last executing test programs: 2.158030195s ago: executing program 0 (id=10167): r0 = socket$netlink(0x10, 0x3, 0xa) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000580)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0xf0}}, 0x0) 2.04783975s ago: executing program 0 (id=10169): r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000001400)=@get={0x1, &(0x7f0000000400)=""/4096, 0x3}) 1.984605763s ago: executing program 0 (id=10170): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x14, 0x1d, 0x107, 0x0, 0x1, {0x5, 0x7c}}, 0x14}}, 0xc000) 1.831590231s ago: executing program 0 (id=10175): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301) lseek(r0, 0x5, 0x3) 1.64537222s ago: executing program 0 (id=10179): sendmsg$key(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x2, 0x11, 0x4, 0x8, 0xa, 0x0, 0x70bd27, 0x25dfdbfe, [@sadb_x_filter={0x5, 0x1a, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@loopback, 0x28, 0x8, 0x1c}, @sadb_address={0x3, 0x7, 0xff, 0x20, 0x0, @in={0x2, 0x4e22, @rand_addr=0x64010101}}]}, 0x50}}, 0x10) syz_usb_connect(0x0, 0x5d, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000551b8920b822276080c20102030109024b0001000000000904000000020a0000052406000005241d00000d240f01000200000000000200072414003824d0062413"], 0x0) 927.053255ms ago: executing program 3 (id=10194): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) 863.945018ms ago: executing program 1 (id=10195): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x578, 0x40, 0x1001, 0x0, 0xd968d5b908ac0cde, 0x0, {0xfffffffc, 0x8}, {0x350}, {0xf4ef}, {0x0, 0x0, 0xffe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x3e, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x8, 0x4, 0x0, 0x6}) 831.77278ms ago: executing program 2 (id=10196): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0x1b0, 0x19, 0x923, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@remote, 0x0, 0x0, 0x400, 0x0, 0xa, 0x0, 0x0, 0x87}, {}, {0x0, 0x0, 0xfffffffffffffffd}}, [@sec_ctx={0xf7, 0x8, {0x7f, 0x8, 0x1, 0x6, 0xeb, "73c8b90196451d7882c5d64dec21b36e4e9c8d188c3fecc4dfbdfcae9b06693c8337229ee7be43d1c70430296634a60916cf9d87b61e6ddf8dff594d9557482b23ed0bec5f39aa7e575412b2473ae01bceddf9f19c40a9180f36d7c11cc1c9aaa236453c64882c908cb0b72331641abbac65d40d9af0455451cb119e3fca446fe8ce04fada8b41d4d08a7bfa78d700404600773232b2bcffb8f8f1491688f236771d7948d76768ec8a5e06ffdb3187a416d1d70a7a9835212d8ca31a3c450e6a892d54c0a7c29281dc5e562915a94ffd7a44023e6027090b3aacb745f882477f5942c950f07a5a1ce75f3f"}}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x40}, 0x0) 793.768602ms ago: executing program 3 (id=10197): r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r0, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1) 677.612217ms ago: executing program 1 (id=10198): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x12a13, 0x1a001}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_SPORT={0x6, 0x11, 0x4e21}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e23}]}}}]}, 0x44}}, 0x20004000) 642.836569ms ago: executing program 3 (id=10199): capset(&(0x7f0000000840)={0x20080522}, &(0x7f0000000880)={0x0, 0xdd1, 0xffffffb3, 0x0, 0x88fd, 0x10}) shmget$private(0x0, 0x4000, 0x540008a0, &(0x7f0000ffa000/0x4000)=nil) 591.611441ms ago: executing program 2 (id=10200): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1bc, 0x19, 0x1, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x100000000, 0xca8}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x104, 0x5, [{{@in=@local, 0x4d5, 0x3c}, 0x0, @in=@broadcast}, {{@in6=@remote, 0x0, 0x3c}, 0x0, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x1}, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x6c}, 0x0, @in=@local, 0x0, 0x2, 0x0, 0x80}, {{@in6=@mcast1, 0x0, 0x32}, 0xa, @in6=@private1, 0x0, 0x1, 0x0, 0x2}]}]}, 0x1bc}}, 0x0) 544.530133ms ago: executing program 1 (id=10201): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000800)={0x0, 0x1, 0x3}, 0x10) 500.467766ms ago: executing program 2 (id=10202): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000400)=@newsa={0x184, 0x10, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0xfff7, 0x2000, 0x1, 0x0, 0x0, 0x0, 0x3b, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x6c}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x4}, {0x800000000000, 0x4, 0x40000000}, {}, 0x70bd25, 0x0, 0x2, 0x0, 0x1}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'blake2s-160-x86\x00'}, 0x0, 0x100}}]}, 0x184}}, 0x4810) 477.402307ms ago: executing program 3 (id=10203): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=@ipv6_newrule={0x30, 0x1a, 0x1, 0x70bd29, 0x0, {0x81}, [@FRA_DST={0x14, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}]}, 0x30}}, 0x0) 433.687529ms ago: executing program 1 (id=10204): rt_sigaction(0x1, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f00000002c0)) syz_clone3(&(0x7f00000006c0)={0x102102180, 0x0, 0x0, 0x0, {0x40}, 0x0, 0x0, 0x0, 0x0}, 0x58) 335.829844ms ago: executing program 2 (id=10205): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$SNDCTL_SEQ_OUTOFBAND(r0, 0x40085112, &(0x7f0000000040)=@l={0x92, 0xb, 0xd0, 0x15, 0x37, 0x3, 0x4}) 299.500526ms ago: executing program 3 (id=10206): r0 = syz_mount_image$msdos(&(0x7f0000000280), &(0x7f0000000080)='./file0\x00', 0x18013, &(0x7f00000000c0)={[{@nodots}, {@dots}, {@nodots}, {@fat=@nocase}, {@nodots}, {@nodots}, {@nodots}, {@fat=@codepage={'codepage', 0x3d, '932'}}, {@nodots}, {@nodots}, {@fat=@debug}, {@nodots}, {@nodots}, {@dots}, {@fat=@discard}, {@nodots}, {@nodots}, {@fat=@errors_continue}, {@fat=@nocase}, {@nodots}, {@fat=@time_offset={'time_offset', 0x3d, 0x4a3}}, {@dots}]}, 0x0, 0x20e, &(0x7f0000000800)="$eJzs3b2KE1EUAOAz2d38iGA6QRQGbCxkUVubiKwgBgRlC60UVptdEdwm2uw+hpWN7+QT+ACSKggykp1kZxINmmyS8ef7qnPP4f6FSzJN7jy7/Gp/7/Xhy88X30ezmUStE50YJNGOWowdx0y12SUA4E81yLL4kuXK+UZ1SwIAVmzW73/Jt3Ljw+SDQRLJfPN9Oj/3EgGAJXv85OmDO93uzqM0bUb0swt5+ri3mwf37nd3bqQn2kWvfq+3u3Fav5lOPzsM61txblS/lfdPJ+v1uHY1YqseEWma3n3Ynao3Ym+F+wYAAAAAAAAAAAAAAAAAAAAAgCpdiXSsHXH9dp7t93pb+f0+29vl+lBrdD9P3irdDzR1f89mXNocNYvrgbKjdW0MAAAAAAAAAAAAAAAAAAAA/iKHb9/tPz84ePGmCBoRMZmZJ0hGA59kNsbB/OOsKajF0kde2pYbq/8Qmj87AEVQX85crV+cqGTZhyRduPvXMx3+6WDBfdUj4kyz12aXBlmW/eYxHmtU9eUEAAAAAAAAAAAAAAAAAAD/meJPv6Vk52OFKwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9Sve/79AcBQRP5SGoyYTI59O1qpypwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzLvgcAAP//YrIp7w==") getdents64(r0, &(0x7f00000002c0)=""/189, 0xbd) 263.877528ms ago: executing program 1 (id=10207): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x3}}) 229.133359ms ago: executing program 2 (id=10208): unshare(0x2c020400) syz_io_uring_setup(0xf04, &(0x7f0000000180)={0x0, 0xd96d, 0x3f, 0xfffffffe, 0x24000, 0x0, 0x0}, 0x0, 0x0) 131.128544ms ago: executing program 0 (id=10209): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa00004, &(0x7f0000000200)={[{@adinicb}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@lastblock={'lastblock', 0x3d, 0x5}}, {@nostrict}, {}, {@iocharset={'iocharset', 0x3d, 'cp862'}}, {@mode={'mode', 0x3d, 0x8}}, {@fileset={'fileset', 0x3d, 0xd9}}, {@adinicb}, {@gid_forget}, {@lastblock={'lastblock', 0x3d, 0xa}}, {@adinicb}, {@adinicb}]}, 0x1, 0xc4d, &(0x7f0000001bc0)="$eJzs3U9sHNd9B/DfGy3FldxWTJwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQwWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr546nTaZsOhh9AYAOCBuDz2tVNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+/LzQ+e7eak98wH199pn49WxKxcbL83enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvnZr8vr1hcaZ585u2nx74L3+J44PXBh65uTT3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORopnv/+z1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnz32Fq6mt/6UZ2HL1UDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/ijilUjx87dPxLV8n6nuNV+MeKXMH0a8WeaLEan8YpyLeHeb7xGPploU8efl9b+wliar+0H3vnLp642vzlyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcRnIsXL//ZH1bjiqMalH7sw9PsDv9w7ZvypD9lPWfa5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vv2wGwMAAAAAAAAAAAAAAAAAAPCxVsRPI8UL75xIy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIt6PFN/55lqKFBHNiIno5Er/w24dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0X8IFI0/qB5Z10tIlL1b8eJ8pdz0Txc5iejOVTmi9G8mLNVZa357YfQfnanLxXxk0jRX3/rzgXP17+v8+nO1yDe/NbGp8/WOnmou3Hgvf4njh+7MDTy+ad2Wk7bNWDwUnvm1u3G+PDIyFjP6lo++id71g3k4xZ703UiYuH1N15rTU9Pzd//QvkVuM/q3Su5i6M/yIVUe2SaamEvFqJ2IJrxcPq+Sf1h3JzYd+Xz/91I8dvv/Hv3gd95/tfjlzqf7jzh4xd/svH8f2Hrju7x+V/bWi8//8snwXbP/yd71r2QfzfSV4uoL96c6zseUV94/Y2T7ZutG1M3pmbOnTr1laGhr5w91Xc4on69PT3Vs7QnpwsAAAAAAAAAAAAAAADgwUlF/G6kaP1kLTUi4nY1XmvgwtAzJ58+FIeq8Vabxm2/OnblYuOl2Ztz81MLC1OTjfGZ9rXZyal7PVy9Gu41PjyyL535UEf2uf1H6i/Nzr0+377xh4vbbj9av3h1YXG+dW37zXEkiohm75rBqsHjwyNVo6fbrZmq6ui2g+k/ur5UxH9EimvnGukLeV0e/791hP+m8f9LW3e0h+P/P390Y/zfJ3qKlsdMqYhfRIrf+oun4gtVO4/GXecsl/ubSDF4/nO5XBwuy3Xb0HmvQGdkYFn2fyLFP7y/uWx3POSTG2VPf6ST+wgor/+xSPGDP/te/Hpet/n9D9tf/6Nbd7RP73/4VM+6o5veV7DrrpOv/8lI8eKTb8VvVGv+7wPf/9F9Y8OJTuGN93Ps0/X/1Z51A/m4v7lXnQcAAAAAAAAAAHiE9aUi/jZS/Giklp7P6+7l7/9Nbt3RPv39r0/3rJvcm/mKPnRh1ycVAAAAAA6IvlTETyPFjcW37oyh3jz+u2f85+9sjP8cTlu2Vn/O9yvVewP28s//eg3k407svtsAAAAAAAAAAAAAAAAAAABwoKRUxPN5PvWJajz/5I7zqa9Eipf/69lcLh0vy3XngR+ofq1fnp05eXF6erYei62r01ONsbnWtamy7qcixdpffy7XLar51bvzzXfmeN+Yi30+Uoz8XbdsZy727tzknfnA6+vrEafLsp+IFP/595vL5qmp89zR1X7PlGX/KlJ845+2L3t8o+zZsuz3IsWPv9Holj1alu2+H/XTG2WfuzZb7MNVAQAAAAAAAAAAAAAAAAAA4OOmLxXxp5Hiv28u3xnLn+f/7+v5WHnzWz3z/W9xu5rnf6Ca/3+n5fuZ/796r8DSTkcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHU4oi3ogUc5fX0kp/+bmjfqk9c+v2+PDI9tWOpKrmoap8+VM/febsuS8/P3S+mx9cf699Jl4du3Kx8dLszbn5qYWFqcnG+Ez72uzk1D3vYbf1txqsTkDj5mu3Jq9fX2icee7sps23B97rf+L4wIWhZ04+3S07PjwyMtZTptZ330e/S9ph/eEo4i8jxbPf/1n6UX9EEbs/Fx/y3dlvR6pODFadGB8eqToy3W7NLJYbR7snooho9FRqds/RA7gWu9KMWCqbXzZ4sOze2FxrvnV1eqox2ppfbC+2Z2dGU6e1ZX8aUcT5FLEcEav9d++uL4p4LVJ899ha+uf+iEPd8/Cly2NfO3Vm53YU+9jHe1C2s9EXsVw8AtfsAOuPIv4xUvz87RPxL/0Rtej8xBcjXinzhxFvRud6p/KLcS7i3W2+RzyaalHE/5bX/8Jaeru/vB907yuXvt746sz12Z6y3fvKI/98eJAO+L2pHkX8uLrjr6V/9d81AAAAAAAAAAAAAAAAwAFSxK9FihfeOZGq8cF3xhS3Z240rrSuTneG9XXH/nXHTK+vr683UiebOSdyLuVczrmSczVnFLl+zmaZ9fX1ifx5KedyzpWcqznjUK6fs5lzIudSzuWcKzlXc0Yt18/ZzDmRcynncs6VnKs544CM3QMAAAAAAAAAAAAAAAAAAB4vRfVPiu98cy2t93fml56ITq6YD/Sx9/8BAAD//9kg9g0=") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) 87.662686ms ago: executing program 3 (id=10210): syz_mount_image$minix(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x2a0085e, &(0x7f0000000080)=ANY=[], 0x1, 0x235, &(0x7f0000000380)="$eJzs2z9v004cx/GPz06a9vdriygwIJAqEIWFhj8TAwK2Tn0Cnao2QIURhcLQCol2AQakTmwsTEhIDIwIlQ0x8QAYkNhAFR0iMTHUyMF/mlzSJFUSQ3i/lp79uYvvrDr5to4F4J91WeNy5Cgfbhwp7Fsfc7KeEoAeCaKf216QMnEIoL9dH856BgCysXVFenZC+l6+Pyc3H5cFYQXweVPSxsQjrSrKzYCkFx8lL6kfttakw16UOwUN1tYXz6WT8XhnyKo/wvFDJs7/25EMJvmp4/Hx/9ewRjSaC5P9Govy+eT1DzWtd7y2qiMAAPqTo8lmedhhoFFudHXBL51pOD5Xyc82zPOV/FyT/HyynU5k5un0vbfBxe0wn5y75c/vug4ANtPa9V/l09G07Ta5/r0G13/t3wkAem9peeXGrO8HD6RKo3Qn2hM14v8IpHtcq09HGvE9hxY6x3corSh8jR17XHv4+oS99s6twqQTG5XUnRP1BzdUJ/oy9fucJHtMN858VePYt58PF5+8ftNK51dtHsIkv3UzG6VyTR8ZqYvrGreuglm/0NpwZzUI2jxo3beL9MsBhU6/EwHoteLdm4vFpeWV0wuupGulXPyBP/V1s1LZF3ev7wH8vdIP/XrpmrUnqN6cfv/hR/nCy8d7OPIlSe/sG4IAAAAAAAAAAAAAAKBtB3Qw6ykAAAAA6BH76Z/bI3t/UMnUfYAv6zUCAAAAAAAAAAAAAAAAANBvfgUAAP//j68HxQ==") lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 70.530437ms ago: executing program 1 (id=10211): r0 = fsopen(&(0x7f0000000340)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='source', &(0x7f0000000000)='#\x00\x00\x00\x00\x00\x00\x00\x00\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xcc:rC\xb3=\x17\x02/x\x84=\x17\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\x00\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14ffff88804c355000(4096) [ 1119.658518][T27362] cramfs: Error -3 while decompressing! [ 1119.672114][T27362] cramfs: ffffffff96fe1368(26)->ffff88804c355000(4096) [ 1120.175783][T27387] netlink: 4 bytes leftover after parsing attributes in process `syz.1.9683'. [ 1120.629995][T27402] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9690'. [ 1120.665577][T27371] loop0: detected capacity change from 0 to 32768 [ 1120.703681][T27371] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.9675 (27371) [ 1120.771123][T27371] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1120.819703][T27371] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1120.832170][T27407] netlink: 'syz.3.9693': attribute type 21 has an invalid length. [ 1120.850306][T27371] BTRFS info (device loop0): using free space tree [ 1120.890485][T27407] IPv6: NLM_F_CREATE should be specified when creating new route [ 1120.927682][T27407] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1120.935001][T27407] IPv6: NLM_F_CREATE should be set when creating new route [ 1120.942303][T27407] IPv6: NLM_F_CREATE should be set when creating new route [ 1120.949576][T27407] IPv6: NLM_F_CREATE should be set when creating new route [ 1120.987765][T27425] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1121.089333][T27371] BTRFS info (device loop0): enabling ssd optimizations [ 1121.096330][T27371] BTRFS info (device loop0): auto enabling async discard [ 1121.584834][ T6424] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1122.243492][T27473] kcapi: manufacturer command 52776558133248 unknown. [ 1122.411897][T27479] loop0: detected capacity change from 0 to 512 [ 1122.487473][T27479] EXT4-fs: Ignoring removed nobh option [ 1122.597456][T27479] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #3: comm syz.0.9718: corrupted inode contents [ 1122.649063][T27479] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #3: comm syz.0.9718: mark_inode_dirty error [ 1122.700904][T27479] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #3: comm syz.0.9718: corrupted inode contents [ 1122.739332][T27479] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #3: comm syz.0.9718: mark_inode_dirty error [ 1122.796934][T27479] Quota error (device loop0): write_blk: dquota write failed [ 1122.817150][T27479] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 1122.882452][T27479] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.9718: Failed to acquire dquot type 0 [ 1122.908699][T27479] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.9718: corrupted inode contents [ 1122.921074][T27479] EXT4-fs error (device loop0): ext4_dirty_inode:6120: inode #16: comm syz.0.9718: mark_inode_dirty error [ 1122.948253][T27462] loop1: detected capacity change from 0 to 32768 [ 1122.986803][T27479] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.9718: corrupted inode contents [ 1123.013984][T27479] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz.0.9718: mark_inode_dirty error [ 1123.046810][T27479] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.9718: corrupted inode contents [ 1123.060490][T27462] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1123.089943][T27479] EXT4-fs error (device loop0) in ext4_orphan_del:301: Corrupt filesystem [ 1123.102220][T27479] EXT4-fs error (device loop0): ext4_do_update_inode:5244: inode #16: comm syz.0.9718: corrupted inode contents [ 1123.122537][T27479] EXT4-fs error (device loop0): ext4_truncate:4294: inode #16: comm syz.0.9718: mark_inode_dirty error [ 1123.181222][T27479] EXT4-fs error (device loop0) in ext4_process_orphan:343: Corrupt filesystem [ 1123.209440][T27462] OCFS2: ERROR (device loop1): int ocfs2_reserve_suballoc_bits(struct ocfs2_super *, struct ocfs2_alloc_context *, int, u32, u64 *, int): Invalid chain allocator 74 [ 1123.227513][T27479] EXT4-fs (loop0): 1 truncate cleaned up [ 1123.243461][T27479] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1123.263358][T27479] ext4 filesystem being mounted at /2338/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1123.277299][T27462] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1123.305962][T27462] OCFS2: Returning error to the calling process. [ 1123.326470][T27462] (syz.1.9713,27462,1):ocfs2_reserve_suballoc_bits:850 ERROR: status = -5 [ 1123.335018][T27462] (syz.1.9713,27462,1):ocfs2_reserve_new_inode:1091 ERROR: status = -5 [ 1123.363568][T27503] netlink: 'syz.2.9730': attribute type 3 has an invalid length. [ 1123.374412][T27462] (syz.1.9713,27462,1):ocfs2_reserve_new_inode:1114 ERROR: status = -5 [ 1123.385569][T27462] (syz.1.9713,27462,1):ocfs2_mknod:306 ERROR: status = -5 [ 1123.394109][T27503] netlink: 3 bytes leftover after parsing attributes in process `syz.2.9730'. [ 1123.403618][T27462] (syz.1.9713,27462,1):ocfs2_mknod:502 ERROR: status = -5 [ 1123.411062][T27462] (syz.1.9713,27462,1):ocfs2_mkdir:659 ERROR: status = -5 [ 1123.451810][T27479] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #12: block 13: comm syz.0.9718: bad entry in directory: inode out of bounds - offset=24, inode=33554445, rec_len=16, size=4096 fake=0 [ 1123.486128][T27479] EXT4-fs error (device loop0) in ext4_delete_entry:2800: Corrupt filesystem [ 1123.490402][ T6433] ocfs2: Unmounting device (7,1) on (node local) [ 1123.520325][ T786] usb 4-1: new full-speed USB device number 43 using dummy_hcd [ 1123.603366][ T6424] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1123.622045][ T1123] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1123.637136][ T1123] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u4:8: Failed to release dquot type 1 [ 1123.701517][ T786] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1123.710191][ T786] usb 4-1: not running at top speed; connect to a high speed hub [ 1123.724788][T27507] loop0: detected capacity change from 0 to 1024 [ 1123.731529][ T786] usb 4-1: config 0 has an invalid interface number: 88 but max is 0 [ 1123.731555][ T786] usb 4-1: config 0 has no interface number 0 [ 1123.731984][ T786] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 10 [ 1123.755227][T27507] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1123.787913][T27507] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1123.792196][ T786] usb 4-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 1123.824202][T27507] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1123.833920][ T786] usb 4-1: config 0 interface 88 has no altsetting 0 [ 1123.840746][T27507] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1123.852207][ T7024] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 1123.864848][ T786] usb 4-1: string descriptor 0 read error: -22 [ 1123.871422][ T786] usb 4-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 1123.883412][ T786] usb 4-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 1123.900947][T27507] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1123.920942][ T786] usb 4-1: config 0 descriptor?? [ 1123.945979][ T786] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.88/input/input76 [ 1124.045971][ T7024] usb 3-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 1124.057653][ T7024] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1124.066743][ T786] input: failed to attach handler mousedev to device input76, error: -5 [ 1124.087987][ T6424] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1124.100553][ T7024] usb 3-1: config 0 descriptor?? [ 1124.121030][ T7024] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 1124.212363][T20936] udevd[20936]: Error opening device "/dev/input/event4": Input/output error [ 1124.239981][T20936] udevd[20936]: Unable to EVIOCGABS device "/dev/input/event4" [ 1124.247697][T20936] udevd[20936]: Unable to EVIOCGABS device "/dev/input/event4" [ 1124.310232][ T6506] usb 4-1: USB disconnect, device number 43 [ 1124.339146][T27515] loop0: detected capacity change from 0 to 256 [ 1124.389097][T27515] FAT-fs (loop0): Directory bread(block 64) failed [ 1124.395906][T27515] FAT-fs (loop0): Directory bread(block 65) failed [ 1124.409592][T27515] FAT-fs (loop0): Directory bread(block 66) failed [ 1124.434999][T27515] FAT-fs (loop0): Directory bread(block 67) failed [ 1124.443106][T27515] FAT-fs (loop0): Directory bread(block 68) failed [ 1124.451192][T27515] FAT-fs (loop0): Directory bread(block 69) failed [ 1124.462825][T27515] FAT-fs (loop0): Directory bread(block 70) failed [ 1124.470890][T27515] FAT-fs (loop0): Directory bread(block 71) failed [ 1124.482817][T27515] FAT-fs (loop0): Directory bread(block 72) failed [ 1124.489430][T27515] FAT-fs (loop0): Directory bread(block 73) failed [ 1124.508425][ T7024] gp8psk: usb in 128 operation failed. [ 1124.521728][ T7024] gp8psk: usb in 137 operation failed. [ 1124.535686][ T7024] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1124.559173][ T7024] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 1124.584672][ T7024] usb 3-1: USB disconnect, device number 26 [ 1124.611653][T27521] loop1: detected capacity change from 0 to 8 [ 1124.649460][T27521] SQUASHFS error: Unable to read directory block [26067d:ffff] [ 1124.811873][T27523] loop0: detected capacity change from 0 to 4096 [ 1124.824691][T27523] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 1124.932042][T27523] ntfs3: loop0: Failed to initialize $Extend/$ObjId. [ 1125.350886][T27525] loop1: detected capacity change from 0 to 32768 [ 1125.400976][T27525] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.9740 (27525) [ 1125.426535][T27525] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1125.457282][T27525] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1125.485071][T27525] BTRFS info (device loop1): using free space tree [ 1125.653798][T27525] BTRFS info (device loop1): enabling ssd optimizations [ 1125.675795][T27525] BTRFS info (device loop1): auto enabling async discard [ 1125.959636][T27575] loop3: detected capacity change from 0 to 256 [ 1126.040271][T27575] FAT-fs (loop3): Directory bread(block 64) failed [ 1126.058794][ T6433] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1126.080608][T27575] FAT-fs (loop3): Directory bread(block 65) failed [ 1126.119687][T27575] FAT-fs (loop3): Directory bread(block 66) failed [ 1126.193277][T27575] FAT-fs (loop3): Directory bread(block 67) failed [ 1126.236089][T27575] FAT-fs (loop3): Directory bread(block 68) failed [ 1126.242668][T27575] FAT-fs (loop3): Directory bread(block 69) failed [ 1126.316482][T27575] FAT-fs (loop3): Directory bread(block 70) failed [ 1126.360011][T27575] FAT-fs (loop3): Directory bread(block 71) failed [ 1126.373595][T27575] FAT-fs (loop3): Directory bread(block 72) failed [ 1126.415113][T27575] FAT-fs (loop3): Directory bread(block 73) failed [ 1127.194044][ T6384] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 1127.333993][ T7024] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 1127.372227][ T6384] usb 1-1: Using ep0 maxpacket: 8 [ 1127.398960][ T6384] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 1127.407266][ T6384] usb 1-1: config 179 has no interface number 0 [ 1127.430608][ T6384] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1127.452480][ T6384] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1127.472678][ T6384] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1127.484932][ T6384] usb 1-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1127.510789][ T6384] usb 1-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1127.529586][ T7024] usb 4-1: Using ep0 maxpacket: 16 [ 1127.538884][ T6384] usb 1-1: config 179 interface 65 has no altsetting 0 [ 1127.546091][ T7024] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1127.555909][ T6384] usb 1-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1127.570252][ T7024] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1127.575485][ T6384] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1127.601363][ T7024] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1127.616527][ T6384] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input77 [ 1127.622853][ T7024] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1127.650376][ T7024] usb 4-1: Product: syz [ 1127.669110][ T7024] usb 4-1: Manufacturer: syz [ 1127.678306][ T7024] usb 4-1: SerialNumber: syz [ 1127.867908][ T6384] usb 1-1: USB disconnect, device number 47 [ 1127.874057][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1127.884510][ T6384] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1128.111018][ T7024] usb 4-1: cannot find UAC_HEADER [ 1128.127795][ T7024] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 1128.137882][ T7024] usb 4-1: USB disconnect, device number 44 [ 1128.161315][ T6735] udevd[6735]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1128.797069][T27660] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9798'. [ 1128.825554][T27660] netlink: 28 bytes leftover after parsing attributes in process `syz.2.9798'. [ 1129.322321][T27683] loop0: detected capacity change from 0 to 128 [ 1129.350626][T27683] VFS: Found a Xenix FS (block size = 1024) on device loop0 [ 1129.583977][ T6424] sysv_free_block: flc_count > flc_size [ 1129.604608][ T6424] sysv_free_block: flc_count > flc_size [ 1129.616166][ T6424] sysv_free_block: flc_count > flc_size [ 1129.634770][ T6424] sysv_free_block: flc_count > flc_size [ 1129.645278][ T6424] sysv_free_block: flc_count > flc_size [ 1129.653473][ T6424] sysv_free_block: flc_count > flc_size [ 1129.664342][ T6424] sysv_free_block: flc_count > flc_size [ 1129.672298][ T6424] sysv_free_block: flc_count > flc_size [ 1129.695745][ T6424] sysv_free_block: flc_count > flc_size [ 1129.711520][ T6424] sysv_free_block: flc_count > flc_size [ 1129.729748][ T6424] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1130.006559][T27713] loop1: detected capacity change from 0 to 256 [ 1130.084295][T27713] FAT-fs (loop1): Directory bread(block 64) failed [ 1130.092045][T27717] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 1130.104065][T27713] FAT-fs (loop1): Directory bread(block 65) failed [ 1130.130445][T27713] FAT-fs (loop1): Directory bread(block 66) failed [ 1130.148210][ T6503] usb 1-1: new full-speed USB device number 48 using dummy_hcd [ 1130.158529][T27713] FAT-fs (loop1): Directory bread(block 67) failed [ 1130.165200][T27713] FAT-fs (loop1): Directory bread(block 68) failed [ 1130.191314][T27713] FAT-fs (loop1): Directory bread(block 69) failed [ 1130.201824][T27713] FAT-fs (loop1): Directory bread(block 70) failed [ 1130.210023][T27713] FAT-fs (loop1): Directory bread(block 71) failed [ 1130.221212][T27713] FAT-fs (loop1): Directory bread(block 72) failed [ 1130.239893][T27721] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9828'. [ 1130.240816][T27713] FAT-fs (loop1): Directory bread(block 73) failed [ 1130.360024][ T6503] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1130.390458][ T6503] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 3 [ 1130.400885][ T6503] usb 1-1: config 0 has no interface number 1 [ 1130.407042][ T6503] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac [ 1130.437512][ T6503] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1130.454775][ T6503] usb 1-1: config 0 descriptor?? [ 1130.470144][ T6503] usb 1-1: unknown number of interfaces: 2 [ 1130.734278][ T6503] usb 1-1: USB disconnect, device number 48 [ 1130.810214][T27743] loop1: detected capacity change from 0 to 1024 [ 1130.854863][T27743] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 1130.871470][T27743] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1130.895883][T27743] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 1130.906368][T27743] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1130.915676][T27743] EXT4-fs error (device loop1): ext4_read_inode_bitmap:168: comm syz.1.9839: Inode bitmap for bg 0 marked uninitialized [ 1130.932748][T27743] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1130.953230][T27749] netlink: 68 bytes leftover after parsing attributes in process `syz.2.9841'. [ 1130.991884][T27743] EXT4-fs (loop1): ext4_remount: Checksum for group 0 failed (32298!=35945) [ 1131.085429][ T6433] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1131.256363][T27759] loop2: detected capacity change from 0 to 1024 [ 1131.666608][T27777] loop1: detected capacity change from 0 to 256 [ 1131.736627][T27777] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d) [ 1132.067662][T27791] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1132.249394][ T27] audit: type=1326 audit(1763536684.696:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27795 comm="syz.3.9865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a26d8f6c9 code=0x7ffc0000 [ 1132.318510][ T27] audit: type=1326 audit(1763536684.696:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27795 comm="syz.3.9865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a26d8f6c9 code=0x7ffc0000 [ 1132.385455][ T27] audit: type=1326 audit(1763536684.696:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27795 comm="syz.3.9865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f2a26d8f6c9 code=0x7ffc0000 [ 1132.469530][ T27] audit: type=1326 audit(1763536684.696:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27795 comm="syz.3.9865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a26d8f6c9 code=0x7ffc0000 [ 1132.540174][ T27] audit: type=1326 audit(1763536684.696:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27795 comm="syz.3.9865" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a26d8f6c9 code=0x7ffc0000 [ 1132.698933][T27812] netlink: 14 bytes leftover after parsing attributes in process `syz.3.9872'. [ 1132.885967][T27786] loop2: detected capacity change from 0 to 32768 [ 1132.924750][ T27] audit: type=1800 audit(1763536685.414:107): pid=27786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.9859" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 1133.036689][T27818] netlink: 'syz.1.9875': attribute type 1 has an invalid length. [ 1133.146402][T27821] loop3: detected capacity change from 0 to 256 [ 1133.187413][T27821] exfat: Deprecated parameter 'namecase' [ 1133.193135][T27821] exfat: Deprecated parameter 'namecase' [ 1133.329067][T27821] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 1133.758341][T27839] netlink: 14 bytes leftover after parsing attributes in process `syz.2.9885'. [ 1133.803827][T27842] overlayfs: conflicting options: nfs_export=on,index=off [ 1134.192939][T27854] loop2: detected capacity change from 0 to 128 [ 1134.223321][T27854] VFS: Found a Xenix FS (block size = 1024) on device loop2 [ 1134.366138][ T6431] sysv_free_block: flc_count > flc_size [ 1134.373719][ T6431] sysv_free_block: flc_count > flc_size [ 1134.379317][ T6431] sysv_free_block: flc_count > flc_size [ 1134.402530][ T6431] sysv_free_block: flc_count > flc_size [ 1134.423914][ T6431] sysv_free_block: flc_count > flc_size [ 1134.454802][ T6431] sysv_free_block: flc_count > flc_size [ 1134.460375][ T6431] sysv_free_block: flc_count > flc_size [ 1134.494815][ T6431] sysv_free_block: flc_count > flc_size [ 1134.500400][ T6431] sysv_free_block: flc_count > flc_size [ 1134.519414][ T6431] sysv_free_block: flc_count > flc_size [ 1134.535029][ T6431] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1134.601129][T27866] netlink: 40 bytes leftover after parsing attributes in process `syz.0.9898'. [ 1134.677719][T27872] netlink: 14 bytes leftover after parsing attributes in process `syz.1.9902'. [ 1134.678801][T27870] SET target dimension over the limit! [ 1135.234788][T27891] netlink: 224 bytes leftover after parsing attributes in process `syz.2.9910'. [ 1135.577097][T27900] loop1: detected capacity change from 0 to 4096 [ 1135.612611][T27900] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1135.670799][T27909] loop2: detected capacity change from 0 to 256 [ 1135.728578][T27900] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 1135.756572][T27900] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1135.778200][T27900] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 1135.813862][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 1135.820280][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 1135.836893][T27909] FAT-fs (loop2): Directory bread(block 64) failed [ 1135.843461][T27909] FAT-fs (loop2): Directory bread(block 65) failed [ 1135.880056][T27909] FAT-fs (loop2): Directory bread(block 66) failed [ 1135.899467][T27900] ntfs: volume version 3.1. [ 1135.908630][T27909] FAT-fs (loop2): Directory bread(block 67) failed [ 1135.915301][T27909] FAT-fs (loop2): Directory bread(block 68) failed [ 1135.970565][T27909] FAT-fs (loop2): Directory bread(block 69) failed [ 1135.999879][T27909] FAT-fs (loop2): Directory bread(block 70) failed [ 1136.031629][T27909] FAT-fs (loop2): Directory bread(block 71) failed [ 1136.038279][T27909] FAT-fs (loop2): Directory bread(block 72) failed [ 1136.085239][T27909] FAT-fs (loop2): Directory bread(block 73) failed [ 1136.489858][T27929] overlayfs: conflicting options: nfs_export=on,index=off [ 1137.130677][T14845] usb 4-1: new full-speed USB device number 45 using dummy_hcd [ 1137.317908][T14845] usb 4-1: config 0 has an invalid interface number: 132 but max is 0 [ 1137.340001][T14845] usb 4-1: config 0 has no interface number 0 [ 1137.362252][T14845] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 1137.381719][T14845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1137.399261][T14845] usb 4-1: Product: syz [ 1137.409264][T14845] usb 4-1: Manufacturer: syz [ 1137.413888][T14845] usb 4-1: SerialNumber: syz [ 1137.434838][T14845] usb 4-1: config 0 descriptor?? [ 1137.450969][T14845] hub 4-1:0.132: bad descriptor, ignoring hub [ 1137.465379][T14845] hub: probe of 4-1:0.132 failed with error -5 [ 1137.490268][T14845] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.132/input/input78 [ 1137.623988][ T786] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 1137.704121][T27955] ALSA: mixer_oss: invalid OSS volume ';ʸgԊ8\>Pxi9 h~)V' [ 1137.712656][T27955] ALSA: mixer_oss: invalid OSS volume '*bbX-]OF{T0pc' [ 1137.736458][T27955] ALSA: mixer_oss: invalid OSS volume 'gI"4-Z' [ 1137.756910][T27955] ALSA: mixer_oss: invalid OSS volume 'eQCȡ*qpAڜe T|K' [ 1137.798044][T27955] ALSA: mixer_oss: invalid OSS volume ':az]qeXfb]݆B.' [ 1137.846223][T27955] ALSA: mixer_oss: invalid OSS volume 'j|q⩃˚[w3^.ג' [ 1137.851663][ T786] usb 1-1: Using ep0 maxpacket: 8 [ 1137.892185][T27955] ALSA: mixer_oss: invalid OSS volume '"P޸ۜo[8>7|YMepq' [ 1137.901465][ T786] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1137.926249][ T786] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1137.930147][T27955] ALSA: mixer_oss: invalid OSS volume 'wI׷#t\W,bP=&e' [ 1137.943747][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1137.977104][T27960] loop2: detected capacity change from 0 to 8 [ 1137.978976][ T786] usb 1-1: config 0 descriptor?? [ 1138.015442][T27955] ALSA: mixer_oss: invalid OSS volume ']za-!)ϻvCYps' [ 1138.028615][ T786] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1138.043765][T27955] ALSA: mixer_oss: invalid OSS volume 'LE]Dxt݂OY3fk$T "' [ 1138.072859][T27955] ALSA: mixer_oss: invalid OSS volume '[' [ 1138.089545][T27955] ALSA: mixer_oss: invalid OSS volume '3A14IN+|\' [ 1138.134124][T27960] SQUASHFS error: Failed to read block 0x1ec: -5 [ 1138.142002][T27955] ALSA: mixer_oss: invalid OSS volume '$magic != lock) [ 1157.727261][T28592] WARNING: CPU: 0 PID: 28592 at kernel/locking/mutex.c:582 __mutex_lock+0xb8c/0xcc0 [ 1157.742743][T28592] Modules linked in: [ 1157.746706][T28592] CPU: 0 PID: 28592 Comm: syz.3.10210 Not tainted syzkaller #0 [ 1157.754379][T28592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1157.764633][T28592] RIP: 0010:__mutex_lock+0xb8c/0xcc0 [ 1157.770046][T28592] Code: 04 08 84 c0 0f 85 20 01 00 00 83 3d dd 49 d3 03 00 0f 85 81 f5 ff ff 48 c7 c7 80 a7 aa 8a 48 c7 c6 20 a8 aa 8a e8 94 94 d8 f6 <0f> 0b e9 67 f5 ff ff 0f 0b e9 47 f9 ff ff 0f 0b e9 ff f5 ff ff 48 [ 1157.789827][T28592] RSP: 0018:ffffc900101a7920 EFLAGS: 00010246 [ 1157.796170][T28592] RAX: 8f4d5f1d12ecc700 RBX: ffff88805833f0a8 RCX: 0000000000080000 [ 1157.804379][T28592] RDX: ffffc9000df0c000 RSI: 00000000000121d7 RDI: 00000000000121d8 [ 1157.812421][T28592] RBP: ffffc900101a7a80 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 1157.820406][T28592] R10: dffffc0000000000 R11: ffffed10171c5183 R12: 0000000000000000 [ 1157.823925][T28589] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1157.828882][T28592] R13: 1ffff92002034f34 R14: dffffc0000000000 R15: 0000000000000000 [ 1157.845330][T28592] FS: 00007f2a27c0d6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1157.854316][T28592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1157.860980][T28592] CR2: 000000110c242543 CR3: 000000002498b000 CR4: 00000000003506f0 [ 1157.868998][T28592] Call Trace: [ 1157.872288][T28592] [ 1157.875232][T28592] ? mark_lock+0x94/0x320 [ 1157.879637][T28592] ? reiserfs_write_lock+0x79/0xd0 [ 1157.884771][T28592] ? mutex_lock_nested+0x20/0x20 [ 1157.889784][T28592] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1157.895832][T28592] ? lock_chain_count+0x20/0x20 [ 1157.900698][T28592] ? tomoyo_path_number_perm+0x4dc/0x590 [ 1157.906389][T28592] ? make_vfsuid+0x51/0xb0 [ 1157.910823][T28592] ? setattr_prepare+0x1e6/0xac0 [ 1157.915822][T28592] reiserfs_write_lock+0x79/0xd0 [ 1157.921070][T28592] reiserfs_setattr+0x3f4/0x11a0 [ 1157.926144][T28592] ? reiserfs_commit_write+0x590/0x590 [ 1157.931623][T28592] ? ktime_get_coarse_real_ts64+0x110/0x120 [ 1157.937563][T28592] ? current_time+0x1b7/0x270 [ 1157.942290][T28592] ? inode_set_ctime_current+0x2d0/0x2d0 [ 1157.947925][T28592] ? apparmor_path_chown+0x239/0x2d0 [ 1157.953329][T28592] ? evm_inode_setattr+0x94/0x6a0 [ 1157.958382][T28592] ? bpf_lsm_inode_setattr+0x9/0x10 [ 1157.963623][T28592] ? try_break_deleg+0x79/0x120 [ 1157.968475][T28592] ? reiserfs_commit_write+0x590/0x590 [ 1157.973984][T28592] notify_change+0xb0d/0xe10 [ 1157.978583][T28592] chown_common+0x3f9/0x5a0 [ 1157.983140][T28592] ? __ia32_sys_chmod+0x70/0x70 [ 1157.988003][T28592] ? rcu_read_lock_any_held+0xb4/0x120 [ 1157.993530][T28592] ? __mnt_want_write+0x223/0x2a0 [ 1157.998651][T28592] do_fchownat+0x168/0x270 [ 1158.003090][T28592] ? chown_common+0x5a0/0x5a0 [ 1158.007824][T28592] __x64_sys_lchown+0x85/0x90 [ 1158.012974][T28592] do_syscall_64+0x55/0xb0 [ 1158.017517][T28592] ? clear_bhb_loop+0x40/0x90 [ 1158.022200][T28592] ? clear_bhb_loop+0x40/0x90 [ 1158.027218][T28592] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1158.033123][T28592] RIP: 0033:0x7f2a26d8f6c9 [ 1158.037613][T28592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1158.057272][T28592] RSP: 002b:00007f2a27c0d038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 1158.065726][T28592] RAX: ffffffffffffffda RBX: 00007f2a26fe5fa0 RCX: 00007f2a26d8f6c9 [ 1158.073726][T28592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1158.081687][T28592] RBP: 00007f2a26e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1158.089713][T28592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1158.097721][T28592] R13: 00007f2a26fe6038 R14: 00007f2a26fe5fa0 R15: 00007ffdb7188828 [ 1158.105870][T28592] [ 1158.109143][T28592] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1158.116415][T28592] CPU: 0 PID: 28592 Comm: syz.3.10210 Not tainted syzkaller #0 [ 1158.123955][T28592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1158.133999][T28592] Call Trace: [ 1158.137270][T28592] [ 1158.140194][T28592] dump_stack_lvl+0x16c/0x230 [ 1158.144870][T28592] ? show_regs_print_info+0x20/0x20 [ 1158.150061][T28592] ? load_image+0x3b0/0x3b0 [ 1158.154556][T28592] panic+0x2c0/0x710 [ 1158.158444][T28592] ? bpf_jit_dump+0xd0/0xd0 [ 1158.162942][T28592] __warn+0x2e0/0x470 [ 1158.166911][T28592] ? __mutex_lock+0xb8c/0xcc0 [ 1158.171581][T28592] ? __mutex_lock+0xb8c/0xcc0 [ 1158.176252][T28592] report_bug+0x2be/0x4f0 [ 1158.180573][T28592] ? __mutex_lock+0xb8c/0xcc0 [ 1158.185242][T28592] ? __mutex_lock+0xb8c/0xcc0 [ 1158.189910][T28592] ? __mutex_lock+0xb8e/0xcc0 [ 1158.194580][T28592] handle_bug+0xcf/0x120 [ 1158.198813][T28592] exc_invalid_op+0x1a/0x50 [ 1158.203308][T28592] asm_exc_invalid_op+0x1a/0x20 [ 1158.208149][T28592] RIP: 0010:__mutex_lock+0xb8c/0xcc0 [ 1158.213435][T28592] Code: 04 08 84 c0 0f 85 20 01 00 00 83 3d dd 49 d3 03 00 0f 85 81 f5 ff ff 48 c7 c7 80 a7 aa 8a 48 c7 c6 20 a8 aa 8a e8 94 94 d8 f6 <0f> 0b e9 67 f5 ff ff 0f 0b e9 47 f9 ff ff 0f 0b e9 ff f5 ff ff 48 [ 1158.233030][T28592] RSP: 0018:ffffc900101a7920 EFLAGS: 00010246 [ 1158.239083][T28592] RAX: 8f4d5f1d12ecc700 RBX: ffff88805833f0a8 RCX: 0000000000080000 [ 1158.247038][T28592] RDX: ffffc9000df0c000 RSI: 00000000000121d7 RDI: 00000000000121d8 [ 1158.254993][T28592] RBP: ffffc900101a7a80 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 1158.262950][T28592] R10: dffffc0000000000 R11: ffffed10171c5183 R12: 0000000000000000 [ 1158.270909][T28592] R13: 1ffff92002034f34 R14: dffffc0000000000 R15: 0000000000000000 [ 1158.278877][T28592] ? mark_lock+0x94/0x320 [ 1158.283198][T28592] ? reiserfs_write_lock+0x79/0xd0 [ 1158.288313][T28592] ? mutex_lock_nested+0x20/0x20 [ 1158.293253][T28592] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1158.299236][T28592] ? lock_chain_count+0x20/0x20 [ 1158.304079][T28592] ? tomoyo_path_number_perm+0x4dc/0x590 [ 1158.309707][T28592] ? make_vfsuid+0x51/0xb0 [ 1158.314116][T28592] ? setattr_prepare+0x1e6/0xac0 [ 1158.319042][T28592] reiserfs_write_lock+0x79/0xd0 [ 1158.323968][T28592] reiserfs_setattr+0x3f4/0x11a0 [ 1158.328893][T28592] ? reiserfs_commit_write+0x590/0x590 [ 1158.334334][T28592] ? ktime_get_coarse_real_ts64+0x110/0x120 [ 1158.340217][T28592] ? current_time+0x1b7/0x270 [ 1158.344882][T28592] ? inode_set_ctime_current+0x2d0/0x2d0 [ 1158.350496][T28592] ? apparmor_path_chown+0x239/0x2d0 [ 1158.355764][T28592] ? evm_inode_setattr+0x94/0x6a0 [ 1158.360776][T28592] ? bpf_lsm_inode_setattr+0x9/0x10 [ 1158.365955][T28592] ? try_break_deleg+0x79/0x120 [ 1158.370788][T28592] ? reiserfs_commit_write+0x590/0x590 [ 1158.376230][T28592] notify_change+0xb0d/0xe10 [ 1158.380812][T28592] chown_common+0x3f9/0x5a0 [ 1158.385303][T28592] ? __ia32_sys_chmod+0x70/0x70 [ 1158.390139][T28592] ? rcu_read_lock_any_held+0xb4/0x120 [ 1158.395584][T28592] ? __mnt_want_write+0x223/0x2a0 [ 1158.400604][T28592] do_fchownat+0x168/0x270 [ 1158.405007][T28592] ? chown_common+0x5a0/0x5a0 [ 1158.409673][T28592] __x64_sys_lchown+0x85/0x90 [ 1158.414342][T28592] do_syscall_64+0x55/0xb0 [ 1158.418747][T28592] ? clear_bhb_loop+0x40/0x90 [ 1158.423407][T28592] ? clear_bhb_loop+0x40/0x90 [ 1158.428072][T28592] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1158.433948][T28592] RIP: 0033:0x7f2a26d8f6c9 [ 1158.438347][T28592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1158.457940][T28592] RSP: 002b:00007f2a27c0d038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 1158.466340][T28592] RAX: ffffffffffffffda RBX: 00007f2a26fe5fa0 RCX: 00007f2a26d8f6c9 [ 1158.474296][T28592] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1158.482251][T28592] RBP: 00007f2a26e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1158.490206][T28592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1158.498164][T28592] R13: 00007f2a26fe6038 R14: 00007f2a26fe5fa0 R15: 00007ffdb7188828 [ 1158.506126][T28592] [ 1158.509363][T28592] Kernel Offset: disabled [ 1158.513672][T28592] Rebooting in 86400 seconds..