriptor or descriptor too short [ 120.301004][ T4250] usb 3-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 120.369486][ T4250] usb 3-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 120.612217][ T4250] usb 3-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 120.918777][ T4250] usb 3-1: config 1 interface 0 has no altsetting 0 [ 121.239558][ T4250] usb 3-1: string descriptor 0 read error: -71 [ 121.281067][ T4250] usb 3-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 121.524038][ T4250] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.959780][ T4250] usb 3-1: can't set config #1, error -71 [ 122.333618][ T4250] usb 3-1: USB disconnect, device number 3 [ 122.499084][ T4849] loop4: detected capacity change from 0 to 764 [ 122.669992][ T4853] loop2: detected capacity change from 0 to 764 [ 122.825149][ T4855] loop0: detected capacity change from 0 to 256 [ 123.054512][ T4858] netlink: 'syz.4.105': attribute type 2 has an invalid length. [ 123.761455][ T4855] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 123.771906][ T4855] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 123.782190][ T4855] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 123.798388][ T26] audit: type=1800 audit(1770567258.059:23): pid=4855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.107" name="file1" dev="loop0" ino=1048645 res=0 errno=0 [ 123.970951][ T4866] loop4: detected capacity change from 0 to 256 [ 124.147625][ T4868] loop2: detected capacity change from 0 to 256 [ 124.260835][ T4868] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 124.331672][ T4868] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 124.411726][ T4868] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 124.607620][ T26] audit: type=1800 audit(1770567258.879:24): pid=4868 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.110" name="file0" dev="loop2" ino=1048648 res=0 errno=0 [ 124.660973][ T4877] exFAT-fs (loop2): error, failed to bmap (inode : ffff88807357a1e0 iblock : 16, err : -5) [ 124.703038][ T4875] loop0: detected capacity change from 0 to 2048 [ 124.719656][ T4877] exFAT-fs (loop2): Filesystem has been set read-only [ 125.349357][ T4879] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 125.436569][ T4875] handle_bad_sector: 6 callbacks suppressed [ 125.436589][ T4875] attempt to access beyond end of device [ 125.436589][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 125.530036][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 125.538777][ T4875] attempt to access beyond end of device [ 125.538777][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 125.586897][ T4881] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղDvc֠6xc: (pid: 4881 comm: syz.0.111) [ 126.251541][ T26] audit: type=1800 audit(1770567260.529:25): pid=4881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.111" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=34207 res=0 errno=0 [ 127.009132][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.108186][ T4875] attempt to access beyond end of device [ 127.108186][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.135954][ T4892] netlink: 'syz.2.114': attribute type 2 has an invalid length. [ 127.149397][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.158073][ T4875] attempt to access beyond end of device [ 127.158073][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.186022][ T4894] loop1: detected capacity change from 0 to 764 [ 127.257574][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.409446][ T23] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 127.439553][ T4875] attempt to access beyond end of device [ 127.439553][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.499826][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.527010][ T4875] attempt to access beyond end of device [ 127.527010][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.551537][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.593089][ T4900] netlink: 'syz.1.115': attribute type 2 has an invalid length. [ 127.629525][ T4875] attempt to access beyond end of device [ 127.629525][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.671725][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.731701][ T4875] attempt to access beyond end of device [ 127.731701][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.835883][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.890343][ T4875] attempt to access beyond end of device [ 127.890343][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.903684][ T4904] loop3: detected capacity change from 0 to 764 [ 127.977904][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 127.986827][ T4875] attempt to access beyond end of device [ 127.986827][ T4875] loop0: rw=0, want=281474976710724, limit=2048 [ 127.998883][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.007866][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.017723][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.026666][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.035715][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.045900][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.075949][ T4875] NILFS (loop0): I/O error reading b-tree node block (ino=16, blocknr=15) [ 128.261671][ T13] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 128.274122][ T26] audit: type=1800 audit(1770567262.559:26): pid=4875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.111" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 128.518140][ T4908] netlink: 'syz.3.120': attribute type 2 has an invalid length. [ 129.158911][ T4920] loop1: detected capacity change from 0 to 256 [ 129.208543][ T4920] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 129.225704][ T4920] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 129.249377][ T13] usb 3-1: Using ep0 maxpacket: 32 [ 129.260363][ T4916] loop3: detected capacity change from 0 to 4096 [ 129.280054][ T4920] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 129.313005][ T4916] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 2) do not match. Run ntfsfix or chkdsk. [ 129.359552][ T4916] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 129.373946][ T26] audit: type=1800 audit(1770567263.649:27): pid=4920 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.124" name="file0" dev="loop1" ino=1048650 res=0 errno=0 [ 129.394985][ T4916] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 129.395025][ T4916] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 129.395111][ T4916] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 129.410050][ T4916] ntfs: volume version 3.1. [ 129.448154][ T4916] ntfs: (device loop3): ntfs_read_locked_inode(): Inode is not in use! [ 129.458111][ T13] usb 3-1: unable to get BOS descriptor or descriptor too short [ 129.487079][ T4924] exFAT-fs (loop1): error, failed to bmap (inode : ffff88807357b560 iblock : 16, err : -5) [ 129.497637][ T4924] exFAT-fs (loop1): Filesystem has been set read-only [ 129.539553][ T13] usb 3-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 129.551854][ T13] usb 3-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 129.563352][ T13] usb 3-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 129.586665][ T13] usb 3-1: config 1 interface 0 has no altsetting 0 [ 129.628395][ T4926] loop3: detected capacity change from 0 to 256 [ 129.789418][ T13] usb 3-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 129.802035][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.819491][ T13] usb 3-1: Product: syz [ 129.828322][ T13] usb 3-1: Manufacturer: ᷊늲ヅρ␪颈콟畎콏밥猁㡻쉐꧇⁷⊜잳뀎먥냵竽 [ 129.850583][ T13] usb 3-1: SerialNumber: syz [ 129.900960][ T4896] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 129.928320][ T4928] netlink: 'syz.0.127': attribute type 2 has an invalid length. [ 131.017173][ T13] usb 3-1: USB disconnect, device number 4 [ 131.021981][ T4939] loop2: detected capacity change from 0 to 256 [ 131.209012][ T4942] loop0: detected capacity change from 0 to 764 [ 132.087236][ T4952] loop1: detected capacity change from 0 to 764 [ 132.087772][ T4950] loop4: detected capacity change from 0 to 764 [ 132.970247][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.976593][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.429482][ T4948] netlink: 'syz.0.132': attribute type 2 has an invalid length. [ 134.267614][ T4973] netlink: 'syz.4.139': attribute type 2 has an invalid length. [ 134.391044][ T4974] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 134.473638][ T4974] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 134.555633][ T4974] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 134.597946][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 134.597959][ T26] audit: type=1800 audit(1770567268.879:28): pid=4974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.130" name="file1" dev="loop2" ino=1048652 res=0 errno=0 [ 134.897649][ T4979] loop1: detected capacity change from 0 to 764 [ 134.923188][ T4981] loop3: detected capacity change from 0 to 256 [ 134.987115][ T4981] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 135.018526][ T4981] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 135.105914][ T4981] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 135.815867][ T26] audit: type=1800 audit(1770567270.059:29): pid=4981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.141" name="file0" dev="loop3" ino=1048654 res=0 errno=0 [ 135.838585][ T4986] exFAT-fs (loop3): error, failed to bmap (inode : ffff88805feb9b60 iblock : 16, err : -5) [ 135.899742][ T4986] exFAT-fs (loop3): Filesystem has been set read-only [ 135.924789][ T4985] loop0: detected capacity change from 0 to 764 [ 136.320009][ T4985] netlink: 'syz.0.142': attribute type 2 has an invalid length. [ 136.775724][ T4998] FAULT_INJECTION: forcing a failure. [ 136.775724][ T4998] name failslab, interval 1, probability 0, space 0, times 1 [ 136.813771][ T4998] CPU: 0 PID: 4998 Comm: syz.3.147 Not tainted syzkaller #0 [ 136.821535][ T4998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 136.831732][ T4998] Call Trace: [ 136.835057][ T4998] [ 136.838027][ T4998] dump_stack_lvl+0x188/0x250 [ 136.842781][ T4998] ? show_regs_print_info+0x20/0x20 [ 136.842851][ T5000] loop2: detected capacity change from 0 to 1024 [ 136.848021][ T4998] ? load_image+0x400/0x400 [ 136.858905][ T4998] should_fail+0x38c/0x4c0 [ 136.863369][ T4998] should_failslab+0x5/0x20 [ 136.867906][ T4998] slab_pre_alloc_hook+0x51/0xc0 [ 136.872889][ T4998] ? skb_clone+0x1bd/0x350 [ 136.877348][ T4998] kmem_cache_alloc+0x3d/0x290 [ 136.882164][ T4998] skb_clone+0x1bd/0x350 [ 136.886640][ T4998] __netlink_deliver_tap+0x3cd/0x7c0 [ 136.892070][ T4998] netlink_deliver_tap+0x16c/0x180 [ 136.897219][ T4998] netlink_unicast+0x74f/0x920 [ 136.902259][ T4998] netlink_sendmsg+0x8ba/0xbe0 [ 136.907084][ T4998] ? netlink_getsockopt+0x570/0x570 [ 136.912329][ T4998] ? aa_sock_msg_perm+0x94/0x150 [ 136.917312][ T4998] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 136.922633][ T4998] ? security_socket_sendmsg+0x7c/0xa0 [ 136.928141][ T4998] ? netlink_getsockopt+0x570/0x570 [ 136.933380][ T4998] ____sys_sendmsg+0x5b7/0x8f0 [ 136.938196][ T4998] ? __sys_sendmsg_sock+0x30/0x30 [ 136.943303][ T4998] ? import_iovec+0x6f/0xa0 [ 136.947859][ T4998] ___sys_sendmsg+0x236/0x2e0 [ 136.952591][ T4998] ? __sys_sendmsg+0x2a0/0x2a0 [ 136.957500][ T4998] ? vfs_write+0x8b2/0xd60 [ 136.962160][ T4998] __se_sys_sendmsg+0x1af/0x290 [ 136.967065][ T4998] ? __x64_sys_sendmsg+0x80/0x80 [ 136.972167][ T4998] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 136.978210][ T4998] ? lockdep_hardirqs_on+0x94/0x140 [ 136.983456][ T4998] do_syscall_64+0x4c/0xa0 [ 136.987927][ T4998] ? clear_bhb_loop+0x30/0x80 [ 136.992643][ T4998] ? clear_bhb_loop+0x30/0x80 [ 136.997363][ T4998] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 137.003311][ T4998] RIP: 0033:0x7fb979c49eb9 [ 137.007759][ T4998] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 137.027592][ T4998] RSP: 002b:00007fb977ea5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 137.036058][ T4998] RAX: ffffffffffffffda RBX: 00007fb979ec4fa0 RCX: 00007fb979c49eb9 [ 137.044162][ T4998] RDX: 0000000000000040 RSI: 0000200000000280 RDI: 0000000000000003 [ 137.052275][ T4998] RBP: 00007fb977ea5090 R08: 0000000000000000 R09: 0000000000000000 [ 137.060282][ T4998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.068478][ T4998] R13: 00007fb979ec5038 R14: 00007fb979ec4fa0 R15: 00007ffdc2774af8 [ 137.076678][ T4998] [ 137.089469][ T4998] netlink: 36 bytes leftover after parsing attributes in process `syz.3.147'. [ 137.104190][ T4998] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.112910][ T4998] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.156216][ T5000] EXT4-fs (loop2): Ignoring removed bh option [ 137.181190][ T5000] EXT4-fs (loop2): Ignoring removed nobh option [ 137.187696][ T5000] EXT4-fs (loop2): inline encryption not supported [ 137.256450][ T5000] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 137.598434][ T5000] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 138.115911][ T5009] loop3: detected capacity change from 0 to 256 [ 138.959783][ T4997] loop1: detected capacity change from 0 to 32768 [ 139.342706][ T4997] XFS (loop1): Mounting V5 Filesystem [ 139.374635][ T5029] loop3: detected capacity change from 0 to 764 [ 140.171297][ T4997] XFS (loop1): Ending clean mount [ 140.537127][ T5042] netlink: 'syz.3.153': attribute type 2 has an invalid length. [ 141.229933][ T4188] XFS (loop1): Unmounting Filesystem [ 141.274150][ T5043] sched: RT throttling activated [ 141.327452][ T5049] loop4: detected capacity change from 0 to 764 [ 141.377401][ T5053] loop0: detected capacity change from 0 to 256 [ 141.586740][ T5053] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 141.600543][ T5053] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 141.689766][ T5055] netlink: 'syz.4.161': attribute type 2 has an invalid length. [ 142.061476][ T5053] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 142.696346][ T26] audit: type=1800 audit(1770567276.979:30): pid=5053 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.160" name="file0" dev="loop0" ino=1048657 res=0 errno=0 [ 142.721559][ T5062] loop3: detected capacity change from 0 to 256 [ 142.836832][ T5064] loop1: detected capacity change from 0 to 1024 [ 142.916895][ T5064] EXT4-fs (loop1): Ignoring removed bh option [ 142.953027][ T5064] EXT4-fs (loop1): Ignoring removed nobh option [ 142.959950][ T5064] EXT4-fs (loop1): inline encryption not supported [ 142.968270][ T5064] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 143.109387][ T4312] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 143.425706][ T5064] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 143.489955][ T4312] usb 3-1: Using ep0 maxpacket: 32 [ 143.619812][ T4312] usb 3-1: config 0 has an invalid interface number: 92 but max is 0 [ 143.635963][ T4312] usb 3-1: config 0 has no interface number 0 [ 143.673601][ T4312] usb 3-1: config 0 interface 92 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 528 [ 143.775231][ T5064] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3887: comm syz.1.166: Allocating blocks 497-513 which overlap fs metadata [ 143.776507][ T5075] loop0: detected capacity change from 0 to 256 [ 143.997658][ T5076] EXT4-fs (loop1): pa ffff88805feb5620: logic 256, phys. 433, len 5 [ 144.006091][ T5076] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 144.079508][ T4312] usb 3-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=79.36 [ 144.088810][ T4312] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.801251][ T4312] usb 3-1: Product: syz [ 144.806839][ T4312] usb 3-1: Manufacturer: syz [ 144.813149][ T4312] usb 3-1: SerialNumber: syz [ 144.819748][ T4312] usb 3-1: config 0 descriptor?? [ 144.851929][ T5066] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 145.790977][ T5066] loop2: detected capacity change from 0 to 2048 [ 146.092270][ T5098] loop4: detected capacity change from 0 to 764 [ 146.109412][ T5066] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #2: comm syz.2.165: pblk 0 bad header/extent: eh_entries is 0 but eh_depth is > 0 - magic f30a, entries 0, max 4(4), depth 5(5) [ 146.135575][ T5066] EXT4-fs (loop2): get root inode failed [ 146.144813][ T5066] EXT4-fs (loop2): mount failed [ 146.354145][ T5102] loop1: detected capacity change from 0 to 764 [ 146.820427][ T4312] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 146.899687][ T4870] usb 3-1: USB disconnect, device number 5 [ 147.100035][ T4870] f81534a_ctrl 3-1:0.92: failed to set register 0x116: -19 [ 147.130238][ T4870] f81534a_ctrl 3-1:0.92: failed to enable ports: -19 [ 147.739377][ T4312] usb 1-1: Using ep0 maxpacket: 32 [ 147.946546][ T5114] loop2: detected capacity change from 0 to 764 [ 148.541992][ T4312] usb 1-1: unable to get BOS descriptor or descriptor too short [ 148.644257][ T5125] netlink: 'syz.2.175': attribute type 2 has an invalid length. [ 150.369351][ T4312] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 150.377116][ T4312] usb 1-1: can't read configurations, error -71 [ 150.789386][ T4312] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 151.069338][ T4312] usb 1-1: Using ep0 maxpacket: 32 [ 151.542029][ T4312] usb 1-1: unable to get BOS descriptor or descriptor too short [ 152.459490][ T4312] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 152.470717][ T4312] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 152.481064][ T4312] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 152.496208][ T4312] usb 1-1: config 1 interface 0 has no altsetting 0 [ 152.512059][ T5153] loop4: detected capacity change from 0 to 764 [ 152.535401][ T5156] loop2: detected capacity change from 0 to 256 [ 152.577281][ T5157] loop3: detected capacity change from 0 to 1024 [ 152.682416][ T4312] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 152.698331][ T5156] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 152.699006][ T4312] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.718585][ T5157] EXT4-fs (loop3): Ignoring removed bh option [ 152.725515][ T5157] EXT4-fs (loop3): Ignoring removed nobh option [ 152.733428][ T4312] usb 1-1: Product: syz [ 152.737636][ T4312] usb 1-1: Manufacturer: ᷊늲ヅρ␪颈콟畎콏밥猁㡻쉐꧇⁷⊜잳뀎먥냵竽퓗䪈둼 [ 152.750597][ T5157] EXT4-fs (loop3): inline encryption not supported [ 152.757174][ T5157] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 152.769880][ T5156] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 152.782749][ T4312] usb 1-1: SerialNumber: syz [ 152.804604][ T5156] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 152.819646][ T5130] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 152.989261][ T26] audit: type=1800 audit(1770567287.219:31): pid=5156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.191" name="file0" dev="loop2" ino=1048661 res=0 errno=0 [ 153.065400][ T5157] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 153.145747][ T5165] netlink: 'syz.4.189': attribute type 2 has an invalid length. [ 154.361280][ T4312] usb 1-1: USB disconnect, device number 5 [ 154.397870][ T5169] loop4: detected capacity change from 0 to 764 [ 154.688507][ T26] audit: type=1800 audit(1770567288.969:32): pid=5157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.190" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 154.773891][ T5181] FAULT_INJECTION: forcing a failure. [ 154.773891][ T5181] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 154.787729][ T5181] CPU: 1 PID: 5181 Comm: syz.0.197 Not tainted syzkaller #0 [ 154.795323][ T5181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 154.805662][ T5181] Call Trace: [ 154.808991][ T5181] [ 154.812041][ T5181] dump_stack_lvl+0x188/0x250 [ 154.816967][ T5181] ? show_regs_print_info+0x20/0x20 [ 154.822203][ T5181] ? load_image+0x400/0x400 [ 154.826751][ T5181] ? __lock_acquire+0x7d10/0x7d10 [ 154.831819][ T5181] should_fail+0x38c/0x4c0 [ 154.836283][ T5181] _copy_to_user+0x2e/0x130 [ 154.841099][ T5181] simple_read_from_buffer+0xe3/0x150 [ 154.846514][ T5181] proc_fail_nth_read+0x1a6/0x220 [ 154.851591][ T5181] ? proc_fault_inject_write+0x310/0x310 [ 154.857450][ T5181] ? fsnotify_perm+0x254/0x560 [ 154.862258][ T5181] ? proc_fault_inject_write+0x310/0x310 [ 154.868018][ T5181] vfs_read+0x301/0xd60 [ 154.872233][ T5181] ? kernel_read+0x1e0/0x1e0 [ 154.876863][ T5181] ? preempt_schedule_irq+0xe6/0x160 [ 154.882199][ T5181] ? __fget_files+0x40f/0x480 [ 154.886936][ T5181] ? mutex_lock_nested+0x17/0x20 [ 154.892032][ T5181] ? __fdget_pos+0x2bf/0x370 [ 154.896717][ T5181] ? ksys_read+0x71/0x260 [ 154.901262][ T5181] ksys_read+0x152/0x260 [ 154.905547][ T5181] ? vfs_write+0xd60/0xd60 [ 154.910036][ T5181] ? syscall_enter_from_user_mode+0x2a/0x70 [ 154.915975][ T5181] do_syscall_64+0x4c/0xa0 [ 154.920619][ T5181] ? clear_bhb_loop+0x30/0x80 [ 154.925771][ T5181] ? clear_bhb_loop+0x30/0x80 [ 154.930483][ T5181] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 154.937030][ T5181] RIP: 0033:0x7f45597f078e [ 154.941611][ T5181] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 154.962065][ T5181] RSP: 002b:00007f4557a48fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 154.971180][ T5181] RAX: ffffffffffffffda RBX: 00007f4557a496c0 RCX: 00007f45597f078e [ 154.979483][ T5181] RDX: 000000000000000f RSI: 00007f4557a490a0 RDI: 0000000000000008 [ 154.987669][ T5181] RBP: 00007f4557a49090 R08: 0000000000000000 R09: 0000000000000000 [ 154.996202][ T5181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.004980][ T5181] R13: 00007f4559aab218 R14: 00007f4559aab180 R15: 00007fff5e916108 [ 155.016221][ T5181] [ 155.461087][ T26] audit: type=1800 audit(1770567289.749:33): pid=5168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.190" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 155.496763][ T5185] loop2: detected capacity change from 0 to 764 [ 155.627093][ T5177] loop1: detected capacity change from 0 to 256 [ 155.760664][ T5177] exfat: Bad value for 'fmask' [ 155.927893][ T5191] netlink: 'syz.2.198': attribute type 2 has an invalid length. [ 156.436667][ T5197] loop0: detected capacity change from 0 to 256 [ 156.456969][ T5200] loop4: detected capacity change from 0 to 256 [ 156.672179][ T5203] loop2: detected capacity change from 0 to 764 [ 157.520099][ T5211] loop1: detected capacity change from 0 to 764 [ 159.271592][ T4871] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 159.368066][ T5235] FAULT_INJECTION: forcing a failure. [ 159.368066][ T5235] name failslab, interval 1, probability 0, space 0, times 0 [ 159.417794][ T5235] CPU: 1 PID: 5235 Comm: syz.4.212 Not tainted syzkaller #0 [ 159.425305][ T5235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 159.435388][ T5235] Call Trace: [ 159.438700][ T5235] [ 159.441654][ T5235] dump_stack_lvl+0x188/0x250 [ 159.446351][ T5235] ? show_regs_print_info+0x20/0x20 [ 159.451831][ T5235] ? load_image+0x400/0x400 [ 159.456377][ T5235] ? __might_sleep+0xf0/0xf0 [ 159.460982][ T5235] ? __lock_acquire+0x7d10/0x7d10 [ 159.466023][ T5235] should_fail+0x38c/0x4c0 [ 159.470471][ T5235] should_failslab+0x5/0x20 [ 159.475022][ T5235] slab_pre_alloc_hook+0x51/0xc0 [ 159.480003][ T5235] ? shmem_match+0x160/0x160 [ 159.484776][ T5235] ? shmem_alloc_inode+0x16/0x30 [ 159.489764][ T5235] kmem_cache_alloc+0x3d/0x290 [ 159.494569][ T5235] ? shmem_match+0x160/0x160 [ 159.499217][ T5235] shmem_alloc_inode+0x16/0x30 [ 159.504016][ T5235] new_inode_pseudo+0x5f/0x210 [ 159.508834][ T5235] new_inode+0x25/0x1c0 [ 159.513037][ T5235] ? do_raw_spin_unlock+0x11d/0x230 [ 159.518293][ T5235] shmem_get_inode+0x334/0xa90 [ 159.523113][ T5235] shmem_mknod+0x55/0x1b0 [ 159.527498][ T5235] ? shmem_mkdir+0x11/0x60 [ 159.531981][ T5235] shmem_mkdir+0x27/0x60 [ 159.536275][ T5235] vfs_mkdir+0x387/0x570 [ 159.540574][ T5235] do_mkdirat+0x1df/0x5b0 [ 159.544948][ T5235] ? vfs_mkdir+0x570/0x570 [ 159.549411][ T5235] ? getname_flags+0x1fe/0x500 [ 159.554324][ T5235] __x64_sys_mkdirat+0x85/0x90 [ 159.559135][ T5235] do_syscall_64+0x4c/0xa0 [ 159.563604][ T5235] ? clear_bhb_loop+0x30/0x80 [ 159.568323][ T5235] ? clear_bhb_loop+0x30/0x80 [ 159.573046][ T5235] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 159.578984][ T5235] RIP: 0033:0x7f0a61953d97 [ 159.583427][ T5235] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.603283][ T5235] RSP: 002b:00007f0a5fbafe58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 159.611834][ T5235] RAX: ffffffffffffffda RBX: 00007f0a5fbafee0 RCX: 00007f0a61953d97 [ 159.619845][ T5235] RDX: 00000000000001ff RSI: 0000200000000100 RDI: 00000000ffffff9c [ 159.627877][ T5235] RBP: 00002000000000c0 R08: 0000000000000000 R09: 0000000000000000 [ 159.635882][ T5235] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000200000000100 [ 159.643895][ T5235] R13: 00007f0a5fbafea0 R14: 0000000000000000 R15: 00002000000004c0 [ 159.652277][ T5235] [ 159.779227][ T4871] usb 2-1: Using ep0 maxpacket: 32 [ 159.939673][ T4871] usb 2-1: unable to get BOS descriptor or descriptor too short [ 159.941793][ T5245] loop4: detected capacity change from 0 to 764 [ 160.030327][ T4871] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 160.093737][ T4871] usb 2-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 160.303318][ T4871] usb 2-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 160.317956][ T4871] usb 2-1: config 1 interface 0 has no altsetting 0 [ 161.427700][ T5259] loop4: detected capacity change from 0 to 764 [ 161.743640][ T4871] usb 2-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 161.790013][ T4871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.039787][ T5260] loop3: detected capacity change from 0 to 764 [ 162.102475][ T5267] netlink: 'syz.4.217': attribute type 2 has an invalid length. [ 162.471391][ T4871] usb 2-1: Product: syz [ 162.479296][ T4871] usb 2-1: Manufacturer: ᷊늲ヅρ␪颈콟畎콏밥猁㡻쉐꧇⁷⊜잳뀎먥냵竽퓗䪈둼 [ 162.491400][ T4871] usb 2-1: SerialNumber: syz [ 162.549474][ T4871] usb 2-1: can't set config #1, error -71 [ 162.718891][ T4871] usb 2-1: USB disconnect, device number 3 [ 162.734027][ T5260] netlink: 'syz.3.219': attribute type 2 has an invalid length. [ 162.854075][ T5276] loop0: detected capacity change from 0 to 1024 [ 163.094320][ T5276] EXT4-fs (loop0): Ignoring removed bh option [ 163.189790][ T5276] EXT4-fs (loop0): Ignoring removed nobh option [ 163.224465][ T5276] EXT4-fs (loop0): inline encryption not supported [ 163.259909][ T5279] loop2: detected capacity change from 0 to 1024 [ 163.312180][ T5276] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 163.402802][ T5279] EXT4-fs (loop2): Ignoring removed bh option [ 163.454597][ T5279] EXT4-fs (loop2): Ignoring removed nobh option [ 163.461002][ T5279] EXT4-fs (loop2): inline encryption not supported [ 163.467692][ T5279] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 163.564307][ T5276] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 163.590827][ T5285] loop3: detected capacity change from 0 to 256 [ 163.600456][ T5279] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 163.916779][ T5276] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3887: comm syz.0.221: Allocating blocks 497-513 which overlap fs metadata [ 163.981316][ T5294] loop1: detected capacity change from 0 to 764 [ 164.320004][ T5299] netlink: 'syz.1.227': attribute type 2 has an invalid length. [ 164.521539][ T5291] EXT4-fs (loop0): pa ffff88805feb5d20: logic 256, phys. 433, len 5 [ 164.530067][ T5291] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 164.547147][ T5302] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 164.557847][ T5302] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 164.568253][ T5302] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 164.629154][ C0] hrtimer: interrupt took 53144 ns [ 164.679548][ T26] audit: type=1800 audit(1770567298.869:34): pid=5302 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.225" name="file1" dev="loop3" ino=1048664 res=0 errno=0 [ 164.923838][ T5310] loop1: detected capacity change from 0 to 764 [ 165.146938][ T5313] loop0: detected capacity change from 0 to 256 [ 165.215747][ T5314] netlink: 'syz.1.231': attribute type 2 has an invalid length. [ 166.655998][ T5336] loop4: detected capacity change from 0 to 764 [ 167.081911][ T5342] netlink: 'syz.4.236': attribute type 2 has an invalid length. [ 167.968622][ T5349] loop0: detected capacity change from 0 to 1024 [ 168.079135][ T5352] loop4: detected capacity change from 0 to 764 [ 168.083631][ T5349] EXT4-fs (loop0): Ignoring removed bh option [ 168.099493][ T5349] EXT4-fs (loop0): Ignoring removed nobh option [ 168.105817][ T5349] EXT4-fs (loop0): inline encryption not supported [ 168.124466][ T5349] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 168.355897][ T5349] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 168.394702][ T5363] loop1: detected capacity change from 0 to 764 [ 168.451997][ T5367] netlink: 'syz.4.241': attribute type 2 has an invalid length. [ 168.900642][ T5372] netlink: 'syz.1.243': attribute type 2 has an invalid length. [ 169.598066][ T5381] loop4: detected capacity change from 0 to 764 [ 170.000979][ T5392] netlink: 'syz.4.244': attribute type 2 has an invalid length. [ 170.760510][ T5396] loop3: detected capacity change from 0 to 256 [ 170.825187][ T5399] loop1: detected capacity change from 0 to 256 [ 170.854125][ T5400] loop4: detected capacity change from 0 to 764 [ 170.917364][ T5402] loop0: detected capacity change from 0 to 764 [ 170.937842][ T5396] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 171.059298][ T5396] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 171.507291][ T5406] netlink: 'syz.4.251': attribute type 2 has an invalid length. [ 171.843668][ T5408] netlink: 'syz.0.252': attribute type 2 has an invalid length. [ 172.202696][ T5414] loop2: detected capacity change from 0 to 256 [ 172.384753][ T5396] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 172.414774][ T26] audit: type=1800 audit(1770567306.699:35): pid=5396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.250" name="file0" dev="loop3" ino=1048668 res=0 errno=0 [ 172.488951][ T5421] loop1: detected capacity change from 0 to 764 [ 172.497239][ T5424] exFAT-fs (loop3): error, failed to bmap (inode : ffff88807357c260 iblock : 16, err : -5) [ 172.524073][ T5424] exFAT-fs (loop3): Filesystem has been set read-only [ 172.760463][ T5419] EXT4-fs (loop4): Ignoring removed bh option [ 172.767011][ T5419] EXT4-fs (loop4): Ignoring removed nobh option [ 172.814479][ T5419] EXT4-fs (loop4): inline encryption not supported [ 172.843323][ T5419] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 172.942780][ T5427] netlink: 'syz.0.257': attribute type 2 has an invalid length. [ 173.163037][ T5432] netlink: 'syz.1.254': attribute type 2 has an invalid length. [ 173.450230][ T5419] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 173.827675][ T5445] set_capacity_and_notify: 2 callbacks suppressed [ 173.827692][ T5445] loop4: detected capacity change from 0 to 764 [ 173.918270][ T5447] loop0: detected capacity change from 0 to 764 [ 174.071457][ T5449] loop1: detected capacity change from 0 to 256 [ 174.362803][ T5451] netlink: 'syz.0.263': attribute type 2 has an invalid length. [ 174.609100][ T5453] netlink: 'syz.4.272': attribute type 2 has an invalid length. [ 174.913049][ T5455] loop3: detected capacity change from 0 to 764 [ 175.505739][ T5459] netlink: 'syz.3.265': attribute type 2 has an invalid length. [ 175.792444][ T5461] netlink: 'syz.4.267': attribute type 5 has an invalid length. [ 175.926847][ T5461] loop4: detected capacity change from 0 to 256 [ 175.988602][ T5461] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 176.117317][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888060404800: rx timeout, send abort [ 176.225728][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888060404800: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 176.384588][ T5471] netlink: 'syz.3.268': attribute type 2 has an invalid length. [ 177.259899][ T5473] loop0: detected capacity change from 0 to 256 [ 177.317654][ T5475] loop3: detected capacity change from 0 to 1024 [ 177.348992][ T5473] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 177.684367][ T5479] loop1: detected capacity change from 0 to 764 [ 177.774792][ T5475] EXT4-fs (loop3): Ignoring removed bh option [ 177.785902][ T5475] EXT4-fs (loop3): Ignoring removed nobh option [ 177.947382][ T5475] EXT4-fs (loop3): inline encryption not supported [ 178.066106][ T5475] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 178.217952][ T5473] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 178.230158][ T5473] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 178.260974][ T26] audit: type=1800 audit(1770567312.549:36): pid=5473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.269" name="file0" dev="loop0" ino=1048671 res=0 errno=0 [ 178.405215][ T5486] loop4: detected capacity change from 0 to 512 [ 178.468836][ T5473] exFAT-fs (loop0): error, failed to bmap (inode : ffff88807357dc60 iblock : 16, err : -5) [ 178.485389][ T5473] exFAT-fs (loop0): Filesystem has been set read-only [ 178.493747][ T5475] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 178.568451][ T5475] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3887: comm syz.3.273: Allocating blocks 497-513 which overlap fs metadata [ 178.595776][ T5488] netlink: 'syz.1.271': attribute type 2 has an invalid length. [ 178.615133][ T5475] EXT4-fs (loop3): pa ffff8880734ac2a0: logic 128, phys. 385, len 8 [ 178.623645][ T5475] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 178.770163][ T5493] loop2: detected capacity change from 0 to 764 [ 179.076244][ T5499] loop1: detected capacity change from 0 to 256 [ 179.085200][ T5495] loop4: detected capacity change from 0 to 764 [ 179.181350][ T5504] netlink: 'syz.2.276': attribute type 2 has an invalid length. [ 179.530426][ T5510] netlink: 'syz.4.279': attribute type 2 has an invalid length. [ 180.008354][ T5523] FAULT_INJECTION: forcing a failure. [ 180.008354][ T5523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 180.022760][ T5523] CPU: 0 PID: 5523 Comm: syz.0.282 Not tainted syzkaller #0 [ 180.030134][ T5523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 180.040251][ T5523] Call Trace: [ 180.043566][ T5523] [ 180.046528][ T5523] dump_stack_lvl+0x188/0x250 [ 180.051478][ T5523] ? show_regs_print_info+0x20/0x20 [ 180.056724][ T5523] ? load_image+0x400/0x400 [ 180.061267][ T5523] ? __lock_acquire+0x7d10/0x7d10 [ 180.066329][ T5523] ? __alloc_skb+0x473/0x750 [ 180.070964][ T5523] should_fail+0x38c/0x4c0 [ 180.075432][ T5523] _copy_from_iter+0x22e/0x1170 [ 180.080340][ T5523] ? __lock_acquire+0x7d10/0x7d10 [ 180.085410][ T5523] ? copy_mc_pipe_to_iter+0x7d0/0x7d0 [ 180.090924][ T5523] ? __virt_addr_valid+0x3c6/0x470 [ 180.096073][ T5523] ? __phys_addr_symbol+0x2b/0x70 [ 180.101362][ T5523] ? __check_object_size+0x30c/0x410 [ 180.106776][ T5523] skb_copy_datagram_from_iter+0xf2/0x6a0 [ 180.112535][ T5523] ? skb_put+0x117/0x210 [ 180.116819][ T5523] packet_sendmsg+0x3840/0x5060 [ 180.121729][ T5523] ? verify_lock_unused+0x140/0x140 [ 180.126970][ T5523] ? __might_sleep+0xf0/0xf0 [ 180.131611][ T5523] ? aa_sk_perm+0x7dc/0x910 [ 180.136152][ T5523] ? packet_getsockopt+0x9a0/0x9a0 [ 180.141312][ T5523] ? aa_sock_msg_perm+0x94/0x150 [ 180.146379][ T5523] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 180.151696][ T5523] ? security_socket_sendmsg+0x7c/0xa0 [ 180.157390][ T5523] ? packet_getsockopt+0x9a0/0x9a0 [ 180.162656][ T5523] ____sys_sendmsg+0x5b7/0x8f0 [ 180.167469][ T5523] ? __sys_sendmsg_sock+0x30/0x30 [ 180.172636][ T5523] ? import_iovec+0x6f/0xa0 [ 180.177272][ T5523] ___sys_sendmsg+0x236/0x2e0 [ 180.182097][ T5523] ? __sys_sendmsg+0x2a0/0x2a0 [ 180.187024][ T5523] ? vfs_write+0x8b2/0xd60 [ 180.191516][ T5523] __se_sys_sendmsg+0x1af/0x290 [ 180.196434][ T5523] ? __x64_sys_sendmsg+0x80/0x80 [ 180.201413][ T5523] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 180.207456][ T5523] ? lockdep_hardirqs_on+0x94/0x140 [ 180.212855][ T5523] do_syscall_64+0x4c/0xa0 [ 180.217410][ T5523] ? clear_bhb_loop+0x30/0x80 [ 180.222297][ T5523] ? clear_bhb_loop+0x30/0x80 [ 180.227204][ T5523] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 180.233152][ T5523] RIP: 0033:0x7f455982feb9 [ 180.237619][ T5523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 180.257271][ T5523] RSP: 002b:00007f4557a8b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 180.265754][ T5523] RAX: ffffffffffffffda RBX: 00007f4559aaafa0 RCX: 00007f455982feb9 [ 180.273765][ T5523] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000008 [ 180.281772][ T5523] RBP: 00007f4557a8b090 R08: 0000000000000000 R09: 0000000000000000 [ 180.289794][ T5523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 180.297804][ T5523] R13: 00007f4559aab038 R14: 00007f4559aaafa0 R15: 00007fff5e916108 [ 180.305849][ T5523] [ 180.309055][ C0] vkms_vblank_simulate: vblank timer overrun [ 181.036340][ T5532] loop2: detected capacity change from 0 to 256 [ 182.190235][ T5545] FAULT_INJECTION: forcing a failure. [ 182.190235][ T5545] name failslab, interval 1, probability 0, space 0, times 0 [ 182.215818][ T5544] loop3: detected capacity change from 0 to 764 [ 182.237365][ T5545] CPU: 1 PID: 5545 Comm: syz.0.288 Not tainted syzkaller #0 [ 182.244825][ T5545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 182.254918][ T5545] Call Trace: [ 182.258237][ T5545] [ 182.261198][ T5545] dump_stack_lvl+0x188/0x250 [ 182.265927][ T5545] ? show_regs_print_info+0x20/0x20 [ 182.271208][ T5545] ? load_image+0x400/0x400 [ 182.275847][ T5545] ? __might_sleep+0xf0/0xf0 [ 182.280463][ T5545] ? __lock_acquire+0x7d10/0x7d10 [ 182.285529][ T5545] should_fail+0x38c/0x4c0 [ 182.289978][ T5545] should_failslab+0x5/0x20 [ 182.294526][ T5545] slab_pre_alloc_hook+0x51/0xc0 [ 182.299509][ T5545] ? shmem_match+0x160/0x160 [ 182.304236][ T5545] ? shmem_alloc_inode+0x16/0x30 [ 182.309248][ T5545] kmem_cache_alloc+0x3d/0x290 [ 182.314144][ T5545] ? shmem_match+0x160/0x160 [ 182.318893][ T5545] shmem_alloc_inode+0x16/0x30 [ 182.323732][ T5545] new_inode_pseudo+0x5f/0x210 [ 182.328745][ T5545] new_inode+0x25/0x1c0 [ 182.333230][ T5545] shmem_get_inode+0x334/0xa90 [ 182.338318][ T5545] ? _raw_spin_unlock+0x24/0x40 [ 182.343295][ T5545] __shmem_file_setup+0x10b/0x290 [ 182.350054][ T5545] ? shmem_file_setup+0x13/0x30 [ 182.355161][ T5545] __se_sys_memfd_create+0x290/0x450 [ 182.360491][ T5545] ? __x64_sys_memfd_create+0x60/0x60 [ 182.366103][ T5545] ? lockdep_hardirqs_on+0x94/0x140 [ 182.371353][ T5545] do_syscall_64+0x4c/0xa0 [ 182.375960][ T5545] ? clear_bhb_loop+0x30/0x80 [ 182.380825][ T5545] ? clear_bhb_loop+0x30/0x80 [ 182.385666][ T5545] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 182.391897][ T5545] RIP: 0033:0x7f455982feb9 [ 182.396448][ T5545] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 182.418339][ T5545] RSP: 002b:00007f4557a8ae08 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 182.427413][ T5545] RAX: ffffffffffffffda RBX: 000000000000025f RCX: 00007f455982feb9 [ 182.435493][ T5545] RDX: 00007f4557a8aee0 RSI: 0000000000000000 RDI: 00007f455989c333 [ 182.443488][ T5545] RBP: 0000200000000140 R08: 00000000ffffffff R09: 0000000000000000 [ 182.451488][ T5545] R10: 0000000000000001 R11: 0000000000000202 R12: 0000200000000000 [ 182.459482][ T5545] R13: 00007f4557a8aee0 R14: 00007f4557a8aea0 R15: 00002000000003c0 [ 182.467485][ T5545] [ 182.581074][ T5547] loop1: detected capacity change from 0 to 256 [ 182.637639][ T5547] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 182.775764][ T5547] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 182.787953][ T5547] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 182.837834][ T5548] netlink: 'syz.3.287': attribute type 2 has an invalid length. [ 182.850944][ T26] audit: type=1800 audit(1770567317.139:37): pid=5547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.289" name="file0" dev="loop1" ino=1048673 res=0 errno=0 [ 182.906400][ T5551] exFAT-fs (loop1): error, failed to bmap (inode : ffff88807357efe0 iblock : 16, err : -5) [ 182.931503][ T5550] loop0: detected capacity change from 0 to 1024 [ 182.949283][ T5551] exFAT-fs (loop1): Filesystem has been set read-only [ 183.014771][ T5550] EXT4-fs (loop0): Ignoring removed bh option [ 183.036513][ T5550] EXT4-fs (loop0): Ignoring removed nobh option [ 183.094114][ T5550] EXT4-fs (loop0): inline encryption not supported [ 183.196564][ T5553] loop4: detected capacity change from 0 to 764 [ 183.213993][ T5550] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 183.231654][ T5555] loop3: detected capacity change from 0 to 764 [ 183.473196][ T5550] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 183.553672][ T5560] netlink: 'syz.4.291': attribute type 2 has an invalid length. [ 183.965902][ T5563] netlink: 'syz.3.292': attribute type 2 has an invalid length. [ 184.307195][ T5564] loop1: detected capacity change from 0 to 764 [ 184.641604][ T5564] netlink: 'syz.1.293': attribute type 2 has an invalid length. [ 185.307216][ T5576] loop2: detected capacity change from 0 to 764 [ 185.703103][ T5587] netlink: 'syz.2.296': attribute type 2 has an invalid length. [ 186.196949][ T5594] loop0: detected capacity change from 0 to 256 [ 187.168652][ T5605] loop2: detected capacity change from 0 to 764 [ 187.355873][ T5611] loop3: detected capacity change from 0 to 764 [ 187.456349][ T5616] loop4: detected capacity change from 0 to 256 [ 187.676874][ T5617] netlink: 'syz.2.302': attribute type 2 has an invalid length. [ 187.895097][ T5621] netlink: 'syz.3.303': attribute type 2 has an invalid length. [ 188.667121][ T5625] netlink: 76 bytes leftover after parsing attributes in process `syz.2.308'. [ 188.760551][ T5633] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 188.770990][ T5633] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 188.781252][ T5633] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 188.791719][ T26] audit: type=1800 audit(1770567323.079:38): pid=5633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.306" name="file1" dev="loop4" ino=1048675 res=0 errno=0 [ 188.823120][ T5627] loop3: detected capacity change from 0 to 764 [ 188.954411][ T5639] loop0: detected capacity change from 0 to 764 [ 189.311385][ T5644] netlink: 'syz.3.310': attribute type 2 has an invalid length. [ 189.558895][ T5646] netlink: 'syz.0.314': attribute type 2 has an invalid length. [ 191.357260][ T5660] loop1: detected capacity change from 0 to 256 [ 191.387927][ T5661] loop3: detected capacity change from 0 to 256 [ 191.409502][ T23] Bluetooth: hci1: command 0x0406 tx timeout [ 191.425732][ T23] Bluetooth: hci3: command 0x0406 tx timeout [ 191.452576][ T23] Bluetooth: hci2: command 0x0406 tx timeout [ 191.484659][ T5660] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 191.487926][ T23] Bluetooth: hci0: command 0x0406 tx timeout [ 191.519481][ T5660] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 191.540478][ T23] Bluetooth: hci4: command 0x0406 tx timeout [ 191.554588][ T5660] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 191.573731][ T5661] FAT-fs (loop3): Directory bread(block 64) failed [ 191.631216][ T5661] FAT-fs (loop3): Directory bread(block 65) failed [ 191.638116][ T5661] FAT-fs (loop3): Directory bread(block 66) failed [ 191.669770][ T26] audit: type=1800 audit(1770567325.959:39): pid=5660 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.320" name="file0" dev="loop1" ino=1048678 res=0 errno=0 [ 191.711506][ T5661] FAT-fs (loop3): Directory bread(block 67) failed [ 191.729425][ T5661] FAT-fs (loop3): Directory bread(block 68) failed [ 191.747717][ T5670] exFAT-fs (loop1): error, failed to bmap (inode : ffff88805feba1e0 iblock : 16, err : -5) [ 191.772011][ T5661] FAT-fs (loop3): Directory bread(block 69) failed [ 191.835624][ T5670] exFAT-fs (loop1): Filesystem has been set read-only [ 191.870735][ T5661] FAT-fs (loop3): Directory bread(block 70) failed [ 191.911545][ T5661] FAT-fs (loop3): Directory bread(block 71) failed [ 191.931981][ T5672] loop0: detected capacity change from 0 to 764 [ 191.946330][ T5661] FAT-fs (loop3): Directory bread(block 72) failed [ 191.953307][ T5661] FAT-fs (loop3): Directory bread(block 73) failed [ 192.283052][ T5676] netlink: 'syz.0.322': attribute type 2 has an invalid length. [ 193.020586][ T5681] loop0: detected capacity change from 0 to 764 [ 193.225481][ T5677] mmap: syz.3.318 (5677) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 193.268178][ T5690] loop4: detected capacity change from 0 to 764 [ 193.316314][ T5686] loop2: detected capacity change from 0 to 764 [ 193.392032][ T5687] FAULT_INJECTION: forcing a failure. [ 193.392032][ T5687] name failslab, interval 1, probability 0, space 0, times 0 [ 193.458636][ T5695] netlink: 'syz.0.325': attribute type 2 has an invalid length. [ 193.862793][ T5697] netlink: 'syz.4.326': attribute type 2 has an invalid length. [ 193.972008][ T5687] CPU: 1 PID: 5687 Comm: syz.1.328 Not tainted syzkaller #0 [ 193.979361][ T5687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 193.989496][ T5687] Call Trace: [ 193.992814][ T5687] [ 193.995880][ T5687] dump_stack_lvl+0x188/0x250 [ 194.000615][ T5687] ? show_regs_print_info+0x20/0x20 [ 194.005863][ T5687] ? load_image+0x400/0x400 [ 194.010427][ T5687] ? __might_sleep+0xf0/0xf0 [ 194.015328][ T5687] ? __lock_acquire+0x7d10/0x7d10 [ 194.020592][ T5687] should_fail+0x38c/0x4c0 [ 194.025079][ T5687] should_failslab+0x5/0x20 [ 194.029636][ T5687] slab_pre_alloc_hook+0x51/0xc0 [ 194.034993][ T5687] ? kvm_mmu_topup_memory_cache+0xde/0x200 [ 194.040876][ T5687] kmem_cache_alloc+0x3d/0x290 [ 194.045692][ T5687] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 194.051768][ T5687] kvm_mmu_topup_memory_cache+0xde/0x200 [ 194.057464][ T5687] kvm_mmu_load+0x88/0x1b90 [ 194.062105][ T5687] ? kvm_apic_accept_events+0x546/0x560 [ 194.067701][ T5687] ? lock_chain_count+0x20/0x20 [ 194.072610][ T5687] ? kvm_apic_has_interrupt+0x729/0x740 [ 194.078207][ T5687] ? kvm_lapic_enable_pv_eoi+0x140/0x140 [ 194.084425][ T5687] vcpu_enter_guest+0x61b5/0x7010 [ 194.089664][ T5687] ? local_bh_enable+0x20/0x20 [ 194.094481][ T5687] ? is_bpf_text_address+0x254/0x270 [ 194.099810][ T5687] ? __kernel_text_address+0x9a/0x100 [ 194.105230][ T5687] ? mark_lock+0x94/0x320 [ 194.109639][ T5687] ? __lock_acquire+0x13bc/0x7d10 [ 194.114736][ T5687] ? llist_add_batch+0x85/0xa0 [ 194.119554][ T5687] ? mark_lock+0x94/0x320 [ 194.123936][ T5687] ? __lock_acquire+0x12e8/0x7d10 [ 194.129220][ T5687] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 194.135291][ T5687] ? lock_chain_count+0x20/0x20 [ 194.140342][ T5687] ? verify_lock_unused+0x140/0x140 [ 194.145598][ T5687] ? vmx_vcpu_load_vmcs+0x17e/0x780 [ 194.150846][ T5687] ? vmx_vcpu_load_vmcs+0x2b0/0x780 [ 194.156190][ T5687] ? mark_lock+0x94/0x320 [ 194.160667][ T5687] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 194.166934][ T5687] ? __local_bh_enable_ip+0x136/0x1c0 [ 194.172352][ T5687] ? read_lock_is_recursive+0x10/0x10 [ 194.177773][ T5687] ? rcu_is_watching+0x11/0xa0 [ 194.182586][ T5687] kvm_arch_vcpu_ioctl_run+0xdea/0x1f40 [ 194.188321][ T5687] kvm_vcpu_ioctl+0x8f7/0xc10 [ 194.193051][ T5687] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 194.198757][ T5687] ? bpf_lsm_file_ioctl+0x5/0x10 [ 194.203737][ T5687] ? security_file_ioctl+0x7c/0xa0 [ 194.209048][ T5687] ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0 [ 194.214739][ T5687] __se_sys_ioctl+0xfa/0x170 [ 194.219997][ T5687] do_syscall_64+0x4c/0xa0 [ 194.224464][ T5687] ? clear_bhb_loop+0x30/0x80 [ 194.229200][ T5687] ? clear_bhb_loop+0x30/0x80 [ 194.233907][ T5687] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 194.239928][ T5687] RIP: 0033:0x7f8716c26eb9 [ 194.244419][ T5687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 194.264166][ T5687] RSP: 002b:00007f8714e82028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.272622][ T5687] RAX: ffffffffffffffda RBX: 00007f8716ea1fa0 RCX: 00007f8716c26eb9 [ 194.280658][ T5687] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006 [ 194.288754][ T5687] RBP: 00007f8714e82090 R08: 0000000000000000 R09: 0000000000000000 [ 194.297014][ T5687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.305030][ T5687] R13: 00007f8716ea2038 R14: 00007f8716ea1fa0 R15: 00007ffe94a1d958 [ 194.313065][ T5687] [ 194.378185][ T5701] netlink: 'syz.2.327': attribute type 2 has an invalid length. [ 194.444971][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.457928][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.634154][ T5714] loop3: detected capacity change from 0 to 1024 [ 195.676365][ T5714] EXT4-fs (loop3): Ignoring removed bh option [ 195.696611][ T5714] EXT4-fs (loop3): Ignoring removed nobh option [ 195.734077][ T5714] EXT4-fs (loop3): inline encryption not supported [ 195.754507][ T5714] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 195.767183][ T5721] loop4: detected capacity change from 0 to 256 [ 195.833886][ T5726] loop2: detected capacity change from 0 to 256 [ 195.838318][ T5719] loop1: detected capacity change from 0 to 764 [ 195.847959][ T5714] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 195.878606][ T5721] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 195.895916][ T5721] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 196.153559][ T5721] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 196.174924][ T5726] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 196.185692][ T5726] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 196.186973][ T5730] netlink: 'syz.1.337': attribute type 2 has an invalid length. [ 196.195920][ T5726] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 196.214054][ T26] audit: type=1800 audit(1770567330.499:40): pid=5726 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.338" name="file1" dev="loop2" ino=1048681 res=0 errno=0 [ 196.994337][ T5738] loop1: detected capacity change from 0 to 764 [ 197.360055][ T5744] netlink: 'syz.4.343': attribute type 2 has an invalid length. [ 199.002577][ T5766] loop4: detected capacity change from 0 to 256 [ 199.171266][ T5769] loop1: detected capacity change from 0 to 764 [ 199.262350][ T5766] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 199.272633][ T5766] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 199.282840][ T5766] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 199.294853][ T26] audit: type=1800 audit(1770567333.579:41): pid=5766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.350" name="file1" dev="loop4" ino=1048685 res=0 errno=0 [ 199.298764][ T5735] loop2: detected capacity change from 0 to 32768 [ 199.433494][ T5771] loop0: detected capacity change from 0 to 764 [ 200.098060][ T5779] netlink: 'syz.0.351': attribute type 2 has an invalid length. [ 200.888488][ T5791] loop2: detected capacity change from 0 to 1024 [ 201.064570][ T5791] EXT4-fs (loop2): Ignoring removed bh option [ 201.108949][ T5791] EXT4-fs (loop2): Ignoring removed nobh option [ 201.212022][ T5791] EXT4-fs (loop2): inline encryption not supported [ 201.282514][ T5791] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 201.506997][ T5792] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 201.522187][ T5791] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 202.557649][ T5791] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3887: comm syz.2.355: Allocating blocks 497-513 which overlap fs metadata [ 202.633810][ T5813] loop4: detected capacity change from 0 to 764 [ 202.691065][ T5791] EXT4-fs (loop2): pa ffff88805feb5460: logic 128, phys. 385, len 8 [ 202.699349][ T5791] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 202.715259][ T5818] loop3: detected capacity change from 0 to 256 [ 203.044450][ T5824] loop0: detected capacity change from 0 to 764 [ 203.216788][ T5818] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 203.228279][ T5818] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 203.238924][ T5818] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 203.278532][ T26] audit: type=1800 audit(1770567337.559:42): pid=5818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.363" name="file1" dev="loop3" ino=1048688 res=0 errno=0 [ 203.583225][ T5831] loop3: detected capacity change from 0 to 764 [ 203.965465][ T5835] netlink: 'syz.0.366': attribute type 2 has an invalid length. [ 204.180965][ T5838] netlink: 'syz.3.367': attribute type 2 has an invalid length. [ 204.300885][ T5834] loop1: detected capacity change from 0 to 256 [ 204.413278][ T5834] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 204.690659][ T5841] loop2: detected capacity change from 0 to 32768 [ 204.704692][ T5834] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 204.943736][ T5834] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 204.981039][ T5841] XFS (loop2): Mounting V5 Filesystem [ 205.300312][ T5841] XFS (loop2): Ending clean mount [ 205.325198][ T5841] XFS (loop2): Quotacheck needed: Please wait. [ 206.239856][ T5841] XFS (loop2): Quotacheck: Done. [ 206.528621][ T5867] FAULT_INJECTION: forcing a failure. [ 206.528621][ T5867] name failslab, interval 1, probability 0, space 0, times 0 [ 206.541931][ T5867] CPU: 1 PID: 5867 Comm: syz.2.369 Not tainted syzkaller #0 [ 206.549264][ T5867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 206.559351][ T5867] Call Trace: [ 206.562653][ T5867] [ 206.565606][ T5867] dump_stack_lvl+0x188/0x250 [ 206.570521][ T5867] ? show_regs_print_info+0x20/0x20 [ 206.575772][ T5867] ? load_image+0x400/0x400 [ 206.580445][ T5867] ? __might_sleep+0xf0/0xf0 [ 206.585078][ T5867] ? __lock_acquire+0x7d10/0x7d10 [ 206.590141][ T5867] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 206.596165][ T5867] should_fail+0x38c/0x4c0 [ 206.600724][ T5867] should_failslab+0x5/0x20 [ 206.605265][ T5867] slab_pre_alloc_hook+0x51/0xc0 [ 206.610266][ T5867] __kmalloc+0x6b/0x330 [ 206.614463][ T5867] ? kmem_alloc+0x12c/0x370 [ 206.619011][ T5867] kmem_alloc+0x12c/0x370 [ 206.623384][ T5867] xfs_dir_lookup+0x1c5/0xc70 [ 206.628096][ T5867] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 206.633768][ T5867] ? xfs_dir_cilookup_result+0x180/0x180 [ 206.639448][ T5867] xfs_lookup+0x18e/0x400 [ 206.643847][ T5867] ? xfs_ip2xflags+0x1b0/0x1b0 [ 206.648644][ T5867] ? d_alloc+0x1e7/0x250 [ 206.653011][ T5867] xfs_vn_lookup+0x12d/0x1f0 [ 206.657639][ T5867] ? __rwlock_init+0x140/0x140 [ 206.662441][ T5867] ? xfs_initxattrs+0x260/0x260 [ 206.667322][ T5867] ? do_raw_spin_unlock+0x11d/0x230 [ 206.672572][ T5867] ? _raw_spin_unlock+0x24/0x40 [ 206.677462][ T5867] ? d_alloc+0x1e7/0x250 [ 206.681752][ T5867] lookup_one_qstr_excl+0x10e/0x240 [ 206.687015][ T5867] do_renameat2+0x452/0xf60 [ 206.691578][ T5867] ? fsnotify_move+0x4e0/0x4e0 [ 206.696368][ T5867] ? __virt_addr_valid+0x3c6/0x470 [ 206.701642][ T5867] ? __phys_addr_symbol+0x2b/0x70 [ 206.706793][ T5867] ? getname_flags+0x1fe/0x500 [ 206.711592][ T5867] __x64_sys_renameat2+0xce/0xe0 [ 206.716606][ T5867] do_syscall_64+0x4c/0xa0 [ 206.721137][ T5867] ? clear_bhb_loop+0x30/0x80 [ 206.725841][ T5867] ? clear_bhb_loop+0x30/0x80 [ 206.730552][ T5867] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 206.736504][ T5867] RIP: 0033:0x7f61c502feb9 [ 206.740956][ T5867] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 206.760609][ T5867] RSP: 002b:00007f61c3249028 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 206.769059][ T5867] RAX: ffffffffffffffda RBX: 00007f61c52ab180 RCX: 00007f61c502feb9 [ 206.777062][ T5867] RDX: ffffffffffffff9c RSI: 0000200000000440 RDI: ffffffffffffff9c [ 206.785063][ T5867] RBP: 00007f61c3249090 R08: 0000000000000004 R09: 0000000000000000 [ 206.793113][ T5867] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 206.801204][ T5867] R13: 00007f61c52ab218 R14: 00007f61c52ab180 R15: 00007ffe16c72d88 [ 206.809231][ T5867] [ 206.944571][ T5862] netlink: 4 bytes leftover after parsing attributes in process `syz.0.374'. [ 207.004870][ T5862] device bridge_slave_1 left promiscuous mode [ 207.043541][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.085573][ T5871] loop3: detected capacity change from 0 to 256 [ 207.122729][ T5862] device bridge_slave_0 left promiscuous mode [ 207.196917][ T5872] loop4: detected capacity change from 0 to 764 [ 207.203930][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.009540][ T4191] XFS (loop2): Unmounting Filesystem [ 208.144000][ T5882] loop4: detected capacity change from 0 to 1024 [ 208.225316][ T5882] EXT4-fs (loop4): Ignoring removed bh option [ 208.234781][ T5882] EXT4-fs (loop4): Ignoring removed nobh option [ 208.259830][ T5882] EXT4-fs (loop4): inline encryption not supported [ 208.276506][ T5882] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 208.370373][ T5882] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 208.446889][ T5874] netlink: 20 bytes leftover after parsing attributes in process `syz.1.380'. [ 208.534894][ T5893] loop1: detected capacity change from 0 to 764 [ 208.595938][ T5882] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3887: comm syz.4.382: Allocating blocks 497-513 which overlap fs metadata [ 208.717310][ T5882] EXT4-fs (loop4): pa ffff8880734acc40: logic 128, phys. 385, len 8 [ 208.725935][ T5882] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 208.919442][ T4454] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 208.950275][ T5900] netlink: 'syz.1.383': attribute type 2 has an invalid length. [ 209.210180][ T4454] usb 1-1: Using ep0 maxpacket: 32 [ 209.289925][ T5902] loop3: detected capacity change from 0 to 1024 [ 209.429861][ T5902] EXT4-fs (loop3): Ignoring removed bh option [ 209.436130][ T5902] EXT4-fs (loop3): Ignoring removed nobh option [ 209.473270][ T5902] EXT4-fs (loop3): inline encryption not supported [ 209.480525][ T4454] usb 1-1: unable to get BOS descriptor or descriptor too short [ 209.494010][ T5902] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 209.546509][ T5905] FAULT_INJECTION: forcing a failure. [ 209.546509][ T5905] name failslab, interval 1, probability 0, space 0, times 0 [ 209.578872][ T5905] CPU: 0 PID: 5905 Comm: syz.4.386 Not tainted syzkaller #0 [ 209.586232][ T5905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 209.596414][ T5905] Call Trace: [ 209.599732][ T5905] [ 209.602697][ T5905] dump_stack_lvl+0x188/0x250 [ 209.607443][ T5905] ? show_regs_print_info+0x20/0x20 [ 209.612693][ T5905] ? load_image+0x400/0x400 [ 209.617341][ T5905] should_fail+0x38c/0x4c0 [ 209.621839][ T5905] should_failslab+0x5/0x20 [ 209.626419][ T5905] slab_pre_alloc_hook+0x51/0xc0 [ 209.631395][ T5905] ? skb_clone+0x1bd/0x350 [ 209.635852][ T5905] kmem_cache_alloc+0x3d/0x290 [ 209.636086][ T4454] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 209.640659][ T5905] skb_clone+0x1bd/0x350 [ 209.640691][ T5905] __netlink_deliver_tap+0x3cd/0x7c0 [ 209.661503][ T5905] netlink_deliver_tap+0x16c/0x180 [ 209.663033][ T4454] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 209.666670][ T5905] netlink_unicast+0x74f/0x920 [ 209.666711][ T5905] netlink_sendmsg+0x8ba/0xbe0 [ 209.686185][ T5905] ? netlink_getsockopt+0x570/0x570 [ 209.691432][ T5905] ? aa_sock_msg_perm+0x94/0x150 [ 209.696417][ T5905] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 209.697765][ T4454] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 209.701760][ T5905] ? security_socket_sendmsg+0x7c/0xa0 [ 209.701790][ T5905] ? netlink_getsockopt+0x570/0x570 [ 209.701811][ T5905] ____sys_sendmsg+0x5b7/0x8f0 [ 209.701861][ T5905] ? __sys_sendmsg_sock+0x30/0x30 [ 209.735357][ T5905] ? import_iovec+0x6f/0xa0 [ 209.739909][ T5905] ___sys_sendmsg+0x236/0x2e0 [ 209.744750][ T5905] ? __sys_sendmsg+0x2a0/0x2a0 [ 209.749569][ T5905] ? vfs_write+0x8b2/0xd60 [ 209.754051][ T5905] __se_sys_sendmsg+0x1af/0x290 [ 209.758950][ T5905] ? __x64_sys_sendmsg+0x80/0x80 [ 209.763925][ T5905] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 209.764047][ T4454] usb 1-1: config 1 interface 0 has no altsetting 0 [ 209.769966][ T5905] ? lockdep_hardirqs_on+0x94/0x140 [ 209.770003][ T5905] do_syscall_64+0x4c/0xa0 [ 209.770027][ T5905] ? clear_bhb_loop+0x30/0x80 [ 209.791366][ T5905] ? clear_bhb_loop+0x30/0x80 [ 209.796121][ T5905] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 209.802093][ T5905] RIP: 0033:0x7f0a61954eb9 [ 209.806553][ T5905] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.826373][ T5905] RSP: 002b:00007f0a5fbb0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 209.834832][ T5905] RAX: ffffffffffffffda RBX: 00007f0a61bcffa0 RCX: 00007f0a61954eb9 [ 209.842844][ T5905] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 209.850850][ T5905] RBP: 00007f0a5fbb0090 R08: 0000000000000000 R09: 0000000000000000 [ 209.858944][ T5905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.867072][ T5905] R13: 00007f0a61bd0038 R14: 00007f0a61bcffa0 R15: 00007fff18536448 [ 209.875102][ T5905] [ 209.942018][ T5902] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 210.291440][ T5902] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3887: comm syz.3.385: Allocating blocks 497-513 which overlap fs metadata [ 210.350068][ T5902] EXT4-fs (loop3): pa ffff888073441b60: logic 128, phys. 385, len 8 [ 210.358184][ T5902] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 210.386874][ T5921] loop1: detected capacity change from 0 to 764 [ 210.749673][ T5927] netlink: 'syz.1.391': attribute type 2 has an invalid length. [ 211.243799][ T5930] loop1: detected capacity change from 0 to 256 [ 211.311652][ T5932] loop3: detected capacity change from 0 to 764 [ 211.421379][ T5935] loop4: detected capacity change from 0 to 256 [ 211.482281][ T5935] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 211.499449][ T5935] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 211.588320][ T5935] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 211.740892][ T5938] netlink: 'syz.3.394': attribute type 2 has an invalid length. [ 212.024193][ T5940] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 212.034536][ T5940] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 212.044816][ T5940] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 212.156717][ T26] audit: type=1800 audit(1770567346.339:43): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.395" name="file1" dev="loop1" ino=1048693 res=0 errno=0 [ 212.373085][ T5943] loop0: detected capacity change from 0 to 764 [ 212.399390][ T4454] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 212.420625][ T4454] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.428684][ T4454] usb 1-1: Product: syz [ 212.460049][ T4454] usb 1-1: can't set config #1, error -71 [ 212.469520][ T4454] usb 1-1: USB disconnect, device number 6 [ 212.781907][ T5956] netlink: 'syz.0.398': attribute type 2 has an invalid length. [ 214.438496][ T5967] loop4: detected capacity change from 0 to 1024 [ 214.440916][ T5968] loop3: detected capacity change from 0 to 764 [ 214.486967][ T5971] loop0: detected capacity change from 0 to 764 [ 214.517709][ T5972] loop1: detected capacity change from 0 to 764 [ 214.823386][ T5975] netlink: 'syz.0.405': attribute type 2 has an invalid length. [ 215.379890][ T5967] EXT4-fs (loop4): Ignoring removed bh option [ 215.547746][ T5967] EXT4-fs (loop4): Ignoring removed nobh option [ 215.577313][ T5967] EXT4-fs (loop4): inline encryption not supported [ 215.653989][ T5984] netlink: 'syz.1.406': attribute type 2 has an invalid length. [ 215.989420][ T5967] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 216.054117][ T5987] loop2: detected capacity change from 0 to 764 [ 216.082361][ T5967] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 216.281870][ T5967] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3887: comm syz.4.404: Allocating blocks 497-513 which overlap fs metadata [ 216.314951][ T5994] loop1: detected capacity change from 0 to 256 [ 216.409762][ T5996] netlink: 'syz.2.410': attribute type 2 has an invalid length. [ 216.689690][ T5967] EXT4-fs (loop4): pa ffff88805fd64460: logic 128, phys. 385, len 8 [ 216.698255][ T5967] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 216.769853][ T4454] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 217.032265][ T6002] loop0: detected capacity change from 0 to 256 [ 217.063443][ T6003] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 217.073939][ T6003] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 217.085109][ T6003] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 217.364642][ T26] audit: type=1800 audit(1770567351.379:44): pid=6003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.409" name="file1" dev="loop1" ino=1048696 res=0 errno=0 [ 217.475276][ T6002] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 217.479704][ T4454] usb 4-1: Using ep0 maxpacket: 32 [ 217.499255][ T6002] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 217.574971][ T6002] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 217.699404][ T4454] usb 4-1: unable to get BOS descriptor or descriptor too short [ 217.757252][ T6011] loop1: detected capacity change from 0 to 764 [ 217.779526][ T4454] usb 4-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 217.791069][ T4454] usb 4-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 217.801780][ T4454] usb 4-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 217.815984][ T4454] usb 4-1: config 1 interface 0 has no altsetting 0 [ 218.011082][ T6011] netlink: 'syz.1.415': attribute type 2 has an invalid length. [ 219.280380][ T6028] loop4: detected capacity change from 0 to 764 [ 219.289354][ T4454] usb 4-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 219.339194][ T4454] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.387942][ T4454] usb 4-1: Product: syz [ 219.469026][ T6030] loop3: detected capacity change from 0 to 764 [ 219.604465][ T4454] usb 4-1: can't set config #1, error -71 [ 219.645496][ T4454] usb 4-1: USB disconnect, device number 4 [ 219.687990][ T6036] loop1: detected capacity change from 0 to 764 [ 219.715019][ T6037] netlink: 'syz.4.419': attribute type 2 has an invalid length. [ 220.053575][ T6039] loop0: detected capacity change from 0 to 764 [ 220.262106][ T6042] loop4: detected capacity change from 0 to 256 [ 220.433894][ T6043] netlink: 'syz.3.420': attribute type 2 has an invalid length. [ 220.693938][ T6045] netlink: 'syz.1.422': attribute type 2 has an invalid length. [ 221.220101][ T6047] netlink: 'syz.0.423': attribute type 2 has an invalid length. [ 221.293677][ T6048] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 221.304122][ T6048] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 221.314493][ T6048] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 221.330165][ T26] audit: type=1800 audit(1770567355.609:45): pid=6048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.424" name="file1" dev="loop4" ino=1048700 res=0 errno=0 [ 221.588950][ T6053] loop1: detected capacity change from 0 to 1024 [ 221.663611][ T6053] EXT4-fs (loop1): Ignoring removed bh option [ 221.693764][ T6053] EXT4-fs (loop1): Ignoring removed nobh option [ 221.725570][ T6053] EXT4-fs (loop1): inline encryption not supported [ 221.741431][ T6058] loop4: detected capacity change from 0 to 256 [ 221.773076][ T6053] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 221.794023][ T6058] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 221.814412][ T6058] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 221.818232][ T6060] loop0: detected capacity change from 0 to 764 [ 221.865137][ T6058] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 221.902275][ T6053] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 222.090934][ T6060] netlink: 'syz.0.428': attribute type 2 has an invalid length. [ 222.569434][ T4303] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 222.819271][ T4303] usb 2-1: Using ep0 maxpacket: 32 [ 223.283173][ T6079] loop4: detected capacity change from 0 to 764 [ 223.718633][ T6083] netlink: 'syz.4.434': attribute type 2 has an invalid length. [ 224.028357][ T4303] usb 2-1: unable to get BOS descriptor or descriptor too short [ 224.121694][ T4303] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 224.146141][ T6088] loop0: detected capacity change from 0 to 764 [ 224.153007][ T4303] usb 2-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 224.189178][ T4303] usb 2-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 224.228458][ T4303] usb 2-1: config 1 interface 0 has no altsetting 0 [ 224.457072][ T4303] usb 2-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 224.510904][ T6093] netlink: 'syz.0.436': attribute type 2 has an invalid length. [ 224.534824][ T4303] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.564484][ T4303] usb 2-1: Product: syz [ 224.570850][ T6092] loop3: detected capacity change from 0 to 764 [ 224.597989][ T4303] usb 2-1: Manufacturer: ᷊늲ヅρ␪颈콟畎콏밥猁㡻쉐꧇⁷⊜잳뀎먥냵竽퓗䪈둼䕆󺬎 [ 224.886297][ T4303] usb 2-1: SerialNumber: syz [ 225.004952][ T6095] netlink: 'syz.3.437': attribute type 2 has an invalid length. [ 225.110123][ T6071] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 225.272882][ T6099] loop0: detected capacity change from 0 to 256 [ 225.621597][ T4303] usb 2-1: USB disconnect, device number 4 [ 225.656577][ T6105] loop4: detected capacity change from 0 to 764 [ 225.673979][ T6107] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 225.684497][ T6107] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 225.694772][ T6107] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 225.706675][ T26] audit: type=1800 audit(1770567359.989:46): pid=6107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.438" name="file1" dev="loop0" ino=1048704 res=0 errno=0 [ 225.923023][ T6111] loop3: detected capacity change from 0 to 764 [ 226.056005][ T6113] netlink: 'syz.4.441': attribute type 2 has an invalid length. [ 226.483793][ T6110] netlink: 'syz.3.443': attribute type 2 has an invalid length. [ 226.568008][ T6115] loop1: detected capacity change from 0 to 764 [ 226.756146][ T6119] loop0: detected capacity change from 0 to 256 [ 226.913795][ T6121] netlink: 'syz.1.445': attribute type 2 has an invalid length. [ 227.355487][ T6119] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 227.494637][ T6119] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 227.546869][ T6119] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 227.613029][ T6124] loop1: detected capacity change from 0 to 764 [ 228.702668][ T26] audit: type=1800 audit(1770567362.989:47): pid=6119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.444" name="file0" dev="loop0" ino=1048707 res=0 errno=0 [ 228.777751][ T6136] netlink: 'syz.1.448': attribute type 2 has an invalid length. [ 229.252626][ T6144] loop3: detected capacity change from 0 to 764 [ 229.509649][ T4454] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 229.631734][ T6152] netlink: 'syz.3.454': attribute type 2 has an invalid length. [ 229.769406][ T4454] usb 1-1: Using ep0 maxpacket: 32 [ 229.929413][ T4454] usb 1-1: unable to get BOS descriptor or descriptor too short [ 230.019463][ T4454] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 230.046342][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88805f552400: rx timeout, send abort [ 230.055474][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805f552400: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 230.059315][ T4454] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 230.154534][ T6156] loop4: detected capacity change from 0 to 256 [ 230.162044][ T4454] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 230.176114][ T4454] usb 1-1: config 1 interface 0 has no altsetting 0 [ 230.445384][ T6161] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 230.450177][ T6163] loop2: detected capacity change from 0 to 764 [ 230.456373][ T6161] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 230.472211][ T6161] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 230.483219][ T26] audit: type=1800 audit(1770567364.769:48): pid=6161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.456" name="file1" dev="loop4" ino=1048709 res=0 errno=0 [ 230.504709][ T4454] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 230.525745][ T4454] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.553576][ T4454] usb 1-1: Product: syz [ 230.567657][ T4454] usb 1-1: Manufacturer: ᷊늲ヅρ␪颈콟畎콏밥猁㡻쉐꧇⁷⊜잳뀎먥냵竽퓗䪈둼䕆󺬎 [ 230.626316][ T4454] usb 1-1: SerialNumber: syz [ 230.699788][ T6145] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 230.840184][ T6165] netlink: 'syz.2.458': attribute type 2 has an invalid length. [ 231.126471][ T4454] usb 1-1: USB disconnect, device number 7 [ 231.293704][ T6168] loop3: detected capacity change from 0 to 764 [ 231.313954][ T6169] loop4: detected capacity change from 0 to 764 [ 231.418707][ T6169] netlink: 'syz.4.460': attribute type 2 has an invalid length. [ 231.526819][ T6174] loop2: detected capacity change from 0 to 256 [ 232.025128][ T6182] netlink: 'syz.3.459': attribute type 2 has an invalid length. [ 232.105763][ T6174] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 232.369528][ T6174] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 232.435283][ T6188] loop1: detected capacity change from 0 to 764 [ 232.719933][ T6174] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 233.098288][ T6191] netlink: 'syz.1.467': attribute type 2 has an invalid length. [ 233.460162][ T26] audit: type=1800 audit(1770567367.749:49): pid=6174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.462" name="file0" dev="loop2" ino=1048712 res=0 errno=0 [ 233.500796][ T6193] loop3: detected capacity change from 0 to 764 [ 233.758504][ T6202] loop0: detected capacity change from 0 to 256 [ 233.996575][ T6203] netlink: 'syz.3.466': attribute type 2 has an invalid length. [ 234.049625][ T6205] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 234.060139][ T6205] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 234.070603][ T6205] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 234.084254][ T26] audit: type=1800 audit(1770567368.369:50): pid=6205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.470" name="file1" dev="loop0" ino=1048714 res=0 errno=0 [ 234.487351][ T6209] loop4: detected capacity change from 0 to 764 [ 234.648466][ C1] vxcan0: j1939_tp_rxtimer: 0xffff888060f57c00: rx timeout, send abort [ 234.690477][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888060f57c00: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 234.824754][ T6218] netlink: 'syz.4.472': attribute type 2 has an invalid length. [ 235.565026][ T6233] loop4: detected capacity change from 0 to 764 [ 235.583775][ T6232] loop0: detected capacity change from 0 to 764 [ 235.605759][ T6230] netlink: 'syz.0.474': attribute type 2 has an invalid length. [ 235.804324][ T6231] netlink: 'syz.4.477': attribute type 2 has an invalid length. [ 235.841930][ T4250] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 236.149507][ T4250] usb 2-1: Using ep0 maxpacket: 32 [ 236.340241][ T4250] usb 2-1: unable to get BOS descriptor or descriptor too short [ 236.429915][ T4250] usb 2-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 236.466797][ T6243] loop2: detected capacity change from 0 to 256 [ 236.475279][ T4250] usb 2-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 236.519231][ T4250] usb 2-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 236.556388][ T4250] usb 2-1: config 1 interface 0 has no altsetting 0 [ 236.587925][ T6246] loop0: detected capacity change from 0 to 764 [ 236.605453][ T6243] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 236.649061][ T6243] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 236.732387][ T6243] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 236.758045][ T6249] loop3: detected capacity change from 0 to 256 [ 236.764806][ T4250] usb 2-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 236.795737][ T4250] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.806077][ T4250] usb 2-1: Product: syz [ 236.810564][ T4250] usb 2-1: Manufacturer: syz [ 236.821796][ T4250] usb 2-1: SerialNumber: syz [ 236.869592][ T6228] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 236.989481][ T26] audit: type=1800 audit(1770567371.249:51): pid=6243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.479" name="file0" dev="loop2" ino=1048717 res=0 errno=0 [ 237.149605][ T6253] netlink: 'syz.0.482': attribute type 2 has an invalid length. [ 237.202623][ T6254] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 237.213341][ T6254] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 237.223899][ T6254] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 237.297011][ T4250] usb 2-1: USB disconnect, device number 5 [ 237.377498][ T26] audit: type=1800 audit(1770567371.519:52): pid=6254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.484" name="file1" dev="loop3" ino=1048719 res=0 errno=0 [ 237.673080][ T6259] loop4: detected capacity change from 0 to 764 [ 237.682601][ T6261] loop0: detected capacity change from 0 to 764 [ 238.032774][ T6266] netlink: 'syz.4.487': attribute type 2 has an invalid length. [ 238.625816][ T6273] loop2: detected capacity change from 0 to 1024 [ 238.716985][ T6273] EXT4-fs (loop2): Ignoring removed bh option [ 238.736823][ T6273] EXT4-fs (loop2): Ignoring removed nobh option [ 238.817793][ T6273] EXT4-fs (loop2): inline encryption not supported [ 238.849898][ T6273] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 239.192346][ T6273] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 239.324335][ C1] vxcan0: j1939_tp_rxtimer: 0xffff88802c0ffc00: rx timeout, send abort [ 239.333419][ C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802c0ffc00: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 239.785193][ T6295] loop4: detected capacity change from 0 to 764 [ 239.829719][ T6296] loop3: detected capacity change from 0 to 256 [ 239.993891][ T6273] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3887: comm syz.2.490: Allocating blocks 497-513 which overlap fs metadata [ 240.073012][ T6301] netlink: 'syz.4.494': attribute type 2 has an invalid length. [ 240.126039][ T6273] EXT4-fs (loop2): pa ffff88805fd64000: logic 128, phys. 385, len 8 [ 240.135078][ T6273] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 240.172049][ T6296] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 240.205650][ T6296] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 240.258961][ T6296] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 240.575301][ T6307] loop2: detected capacity change from 0 to 764 [ 240.627303][ T6309] loop1: detected capacity change from 0 to 256 [ 240.868592][ T6316] loop3: detected capacity change from 0 to 764 [ 240.916712][ T6317] netlink: 'syz.2.498': attribute type 2 has an invalid length. [ 241.474048][ T6318] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 241.485397][ T6318] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 241.495950][ T6318] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 241.510028][ T26] audit: type=1800 audit(1770567375.799:53): pid=6318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.499" name="file1" dev="loop1" ino=1048723 res=0 errno=0 [ 241.718875][ T6324] netlink: 'syz.3.502': attribute type 2 has an invalid length. [ 241.915315][ T6328] loop2: detected capacity change from 0 to 764 [ 242.595694][ T6334] netlink: 'syz.2.504': attribute type 2 has an invalid length. [ 242.906018][ T6339] loop1: detected capacity change from 0 to 764 [ 243.147006][ T6342] loop3: detected capacity change from 0 to 1024 [ 243.277172][ T6342] EXT4-fs (loop3): Ignoring removed bh option [ 243.326719][ T6342] EXT4-fs (loop3): Ignoring removed nobh option [ 243.349335][ T6342] EXT4-fs (loop3): inline encryption not supported [ 243.363854][ T6342] EXT4-fs (loop3): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 243.414919][ T6347] netlink: 'syz.1.507': attribute type 2 has an invalid length. [ 243.457593][ T6342] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 243.613517][ T6342] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3887: comm syz.3.508: Allocating blocks 497-513 which overlap fs metadata [ 243.630085][ T6342] EXT4-fs (loop3): pa ffff88805fd64c40: logic 128, phys. 385, len 8 [ 243.638221][ T6342] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 243.864921][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888062684c00: rx timeout, send abort [ 243.873631][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888062684c00: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 244.025544][ T6356] loop3: detected capacity change from 0 to 256 [ 244.109222][ T6356] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 244.138471][ T6356] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 244.164797][ T6359] loop0: detected capacity change from 0 to 764 [ 244.315811][ T6356] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 244.446666][ T6364] netlink: 'syz.0.513': attribute type 2 has an invalid length. [ 244.826286][ T6368] loop4: detected capacity change from 0 to 256 [ 245.323285][ T6375] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 245.333981][ T6375] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 245.344737][ T6375] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 245.949176][ T26] audit: type=1800 audit(1770567379.639:54): pid=6375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.516" name="file1" dev="loop4" ino=1048727 res=0 errno=0 [ 245.977435][ T6370] loop0: detected capacity change from 0 to 764 [ 246.201296][ T6380] loop3: detected capacity change from 0 to 764 [ 246.592794][ T6370] netlink: 'syz.0.515': attribute type 2 has an invalid length. [ 246.751320][ T6390] netlink: 'syz.3.518': attribute type 2 has an invalid length. [ 246.768387][ T4271] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 247.069375][ T4271] usb 3-1: Using ep0 maxpacket: 32 [ 247.279419][ T4271] usb 3-1: unable to get BOS descriptor or descriptor too short [ 247.832827][ T6399] loop1: detected capacity change from 0 to 1024 [ 247.856149][ T6398] loop4: detected capacity change from 0 to 764 [ 248.067049][ T6399] EXT4-fs (loop1): Ignoring removed bh option [ 248.083606][ T6399] EXT4-fs (loop1): Ignoring removed nobh option [ 248.090477][ T6399] EXT4-fs (loop1): inline encryption not supported [ 248.097477][ T6399] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 248.109903][ T4271] usb 3-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 248.122738][ T4271] usb 3-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 248.133831][ T4271] usb 3-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 248.147778][ T4271] usb 3-1: config 1 interface 0 has no altsetting 0 [ 248.305183][ T6399] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 248.387560][ T6406] netlink: 'syz.4.523': attribute type 2 has an invalid length. [ 248.637855][ T6399] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3887: comm syz.1.522: Allocating blocks 497-513 which overlap fs metadata [ 248.662831][ T6399] EXT4-fs (loop1): pa ffff88805ffe20e0: logic 128, phys. 385, len 8 [ 248.671033][ T6399] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4904: group 0, free 0, pa_free 1 [ 248.699607][ T4271] usb 3-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 248.718999][ T4271] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.775787][ T4271] usb 3-1: Product: syz [ 248.789619][ T6413] loop0: detected capacity change from 0 to 764 [ 248.815947][ T4271] usb 3-1: Manufacturer: syz [ 248.831732][ T4271] usb 3-1: SerialNumber: syz [ 249.049622][ T6384] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 249.145764][ T6415] netlink: 'syz.0.526': attribute type 2 has an invalid length. [ 249.251208][ T6417] loop1: detected capacity change from 0 to 256 [ 249.319901][ T6417] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 249.368701][ T6417] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 249.411119][ T6417] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 249.551691][ T4271] usb 3-1: USB disconnect, device number 6 [ 249.628426][ T6421] loop3: detected capacity change from 0 to 256 [ 249.655716][ C0] vxcan0: j1939_tp_rxtimer: 0xffff888060e4f000: rx timeout, send abort [ 249.665712][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff888060e4f000: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 250.062421][ T6426] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 250.062631][ T6426] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 250.062757][ T6426] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 250.069043][ T26] audit: type=1800 audit(1770567384.349:55): pid=6426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.529" name="file1" dev="loop3" ino=1048731 res=0 errno=0 [ 250.650509][ T6431] loop4: detected capacity change from 0 to 764 [ 251.160079][ T6440] netlink: 'syz.4.531': attribute type 2 has an invalid length. [ 251.584754][ T6444] loop1: detected capacity change from 0 to 764 [ 251.590660][ T6448] loop0: detected capacity change from 0 to 1024 [ 251.661114][ T6448] EXT4-fs (loop0): Ignoring removed bh option [ 251.667305][ T6448] EXT4-fs (loop0): Ignoring removed nobh option [ 251.680428][ T6448] EXT4-fs (loop0): inline encryption not supported [ 251.697272][ T6448] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 251.924931][ T6453] loop2: detected capacity change from 0 to 764 [ 251.949976][ T6448] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 252.174493][ T6461] netlink: 'syz.1.533': attribute type 2 has an invalid length. [ 252.287464][ T6463] netlink: 'syz.2.539': attribute type 2 has an invalid length. [ 252.965485][ T6465] loop3: detected capacity change from 0 to 764 [ 253.079706][ T6470] loop0: detected capacity change from 0 to 764 [ 253.439568][ T6473] netlink: 'syz.3.541': attribute type 2 has an invalid length. [ 254.014397][ T6482] loop2: detected capacity change from 0 to 256 [ 254.062086][ T6479] loop3: detected capacity change from 0 to 256 [ 254.224282][ T6479] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 254.270177][ T6479] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 254.284498][ T6479] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 254.380111][ T6486] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 254.390917][ T6486] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 254.401378][ T6486] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 254.421087][ T26] audit: type=1800 audit(1770567388.699:56): pid=6486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.543" name="file1" dev="loop2" ino=1048734 res=0 errno=0 [ 254.897065][ T26] audit: type=1800 audit(1770567389.179:57): pid=6479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.544" name="file0" dev="loop3" ino=1048737 res=0 errno=0 [ 255.185663][ T6492] loop4: detected capacity change from 0 to 764 [ 255.811445][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.820551][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.360078][ T6505] loop4: detected capacity change from 0 to 764 [ 256.921259][ T6511] netlink: 'syz.4.551': attribute type 2 has an invalid length. [ 257.183047][ T6515] loop0: detected capacity change from 0 to 1024 [ 257.211986][ T6514] loop3: detected capacity change from 0 to 764 [ 257.314396][ T6519] loop2: detected capacity change from 0 to 764 [ 257.324092][ T6515] EXT4-fs (loop0): Ignoring removed bh option [ 257.565605][ T6515] EXT4-fs (loop0): Ignoring removed nobh option [ 257.635742][ T6523] netlink: 'syz.3.554': attribute type 2 has an invalid length. [ 257.838008][ T6515] EXT4-fs (loop0): inline encryption not supported [ 257.844755][ T6515] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 258.158771][ T6527] netlink: 'syz.2.556': attribute type 2 has an invalid length. [ 258.272183][ T6515] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 258.334511][ T6532] loop1: detected capacity change from 0 to 256 [ 258.408510][ T6532] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 258.469702][ T6532] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 258.578066][ T6532] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 258.718113][ T26] audit: type=1800 audit(1770567392.999:58): pid=6532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.559" name="file0" dev="loop1" ino=1048739 res=0 errno=0 [ 259.768946][ T6545] loop0: detected capacity change from 0 to 764 [ 260.900013][ T6556] loop1: detected capacity change from 0 to 764 [ 260.967032][ T6563] loop4: detected capacity change from 0 to 764 [ 261.113655][ T6561] loop2: detected capacity change from 0 to 764 [ 261.292809][ T6570] netlink: 'syz.1.565': attribute type 2 has an invalid length. [ 261.389914][ T6571] netlink: 'syz.4.569': attribute type 2 has an invalid length. [ 261.897041][ T6573] netlink: 'syz.2.568': attribute type 2 has an invalid length. [ 262.414956][ T6583] loop3: detected capacity change from 0 to 256 [ 262.426142][ T6579] loop4: detected capacity change from 0 to 1024 [ 262.577282][ T6581] loop0: detected capacity change from 0 to 764 [ 262.648287][ T6579] EXT4-fs (loop4): Ignoring removed bh option [ 262.870710][ T6579] EXT4-fs (loop4): Ignoring removed nobh option [ 262.878094][ T6579] EXT4-fs (loop4): inline encryption not supported [ 263.054737][ T6587] netlink: 'syz.0.573': attribute type 2 has an invalid length. [ 263.097124][ T6579] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 263.567046][ T6579] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 263.604686][ T6595] loop2: detected capacity change from 0 to 256 [ 263.753005][ T6595] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 263.780291][ T6595] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 263.828353][ T6595] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 263.840885][ T6599] loop3: detected capacity change from 0 to 764 [ 263.975711][ T26] audit: type=1800 audit(1770567398.259:59): pid=6595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.575" name="file0" dev="loop2" ino=1048742 res=0 errno=0 [ 265.462254][ T6616] loop1: detected capacity change from 0 to 764 [ 265.765551][ T6619] netlink: 'syz.1.582': attribute type 2 has an invalid length. [ 266.427066][ T6633] loop1: detected capacity change from 0 to 256 [ 266.702996][ T6635] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 266.713421][ T6635] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 266.723916][ T6635] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 266.819921][ T26] audit: type=1800 audit(1770567401.019:60): pid=6635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.587" name="file1" dev="loop1" ino=1048744 res=0 errno=0 [ 267.530835][ T6639] loop3: detected capacity change from 0 to 764 [ 267.545102][ T6641] loop1: detected capacity change from 0 to 1024 [ 267.811823][ T6641] EXT4-fs (loop1): Ignoring removed bh option [ 267.858518][ T6645] netlink: 'syz.3.590': attribute type 2 has an invalid length. [ 267.897831][ T6641] EXT4-fs (loop1): Ignoring removed nobh option [ 268.149354][ T6641] EXT4-fs (loop1): inline encryption not supported [ 268.204293][ T6641] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 268.269860][ T6647] loop2: detected capacity change from 0 to 764 [ 268.304078][ T6641] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 268.380309][ T6650] loop3: detected capacity change from 0 to 764 [ 268.388813][ T6653] loop4: detected capacity change from 0 to 764 [ 269.322618][ T6662] loop1: detected capacity change from 0 to 764 [ 269.830015][ T6676] loop4: detected capacity change from 0 to 256 [ 269.842221][ T6662] netlink: 'syz.1.595': attribute type 2 has an invalid length. [ 270.167528][ T6679] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 270.178955][ T6679] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 270.189374][ T6679] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 270.208100][ T26] audit: type=1800 audit(1770567404.489:61): pid=6679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.599" name="file1" dev="loop4" ino=1048747 res=0 errno=0 [ 271.069288][ T4454] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 271.510112][ T6693] loop2: detected capacity change from 0 to 764 [ 271.559325][ T4454] usb 1-1: Using ep0 maxpacket: 32 [ 271.902838][ T6698] netlink: 'syz.2.604': attribute type 2 has an invalid length. [ 271.966118][ T6697] loop4: detected capacity change from 0 to 1024 [ 272.050861][ T6697] EXT4-fs (loop4): Ignoring removed bh option [ 272.107785][ T6697] EXT4-fs (loop4): Ignoring removed nobh option [ 272.157427][ T6697] EXT4-fs (loop4): inline encryption not supported [ 272.208004][ T6697] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 272.272790][ T4454] usb 1-1: unable to get BOS descriptor or descriptor too short [ 272.403906][ T6697] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 272.439352][ T4454] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 272.499002][ T4454] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 272.565934][ T4454] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 272.629436][ T4454] usb 1-1: config 1 interface 0 has no altsetting 0 [ 272.689399][ T4454] usb 1-1: language id specifier not provided by device, defaulting to English [ 272.857653][ T6706] loop4: detected capacity change from 0 to 764 [ 272.875435][ T4454] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 272.896041][ T4454] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.118247][ T4454] usb 1-1: Product: syz [ 273.123427][ T4454] usb 1-1: Manufacturer: ᷊늲ヅρ␪颈콟畎콏밥猁㡻쉐꧇⁷⊜잳뀎먥냵竽퓗䪈둼䕆󺬎 [ 273.135919][ T4454] usb 1-1: SerialNumber: syz [ 273.157820][ T6708] loop3: detected capacity change from 0 to 764 [ 273.273202][ T6681] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 273.946701][ T6718] loop1: detected capacity change from 0 to 256 [ 273.979391][ T4454] usb 1-1: USB disconnect, device number 8 [ 274.434494][ T6730] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 274.445267][ T6730] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 274.456693][ T6730] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 274.475430][ T26] audit: type=1800 audit(1770567408.749:62): pid=6730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.613" name="file1" dev="loop1" ino=1048750 res=0 errno=0 [ 275.333475][ T6739] loop0: detected capacity change from 0 to 1024 [ 275.442278][ T6739] EXT4-fs (loop0): Ignoring removed bh option [ 275.463192][ T6739] EXT4-fs (loop0): Ignoring removed nobh option [ 275.479532][ T6739] EXT4-fs (loop0): inline encryption not supported [ 275.489001][ T6745] loop1: detected capacity change from 0 to 764 [ 275.501918][ T6739] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 275.730184][ T6747] loop4: detected capacity change from 0 to 764 [ 275.759045][ T6739] EXT4-fs (loop0): mounted filesystem without journal. Opts: noload,nojournal_checksum,barrier=0x0000000000000002,grpquota,nolazytime,resgid=0x0000000000000000,bh,journal_dev=0x0000000000000800,nobh,inlinecrypt,bsddf,dioread_nolock,,errors=continue. Quota mode: writeback. [ 276.094553][ T6755] netlink: 'syz.4.620': attribute type 2 has an invalid length. [ 276.358944][ T6757] loop3: detected capacity change from 0 to 764 [ 276.728663][ T6760] netlink: 'syz.3.622': attribute type 2 has an invalid length. [ 277.186038][ T6763] loop4: detected capacity change from 0 to 764 [ 277.961136][ T6769] loop3: detected capacity change from 0 to 764 [ 278.079327][ T4242] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 278.247013][ T6772] loop2: detected capacity change from 0 to 256 [ 278.349281][ T4242] usb 1-1: Using ep0 maxpacket: 32 [ 278.694036][ T6777] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 278.704889][ T6777] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 278.715392][ T6777] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 279.115530][ T26] audit: type=1800 audit(1770567413.019:63): pid=6777 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.627" name="file1" dev="loop2" ino=1048753 res=0 errno=0 [ 279.149295][ T4242] usb 1-1: unable to get BOS descriptor or descriptor too short [ 279.409342][ T4242] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 279.487299][ T4242] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 279.697287][ T4242] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 279.779526][ T4242] usb 1-1: config 1 interface 0 has no altsetting 0 [ 279.869409][ T4242] usb 1-1: string descriptor 0 read error: -71 [ 279.885894][ T4242] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 279.920364][ T4242] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.945972][ T6793] loop2: detected capacity change from 0 to 764 [ 279.984758][ T4242] usb 1-1: can't set config #1, error -71 [ 280.243085][ T6795] netlink: 'syz.2.632': attribute type 2 has an invalid length. [ 280.549794][ T4242] usb 1-1: USB disconnect, device number 9 [ 280.757856][ T6798] loop0: detected capacity change from 0 to 764 [ 280.784859][ T6802] loop1: detected capacity change from 0 to 764 [ 281.218049][ T6810] netlink: 'syz.0.635': attribute type 2 has an invalid length. [ 281.940986][ T6816] loop2: detected capacity change from 0 to 764 [ 281.957246][ T6819] loop0: detected capacity change from 0 to 764 [ 281.964763][ T6817] loop1: detected capacity change from 0 to 764 [ 282.730846][ T6827] netlink: 'syz.0.638': attribute type 2 has an invalid length. [ 282.865778][ T6828] netlink: 'syz.1.639': attribute type 2 has an invalid length. [ 284.159496][ T6840] loop2: detected capacity change from 0 to 764 [ 284.468922][ T6843] netlink: 'syz.2.645': attribute type 2 has an invalid length. [ 285.271603][ T6854] loop0: detected capacity change from 0 to 764 [ 285.561612][ T6857] netlink: 'syz.0.648': attribute type 2 has an invalid length. [ 286.485685][ T6865] loop4: detected capacity change from 0 to 764 [ 287.853359][ T6884] loop3: detected capacity change from 0 to 764 [ 288.347983][ T6888] loop0: detected capacity change from 0 to 764 [ 288.819890][ T6895] netlink: 'syz.3.657': attribute type 2 has an invalid length. [ 288.920552][ T6898] netlink: 'syz.0.656': attribute type 2 has an invalid length. [ 288.967427][ T6896] loop4: detected capacity change from 0 to 764 [ 289.317646][ T6892] netlink: 'syz.4.660': attribute type 2 has an invalid length. [ 290.180149][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88801f20dc00: rx timeout, send abort [ 290.188786][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88801f20dc00: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 290.275188][ T6911] loop3: detected capacity change from 0 to 764 [ 290.364494][ T6913] loop2: detected capacity change from 0 to 764 [ 290.649874][ T6916] netlink: 'syz.3.664': attribute type 2 has an invalid length. [ 291.388115][ T6922] loop0: detected capacity change from 0 to 764 [ 291.826454][ T6924] netlink: 'syz.3.666': attribute type 2 has an invalid length. [ 292.089592][ T6926] netlink: 'syz.0.676': attribute type 2 has an invalid length. [ 292.402089][ T6927] netlink: 'syz.2.665': attribute type 2 has an invalid length. [ 292.445952][ T6931] loop1: detected capacity change from 0 to 764 [ 292.944039][ T6943] loop4: detected capacity change from 0 to 256 [ 293.068355][ T6944] netlink: 'syz.1.669': attribute type 2 has an invalid length. [ 293.276570][ T6946] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 293.287266][ T6946] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 293.298086][ T6946] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 293.316248][ T26] audit: type=1800 audit(1770567427.599:64): pid=6946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.671" name="file1" dev="loop4" ino=1048756 res=0 errno=0 [ 294.098727][ T6954] loop4: detected capacity change from 0 to 764 [ 294.388633][ T6957] netlink: 'syz.4.674': attribute type 2 has an invalid length. [ 295.534539][ T6963] loop2: detected capacity change from 0 to 764 [ 295.922586][ T6971] netlink: 'syz.2.677': attribute type 2 has an invalid length. [ 296.028102][ T6969] loop4: detected capacity change from 0 to 764 [ 296.441619][ T6975] netlink: 'syz.4.679': attribute type 2 has an invalid length. [ 297.188677][ T6981] loop2: detected capacity change from 0 to 764 [ 297.645102][ T6988] netlink: 'syz.2.683': attribute type 2 has an invalid length. [ 297.885419][ T6993] loop3: detected capacity change from 0 to 256 [ 298.186047][ T6997] loop0: detected capacity change from 0 to 764 [ 298.261063][ T6999] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 298.271875][ T6999] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 298.282500][ T6999] FAT-fs (loop3): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 298.301033][ T26] audit: type=1800 audit(1770567432.579:65): pid=6999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.686" name="file1" dev="loop3" ino=1048759 res=0 errno=0 [ 298.957153][ T7002] loop2: detected capacity change from 0 to 764 [ 299.035807][ T7004] netlink: 'syz.0.687': attribute type 2 has an invalid length. [ 299.527593][ T7010] netlink: 'syz.2.688': attribute type 2 has an invalid length. [ 299.984382][ T7014] loop0: detected capacity change from 0 to 764 [ 302.658156][ T7032] loop1: detected capacity change from 0 to 764 [ 302.699655][ T7037] FAULT_INJECTION: forcing a failure. [ 302.699655][ T7037] name failslab, interval 1, probability 0, space 0, times 0 [ 302.767998][ T7038] loop0: detected capacity change from 0 to 764 [ 302.799341][ T7037] CPU: 0 PID: 7037 Comm: syz.4.698 Not tainted syzkaller #0 [ 302.806689][ T7037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 302.816783][ T7037] Call Trace: [ 302.820191][ T7037] [ 302.823160][ T7037] dump_stack_lvl+0x188/0x250 [ 302.827892][ T7037] ? show_regs_print_info+0x20/0x20 [ 302.833130][ T7037] ? load_image+0x400/0x400 [ 302.837767][ T7037] ? __might_sleep+0xf0/0xf0 [ 302.843010][ T7037] ? __lock_acquire+0x7d10/0x7d10 [ 302.848170][ T7037] should_fail+0x38c/0x4c0 [ 302.852642][ T7037] should_failslab+0x5/0x20 [ 302.857363][ T7037] slab_pre_alloc_hook+0x51/0xc0 [ 302.862644][ T7037] ? prepare_creds+0x3c/0x610 [ 302.867371][ T7037] kmem_cache_alloc+0x3d/0x290 [ 302.872482][ T7037] prepare_creds+0x3c/0x610 [ 302.877044][ T7037] __sys_setresgid+0x57a/0x8e0 [ 302.881854][ T7037] do_syscall_64+0x4c/0xa0 [ 302.886341][ T7037] ? clear_bhb_loop+0x30/0x80 [ 302.891057][ T7037] ? clear_bhb_loop+0x30/0x80 [ 302.895772][ T7037] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 302.901902][ T7037] RIP: 0033:0x7f0a61954eb9 [ 302.906363][ T7037] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 302.926018][ T7037] RSP: 002b:00007f0a5fbb0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000077 [ 302.934476][ T7037] RAX: ffffffffffffffda RBX: 00007f0a61bcffa0 RCX: 00007f0a61954eb9 [ 302.942495][ T7037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000ee00 [ 302.950540][ T7037] RBP: 00007f0a5fbb0090 R08: 0000000000000000 R09: 0000000000000000 [ 302.958556][ T7037] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 302.966567][ T7037] R13: 00007f0a61bd0038 R14: 00007f0a61bcffa0 R15: 00007fff18536448 [ 302.974593][ T7037] [ 303.313047][ T7043] netlink: 'syz.0.699': attribute type 2 has an invalid length. [ 303.425039][ T7044] loop4: detected capacity change from 0 to 256 [ 303.860072][ T7048] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 303.870756][ T7048] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 303.881120][ T7048] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 303.929343][ T26] audit: type=1800 audit(1770567438.179:66): pid=7048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.700" name="file1" dev="loop4" ino=1048762 res=0 errno=0 [ 304.492287][ T7052] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 304.580668][ T7057] loop4: detected capacity change from 0 to 764 [ 304.886372][ T7063] netlink: 'syz.1.695': attribute type 2 has an invalid length. [ 304.946396][ T7064] netlink: 'syz.4.702': attribute type 2 has an invalid length. [ 305.079281][ T4242] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 305.329379][ T4242] usb 1-1: Using ep0 maxpacket: 32 [ 305.569303][ T4242] usb 1-1: unable to get BOS descriptor or descriptor too short [ 305.624478][ T7066] loop4: detected capacity change from 0 to 764 [ 305.665212][ T4242] usb 1-1: config 1 interface 0 altsetting 9 endpoint 0x1 has invalid maxpacket 5635, setting to 1024 [ 305.689447][ T4242] usb 1-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 1024 [ 305.719214][ T4242] usb 1-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 305.736728][ T4242] usb 1-1: config 1 interface 0 has no altsetting 0 [ 306.030251][ T4242] usb 1-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 306.063081][ T4242] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.239661][ T4242] usb 1-1: Product: syz [ 306.327912][ T4242] usb 1-1: Manufacturer: ᷊늲ヅρ␪颈콟畎콏밥猁㡻쉐꧇⁷⊜잳뀎먥냵竽퓗䪈둼䕆󺬎 [ 306.503577][ T4242] usb 1-1: SerialNumber: syz [ 306.639488][ T7061] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 306.883579][ T7070] loop4: detected capacity change from 0 to 764 [ 306.970236][ T4242] usb 1-1: USB disconnect, device number 10 [ 308.981826][ T7085] loop2: detected capacity change from 0 to 764 [ 309.035929][ T7090] loop0: detected capacity change from 0 to 256 [ 309.400115][ T7092] netlink: 'syz.2.711': attribute type 2 has an invalid length. [ 309.690421][ T7095] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 309.701115][ T7095] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 309.711685][ T7095] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 309.732137][ T26] audit: type=1800 audit(1770567444.009:67): pid=7095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.713" name="file1" dev="loop0" ino=1048765 res=0 errno=0 [ 310.016521][ T7096] loop1: detected capacity change from 0 to 764 [ 310.120836][ T7103] loop2: detected capacity change from 0 to 764 [ 310.240098][ T7107] ================================================================== [ 310.248662][ T7107] BUG: KASAN: use-after-free in dvb_device_open+0xc6/0x370 [ 310.255923][ T7107] Read of size 8 at addr ffff88802a0bfa18 by task syz.3.715/7107 [ 310.263685][ T7107] [ 310.266043][ T7107] CPU: 1 PID: 7107 Comm: syz.3.715 Not tainted syzkaller #0 [ 310.273531][ T7107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 310.284237][ T7107] Call Trace: [ 310.287554][ T7107] [ 310.290521][ T7107] dump_stack_lvl+0x188/0x250 [ 310.295425][ T7107] ? show_regs_print_info+0x20/0x20 [ 310.301119][ T7107] ? _printk+0xda/0x130 [ 310.305646][ T7107] ? dvb_device_open+0xc6/0x370 [ 310.310839][ T7107] ? load_image+0x400/0x400 [ 310.315405][ T7107] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 310.321245][ T7107] print_address_description+0x60/0x2d0 [ 310.326883][ T7107] ? dvb_device_open+0xc6/0x370 [ 310.331897][ T7107] kasan_report+0xdf/0x130 [ 310.336388][ T7107] ? dvb_device_open+0xc6/0x370 [ 310.341302][ T7107] dvb_device_open+0xc6/0x370 [ 310.346029][ T7107] ? do_raw_spin_unlock+0x11d/0x230 [ 310.351277][ T7107] chrdev_open+0x5c5/0x6a0 [ 310.355976][ T7107] ? cd_forget+0x160/0x160 [ 310.360564][ T7107] ? fsnotify_perm+0x3a7/0x560 [ 310.365390][ T7107] ? cd_forget+0x160/0x160 [ 310.369867][ T7107] do_dentry_open+0x7ff/0xf80 [ 310.374623][ T7107] path_openat+0x26f5/0x2fa0 [ 310.379311][ T7107] ? verify_lock_unused+0x140/0x140 [ 310.384566][ T7107] ? do_filp_open+0x410/0x410 [ 310.389291][ T7107] ? preempt_schedule_irq+0xe6/0x160 [ 310.394643][ T7107] do_filp_open+0x1e2/0x410 [ 310.399222][ T7107] ? vfs_tmpfile+0x300/0x300 [ 310.403875][ T7107] ? _raw_spin_unlock+0x24/0x40 [ 310.408763][ T7107] ? alloc_fd+0x598/0x630 [ 310.413146][ T7107] do_sys_openat2+0x150/0x4b0 [ 310.417863][ T7107] ? __lock_acquire+0x7d10/0x7d10 [ 310.422938][ T7107] ? do_sys_open+0xe0/0xe0 [ 310.427402][ T7107] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 310.433431][ T7107] ? lock_chain_count+0x20/0x20 [ 310.438329][ T7107] ? vtime_user_exit+0x2c8/0x3e0 [ 310.443313][ T7107] __x64_sys_openat+0x135/0x160 [ 310.448214][ T7107] do_syscall_64+0x4c/0xa0 [ 310.452680][ T7107] ? clear_bhb_loop+0x30/0x80 [ 310.457402][ T7107] ? clear_bhb_loop+0x30/0x80 [ 310.462120][ T7107] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 310.468044][ T7107] RIP: 0033:0x7fb979c0a78e [ 310.472498][ T7107] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 310.492151][ T7107] RSP: 002b:00007fb977e62b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 310.500712][ T7107] RAX: ffffffffffffffda RBX: 00007fb977e636c0 RCX: 00007fb979c0a78e [ 310.508728][ T7107] RDX: 0000000000040002 RSI: 00007fb977e62c00 RDI: ffffffffffffff9c [ 310.516752][ T7107] RBP: 00007fb977e62c00 R08: 0000000000000000 R09: 0000000000000000 [ 310.524768][ T7107] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 310.532779][ T7107] R13: 00007fb979ec5218 R14: 00007fb979ec5180 R15: 00007ffdc2774af8 [ 310.540804][ T7107] [ 310.543855][ T7107] [ 310.546431][ T7107] Allocated by task 1: [ 310.550535][ T7107] __kasan_kmalloc+0xb5/0xf0 [ 310.555170][ T7107] dvb_register_device+0x311/0x2170 [ 310.560516][ T7107] dvb_register_frontend+0x645/0x920 [ 310.565971][ T7107] vidtv_bridge_probe+0x9a1/0xf70 [ 310.571041][ T7107] platform_probe+0x137/0x1c0 [ 310.575805][ T7107] really_probe+0x284/0xc80 [ 310.580343][ T7107] __driver_probe_device+0x18c/0x330 [ 310.585671][ T7107] driver_probe_device+0x4f/0x420 [ 310.590727][ T7107] __driver_attach+0x46b/0x670 [ 310.595518][ T7107] bus_for_each_dev+0x182/0x1f0 [ 310.600407][ T7107] bus_add_driver+0x30a/0x5a0 [ 310.605124][ T7107] driver_register+0x32d/0x430 [ 310.609915][ T7107] vidtv_bridge_init+0x39/0x70 [ 310.614708][ T7107] do_one_initcall+0x272/0x730 [ 310.619511][ T7107] do_initcall_level+0x137/0x1f0 [ 310.624489][ T7107] do_initcalls+0x4b/0x90 [ 310.628845][ T7107] kernel_init_freeable+0x3e9/0x570 [ 310.634073][ T7107] kernel_init+0x19/0x1b0 [ 310.638441][ T7107] ret_from_fork+0x1f/0x30 [ 310.642897][ T7107] [ 310.645243][ T7107] Freed by task 7052: [ 310.649251][ T7107] kasan_set_track+0x4b/0x70 [ 310.653881][ T7107] kasan_set_free_info+0x1f/0x40 [ 310.658889][ T7107] ____kasan_slab_free+0xd5/0x110 [ 310.663956][ T7107] slab_free_freelist_hook+0xea/0x170 [ 310.669489][ T7107] kfree+0xef/0x2a0 [ 310.673334][ T7107] dvb_device_open+0x2e7/0x370 [ 310.678230][ T7107] chrdev_open+0x5c5/0x6a0 [ 310.682900][ T7107] do_dentry_open+0x7ff/0xf80 [ 310.687721][ T7107] path_openat+0x26f5/0x2fa0 [ 310.692349][ T7107] do_filp_open+0x1e2/0x410 [ 310.696904][ T7107] do_sys_openat2+0x150/0x4b0 [ 310.701618][ T7107] __x64_sys_openat+0x135/0x160 [ 310.706504][ T7107] do_syscall_64+0x4c/0xa0 [ 310.711053][ T7107] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 310.717172][ T7107] [ 310.719546][ T7107] The buggy address belongs to the object at ffff88802a0bfa00 [ 310.719546][ T7107] which belongs to the cache kmalloc-256 of size 256 [ 310.733640][ T7107] The buggy address is located 24 bytes inside of [ 310.733640][ T7107] 256-byte region [ffff88802a0bfa00, ffff88802a0bfb00) [ 310.746883][ T7107] The buggy address belongs to the page: [ 310.752557][ T7107] page:ffffea0000a82f80 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a0be [ 310.762752][ T7107] head:ffffea0000a82f80 order:1 compound_mapcount:0 [ 310.769373][ T7107] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 310.777414][ T7107] raw: 00fff00000010200 0000000000000000 0000000100000001 ffff888016c41b40 [ 310.786042][ T7107] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 310.794659][ T7107] page dumped because: kasan: bad access detected [ 310.801111][ T7107] page_owner tracks the page as allocated [ 310.806846][ T7107] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, ts 19693565308, free_ts 0 [ 310.824864][ T7107] get_page_from_freelist+0x1bbd/0x1ca0 [ 310.830491][ T7107] __alloc_pages+0x1ee/0x480 [ 310.835129][ T7107] alloc_page_interleave+0x24/0x1e0 [ 310.840476][ T7107] new_slab+0xc0/0x4b0 [ 310.844588][ T7107] ___slab_alloc+0x80a/0xdd0 [ 310.849223][ T7107] __kmalloc_node+0x200/0x3b0 [ 310.853967][ T7107] kvmalloc_node+0x84/0x130 [ 310.858510][ T7107] v4l2_ctrl_new+0x70f/0x1310 [ 310.863224][ T7107] v4l2_ctrl_new_std+0x247/0x300 [ 310.868327][ T7107] handler_new_ref+0x14a/0x950 [ 310.873128][ T7107] v4l2_ctrl_add_handler+0x197/0x280 [ 310.878495][ T7107] vivid_create_controls+0x2531/0x3460 [ 310.884082][ T7107] vivid_probe+0x3c47/0x67a0 [ 310.888737][ T7107] platform_probe+0x137/0x1c0 [ 310.893488][ T7107] really_probe+0x284/0xc80 [ 310.898031][ T7107] __driver_probe_device+0x18c/0x330 [ 310.903357][ T7107] page_owner free stack trace missing [ 310.908754][ T7107] [ 310.911111][ T7107] Memory state around the buggy address: [ 310.916767][ T7107] ffff88802a0bf900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 310.924859][ T7107] ffff88802a0bf980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 310.932950][ T7107] >ffff88802a0bfa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 310.941077][ T7107] ^ [ 310.945961][ T7107] ffff88802a0bfa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 310.954163][ T7107] ffff88802a0bfb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 310.962252][ T7107] ================================================================== [ 310.970342][ T7107] Disabling lock debugging due to kernel taint [ 311.027219][ T7107] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 311.034606][ T7107] CPU: 1 PID: 7107 Comm: syz.3.715 Tainted: G B syzkaller #0 [ 311.043397][ T7107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 311.053585][ T7107] Call Trace: [ 311.056899][ T7107] [ 311.059884][ T7107] dump_stack_lvl+0x188/0x250 [ 311.064599][ T7107] ? show_regs_print_info+0x20/0x20 [ 311.069938][ T7107] ? load_image+0x400/0x400 [ 311.074483][ T7107] panic+0x2e5/0x810 [ 311.078415][ T7107] ? bpf_jit_dump+0xd0/0xd0 [ 311.082949][ T7107] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 311.088706][ T7107] ? check_panic_on_warn+0x6c/0xa0 [ 311.093854][ T7107] ? dvb_device_open+0xc6/0x370 [ 311.098736][ T7107] check_panic_on_warn+0x80/0xa0 [ 311.103702][ T7107] ? dvb_device_open+0xc6/0x370 [ 311.108763][ T7107] end_report+0x6d/0xf0 [ 311.112968][ T7107] kasan_report+0x102/0x130 [ 311.117552][ T7107] ? dvb_device_open+0xc6/0x370 [ 311.122465][ T7107] dvb_device_open+0xc6/0x370 [ 311.127184][ T7107] ? do_raw_spin_unlock+0x11d/0x230 [ 311.132425][ T7107] chrdev_open+0x5c5/0x6a0 [ 311.136882][ T7107] ? cd_forget+0x160/0x160 [ 311.141326][ T7107] ? fsnotify_perm+0x3a7/0x560 [ 311.146125][ T7107] ? cd_forget+0x160/0x160 [ 311.150573][ T7107] do_dentry_open+0x7ff/0xf80 [ 311.155283][ T7107] path_openat+0x26f5/0x2fa0 [ 311.159913][ T7107] ? verify_lock_unused+0x140/0x140 [ 311.165147][ T7107] ? do_filp_open+0x410/0x410 [ 311.169872][ T7107] ? preempt_schedule_irq+0xe6/0x160 [ 311.175206][ T7107] do_filp_open+0x1e2/0x410 [ 311.179764][ T7107] ? vfs_tmpfile+0x300/0x300 [ 311.184393][ T7107] ? _raw_spin_unlock+0x24/0x40 [ 311.189275][ T7107] ? alloc_fd+0x598/0x630 [ 311.193643][ T7107] do_sys_openat2+0x150/0x4b0 [ 311.198345][ T7107] ? __lock_acquire+0x7d10/0x7d10 [ 311.203432][ T7107] ? do_sys_open+0xe0/0xe0 [ 311.207981][ T7107] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 311.213995][ T7107] ? lock_chain_count+0x20/0x20 [ 311.218971][ T7107] ? vtime_user_exit+0x2c8/0x3e0 [ 311.223938][ T7107] __x64_sys_openat+0x135/0x160 [ 311.228825][ T7107] do_syscall_64+0x4c/0xa0 [ 311.233266][ T7107] ? clear_bhb_loop+0x30/0x80 [ 311.237978][ T7107] ? clear_bhb_loop+0x30/0x80 [ 311.242943][ T7107] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 311.248873][ T7107] RIP: 0033:0x7fb979c0a78e [ 311.253322][ T7107] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 311.273173][ T7107] RSP: 002b:00007fb977e62b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 311.281628][ T7107] RAX: ffffffffffffffda RBX: 00007fb977e636c0 RCX: 00007fb979c0a78e [ 311.289797][ T7107] RDX: 0000000000040002 RSI: 00007fb977e62c00 RDI: ffffffffffffff9c [ 311.297800][ T7107] RBP: 00007fb977e62c00 R08: 0000000000000000 R09: 0000000000000000 [ 311.305835][ T7107] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 311.313829][ T7107] R13: 00007fb979ec5218 R14: 00007fb979ec5180 R15: 00007ffdc2774af8 [ 311.321842][ T7107] [ 311.325162][ T7107] Kernel Offset: disabled [ 311.329518][ T7107] Rebooting in 86400 seconds..