last executing test programs:

8m52.481727343s ago: executing program 1 (id=435):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000040)='./file1\x00', 0x800810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatasum}, {@compress_force}, {@compress_algo={'compress', 0x3d, 'lzo'}}, {@flushoncommit}, {@autodefrag}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x65]}}, {@nodiscard}]}, 0xfb, 0x510a, &(0x7f000000d000)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h795j5Lrqw4Gf2dd4H97dBH4i5IfAQB3jgtdrOzzUpmKdpioKpaxLSlQhio29Dos32NhOwREgxwalKIKmJRL80SiOEKrzR1KLBAWaRHEjYRQ1D5SqEUmUiLROEFFoGkChEIlUs/ee2Tvn7jw23nW84fORvHNmvud55+E59945FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfjcc/9Jn/rZV/N7fXvToE5dOfPLQ5kuf/fxFZz8YwuTs45UsXBm4+vqJn9984S2H7th4w20nL357X14uj4fB2p+u/M4XY60nV4ZweyWEnjSwbigL9Ob3h2J9bxgK4awwF6iXmBrISqQNh+/3h3AkzAXqVX2vP4ShQuCSh+65+yu1xHX9IawOIVTTNh6vZm30p4Hz+rLAQBrY3ZMFfvVSph74blcWgFMW3wz1F/2xycYMo/OXa/L66120jr2y0uF1x8Ro83w/27zEnSroSx+YPKWnrVQdS6L09jju3bYM3m2l7Xytp634RSr/hvLSXKgaunZM7dx2xcz++EhXGBvrblbTEj3Pjzz/ue0LSS+b12HswOiivA6/+sDqm7vXfuD+29atfvroOw4/c6rd/FFhkxbTS60a8tfcsnkeowmfJ8vg7Vf6lrTKl64Qws5P/N4HW8VL8//R1vP/+HKOt10NuWOtLw5nc/P4yFBMPDeczc1b6VnoGAEAAGDxdRVSZ/5e091jd72nUHykmtRXmv+v6uz4f9wK+WQ+G+3xECZmE4dHQjhn9vEscFNs7uMjIbx5NjXZGNicBI6H8PrZxNp6VUmJFbHEqiTwk+E8MJEETsTAZBL4VgxcmwS+GAPHksD2GDieBC6MgTDdOI7fH87H0XGgPwa2ZhvxWDwL4RfDsbVkWz1WrwoAAGCR5LPD3sa7hXMdTjVDnF4e62+XIZ6B3TRDNakhncHWp1VNa+hpV0NXuxrq4z7Yevilmivtai6dhlFpzHD9L//mQ6GF0vx/vPX8vzpPRyql4/8hbJn9G3N35ZGZenzrZEMGAAAA4BQM/u+T32wVL83/Jzo7/z/uE+kuZA73xd0Qu0ZCGG8MZNX+YTmQHfUezAMAAACwHNSPx9ePhU/nt9kp2ul8upx/coH544H/iXnz9x2/c2ur/pbm/5Odnf8/0HibdeJE7MXXRkJYUQj8IPayFpi1KgZ+/N7GQD7+E3EDXBOryk9MqFd1TSyxNQbGk8CRZiV+WC9xTmMgf7LqjR+uj2M6L1EIAAAAwGkXdwfE4/Lx/P+3/GbjZ1qVK83/ty7s/P/ZeXDp9P6ZwRDW94TQnf4w4L6BbGHAGBiq5Im7BrK6utOqrhoI4YLawNKqnszX/+9J1xh8qD+rKgbOecvR58+rJb7ZH8L6YuDhj9z4zlpifxKoN/6X/SG8qTbatPHvrMga700b//qKEN5YCNSr+viKEGqN9aVV3VPNr2OQVvXP1RBeUwjUq3pXNYQDAYBlKv5XuqP44L4DV+7aNjMztXcJE3Effn/YOT0zNbZ998yOapM+7Uj63LCM0VXlMXV65ZvH8iWKPnzrlqFO0vXfCY4X28r345dOHMzvx+9CvbPj3NjbcHdTOuS3vbXcRGhY72n+IXct8ZAHipXMPYml+mP+vjAYVlyxb2rv2Ge37d+/d0P2t9PsG7O/8TBTtq02pNtqYL6+dfDyaLpaVuLlbqs1xUrW7798z/p9B65cN335tsumLpv61IZ3bRw/f3zT+LvPX18b1Xj2t81Q18xXdTLUl27scFyLONRzi8tkn45PDQkJieWW2D24puX/yaX5/57W8//4qRM/+fP1GZod/x+Nh/mzx+cO82+NgSOdHv8fbXY0v35iwKokcDAGDjrMDwAAwKtDnOTHvZlxr/RP137n6VblSvP/g539/n+R1v+vL11/cbNl/tfGEuPN1v9Pl/mvr/9/sNn6/+ky//X1/4+8Auv/X1EPJJvkF9b/BwAAXg1O3/r/bZf3Ty8QUMrQdnn/9AIBpQxtl/Hv9AIBC17///H//Kv/Di2U5v/Xdjb/t3A/AAAAnDm+8Gef+X+t4qX5/5HO5v+nf/2/0Oz8/1XNApPNFga0/h8AAADLVLP1/0avHvhYq3Kl+f+xzub/8bSLrobcsdYXh7M17UK6pt1zw/WfDAAAAMDy0BXGxno7zNuwMurml9/mI/lSoK3SRU/+ycmFnf9/vLP5f8PvMr76wOqbu9d+4P4Xb1u3+umj7zj8zNzxfwAAAGDpdLpfAgAAAAAAAAAAAAAAeOU9+R+HNrWKl37/H7bMPt7s9//xun/x9wWvbcgda22//l9+/5L333JgdsnC+4ZDeGsxsOvQrrNCfm3+NcXA3R9d+7pa4lBa4s4nLnyqlvhYGnjfurNfqCUuSAJb4yKJr08D8aqKL6xMAnF5xX9PA3F7HEsDfXngyyuzcVTSbfXToWxbVdJt9ehQCCOFQH1b3T6UtVFJB3hdEqgP8NNpIA7wz/NAV9qrWwazXsXAUCx6w2DWKwAAzljxW2Bv2Dk9MzUev8LH23N7Gm+jhiXLripXW+mw+cfypck+fOuWoU7S3el30blrjfeGam0IG0pfV4tZKrOjXJxa2my61zYZcrvV3rqalEstdNP1NR9Rfzaise27Z3b0th34pvZZNva0zbKhNNkpZuma3aQd1NJBXzoYUYfbpoMux/tdYWysO8n1BzE4Ghq0e0V0+nv94jp/zV4FxTyfOnn4V63qK83/Rzub/1eL43ohvxjAwXhlvb8bscw/AAAALK0vb/71N+K/D11978Ot8pbm/6s6m//HPVj5oeBsb8fxeP3/wyMhzF5afzQL3BSb+/hICG+eTU3GEtkF9S+OJcazwE1xh8naWGLrZGNVK2LgWBL4yXAeOJ4ETsRAvpfiaMh35fz9cAjvnE1taSyxJ5YYTQIfjIFVSWAsBsaTwMoYmEgCz67MA5NJ4N9iIEw3bqtbV+bbCgAAYCHyeVZv492QzvOO9bTLUGmXYaBdhq52GartMjQbRbz/7ZihNzl5pVLI1JvW2p/UUsoQL4a/4H6VMoQfNuZMC5aajucf1M83qDRmuOM9PdXQQmn+P97Z/H+g8TZr/USc/89d/y8L/CB272vx1PFVMfDj9zYG8h0DJ+Jk95p6VZN5iXzSfk0sMREDq5LAnhiYSAJbt+SBI69rDOQz7Xrjh+uNT+clCgEAAAA47eIOgribJs7/b9j3pcFW5Urz/4nO5v+xvcFiY1+MtZ5cGcLtlbne1APrhrJA3I8xFH8e/4ahEM4q7OCol5gayEr0JQ2H7/dnv1DvS6v6Xn/244N4/5KH7rn7K7XEdf0hrC7sfam38Xg1a6M/DZzXlwUG0sDuniwQ9/zUA9/tygJwyup7BeMLKj/VpW50/nJNXn+vlmuCpsMr7QOdJ998v7laKqUdrvk+1bqFPW0t99+yaEpvj+Pebcvx3Tbq3Vb8IpV/Q3lpLlQNXTumdm67YmZ/fKT4S9aSJXqei79S7SS9CK/Dgy+/t+1V0w6MJx8f4/OXm/91WInVffWB1Td3r/3A/betW/300XccfqbjbjQRfyh8z+f/dehHhc271Kohf80tu8+TSZ8ny+K/gYOFTs2dmV33u/m0bXn269e0ipfm/5Odzf97kttZv44bc99ICG8rbNz74ub/45Hsc7AQyD4lX1MOZIfc/2u46ScnAAAALLb6noX6/oLp/DY7ITydJ5fzTy4wf9xfMTFv/k77PfDXH13dKl6a/29tPf9fkXTT8X/H/1kijv/P60zfFb0ifeDgKe2KLlXHknD8f15n+rvN8f95Of7v+P98HP9vw/H/eZ3pT1vpW9IeX7pCCE//0V2PtoqX5v97Opv/W/9v/kX76uv/bW22/t+eZuv/HbT+HwAAsKSaLDSXzvNKq/eVMqSr95UytF0gsO0Sg9b/W/D6f0+d+/hvQgul+f/Bzub/8eUwWGx9uaz/t2pLk6qujYE9FgYEAADgTNRsBwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACvrDv+4X92tIrf+9uLHn3i0olPHtp86bOfv+jsB0OYnn28koUrA1dfP/Hzmy+85dAdG2+47eTFb6/m5Xrz2//fkDvW+uJwCEcKjwzFxHPDtTtzgUvef8uBnlrivuEQ3loM7Dq066xa4lvDIawpBu7+6NrX1RKH0hJ3PnHhU7XEx9LA+9ad/UItcUEeqKTd/ceVWXcraXe/sjKEkUKg3t1Prmysqt7Gn+aBrrSNfxrK2oiBoVj0G0NZGzEwE0tMrwhhfU8I3WlV91azqrrTqv6lmlXVnVb1hWoIF4QQetKqnujLqupJR/5gX1ZVDJzzlqPPn1dLHOkLYX0x8PBHbnxnLfHpJFBv/C/6QnhT7SWTNv7t3qzx3rTx63pDeGMIoS8t8cuerERfWuLJnhBeUwjUG/9ETwgHAq8K8cOn4RNt34Erd22bmZnau4SJvryt/rBzemZqbPvumR3VpE/NVArpl656+WN/7PnPba/dfvjWLUOdpHvycr2zXd7Y23B305ne+9ivgWIlc89Hqf6Yvy8MhhVX7JvaO/bZbfv3792Q/e00+8bsb3cezbbVhuWyrdYUK1m///I96/cduHLd9OXbLpu6bOpTG961cfz88U3j7z5/fW1U49nfxRjqjad/qOf2FCo5HR8AEhISyy3R1fDpNn6mf5CXvujPdbQ3VGc/oAvTir5SlsrsKBdj0JtP36BLU5LCiPoa+zbvdqlkX2/KWa5qzLKpNJmYq6U/yzL7va40OSw21jW7SeP9rjA21t1sO4w23i1u3p+dwuZ9JN90naYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6PHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W4fRswEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//PTUiXg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40305829, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r1, 0x0, 0x0, 0x4fed3)

8m50.288717138s ago: executing program 1 (id=440):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa8442, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002580)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2b, 0x2, {0x0, 0x0, 0x0, 0x0, {0xa, 0x10}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_route={{0xa}, {0x8, 0x2, [@TCA_ROUTE4_ACT={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x2)

8m49.091521971s ago: executing program 1 (id=446):
semtimedop(0x0, 0x0, 0x0, 0x0)
semop(0x0, 0x0, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$sysctl(0xffffffffffffffff, &(0x7f0000000100)='0\x00', 0x2)
ioctl$XFS_IOC_READLINK_BY_HANDLE(0xffffffffffffffff, 0xc038586c, &(0x7f0000000280)={r1, &(0x7f0000000100)='bridge\x00', 0x41, &(0x7f0000000180)={@align=0x8, {0x4, 0x6, 0xc7, 0x6}}, 0xffffffff, &(0x7f0000000200)={@_ha_fsid}, 0x0})
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r2, 0xc0884123, &(0x7f0000000300)={0x1, "a89371362a57de30ccac595a5f2f17750839482edb7662efaa7a050000009f8b8c31646057f64d843be23ae004e200", {0x90000000008b1a, 0xfffffffffffff021}})

8m45.657985832s ago: executing program 1 (id=461):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x20000, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=[@code={0xa, 0x4d, {"2ef30f096746d1150100000066ba6100ecf30faed2470fa10f78a52c00000065400f01c866470f38819a7500000066b8a6000f00d8c423614c516308"}}], 0x4d})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f00000004c0)=[@code={0xa, 0x59, {"0f380a669766ba6100b000eeb98f31090000008c000000ba000000000f30c4827941fac4e1f96e42e46505e7ee1921b9500b00000f328fe9209b7ce100c403790cde08c461f8ae18"}}], 0x59})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000000c0)={0x3})
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000140)={[{0x2, 0xc, 0x6, 0x3, 0x40, 0x2, 0x42, 0x9, 0x1, 0x4, 0x2, 0x8, 0x4}, {0x1, 0x8000, 0x7, 0x0, 0x8, 0x4, 0x49, 0xff, 0x2, 0x1, 0x9, 0xf, 0x20000000006}, {0x2, 0x5, 0x5, 0x84, 0x8, 0x7, 0xfd, 0x40, 0x5, 0x5, 0x2, 0x3}], 0x8f87})
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0)
ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000040)=0x3)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000140)={0xa3, 0x0, 0x0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8m43.022671671s ago: executing program 1 (id=464):
r0 = syz_open_dev$ndb(&(0x7f0000000480), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000008000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000f98500000006000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000740)="ba37bc6e74cc160f3f46dd21efc8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r1}, 0x1c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000300)={r2, &(0x7f0000000240)="9795679a6bce772b7a7a0bb0ecaed3278718305ba6a9046b3fea157cc4f08a68b63da6d30aa53fd1f6200774ea79c8abd9996ad3187a8282cbe90af965643b917c2414a7649c53ade8a741a5cd91dc9252b8822fbcaee533d66d819af21e2698ea61d1b4001bec21288685cf1fac689f19f64165514d955683d1dde9b63a7fd8da21f13823e0c53edb72eb4072a25c762b51e117d117b8e196455e6cb598e2608df7a3a39364d3d0289e7775dc1bcb2f49064e"}, 0x20)
ioctl$NBD_DISCONNECT(r0, 0xab08)
r3 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x2, @empty}, 0x1c)
socket$unix(0x1, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x1, 0x20e}, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)
mq_notify(0xffffffffffffffff, &(0x7f0000002b00)={0x0, 0x41})
syz_open_dev$tty1(0xc, 0x4, 0x4)

8m41.664722302s ago: executing program 1 (id=469):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x3, 0xd}, {}, {0x3, 0xfff1}}}, 0x24}}, 0x40004)

8m25.36690411s ago: executing program 32 (id=469):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x3, 0xd}, {}, {0x3, 0xfff1}}}, 0x24}}, 0x40004)

5m50.670412812s ago: executing program 3 (id=921):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$inet_mtu(0xffffffffffffffff, 0x29, 0x50, 0x0, 0x0)
connect$inet6(r0, 0x0, 0x0)
bind$ax25(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @default, 0x5}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @bcast, @null]}, 0x48)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f00000000c0))
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
unshare(0x22020400)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000040), 0x0)

5m49.446700937s ago: executing program 3 (id=924):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x44)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, &(0x7f0000000340))
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{0x0}], 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'})
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB], 0x16)

5m47.976054514s ago: executing program 3 (id=928):
socket$kcm(0xa, 0x2, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20004015}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0xd, 0x20000000000000bb, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb714000008"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x0, 0x0, 0x0, 0x2000004, 0x0, 0x0, 0x1f00, 0x39, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x6, 0x200008, 0x5, 0x20003}, 0x10}, 0x94)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600000000000000500000014000500200100000000000000000300000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="280000001000010800000000000000", @ANYRES32=0x0, @ANYBLOB="b40200000000000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x24040000}, 0x0)

5m47.68103156s ago: executing program 3 (id=930):
r0 = getpgrp(0x0)
socket$inet6(0xa, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x4, &(0x7f00000002c0)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7f}}]}, 0x1, 0x4c0, &(0x7f0000000f00)="$eJzs3ctvW1UaAPDPdpMmaWb6mNGo7WimlTpS56HmqVGTmdnMaoZFJUQlNiCVkLghxImj2ClN1EUCuy5YIBBIiAV7/gI2dEWFhFjDHrFARVCCBEhIRvfabhM3DhakMc39/aTbnPuwv3NifafnHt+bG0BmnU3+yUUMRsRHEXG0vrr9gLP1H5t3b0wnSy5qtctf5tLjkvXmoc3XHYmI9Yjoi4gn/hfxbO7BuJXVtfmpUqm43Fgfri4sDVdW1y7MLUzNFmeLi6MTFycnJ0bGxyb3rK03X37+5qV3H+t959uX7tx+5f33kmoNNvZtbcdeqje9J45v2XYoIv7zMIJ1QaHRnv5uV4SfJfn8fhcR59L8PxqF9NMEsqBWq9V+qB1ut3u9BhxY+XQMnMsPRUS9nM8PDdXH8L+PgXypXKn+42p5ZXGmPlY+Fj35q3Ol4kjjXOFY9OSS9dG0fH99rGV9PCIdA79a6E/Xh6bLpZn97eqAFkda8v+bQj3/gYxwyg/ZJf8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/yC75D9lV6HYFgK7x/z9k0uOXLiVLrXn/+8y11ZX58rULM8XK/NDCyvTQdHl5aWi2XJ5N79lZ+Kn3K5XLS6P/jJXrw9VipTpcWV27slBeWaxeSe/rv1Ls2ZdWAZ04fubWJ7mIWP9Xf7okehv75CocbLVaLrp9DzLQHab+ILtM/UF2OccHWv9Eb+u4oK/dC5fuzxcCj5Z8tysAdM35U77/g6wy/w/ZZf4fsssYH9jhEX3b7Db/DzyazP9Ddg22ef7Xb7Y8u2skIn4bER8Xeg43n/UFHAT5z3ON8f/5o38ZbN3bm/su/YqgNyJeePPy69enqtXl0WT7V/e2V99obB/b8sK2JwxAtzTztJnHAEB2bd69Md1c9jPuF/+tX4TwYPxDjbnJvvQ7yoHN3LZrFXJ7dO3C+kZEnNwpfq7xvPP6iczAZuGB+CcaP3P1t0jreyh9bvr+xD+1Jf6ft8Q//Yt/K5ANt5L+Z2Sn/MunOR338m97/zO4R9dOtO//8vf6v0Kb/u9MhzGee+vFz9rG34g4vWP8Zry+NFZr/KRu5zuMf+fpJ//Qbl/t7fr77BS/KSkNVxeWhiuraxfmFjZmi7PFxdGJi5OTEyPjY5PDV+dKxT8daR//3yc/vL1b+wca8Xui8/Yn2/7WYfu//+MHT53dJf5fz+38+Z/YJX5/RPy9w/hfj336TLt9SfyZNr///C7xk23jHcavvPb/wx0eCgDsg8rq2vxUqVRcVlBQ6Eph49dRjZZCt3sm4GGrrCan5knSd7smAAAAAAAAAAAAQKf243LibrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAg+DEAAP//KbnRCQ==")
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000280)='./bus\x00', 0x1400c, &(0x7f0000000300)={[{@test_dummy_encryption}, {@init_itable}, {@journal_async_commit}]}, 0x3, 0x470, &(0x7f0000000880)="$eJzs3M1vG0UbAPBn13H65k0hoZSvlo9AQVQIkqYt0AMHQCBxKBISHOBoJaEqTQtqgkSrSKQcygkhJO6II/8CJ7ggxAmJK9xRpQr1QsvJaL27iZ3YTtPYcYt/P8ntM/vhmce7Y8/u2AlgaE1l/yQReyPi94iYyIutG0zl/12/tjJ349rKXBL1+tt/JY3t/r62MlduWu433lyIJA62qXfpwsUztcXFhfNFeWb57EczSxcuPnf6bO3UwqmFc0dPnDh+bPbFF44+35M8xyMtojfe++rNk1+05L8hjx6Z6rbyqXq9x9UN1l1N8cgA28H2VIrjVW30/4moNB29iXj9s7XCpwNqINA39Xq9Pt559Wod+A9LorWsy8OwKD/oy+vfdtfBL/dt9DF4V1/JL4CyvK8Xj3zNyNodg+qG69temoqId1f/+SZ7RH/uQwAAtPghG/88m412Vuayscf6+CON+5u2u7uYG5qMiHsiYl9E3BvnYn9E3BfR2PaBiHhwm/U3TZI0hpmbxz/plVtO7iZk47+Xirmt1vFfOfqLyUqjdCEvRDV5//TiwpHiNTkc1T1ZebZLHT++9tuXndY1j/+yR1Z/ORYs2nFlZE/rPvO15dqtZ9zq6qWIAyPt8k/WZgKSiHgoIg60e4J06zpOP/Pdw53WbZ1/Fz2YaKp/G/F0fvxXY0P+paT7/OTM/2Jx4chMeVZs9suvl9/qVP+O8u+B7Pj/v+35v5b/ZNI8X7u0/Tou//F5x2uaqWoRbOP8X60t10aTdxrxaLHsk9ry8vnZiNHkZN7o5uVH1/cty+X2Wf6HD7Xv//ti/ZU4GBHZSfxIRDwaEY8Vx+7xiHgiIg51yf/nV5/8YOOysTL/2+D4z2/r+K8Ho9G6JG2zTRZUzvz0fUulk+thkf+N7u9/xxvR4WLJzbz/bW5F+2Cnrx8AAADcCdKI2BtJOr0Wp+n0dP4d/v351Hfm43Pz+W8EJqOalne6Jpruh84Wl/V5+VJE5F8tKNcfi7Rx3/jrylijPD334eL8QDMHxjv0/8yflUG3Dug7P9iC4aX/w/Dq2v+ru9cOYPdt6v9d+/yevrYF2F1tPv/HBtEOYPe1G//7ez8wHDb0f9N+METc/4fhpf/D8NL/YSgtjcXWP5LvGpTPdIu7bxVMROy0hYMJonpbNKNvQaR9r2K0v6dW34LkDmzzpmBw70kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC99G8AAAD//1KFzjw=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp(r0, r3, 0x3, 0xffffffffffffffff, 0xffffffffffffffff)

5m46.099416843s ago: executing program 3 (id=938):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x44)
getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r0, 0x84, 0x21, 0x0, &(0x7f0000000340))
syz_usb_connect$lan78xx(0x3, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
setresgid(0xee00, 0xee01, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{0x0}], 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'gre0\x00'})
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB], 0x16)

5m41.372794522s ago: executing program 3 (id=950):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$inet_mtu(0xffffffffffffffff, 0x29, 0x50, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
bind$ax25(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f00000000c0))
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
unshare(0x22020400)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000040), 0x0)

5m39.88389066s ago: executing program 33 (id=950):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getsockopt$inet_mtu(0xffffffffffffffff, 0x29, 0x50, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x1, @dev={0xfe, 0x80, '\x00', 0x39}, 0x3e}, 0x1c)
bind$ax25(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f00000000c0))
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, 0x0, 0x0)
unshare(0x22020400)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r4, &(0x7f0000000040), 0x0)

16.944821778s ago: executing program 5 (id=1812):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x375040, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x0, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2)
r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x1000, 0x4, 0x1, 0x2})

13.044908853s ago: executing program 5 (id=1820):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_io_uring_setup(0xf00, &(0x7f00000009c0)={0x0, 0x0, 0x3800, 0xffffffff, 0x0, 0x0, 0x0}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0, &(0x7f0000000180)=<r3=>0x0)
syz_io_uring_submit(r1, r2, r3, &(0x7f00000001c0)=@IORING_OP_READ_FIXED={0x4, 0x14, 0x2000, @fd_index=0x3, 0x8, 0xa95e, 0x100, 0x6})
io_uring_enter(r0, 0x1, 0x21, 0x1, 0x0, 0x0)

12.860825803s ago: executing program 4 (id=1822):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}], [], 0x2f})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r3, 0x0, 0x0)

12.415974736s ago: executing program 5 (id=1823):
fanotify_init(0x1, 0x1000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x11, 0x148, 0x1b0, 0x0, 0x1b0, 0x2a8, 0x2a8, 0x1b0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x4, 0x4, 0xd, 0x0, 0x9]}, {0x0, [0x2, 0x188, 0x0, 0x6, 0x2], 0x3}}}}, {{@ip={@loopback, @multicast1, 0xff000000, 0xffffffff, 'geneve1\x00', 'veth0_macvtap\x00', {0xff}, {0xff}, 0x6c, 0x0, 0x9}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280)
socket$nl_generic(0x11, 0x3, 0x10)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x5b, 0x2c00)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000680)={{0x9, 0x1, 0x3, 0x7, 'syz1\x00', 0xffffd424}, 0x1, [0x80000000, 0x3, 0x9, 0x64, 0x8, 0x4, 0xa91e, 0x5, 0x7, 0x8, 0x861, 0x1, 0x9, 0x4, 0x8, 0x9, 0x7, 0x5, 0x80, 0x6, 0x5, 0xc16a, 0x3, 0x9, 0x3244, 0x100000000, 0x33, 0x807, 0x100000001, 0x3, 0x8, 0xda75, 0x6, 0x8000000000000000, 0x6, 0xfffffffffffffffa, 0x2, 0x5, 0x8, 0x3, 0x1c, 0x9, 0x2, 0x3a9, 0x1, 0xa, 0x6, 0xd1, 0x254, 0x8, 0x2, 0xfffffffffffffffb, 0x1, 0x80000000, 0x20868803, 0x4, 0x2, 0x3, 0xfffffffffffffffd, 0x1, 0x81, 0x3e78d4f3, 0x7, 0xfc30, 0x0, 0x7, 0x81, 0x5, 0xf, 0xfffffffffffffffe, 0x2, 0x7f, 0x8000000000000001, 0xfff, 0x4, 0x4, 0x9, 0x0, 0x100000001, 0x1, 0x3, 0x5152f9e0, 0x9, 0x8, 0x3, 0x8000000000000001, 0x3b6c54fb, 0x3, 0x1, 0x1, 0x4, 0x401, 0x8000, 0x8, 0x6, 0x3, 0x8, 0x4, 0x9, 0x0, 0x3, 0x81, 0xe29, 0x2, 0x8b7, 0x7f26, 0xc, 0xffffffffffff0001, 0x400, 0xffffffffffffffff, 0xeff, 0x6, 0x5, 0xa0, 0x4, 0x3, 0x8, 0xbedd, 0x10001, 0x101, 0x9, 0x1ff, 0x3, 0x3, 0x8, 0x8000000000000, 0x8, 0x3]})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r3 = fanotify_init(0x200, 0x0)
r4 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1)
r5 = dup(r4)
fanotify_mark(r3, 0x1, 0x48000046, r5, 0x0)
r6 = dup(r4)
write$binfmt_elf64(r6, &(0x7f0000000800)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xff, 0x7f, 0xa3, 0x23e, 0x3, 0x3e, 0xc9, 0x3c9, 0x40, 0x2ea, 0x10000, 0x5, 0x38, 0x1, 0x6, 0x6b1, 0x400}, [{0x3, 0x81, 0x7, 0xff5, 0x5, 0x1ba, 0xfffffffffffffffc}]}, 0x78)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(0xffffffffffffffff, 0x3)

11.483356975s ago: executing program 4 (id=1825):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1800}, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x9, 0x0, 0x6}, 'syz0\x00', 0x3})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20020800}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, &(0x7f0000000080), &(0x7f0000000180)=r6}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(0x3)

11.331230323s ago: executing program 5 (id=1826):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x4)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = memfd_create(&(0x7f00000001c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xf7\x00d2*Nha\x97\xd5\f\xde@\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\x91\xeb\xfc_q\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1a\x81]\x01*\x1b\xfd\xbcMA\xdcq\xa1b\x17\xab\xe4\x14l\x9b$\x13\xa7\x00MO\xb8\xfdX\xaaf*Du\x02z\x89(\xbcu\x9e\xdf\xe7es\xb9\x1e\xb2\x83\xdc\x82\xed\xcf\x1e\xff\x00\x00\x00\x00g\xa2-\xb1\x94\x9b\x04\x899\xf25\xae\xbb[C\x8aH\xa0\xb1\xa4&\xfb\xe4\xae\xf9R[jQ\x92\xc6K\xe6U\xaa3\xeb\x93\x84bIn\xc9\x11e\xf6;\xce\xee\xe2\x84]\x1eF\xee\xaf\x97Md\xbb\xd1}\x91\x12`\x02\xaa\xb2\xe8F7\t\x92\xedO`\xf7jc\x00\x11|]\x13\xaa<)0\x95-\xe7\xc5\xceuB\xba\xd5\x10\x1d4\x8f@\xfd6\xed?\xe5\xb7\x9d\xb7\xc3+m\x94\xf7\x00g\xa8\xd0y\xaa\x86\f?c\x8c.\x05\n\xf1\x9dw8\xbb\xcf\x9a\xfewx\xb7\xea\xb0\xe0\xa2\xa6/u\x18\xb8\x912g\x19\xcauw\xa8\x93\x80h\xad\x04\xf9sCB?b?\x1a\x04\x11U\xac\b\x9b\xd3\x04\xd9\xdb\xa3?qny\x19f{F\xb0\xb2\xc6\xe9\x1f\x13\x14\xbb\xde\x06\x16\b\x95^q\x0f\xc6\x16\xfeG\xf9\xf3D\xe9:\x86\xc8!4\xa0+\xba\x87\xdd\xbc\xbd\x93\xbb\xef*:\x00Ld\x00'/408, 0x4)
ftruncate(r3, 0x40000001)

11.043941488s ago: executing program 4 (id=1828):
r0 = syz_open_dev$ndb(&(0x7f0000000480), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000008000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000f98500000006000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000740)="ba37bc6e74cc160f3f46dd21efc8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r1}, 0x1c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000300)={r2, &(0x7f0000000240)="9795679a6bce772b7a7a0bb0ecaed3278718305ba6a9046b3fea157cc4f08a68b63da6d30aa53fd1f6200774ea79c8abd9996ad3187a8282cbe90af965643b917c2414a7649c53ade8a741a5cd91dc9252b8822fbcaee533d66d819af21e2698ea61d1b4001bec21288685cf1fac689f19f64165514d955683d1dde9b63a7fd8da21f13823e0c53edb72eb4072a25c762b51e117d117b8e196455e6cb598e2608df7a3a39364d3d0289e7775dc1bcb2f49064e"}, 0x20)
ioctl$NBD_DISCONNECT(r0, 0xab08)
r3 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x2, @empty}, 0x1c)
socket$unix(0x1, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x1, 0x20e}, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)
mq_notify(0xffffffffffffffff, &(0x7f0000002b00)={0x0, 0x41})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f36006e090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000400000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617679314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec230911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918c91243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac5a4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4b333bd5bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3be3b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ce0700c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d486046b2c0e2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29c60acebdbe8ddbd75c2f998d8a57f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95ff80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513007000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d946a2daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810300000000000000a12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf000000800000000007b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae0e797e8bd1f4108b7807fb36207685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ad50dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b9048017848416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1db44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de9c0587c2cb5fe36d7d3e5db21b013b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cf4b23329072e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06810002000000000000957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f3e90d5943dbc10360a1a49700d1dfbf66d69f6fbafe1e83cdde8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000100", 0x35e}}, 0x1006)

9.574544056s ago: executing program 4 (id=1831):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x375040, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x0, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2)
r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x1000, 0x4, 0x1, 0x2})

9.327236169s ago: executing program 6 (id=1832):
socket(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
socket$inet6(0xa, 0x2, 0x0)
r0 = io_uring_setup(0x1d48, &(0x7f0000000340)={0x0, 0xb140, 0x1000, 0x3, 0x196})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000680)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7.97070722s ago: executing program 6 (id=1834):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$XFS_IOC_DIOINFO(0xffffffffffffffff, 0x800c581e, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x9, &(0x7f0000000380), 0xc)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)

7.324642724s ago: executing program 5 (id=1836):
fanotify_init(0x1, 0x1000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x11, 0x148, 0x1b0, 0x0, 0x1b0, 0x2a8, 0x2a8, 0x1b0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x4, 0x4, 0xd, 0x0, 0x9]}, {0x0, [0x2, 0x188, 0x0, 0x6, 0x2], 0x3}}}}, {{@ip={@loopback, @multicast1, 0xff000000, 0xffffffff, 'geneve1\x00', 'veth0_macvtap\x00', {0xff}, {0xff}, 0x6c, 0x0, 0x9}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280)
socket$nl_generic(0x11, 0x3, 0x10)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x5b, 0x2c00)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000680)={{0x9, 0x1, 0x3, 0x7, 'syz1\x00', 0xffffd424}, 0x1, [0x80000000, 0x3, 0x9, 0x64, 0x8, 0x4, 0xa91e, 0x5, 0x7, 0x8, 0x861, 0x1, 0x9, 0x4, 0x8, 0x9, 0x7, 0x5, 0x80, 0x6, 0x5, 0xc16a, 0x3, 0x9, 0x3244, 0x100000000, 0x33, 0x807, 0x100000001, 0x3, 0x8, 0xda75, 0x6, 0x8000000000000000, 0x6, 0xfffffffffffffffa, 0x2, 0x5, 0x8, 0x3, 0x1c, 0x9, 0x2, 0x3a9, 0x1, 0xa, 0x6, 0xd1, 0x254, 0x8, 0x2, 0xfffffffffffffffb, 0x1, 0x80000000, 0x20868803, 0x4, 0x2, 0x3, 0xfffffffffffffffd, 0x1, 0x81, 0x3e78d4f3, 0x7, 0xfc30, 0x0, 0x7, 0x81, 0x5, 0xf, 0xfffffffffffffffe, 0x2, 0x7f, 0x8000000000000001, 0xfff, 0x4, 0x4, 0x9, 0x0, 0x100000001, 0x1, 0x3, 0x5152f9e0, 0x9, 0x8, 0x3, 0x8000000000000001, 0x3b6c54fb, 0x3, 0x1, 0x1, 0x4, 0x401, 0x8000, 0x8, 0x6, 0x3, 0x8, 0x4, 0x9, 0x0, 0x3, 0x81, 0xe29, 0x2, 0x8b7, 0x7f26, 0xc, 0xffffffffffff0001, 0x400, 0xffffffffffffffff, 0xeff, 0x6, 0x5, 0xa0, 0x4, 0x3, 0x8, 0xbedd, 0x10001, 0x101, 0x9, 0x1ff, 0x3, 0x3, 0x8, 0x8000000000000, 0x8, 0x3]})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r3 = fanotify_init(0x200, 0x0)
r4 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1)
r5 = dup(r4)
fanotify_mark(r3, 0x1, 0x48000046, r5, 0x0)
r6 = dup(r4)
write$binfmt_elf64(r6, &(0x7f0000000800)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xff, 0x7f, 0xa3, 0x23e, 0x3, 0x3e, 0xc9, 0x3c9, 0x40, 0x2ea, 0x10000, 0x5, 0x38, 0x1, 0x6, 0x6b1, 0x400}, [{0x3, 0x81, 0x7, 0xff5, 0x5, 0x1ba, 0xfffffffffffffffc}]}, 0x78)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(0xffffffffffffffff, 0x3)

7.294940956s ago: executing program 0 (id=1837):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
r2 = gettid()
timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

6.920161925s ago: executing program 5 (id=1838):
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2000844, &(0x7f0000000100)=ANY=[@ANYBLOB='erRors=remount-ro,dots,uid=', @ANYRESHEX=0x0, @ANYBLOB=',allow_utime=00000000000000000000001,dmask=00000000000000000000005,dots,dots,nodots,time_offset=0xffffffffffffff93,check=strict,allow_utime=00000000000000000000003,errors=continue,allow_utime=00000000000000000000007,nodots,\x00'], 0x1, 0x23d, &(0x7f0000000a40)="$eJzs3cFq1EAcBvB/220be7Fn8RDw4qmobxBkBTEgrOSgJwPVSytCeome9jF8Bh/Jx+ipt4hN6NZUPUjadJvfD5Z87MfAzGVnDzO77x9+Ojr8fPKx+fEtkiSNWcQyziL2YzO2orXRPTfP805ctgwAYN0sFmU29hwY0MbVt6oqK7cjYvdKU3y/mUkBAAAAAAAAAAAwNOf/AWB6nP+/+6oqK/e672+/c/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGM9Z09xv/vEae34AwPDs/wAwPfZ/AJge+z8ATM+bt+9eZXk+X6RpEnG6rIu6aJ9t/+JlPn+SnttfjTqt62K7y/n8adun/X6vG//sj/1OPH7U9r+656/zXr8bh9e9eAAAAAAAAAAAAAAAAAAAALglDtILvfv9W21/8Le+TZd+H6B3f38WD2Y3tgwAAAAAAAAAAAAAAAAAAABYaydfvh6Vx8cfKkG4CPfiP0YlcTsmLwwSxv5kAgAAAAAAAAAAAAAAAACA6Vld+h17JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwntX//19fGHuNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDT8DAAA//8GmZGk")
syz_emit_ethernet(0x4a, &(0x7f0000000300)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x9, 0x6, '\x00', 0x14, 0x6, 0xff, @dev={0xfe, 0x80, '\x00', 0x39}, @local, {[], {{0x4e22, 0x4e24, 0x41424344, 0x41424344, 0x1, 0x0, 0x5, 0x10, 0x7, 0x0, 0x3}}}}}}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000004200)='qnx6\x00', 0xa18410, 0x0)

6.720748606s ago: executing program 6 (id=1839):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x8081)
writev(r0, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@multicast2, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1, 0x4, 0x0, 0xfffffffffffffff8, 0x0, 0x2}, {0x0, 0x0, 0x400000003, 0xfffffffffffffffc}, 0x1, 0x0, 0x1, 0x0, 0x3}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x4d3, 0x32}, 0x0, @in=@remote, 0x0, 0x0, 0x1, 0xb7, 0x3, 0xfffffffe}}, 0xe4)
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x1c)

5.614569894s ago: executing program 4 (id=1841):
r0 = syz_open_dev$ndb(&(0x7f0000000480), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000008000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000f98500000006000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000740)="ba37bc6e74cc160f3f46dd21efc8", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)=r1}, 0x1c)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000300)={r2, &(0x7f0000000240)="9795679a6bce772b7a7a0bb0ecaed3278718305ba6a9046b3fea157cc4f08a68b63da6d30aa53fd1f6200774ea79c8abd9996ad3187a8282cbe90af965643b917c2414a7649c53ade8a741a5cd91dc9252b8822fbcaee533d66d819af21e2698ea61d1b4001bec21288685cf1fac689f19f64165514d955683d1dde9b63a7fd8da21f13823e0c53edb72eb4072a25c762b51e117d117b8e196455e6cb598e2608df7a3a39364d3d0289e7775dc1bcb2f49064e"}, 0x20)
ioctl$NBD_DISCONNECT(r0, 0xab08)
r3 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x2, @empty}, 0x1c)
socket$unix(0x1, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0xc, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_io_uring_setup(0x4b6, &(0x7f0000000100)={0x0, 0x0, 0x400, 0x1, 0x20e}, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x4, 0xf, 0x80000006}, 0x0, 0x0)
mq_notify(0xffffffffffffffff, &(0x7f0000002b00)={0x0, 0x41})
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write$UHID_INPUT(r5, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f36006e090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000400000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617679314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec230911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918c91243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac5a4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4b333bd5bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3be3b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ce0700c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d486046b2c0e2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29c60acebdbe8ddbd75c2f998d8a57f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95ff80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513007000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d946a2daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810300000000000000a12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf000000800000000007b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae0e797e8bd1f4108b7807fb36207685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ad50dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b9048017848416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1db44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de9c0587c2cb5fe36d7d3e5db21b013b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cf4b23329072e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06810002000000000000957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f3e90d5943dbc10360a1a49700d1dfbf66d69f6fbafe1e83cdde8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000100", 0x35e}}, 0x1006)

5.088853272s ago: executing program 0 (id=1842):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="110c2dbd7000fedbdf256800000008000300", @ANYRES32, @ANYBLOB="1400c7"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x8000)

4.73133836s ago: executing program 2 (id=1843):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x7, 0x7ff}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_rdma(0x10, 0x3, 0x14)
unshare(0x6020400)
r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
lseek(r3, 0x851, 0x0)
write$P9_RLERRORu(0xffffffffffffffff, 0x0, 0x10)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x32ab60b1caec533c, 0xffffffffffffffff, 0x3000)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000380))
read$dsp(r4, &(0x7f0000000280)=""/85, 0x55)
mkdirat(0xffffffffffffff9c, 0x0, 0x110)
syz_emit_vhci(0x0, 0x0)
faccessat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x3, 0x1000)
ioctl$int_in(0xffffffffffffffff, 0x40000000af01, 0x0)
socket$packet(0x11, 0x3, 0x300)

4.706344852s ago: executing program 6 (id=1844):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1800}, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x9, 0x0, 0x6}, 'syz0\x00', 0x3})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20020800}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, &(0x7f0000000080), &(0x7f0000000180)=r6}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(0x3)

4.17837241s ago: executing program 6 (id=1845):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r3, &(0x7f0000000400)=""/4096, 0xc00)

4.086758924s ago: executing program 0 (id=1846):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
lseek(0xffffffffffffffff, 0x0, 0x4)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r3 = memfd_create(&(0x7f00000001c0)='\x00\xac=\x9d\xd2\xdb\xe6\xbf\xb4\xf2\xed\x04\x00\x00\x00\xf7\x00d2*Nha\x97\xd5\f\xde@\xd4N\x12\x9b\x1f\t\xd1Z+\x86T\x16\xf8\x01\x00\x00\x00\x9f+\x8d!\x0fG\xab\xc2\xdc\xa3\xb3\xae8\x9f9?\xefo\xa4k\x01\xb2>\xa1\x9c\x86xm\xe6\x9bZ4\x91\x1a\xdb\xdd\x89\xb9\x91\xeb\xfc_q\xc1jP\x8a\xc6[\xbd\xe7q]\xdd\r\x1a\x81]\x01*\x1b\xfd\xbcMA\xdcq\xa1b\x17\xab\xe4\x14l\x9b$\x13\xa7\x00MO\xb8\xfdX\xaaf*Du\x02z\x89(\xbcu\x9e\xdf\xe7es\xb9\x1e\xb2\x83\xdc\x82\xed\xcf\x1e\xff\x00\x00\x00\x00g\xa2-\xb1\x94\x9b\x04\x899\xf25\xae\xbb[C\x8aH\xa0\xb1\xa4&\xfb\xe4\xae\xf9R[jQ\x92\xc6K\xe6U\xaa3\xeb\x93\x84bIn\xc9\x11e\xf6;\xce\xee\xe2\x84]\x1eF\xee\xaf\x97Md\xbb\xd1}\x91\x12`\x02\xaa\xb2\xe8F7\t\x92\xedO`\xf7jc\x00\x11|]\x13\xaa<)0\x95-\xe7\xc5\xceuB\xba\xd5\x10\x1d4\x8f@\xfd6\xed?\xe5\xb7\x9d\xb7\xc3+m\x94\xf7\x00g\xa8\xd0y\xaa\x86\f?c\x8c.\x05\n\xf1\x9dw8\xbb\xcf\x9a\xfewx\xb7\xea\xb0\xe0\xa2\xa6/u\x18\xb8\x912g\x19\xcauw\xa8\x93\x80h\xad\x04\xf9sCB?b?\x1a\x04\x11U\xac\b\x9b\xd3\x04\xd9\xdb\xa3?qny\x19f{F\xb0\xb2\xc6\xe9\x1f\x13\x14\xbb\xde\x06\x16\b\x95^q\x0f\xc6\x16\xfeG\xf9\xf3D\xe9:\x86\xc8!4\xa0+\xba\x87\xdd\xbc\xbd\x93\xbb\xef*:\x00Ld\x00'/408, 0x4)
ftruncate(r3, 0x40000001)

2.984622373s ago: executing program 4 (id=1847):
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0xc45, 0x5112, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, "", [{{0x9, 0x4, 0x0, 0x7, 0x19, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x200, 0x3, 0x1, {0x22, 0x2d}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x0, 0xff, 0x3}}}}}]}}]}}, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@local})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x101000, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x4e2603, 0x0)
openat$6lowpan_control(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x6, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e})
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e})
close_range(r0, 0xffffffffffffffff, 0x0)

2.984160093s ago: executing program 2 (id=1848):
fanotify_init(0x1, 0x1000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='fdinfo/3\x00')
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x8001000000000000, 0x40, &(0x7f00000007c0)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x11, 0x148, 0x1b0, 0x0, 0x1b0, 0x2a8, 0x2a8, 0x1b0, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x4, 0x4, 0xd, 0x0, 0x9]}, {0x0, [0x2, 0x188, 0x0, 0x6, 0x2], 0x3}}}}, {{@ip={@loopback, @multicast1, 0xff000000, 0xffffffff, 'geneve1\x00', 'veth0_macvtap\x00', {0xff}, {0xff}, 0x6c, 0x0, 0x9}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280)
socket$nl_generic(0x11, 0x3, 0x10)
r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x5b, 0x2c00)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000680)={{0x9, 0x1, 0x3, 0x7, 'syz1\x00', 0xffffd424}, 0x1, [0x80000000, 0x3, 0x9, 0x64, 0x8, 0x4, 0xa91e, 0x5, 0x7, 0x8, 0x861, 0x1, 0x9, 0x4, 0x8, 0x9, 0x7, 0x5, 0x80, 0x6, 0x5, 0xc16a, 0x3, 0x9, 0x3244, 0x100000000, 0x33, 0x807, 0x100000001, 0x3, 0x8, 0xda75, 0x6, 0x8000000000000000, 0x6, 0xfffffffffffffffa, 0x2, 0x5, 0x8, 0x3, 0x1c, 0x9, 0x2, 0x3a9, 0x1, 0xa, 0x6, 0xd1, 0x254, 0x8, 0x2, 0xfffffffffffffffb, 0x1, 0x80000000, 0x20868803, 0x4, 0x2, 0x3, 0xfffffffffffffffd, 0x1, 0x81, 0x3e78d4f3, 0x7, 0xfc30, 0x0, 0x7, 0x81, 0x5, 0xf, 0xfffffffffffffffe, 0x2, 0x7f, 0x8000000000000001, 0xfff, 0x4, 0x4, 0x9, 0x0, 0x100000001, 0x1, 0x3, 0x5152f9e0, 0x9, 0x8, 0x3, 0x8000000000000001, 0x3b6c54fb, 0x3, 0x1, 0x1, 0x4, 0x401, 0x8000, 0x8, 0x6, 0x3, 0x8, 0x4, 0x9, 0x0, 0x3, 0x81, 0xe29, 0x2, 0x8b7, 0x7f26, 0xc, 0xffffffffffff0001, 0x400, 0xffffffffffffffff, 0xeff, 0x6, 0x5, 0xa0, 0x4, 0x3, 0x8, 0xbedd, 0x10001, 0x101, 0x9, 0x1ff, 0x3, 0x3, 0x8, 0x8000000000000, 0x8, 0x3]})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
r3 = fanotify_init(0x200, 0x0)
r4 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1)
r5 = dup(r4)
fanotify_mark(r3, 0x1, 0x48000046, r5, 0x0)
r6 = dup(r4)
write$binfmt_elf64(r6, &(0x7f0000000800)={{0x7f, 0x45, 0x4c, 0x46, 0x6, 0xff, 0x7f, 0xa3, 0x23e, 0x3, 0x3e, 0xc9, 0x3c9, 0x40, 0x2ea, 0x10000, 0x5, 0x38, 0x1, 0x6, 0x6b1, 0x400}, [{0x3, 0x81, 0x7, 0xff5, 0x5, 0x1ba, 0xfffffffffffffffc}]}, 0x78)
execveat(r6, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0xfffffffe, @empty, 0x5e}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(0xffffffffffffffff, 0x3)

2.421705722s ago: executing program 2 (id=1849):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
ioctl$XFS_IOC_DIOINFO(0xffffffffffffffff, 0x800c581e, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x9, &(0x7f0000000380), 0xc)
openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0)

2.415954382s ago: executing program 0 (id=1850):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xc0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r3, 0x0, 0x0)

512.897763ms ago: executing program 2 (id=1851):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
sched_setscheduler(0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x375040, 0x0)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000080))
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000240)=@mmap={0x1, 0x2, 0x4, 0x100000, 0x9, {}, {0x0, 0x2, 0x4, 0xc0, 0x0, 0xf0, "18a6fc23"}, 0x1, 0x1, {}, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000040)=0x1)
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2)
r2 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x1000, 0x4, 0x1, 0x2})

427.893297ms ago: executing program 0 (id=1852):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
socket$packet(0x11, 0x3, 0x300)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
accept4(r0, 0x0, 0x0, 0x0)
syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/pid_for_children\x00')
writev(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r1, @ANYBLOB="080001", @ANYRES32=r2], 0x90}}, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r3, &(0x7f00000000c0), 0x492492492492627, 0x0)

179.54488ms ago: executing program 6 (id=1853):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$nvram(0xffffff9c, &(0x7f0000000000), 0x101400, 0x0)
setsockopt$inet6_tcp_buf(r1, 0x6, 0x1a, &(0x7f0000000100)="3452d9c6721f7bb1490d86734cc7f2d551344df15ec8c4e43aef0b8cb1e57df54e6f02564f62632933838138a259ac51bbc929d2e43e5936f6ec06d5d9ddff7a2355fa5919f85c71328b7e1c8cf31127a73358535b70758524c33e196f545773fca4115e9b241161972d73c238f6bc2cf8c1b59e771629762104b0b7f7be023d9a8279de4c5ffefc2feb87a7b2", 0x8d)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_SYNC_WAIT(r0, 0x40109441, &(0x7f0000000240)={0x81, 0x0, 0x5})
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r2, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0}, 0x6e1}], 0x1, 0x20, 0x0)
r3 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
ioctl$HIDIOCGRDESCSIZE(r3, 0x80044801, &(0x7f0000000100))

120.894253ms ago: executing program 2 (id=1854):
syz_open_procfs$namespace(0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

21.796999ms ago: executing program 0 (id=1855):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1800}, 0x48)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x9, 0x0, 0x6}, 'syz0\x00', 0x3})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20020800}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r6}, &(0x7f0000000080), &(0x7f0000000180)=r8}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(0x3)

0s ago: executing program 2 (id=1856):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x28}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x3b, 0x10, 0x0, 0x1800}, 0x48)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000300), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x5)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f0000000480)={{0xfffc, 0x9, 0x0, 0x6}, 'syz0\x00', 0x3})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x28, 0x2, 0x6, 0x5, 0x0, 0x0, {0x0, 0x0, 0x80}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x28}, 0x1, 0x0, 0x0, 0x20020800}, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r6}, &(0x7f0000000080), &(0x7f0000000180)=r8}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c00018006000100d1a3a700080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
close(0x3)

kernel console output (not intermixed with test programs):

0_to_bridge: link becomes ready
[  425.830286][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  425.928875][ T4330] bridge0: port 1(bridge_slave_0) entered blocking state
[  425.936139][ T4330] bridge0: port 1(bridge_slave_0) entered forwarding state
[  426.151333][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  426.258676][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  426.321115][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  426.379020][ T4330] bridge0: port 2(bridge_slave_1) entered blocking state
[  426.386329][ T4330] bridge0: port 2(bridge_slave_1) entered forwarding state
[  426.726689][ T4281] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201'
[  426.737346][ T4281] CPU: 1 PID: 4281 Comm: kworker/u5:6 Not tainted syzkaller #0
[  426.745041][ T4281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  426.755148][ T4281] Workqueue: hci5 hci_rx_work
[  426.759902][ T4281] Call Trace:
[  426.763221][ T4281]  <TASK>
[  426.766198][ T4281]  dump_stack_lvl+0x188/0x24e
[  426.770952][ T4281]  ? show_regs_print_info+0x12/0x12
[  426.776230][ T4281]  ? load_image+0x400/0x400
[  426.780821][ T4281]  sysfs_create_dir_ns+0x26a/0x290
[  426.786023][ T4281]  ? sysfs_warn_dup+0xa0/0xa0
[  426.790772][ T4281]  ? do_raw_spin_unlock+0x11d/0x230
[  426.796036][ T4281]  kobject_add_internal+0x61c/0xcc0
[  426.801304][ T4281]  kobject_add+0x160/0x230
[  426.805820][ T4281]  ? kobject_init+0x1d0/0x1d0
[  426.810576][ T4281]  ? klist_children_get+0x50/0x50
[  426.815655][ T4281]  ? get_device_parent+0x121/0x3f0
[  426.820825][ T4281]  device_add+0x483/0xfb0
[  426.825213][ T4281]  ? kmem_cache_free+0xf7/0x290
[  426.830165][ T4281]  hci_conn_add_sysfs+0xd1/0x1e0
[  426.835174][ T4281]  le_conn_complete_evt+0x1062/0x1670
[  426.840649][ T4281]  ? le_conn_complete_evt+0xe9/0x1670
[  426.846092][ T4281]  ? hci_le_big_info_adv_report_evt+0x2f0/0x2f0
[  426.852402][ T4281]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  426.858107][ T4281]  ? skb_pull_data+0xf7/0x200
[  426.862852][ T4281]  hci_le_conn_complete_evt+0x183/0x440
[  426.868474][ T4281]  ? hci_remote_host_features_evt+0x270/0x270
[  426.874618][ T4281]  hci_event_packet+0x7b9/0x1280
[  426.879641][ T4281]  ? bis_list+0x280/0x280
[  426.884032][ T4281]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  426.889988][ T4281]  ? kcov_remote_start+0x4c7/0x7e0
[  426.895159][ T4281]  ? patch_conexant_auto+0x1260/0x1650
[  426.900688][ T4281]  ? hci_send_to_monitor+0x9c/0x4a0
[  426.905960][ T4281]  hci_rx_work+0x3eb/0xd40
[  426.910436][ T4281]  ? _raw_spin_unlock+0x40/0x40
[  426.915359][ T4281]  ? process_one_work+0x7b0/0x1160
[  426.920524][ T4281]  process_one_work+0x8a2/0x1160
[  426.925541][ T4281]  ? worker_detach_from_pool+0x240/0x240
[  426.931238][ T4281]  ? _raw_spin_lock_irq+0xb7/0xf0
[  426.936326][ T4281]  ? _raw_spin_lock_irqsave+0x100/0x100
[  426.942014][ T4281]  ? kthread_data+0x4b/0xc0
[  426.946605][ T4281]  worker_thread+0xaa2/0x1270
[  426.951378][ T4281]  ? __kthread_parkme+0x162/0x1c0
[  426.956483][ T4281]  kthread+0x29d/0x330
[  426.960602][ T4281]  ? worker_clr_flags+0x1a0/0x1a0
[  426.965693][ T4281]  ? kthread_blkcg+0xd0/0xd0
[  426.970433][ T4281]  ret_from_fork+0x1f/0x30
[  426.974932][ T4281]  </TASK>
[  426.987719][ T4281] kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  427.003001][ T4281] Bluetooth: hci5: failed to register connection device
[  427.025380][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  427.103252][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  427.156132][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  427.213268][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  427.249591][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  427.261346][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  427.270503][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  427.287067][ T8394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1007'.
[  427.323104][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  427.338124][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  427.461057][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  427.545823][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  427.674641][ T8161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  429.248868][ T4281] Bluetooth: hci5: command 0x2016 tx timeout
[  430.036660][ T8413] xt_l2tp: missing protocol rule (udp|l2tpip)
[  431.183443][ T8419] 9pnet_fd: Insufficient options for proto=fd
[  431.397572][ T8161] 8021q: adding VLAN 0 to HW filter on device batadv0
[  431.404779][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  431.432945][ T4416] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  431.709398][ T8428] loop4: detected capacity change from 0 to 128
[  431.762828][ T8428] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  431.801736][ T8428] ext4 filesystem being mounted at /221/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  431.935417][ T8434] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  431.942764][ T8434] IPv6: NLM_F_CREATE should be set when creating new route
[  432.002485][ T8434] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1017'.
[  432.664778][ T4346] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  433.867652][ T4346] usb 1-1: unable to get BOS descriptor or descriptor too short
[  433.955286][ T8460] xt_l2tp: missing protocol rule (udp|l2tpip)
[  435.622554][ T4346] usb 1-1: unable to read config index 0 descriptor/start: -71
[  435.630277][ T4346] usb 1-1: can't read configurations, error -71
[  435.802754][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  435.839359][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  435.911827][ T8161] device veth0_vlan entered promiscuous mode
[  435.937332][ T8161] device veth1_vlan entered promiscuous mode
[  436.062028][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  436.119305][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  436.163641][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  436.172181][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  436.215931][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  436.242488][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  436.291329][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  436.321722][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  436.360482][ T8161] device veth0_macvtap entered promiscuous mode
[  436.397235][ T8161] device veth1_macvtap entered promiscuous mode
[  436.480188][ T8161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  436.524754][ T8161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  436.561578][ T8161] batman_adv: batadv0: Interface activated: batadv_slave_0
[  436.588537][ T8483] loop0: detected capacity change from 0 to 8192
[  436.606955][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  436.618167][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  436.654255][ T8483] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  436.687662][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  436.741844][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  436.754546][ T8483] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  436.842728][ T8161] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  436.868292][ T8483] REISERFS (device loop0): using ordered data mode
[  436.889846][ T8161] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  436.923091][ T8483] reiserfs: using flush barriers
[  436.938940][ T8161] batman_adv: batadv0: Interface activated: batadv_slave_1
[  436.946577][ T8483] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  436.973359][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  436.990685][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  437.059639][ T8161] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  437.071183][ T8483] REISERFS (device loop0): checking transaction log (loop0)
[  437.098205][ T8483] REISERFS (device loop0): Using r5 hash to sort names
[  437.111059][ T8161] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  437.129905][ T8483] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  437.156182][ T8161] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  437.190588][ T8161] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  437.452745][ T4657] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  437.471376][ T4657] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  437.503749][ T8303] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  437.557377][ T8303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  437.625413][ T8303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  437.653510][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  437.811791][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  438.029317][ T8490] loop5: detected capacity change from 0 to 32768
[  438.211968][ T8490] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  438.246306][ T8490] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  438.267396][ T8490] BTRFS info (device loop5): setting nodatacow, compression disabled
[  438.276793][ T8490] BTRFS info (device loop5): force clearing of disk cache
[  438.284256][ T8490] BTRFS info (device loop5): turning off barriers
[  438.372613][ T8490] BTRFS info (device loop5): use no compression
[  438.609271][ T8490] BTRFS info (device loop5): disabling free space tree
[  438.834231][ T8490] BTRFS info (device loop5): enabling ssd optimizations
[  439.002859][ T8490] BTRFS info (device loop5): using spread ssd allocation scheme
[  439.010628][ T8490] BTRFS info (device loop5): not using ssd optimizations
[  439.117368][ T8490] BTRFS info (device loop5): not using spread ssd allocation scheme
[  439.285458][ T8515] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1034'.
[  439.321202][ T8515] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1034'.
[  439.354429][ T8515] device bond0 entered promiscuous mode
[  439.398743][ T8515] device bond0 left promiscuous mode
[  439.471501][ T8490] BTRFS info (device loop5): rebuilding free space tree
[  439.484351][ T8490] BTRFS info (device loop5): disabling free space tree
[  439.491669][ T8490] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  439.502694][ T8490] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  439.518588][ T8490] BTRFS info (device loop5): checking UUID tree
[  439.728944][ T3598] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  439.839268][ T8535] xt_l2tp: missing protocol rule (udp|l2tpip)
[  440.025265][ T3598] usb 3-1: unable to get BOS descriptor or descriptor too short
[  440.055794][ T3598] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  440.086335][ T3598] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  440.225077][ T3598] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  440.354865][ T3598] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.467973][ T3598] usb 3-1: Product: syz
[  440.534146][ T3598] usb 3-1: Manufacturer: syz
[  440.627937][ T3598] usb 3-1: SerialNumber: syz
[  441.312285][ T3598] usb 3-1: 0:1 : does not exist
[  441.470999][ T3598] usb 3-1: USB disconnect, device number 5
[  441.582504][ T8557] loop0: detected capacity change from 0 to 8192
[  441.598911][ T8557] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  441.612220][ T8557] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  441.621760][ T8557] REISERFS (device loop0): using ordered data mode
[  441.628380][ T8557] reiserfs: using flush barriers
[  441.659863][ T8557] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  441.676702][ T8557] REISERFS (device loop0): checking transaction log (loop0)
[  441.686522][ T8557] REISERFS (device loop0): Using r5 hash to sort names
[  441.693839][ T8557] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  441.737920][ T6180] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  441.823859][ T4384] udevd[4384]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  444.752697][ T8583] loop5: detected capacity change from 0 to 128
[  444.897563][ T8583] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  445.005194][ T8583] ext4 filesystem being mounted at /95/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  445.376101][ T8587] xt_l2tp: missing protocol rule (udp|l2tpip)
[  445.711741][ T4999] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  445.949957][ T4999] usb 3-1: Using ep0 maxpacket: 16
[  445.966887][ T4999] usb 3-1: config 0 has an invalid interface number: 189 but max is 0
[  446.114570][ T4999] usb 3-1: config 0 has no interface number 0
[  446.230890][ T4999] usb 3-1: config 0 interface 189 altsetting 7 has an invalid endpoint with address 0x95, skipping
[  446.404781][ T4999] usb 3-1: config 0 interface 189 altsetting 7 bulk endpoint 0x8 has invalid maxpacket 32
[  446.581519][ T4999] usb 3-1: config 0 interface 189 has no altsetting 0
[  446.710862][ T4999] usb 3-1: New USB device found, idVendor=19d2, idProduct=ff4c, bcdDevice=b5.82
[  446.785941][ T4999] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.794028][ T4999] usb 3-1: Product: syz
[  446.806934][ T8606] loop0: detected capacity change from 0 to 512
[  446.859116][ T8607] loop6: detected capacity change from 0 to 8192
[  446.901728][ T4999] usb 3-1: Manufacturer: syz
[  446.914391][ T4999] usb 3-1: SerialNumber: syz
[  446.926698][ T4999] usb 3-1: config 0 descriptor??
[  446.932562][ T8594] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  446.940981][ T8594] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  446.953320][ T8607] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  446.966949][ T8607] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  446.977142][ T8607] REISERFS (device loop6): using ordered data mode
[  446.983920][ T8607] reiserfs: using flush barriers
[  446.998267][ T8607] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  447.015199][ T8607] REISERFS (device loop6): checking transaction log (loop6)
[  447.031642][ T8607] REISERFS (device loop6): Using r5 hash to sort names
[  447.039237][ T8607] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  447.090739][ T8606] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  447.125043][ T8606] ext4 filesystem being mounted at /205/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  447.372603][ T4999] option 3-1:0.189: GSM modem (1-port) converter detected
[  447.451194][ T4999] usb 3-1: USB disconnect, device number 6
[  447.520541][ T4999] option 3-1:0.189: device disconnected
[  447.808822][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  448.538742][ T8636] loop0: detected capacity change from 0 to 16
[  448.580391][ T8636] erofs: (device loop0): mounted with root inode @ nid 36.
[  448.805828][ T8635] erofs: (device loop0): z_erofs_readahead: readahead error at page 2 @ nid 89
[  448.933345][ T4281] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  448.948433][ T8635] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  448.969921][   T26] audit: type=1800 audit(1776418801.035:11): pid=8635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1055" name="file3" dev="loop0" ino=89 res=0 errno=0
[  449.973125][ T8645] block nbd6: NBD_DISCONNECT
[  453.491271][ T8668] loop6: detected capacity change from 0 to 512
[  453.811128][ T8668] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  453.896501][ T8668] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  454.632261][ T8674] loop0: detected capacity change from 0 to 8192
[  454.661676][ T8674] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  454.683180][ T8674] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  454.801029][ T8674] REISERFS (device loop0): using ordered data mode
[  454.807768][ T8674] reiserfs: using flush barriers
[  454.811960][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  454.825964][ T8674] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  454.858829][ T8674] REISERFS (device loop0): checking transaction log (loop0)
[  454.881011][ T8674] REISERFS (device loop0): Using r5 hash to sort names
[  454.888313][ T8674] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  455.147537][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  456.682648][ T8703] loop6: detected capacity change from 0 to 16
[  456.724958][ T8703] erofs: (device loop6): mounted with root inode @ nid 36.
[  456.734441][ T8703] erofs: (device loop6): z_erofs_readahead: readahead error at page 2 @ nid 89
[  456.746865][ T4281] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  456.758623][ T8703] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  456.772082][ T8703] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  456.784327][ T8703] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  456.842214][   T26] audit: type=1800 audit(1776418808.242:12): pid=8703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1073" name="file3" dev="loop6" ino=89 res=0 errno=0
[  457.085909][ T8710] block nbd5: NBD_DISCONNECT
[  457.114756][ T8712] block nbd2: NBD_DISCONNECT
[  459.196340][ T8714] device syzkaller0 entered promiscuous mode
[  459.327844][ T8719] 0: reclassify loop, rule prio 0, protocol 800
[  461.251036][ T8741] loop6: detected capacity change from 0 to 512
[  461.324630][ T8741] FAT-fs (loop6): Unrecognized mount option "erRors=remount-ro" or missing value
[  461.581162][ T1043] block nbd6: Attempted send on invalid socket
[  461.587403][ T1043] I/O error, dev nbd6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  461.596938][ T8741] qnx6: unable to read the first superblock
[  461.603377][ T1043] block nbd6: Attempted send on invalid socket
[  461.609635][ T1043] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  461.619119][ T8741] qnx6: unable to read the first superblock
[  461.625646][ T8741] qnx6: unable to read the first superblock
[  462.034946][ T8754] block nbd0: NBD_DISCONNECT
[  462.564481][ T8760] loop5: detected capacity change from 0 to 512
[  462.688169][ T8760] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  462.732083][ T8760] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  464.029500][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  464.298181][ T8776] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1091'.
[  464.354114][ T8776] netlink: 'syz.6.1091': attribute type 10 has an invalid length.
[  464.473076][ T8776] bridge0: port 2(bridge_slave_1) entered disabled state
[  464.480811][ T8776] bridge0: port 1(bridge_slave_0) entered disabled state
[  464.506254][ T8776] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.513504][ T8776] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.521042][ T8776] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.528371][ T8776] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.547838][ T8776] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  465.026936][ T8777] block nbd5: NBD_DISCONNECT
[  466.352463][ T8804] loop6: detected capacity change from 0 to 512
[  466.423683][ T8804] FAT-fs (loop6): Unrecognized mount option "erRors=remount-ro" or missing value
[  466.715365][ T1043] block nbd6: Attempted send on invalid socket
[  466.721963][ T1043] I/O error, dev nbd6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  466.733451][ T8804] qnx6: unable to read the first superblock
[  466.739882][ T1043] block nbd6: Attempted send on invalid socket
[  466.746199][ T1043] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  466.756010][ T8804] qnx6: unable to read the first superblock
[  466.762210][ T8804] qnx6: unable to read the first superblock
[  468.631678][ T8828] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1100'.
[  468.676829][ T8800] loop5: detected capacity change from 0 to 32768
[  468.713217][ T8800] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.1095 (8800)
[  468.733618][ T8828] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1100'.
[  468.781998][ T8800] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  468.797346][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  468.803838][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  468.828701][ T8800] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  468.837870][ T8800] BTRFS info (device loop5): setting nodatacow, compression disabled
[  468.854906][ T8800] BTRFS info (device loop5): force clearing of disk cache
[  468.862492][ T8800] BTRFS info (device loop5): turning off barriers
[  468.869270][ T8800] BTRFS info (device loop5): use no compression
[  468.876303][ T8800] BTRFS info (device loop5): disabling free space tree
[  468.908212][ T8828] device bond0 entered promiscuous mode
[  468.933505][ T8800] BTRFS info (device loop5): enabling ssd optimizations
[  468.986750][ T8800] BTRFS info (device loop5): using spread ssd allocation scheme
[  469.005456][ T8828] device bond0 left promiscuous mode
[  469.034598][ T8800] BTRFS info (device loop5): not using ssd optimizations
[  469.042239][ T8800] BTRFS info (device loop5): not using spread ssd allocation scheme
[  469.112396][ T8800] BTRFS error (device loop5): open_ctree failed: -12
[  469.337102][ T4596] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by udevd (4596)
[  469.753998][ T8857] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1103'.
[  469.810007][ T8857] netlink: 'syz.4.1103': attribute type 10 has an invalid length.
[  469.840252][ T8857] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  470.569642][ T8860] block nbd2: NBD_DISCONNECT
[  476.065923][ T8921] loop4: detected capacity change from 0 to 16
[  477.229028][ T8924] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  477.633557][ T8922] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1117'.
[  478.981123][ T8922] netlink: 'syz.2.1117': attribute type 10 has an invalid length.
[  479.846133][ T8922] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  480.051527][ T8921] erofs: (device loop4): mounted with root inode @ nid 36.
[  480.069732][ T8919] erofs: (device loop4): z_erofs_readahead: readahead error at page 2 @ nid 89
[  480.094291][ T4281] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  480.108942][ T8919] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  480.127276][   T26] audit: type=1800 audit(1776418829.787:13): pid=8919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1116" name="file3" dev="loop4" ino=89 res=0 errno=0
[  480.131414][ T8919] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  480.162981][ T8919] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  480.512098][ T3598] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  480.717368][ T3598] usb 7-1: device descriptor read/64, error -71
[  480.774323][ T8930] block nbd2: NBD_DISCONNECT
[  481.123102][ T3598] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  481.962273][ T8941] fuse: Unknown parameter 'group_i00000000000000000000'
[  482.085465][ T8943] loop6: detected capacity change from 0 to 512
[  482.253423][ T8943] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  482.263043][ T8943] ext4 filesystem being mounted at /19/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  483.593195][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  483.821028][ T8961] dlm: no local IP address has been set
[  483.826758][ T8961] dlm: cannot start dlm midcomms -107
[  484.692789][ T8963] device syzkaller0 entered promiscuous mode
[  487.211868][ T8978] loop5: detected capacity change from 0 to 16
[  487.319724][ T8978] erofs: (device loop5): mounted with root inode @ nid 36.
[  487.333735][ T8978] erofs: (device loop5): z_erofs_readahead: readahead error at page 2 @ nid 89
[  487.427291][ T4281] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  487.441376][ T8978] erofs: (device loop5): z_erofs_lz4_decompress_mem: failed to decompress 6887 in[4096, 0] out[8192]
[  487.458510][   T26] audit: type=1800 audit(1776418836.550:14): pid=8978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1129" name="file3" dev="loop5" ino=89 res=0 errno=0
[  489.123201][ T8992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1131'.
[  489.142878][ T8994] netlink: 'syz.0.1131': attribute type 10 has an invalid length.
[  489.195750][ T8994] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  490.348395][ T9004] loop6: detected capacity change from 0 to 512
[  490.654142][ T9014] dlm: no local IP address has been set
[  490.659915][ T9014] dlm: cannot start dlm midcomms -107
[  491.423179][ T9004] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  491.644592][ T9004] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  493.319735][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  494.527381][ T9039] loop4: detected capacity change from 0 to 512
[  494.826726][ T9039] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  494.978551][ T9039] ext4 filesystem being mounted at /249/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  495.642800][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  495.925892][ T9063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1147'.
[  495.958688][ T9063] netlink: 'syz.0.1147': attribute type 10 has an invalid length.
[  498.709447][ T9069] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1149'.
[  498.750279][ T9069] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1149'.
[  498.886196][ T9069] device bond0 entered promiscuous mode
[  498.925007][ T9069] device bridge0 entered promiscuous mode
[  499.104097][ T9069] device bond0 left promiscuous mode
[  499.109899][ T9069] device bridge0 left promiscuous mode
[  499.215723][ T9078] dlm: no local IP address has been set
[  499.221939][ T9078] dlm: cannot start dlm midcomms -107
[  499.943741][ T9076] loop5: detected capacity change from 0 to 512
[  500.007038][ T9076] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  500.079830][ T9076] ext4 filesystem being mounted at /117/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  501.786833][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  502.235422][ T9098] loop5: detected capacity change from 0 to 32768
[  502.249914][ T9098] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  502.260293][ T9098] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  502.269070][ T9098] BTRFS info (device loop5): setting nodatacow, compression disabled
[  502.277362][ T9098] BTRFS info (device loop5): force clearing of disk cache
[  502.284582][ T9098] BTRFS info (device loop5): turning off barriers
[  502.291154][ T9098] BTRFS info (device loop5): use no compression
[  502.297667][ T9098] BTRFS info (device loop5): disabling free space tree
[  502.304793][ T9098] BTRFS info (device loop5): enabling ssd optimizations
[  502.311990][ T9098] BTRFS info (device loop5): using spread ssd allocation scheme
[  502.319853][ T9098] BTRFS info (device loop5): not using ssd optimizations
[  502.327090][ T9098] BTRFS info (device loop5): not using spread ssd allocation scheme
[  502.789038][ T9098] BTRFS info (device loop5): rebuilding free space tree
[  502.801530][ T9098] BTRFS info (device loop5): disabling free space tree
[  502.801603][ T9098] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  502.801669][ T9098] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  502.807176][ T9098] BTRFS info (device loop5): checking UUID tree
[  503.486895][ T9139] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1161'.
[  503.510127][ T9139] netlink: 'syz.2.1161': attribute type 10 has an invalid length.
[  504.874400][ T9154] netlink: 'syz.6.1162': attribute type 2 has an invalid length.
[  504.992704][ T9158] dlm: no local IP address has been set
[  504.998867][ T9158] dlm: cannot start dlm midcomms -107
[  506.119793][ T9166] loop4: detected capacity change from 0 to 512
[  506.289692][ T9166] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  506.474571][ T9166] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  507.350270][ T9176] fuse: Unknown parameter '0x0000000000000003'
[  507.669568][ T9181] device syzkaller0 entered promiscuous mode
[  507.711442][ T9181] 0: reclassify loop, rule prio 0, protocol 800
[  508.016946][ T6180] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  509.836938][ T9209] binder: 9204:9209 unknown command 1074553619
[  509.880234][ T9209] binder: 9204:9209 ioctl c0306201 200000000040 returned -22
[  510.345226][ T9219] dlm: no local IP address has been set
[  510.351350][ T9219] dlm: cannot start dlm midcomms -107
[  514.100670][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  514.916412][ T9268] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1188'.
[  515.424329][ T9281] dlm: no local IP address has been set
[  515.430108][ T9281] dlm: cannot start dlm midcomms -107
[  516.216762][ T9283] loop5: detected capacity change from 0 to 512
[  516.401607][ T9283] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  516.492921][ T9283] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  519.236086][ T9311] loop6: detected capacity change from 0 to 512
[  519.351932][ T9311] EXT4-fs: Ignoring removed nobh option
[  519.554672][ T9311] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  519.725816][ T9311] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  523.488079][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  523.510986][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  524.124125][ T9421] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1204'.
[  524.140532][ T9421] netlink: 'syz.6.1204': attribute type 10 has an invalid length.
[  524.428089][ T9423] loop4: detected capacity change from 0 to 32768
[  524.445116][ T9423] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.1207 (9423)
[  524.481083][ T9421] bridge0: port 2(bridge_slave_1) entered disabled state
[  524.488613][ T9421] bridge0: port 1(bridge_slave_0) entered disabled state
[  524.554127][ T9423] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  524.564677][ T9423] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  524.573610][ T9423] BTRFS info (device loop4): setting nodatacow, compression disabled
[  524.582053][ T9423] BTRFS info (device loop4): force clearing of disk cache
[  524.589506][ T9423] BTRFS info (device loop4): turning off barriers
[  524.595997][ T9423] BTRFS info (device loop4): use no compression
[  524.602385][ T9423] BTRFS info (device loop4): disabling free space tree
[  524.609319][ T9423] BTRFS info (device loop4): enabling ssd optimizations
[  524.616386][ T9423] BTRFS info (device loop4): using spread ssd allocation scheme
[  524.625286][ T9423] BTRFS info (device loop4): not using ssd optimizations
[  524.632435][ T9423] BTRFS info (device loop4): not using spread ssd allocation scheme
[  524.982308][ T9423] BTRFS info (device loop4): rebuilding free space tree
[  524.996739][ T9423] BTRFS info (device loop4): disabling free space tree
[  525.004088][ T9423] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  525.013985][ T9423] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  525.027312][ T9423] BTRFS info (device loop4): checking UUID tree
[  525.217323][ T3598] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  526.891990][ T3598] usb 3-1: unable to get BOS descriptor or descriptor too short
[  526.945215][ T3598] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  527.088971][ T3598] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  527.146711][ T9468] loop6: detected capacity change from 0 to 512
[  527.218851][ T3598] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  527.390395][ T3598] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.511563][ T9468] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  527.542609][ T3598] usb 3-1: Product: syz
[  527.611966][ T3598] usb 3-1: Manufacturer: syz
[  527.649414][ T9468] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  527.693502][ T3598] usb 3-1: SerialNumber: syz
[  528.095427][ T3598] usb 3-1: 0:1 : does not exist
[  528.133008][ T3598] usb 3-1: USB disconnect, device number 7
[  528.397630][ T4897] udevd[4897]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  530.070401][ T9504] loop0: detected capacity change from 0 to 512
[  530.122365][ T9504] FAT-fs (loop0): Unrecognized mount option "erRors=remount-ro" or missing value
[  530.416608][ T4282] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  530.585073][   T52] block nbd0: Attempted send on invalid socket
[  530.591361][   T52] I/O error, dev nbd0, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  530.601058][ T9513] qnx6: unable to read the first superblock
[  530.607625][   T52] block nbd0: Attempted send on invalid socket
[  530.613895][   T52] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  530.623627][ T9513] qnx6: unable to read the first superblock
[  530.629880][ T9513] qnx6: unable to read the first superblock
[  530.806735][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  535.251193][ T9553] loop6: detected capacity change from 0 to 32768
[  535.258811][ T9550] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  535.265389][ T9550] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  535.272997][ T9550] vhci_hcd vhci_hcd.0: Device attached
[  535.303119][ T9553] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.1232 (9553)
[  535.321665][ T9553] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  535.331983][ T9553] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  535.340740][ T9553] BTRFS info (device loop6): setting nodatacow, compression disabled
[  535.349253][ T9553] BTRFS info (device loop6): force clearing of disk cache
[  535.356532][ T9553] BTRFS info (device loop6): turning off barriers
[  535.363071][ T9553] BTRFS info (device loop6): use no compression
[  535.369339][ T9553] BTRFS info (device loop6): disabling free space tree
[  535.379407][ T9553] BTRFS info (device loop6): enabling ssd optimizations
[  535.386497][ T9553] BTRFS info (device loop6): using spread ssd allocation scheme
[  535.394447][ T9553] BTRFS info (device loop6): not using ssd optimizations
[  535.394815][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  535.401510][ T9553] BTRFS info (device loop6): not using spread ssd allocation scheme
[  535.421005][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  535.722174][ T4999] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  535.845029][ T9553] BTRFS info (device loop6): rebuilding free space tree
[  535.866241][ T9553] BTRFS info (device loop6): disabling free space tree
[  535.874830][ T9553] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  535.884646][ T9553] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  535.900307][ T9553] BTRFS info (device loop6): checking UUID tree
[  536.203533][ T9554] vhci_hcd: connection reset by peer
[  536.217296][ T8161] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  536.234641][ T4765] vhci_hcd: stop threads
[  536.238996][ T4765] vhci_hcd: release socket
[  536.295699][ T4765] vhci_hcd: disconnect device
[  539.390373][ T4596] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 12 /dev/loop6 scanned by udevd (4596)
[  539.572431][ T9609] fuse: Bad value for 'fd'
[  540.344361][ T9622] loop6: detected capacity change from 0 to 32768
[  540.354687][ T5000] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  540.485739][ T9622] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  540.497970][ T9622] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  540.507066][ T9622] BTRFS info (device loop6): setting nodatacow, compression disabled
[  540.515756][ T9622] BTRFS info (device loop6): force clearing of disk cache
[  540.523088][ T9622] BTRFS info (device loop6): turning off barriers
[  540.530214][ T9622] BTRFS info (device loop6): use no compression
[  540.536829][ T9622] BTRFS info (device loop6): disabling free space tree
[  540.543899][ T9622] BTRFS info (device loop6): enabling ssd optimizations
[  540.550947][ T9622] BTRFS info (device loop6): using spread ssd allocation scheme
[  540.558792][ T9622] BTRFS info (device loop6): not using ssd optimizations
[  540.565981][ T9622] BTRFS info (device loop6): not using spread ssd allocation scheme
[  540.730496][ T5000] usb 1-1: Using ep0 maxpacket: 16
[  540.915280][ T5000] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  540.972089][ T5000] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  541.036402][ T5000] usb 1-1: Product: syz
[  541.060379][ T5000] usb 1-1: Manufacturer: syz
[  541.098325][ T5000] usb 1-1: SerialNumber: syz
[  541.158535][ T9622] BTRFS info (device loop6): rebuilding free space tree
[  541.179433][ T9622] BTRFS info (device loop6): disabling free space tree
[  541.186779][ T9622] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  541.197352][ T9622] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  541.210757][ T9622] BTRFS info (device loop6): checking UUID tree
[  541.235837][ T5000] usb 1-1: config 0 descriptor??
[  541.257275][ T9648] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  541.263901][ T9648] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  541.272342][ T9648] vhci_hcd vhci_hcd.0: Device attached
[  541.311399][ T4999] vhci_hcd: vhci_device speed not set
[  541.543163][ T5000] speedtch 1-1:0.0: speedtch_bind: data interface not found!
[  541.567871][ T5000] speedtch 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  541.621031][ T5000] usb 1-1: USB disconnect, device number 5
[  541.701417][ T4346] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  541.722761][ T8161] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  541.873087][ T9660] loop4: detected capacity change from 0 to 512
[  541.984387][ T9660] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  542.015340][ T9660] ext4 filesystem being mounted at /266/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  542.601306][ T9649] vhci_hcd: connection reset by peer
[  542.613510][ T4416] vhci_hcd: stop threads
[  542.622329][ T4416] vhci_hcd: release socket
[  542.669572][ T4416] vhci_hcd: disconnect device
[  542.768551][ T9673] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  543.486465][ T9679] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1247'.
[  543.544025][ T4635] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  543.554997][ T9679] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1247'.
[  543.580548][ T9679] device bond0 entered promiscuous mode
[  543.586281][ T9679] device bond_slave_0 entered promiscuous mode
[  543.655910][ T9679] device bond_slave_1 entered promiscuous mode
[  543.662336][ T9679] device bridge0 entered promiscuous mode
[  543.756660][ T9679] device bond0 left promiscuous mode
[  543.844320][ T9679] device bond_slave_0 left promiscuous mode
[  543.878447][ T9679] device bond_slave_1 left promiscuous mode
[  543.931721][ T9679] device bridge0 left promiscuous mode
[  543.955867][ T4635] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  543.967087][ T4635] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  543.978460][ T4635] usb 6-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  543.998617][ T4635] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.041846][ T4635] usb 6-1: config 0 descriptor??
[  544.344303][ T9697] fuse: Bad value for 'fd'
[  544.531380][ T4635] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  544.577291][ T4635] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  544.599175][ T4635] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  544.626418][ T4635] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  544.656295][ T4635] playstation 0003:054C:0DF2.0001: unknown main item tag 0x0
[  544.779023][ T4635] playstation 0003:054C:0DF2.0001: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.5-1/input0
[  548.030904][ T4346] vhci_hcd: vhci_device speed not set
[  548.146538][ T4635] playstation 0003:054C:0DF2.0001: Failed to retrieve feature with reportID 9: -71
[  548.161499][ T4635] playstation 0003:054C:0DF2.0001: Failed to retrieve DualSense pairing info: -71
[  548.170818][ T4635] playstation 0003:054C:0DF2.0001: Failed to get MAC address from DualSense
[  548.290734][ T4635] playstation 0003:054C:0DF2.0001: Failed to create dualsense.
[  548.358930][ T9718] loop6: detected capacity change from 0 to 32768
[  548.367652][ T9718] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.1257 (9718)
[  548.391848][ T9718] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  548.402225][ T9718] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  548.412185][ T9718] BTRFS info (device loop6): setting nodatacow, compression disabled
[  548.420391][ T9718] BTRFS info (device loop6): force clearing of disk cache
[  548.427618][ T9718] BTRFS info (device loop6): turning off barriers
[  548.434145][ T9718] BTRFS info (device loop6): use no compression
[  548.440454][ T9718] BTRFS info (device loop6): disabling free space tree
[  548.447959][ T9718] BTRFS info (device loop6): enabling ssd optimizations
[  548.452706][ T4635] playstation: probe of 0003:054C:0DF2.0001 failed with error -71
[  548.454975][ T9718] BTRFS info (device loop6): using spread ssd allocation scheme
[  548.455002][ T9718] BTRFS info (device loop6): not using ssd optimizations
[  548.455019][ T9718] BTRFS info (device loop6): not using spread ssd allocation scheme
[  548.637810][ T4635] usb 6-1: USB disconnect, device number 4
[  548.854164][ T9718] BTRFS info (device loop6): rebuilding free space tree
[  548.872790][ T9718] BTRFS info (device loop6): disabling free space tree
[  548.880243][ T9718] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  548.890220][ T9718] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  548.902187][ T9743] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  548.908791][ T9743] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  548.916477][ T9743] vhci_hcd vhci_hcd.0: Device attached
[  548.925624][ T9718] BTRFS info (device loop6): checking UUID tree
[  549.307169][ T4635] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  549.473853][ T9756] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  549.592111][ T4277] Bluetooth: hci0: command 0x0406 tx timeout
[  549.987420][ T8161] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  550.008936][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  550.046523][ T4346] usb 37-1: device descriptor read/64, error -110
[  550.332128][ T4635] usb 6-1: unable to get BOS descriptor or descriptor too short
[  550.341317][ T9763] fuse: Bad value for 'fd'
[  550.360124][ T4635] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  551.545083][ T4635] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  551.608906][ T4635] usb 6-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  551.618328][ T4346] usb 37-1: new low-speed USB device number 3 using vhci_hcd
[  551.627841][ T4635] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.636436][ T4635] usb 6-1: Product: syz
[  551.642397][ T4635] usb 6-1: Manufacturer: syz
[  551.647060][ T4635] usb 6-1: SerialNumber: syz
[  551.839055][ T4635] usb 6-1: 0:1 : does not exist
[  551.949073][ T9747] vhci_hcd: connection reset by peer
[  551.970056][ T4751] vhci_hcd: stop threads
[  551.974391][ T4751] vhci_hcd: release socket
[  552.030267][ T4751] vhci_hcd: disconnect device
[  552.044050][ T4635] usb 6-1: USB disconnect, device number 5
[  553.568323][ T4894] udevd[4894]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  553.809616][ T9788] fuse: root generation should be zero
[  554.139788][ T9797] loop5: detected capacity change from 0 to 512
[  554.146323][ T4999] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  554.265279][ T9797] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  554.284391][ T9797] ext4 filesystem being mounted at /144/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  554.340489][ T9773] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  554.556872][ T9773] usb 1-1: Using ep0 maxpacket: 16
[  554.592133][ T9773] usb 1-1: config 0 has an invalid interface number: 189 but max is 0
[  554.641744][ T9773] usb 1-1: config 0 has no interface number 0
[  554.667976][ T9773] usb 1-1: config 0 interface 189 altsetting 7 has an invalid endpoint with address 0x95, skipping
[  554.737707][ T9773] usb 1-1: config 0 interface 189 altsetting 7 bulk endpoint 0x8 has invalid maxpacket 32
[  554.792879][ T9773] usb 1-1: config 0 interface 189 has no altsetting 0
[  554.845707][ T9808] loop6: detected capacity change from 0 to 32768
[  554.853715][ T4999] usb 3-1: unable to get BOS descriptor or descriptor too short
[  554.868478][ T9808] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.1274 (9808)
[  554.883049][ T4999] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  554.901758][ T4999] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  554.911803][ T9808] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  554.919519][ T9773] usb 1-1: New USB device found, idVendor=19d2, idProduct=ff4c, bcdDevice=b5.82
[  554.922294][ T9808] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  554.940052][ T9808] BTRFS info (device loop6): setting nodatacow, compression disabled
[  554.948317][ T9808] BTRFS info (device loop6): force clearing of disk cache
[  554.955525][ T9808] BTRFS info (device loop6): turning off barriers
[  554.962763][ T9808] BTRFS info (device loop6): use no compression
[  554.969147][ T9808] BTRFS info (device loop6): disabling free space tree
[  554.976068][ T9808] BTRFS info (device loop6): enabling ssd optimizations
[  554.983194][ T9808] BTRFS info (device loop6): using spread ssd allocation scheme
[  554.991026][ T9808] BTRFS info (device loop6): not using ssd optimizations
[  554.998107][ T9808] BTRFS info (device loop6): not using spread ssd allocation scheme
[  555.008870][ T9773] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.018451][ T4999] usb 3-1: New USB device found, idVendor=0582, idProduct=004c, bcdDevice= 0.40
[  555.032096][ T4999] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  555.041920][ T4999] usb 3-1: Product: syz
[  555.049715][ T4999] usb 3-1: Manufacturer: syz
[  555.053994][ T9773] usb 1-1: Product: syz
[  555.061682][ T4999] usb 3-1: SerialNumber: syz
[  555.083914][ T9773] usb 1-1: Manufacturer: syz
[  555.111174][ T9773] usb 1-1: SerialNumber: syz
[  555.170347][ T9773] usb 1-1: config 0 descriptor??
[  555.195968][ T9792] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  555.203757][ T9792] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  555.307592][ T9808] BTRFS info (device loop6): rebuilding free space tree
[  555.343461][ T9808] BTRFS info (device loop6): disabling free space tree
[  555.350818][ T9808] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  555.360667][ T9808] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  555.375159][ T9808] BTRFS info (device loop6): checking UUID tree
[  555.514581][ T9773] option 1-1:0.189: GSM modem (1-port) converter detected
[  555.632058][ T9773] usb 1-1: USB disconnect, device number 6
[  555.683790][ T9773] option 1-1:0.189: device disconnected
[  556.090740][ T4999] usb 3-1: USB disconnect, device number 8
[  556.105581][ T8161] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  556.178234][ T9834] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  556.366031][ T4384] udevd[4384]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  557.134557][ T4346] vhci_hcd: vhci_device speed not set
[  557.214857][ T5012] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  557.271497][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  557.429767][ T5012] usb 1-1: unable to get BOS descriptor or descriptor too short
[  557.446582][ T5012] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  557.477250][ T5012] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  557.511980][ T5012] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  557.531233][ T5012] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  557.593766][ T5012] usb 1-1: Product: syz
[  557.618440][ T5012] usb 1-1: Manufacturer: syz
[  557.649380][ T5012] usb 1-1: SerialNumber: syz
[  557.922722][ T5012] usb 1-1: 0:1 : does not exist
[  557.983069][ T5012] usb 1-1: USB disconnect, device number 7
[  558.972475][ T4384] udevd[4384]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  559.329265][ T9877] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1287'.
[  559.373307][ T9877] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1287'.
[  559.405877][ T9874] loop6: detected capacity change from 0 to 32768
[  559.419010][ T9874] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.1286 (9874)
[  559.454139][ T9874] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  559.464626][ T9874] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  559.473324][ T9874] BTRFS info (device loop6): setting nodatacow, compression disabled
[  559.481583][ T9874] BTRFS info (device loop6): force clearing of disk cache
[  559.488852][ T9874] BTRFS info (device loop6): turning off barriers
[  559.495324][ T9874] BTRFS info (device loop6): use no compression
[  559.501667][ T9874] BTRFS info (device loop6): disabling free space tree
[  559.509295][ T9874] BTRFS info (device loop6): enabling ssd optimizations
[  559.516302][ T9874] BTRFS info (device loop6): using spread ssd allocation scheme
[  559.524035][ T9874] BTRFS info (device loop6): not using ssd optimizations
[  559.531217][ T9874] BTRFS info (device loop6): not using spread ssd allocation scheme
[  559.799648][ T9874] BTRFS info (device loop6): rebuilding free space tree
[  559.831712][ T9874] BTRFS info (device loop6): disabling free space tree
[  559.839417][ T9874] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  559.849200][ T9874] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  559.863144][ T9874] BTRFS info (device loop6): checking UUID tree
[  560.259651][ T4635] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  560.489594][ T4635] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  560.758736][ T8161] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  560.842077][ T9923] block nbd0: NBD_DISCONNECT
[  561.842317][ T4596] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 12 /dev/loop6 scanned by udevd (4596)
[  561.870504][  T128] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  562.100694][  T128] usb 6-1: unable to get BOS descriptor or descriptor too short
[  564.844745][  T128] usb 6-1: unable to read config index 0 descriptor/all
[  564.873200][  T128] usb 6-1: can't read configurations, error -71
[  565.279025][ T9957] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  565.662897][ T9964] netlink: 'syz.2.1306': attribute type 10 has an invalid length.
[  565.748559][ T9964] team0: Port device dummy0 added
[  566.097284][ T9968] loop5: detected capacity change from 0 to 32768
[  566.105342][ T9968] BTRFS error: device /dev/loop5 already registered with a higher generation, found 8 expect 12
[  566.250905][ T4596] I/O error, dev loop5, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  566.890958][ T9973] loop5: detected capacity change from 0 to 16
[  566.915898][ T9973] erofs: (device loop5): mounted with root inode @ nid 36.
[  567.070353][ T9979] block nbd2: NBD_DISCONNECT
[  567.235240][ T9672] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  567.473645][ T9672] usb 1-1: Using ep0 maxpacket: 16
[  567.788202][ T7373] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  568.024853][ T7373] usb 6-1: unable to get BOS descriptor or descriptor too short
[  568.069972][ T7373] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  568.080735][ T9672] usb 1-1: config 0 has an invalid interface number: 189 but max is 0
[  568.088967][ T9672] usb 1-1: config 0 has no interface number 0
[  568.106260][ T9672] usb 1-1: config 0 interface 189 altsetting 7 has an invalid endpoint with address 0x95, skipping
[  568.115662][ T7373] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  568.123972][ T9672] usb 1-1: config 0 interface 189 altsetting 7 bulk endpoint 0x8 has invalid maxpacket 32
[  568.145587][ T9672] usb 1-1: config 0 interface 189 has no altsetting 0
[  568.185052][ T7373] usb 6-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  568.189199][ T9672] usb 1-1: New USB device found, idVendor=19d2, idProduct=ff4c, bcdDevice=b5.82
[  568.210505][ T9672] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.218640][ T9672] usb 1-1: Product: syz
[  568.223240][ T9672] usb 1-1: Manufacturer: syz
[  568.227902][ T9672] usb 1-1: SerialNumber: syz
[  568.231261][ T7373] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.239455][ T9672] usb 1-1: config 0 descriptor??
[  568.246739][ T9977] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  568.254466][ T9977] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  568.290278][ T7373] usb 6-1: Product: syz
[  568.312149][ T7373] usb 6-1: Manufacturer: syz
[  568.327875][ T7373] usb 6-1: SerialNumber: syz
[  568.494905][ T9672] option 1-1:0.189: GSM modem (1-port) converter detected
[  568.528849][ T9672] usb 1-1: USB disconnect, device number 8
[  568.543487][ T9672] option 1-1:0.189: device disconnected
[  568.589895][ T7373] usb 6-1: 0:1 : does not exist
[  568.661092][ T7373] usb 6-1: USB disconnect, device number 8
[  569.424183][ T9998] capability: warning: `syz.5.1319' uses 32-bit capabilities (legacy support in use)
[  569.705709][T10009] block nbd0: NBD_DISCONNECT
[  569.752965][T10011] loop6: detected capacity change from 0 to 512
[  569.796588][T10011] EXT4-fs: Ignoring removed nobh option
[  570.310707][T10017] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  570.909789][T10011] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  570.943373][T10011] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  571.342503][T10035] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1328'.
[  571.357534][T10035] netlink: 'syz.2.1328': attribute type 10 has an invalid length.
[  572.296474][ T7373] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  572.416359][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  572.493500][ T7373] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  572.522879][ T7373] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  572.566323][ T7373] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.626681][ T7373] gspca_main: stv0680-2.14.0 probing 041e:4007
[  573.087195][   T52] block nbd2: Attempted send on invalid socket
[  573.093792][   T52] I/O error, dev nbd2, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  573.106444][T10044] qnx6: unable to read the first superblock
[  573.112843][   T52] block nbd2: Attempted send on invalid socket
[  573.119153][   T52] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  573.128456][T10044] qnx6: unable to read the first superblock
[  573.139370][T10044] qnx6: unable to read the first superblock
[  574.014844][ T7373] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  574.030452][ T7373] stv0680 1-1:4.0: last error: 2,  command = 0x9
[  574.057365][ T7373] usb 1-1: USB disconnect, device number 9
[  574.515579][T10062] block nbd6: NBD_DISCONNECT
[  575.865182][T10072] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1340'.
[  575.885964][T10072] netlink: 'syz.5.1340': attribute type 10 has an invalid length.
[  577.100783][T10086] dlm: no local IP address has been set
[  577.106466][T10086] dlm: cannot start dlm midcomms -107
[  577.168917][T10083] loop0: detected capacity change from 0 to 512
[  577.266604][T10085] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  577.284966][T10083] EXT4-fs: Ignoring removed nobh option
[  577.486505][T10083] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  577.516947][T10096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1348'.
[  577.558605][T10096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1348'.
[  577.618255][T10083] ext4 filesystem being mounted at /257/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  577.914787][T10105] block nbd5: NBD_DISCONNECT
[  577.947369][T10107] block nbd6: NBD_DISCONNECT
[  578.630202][T10109] loop4: detected capacity change from 0 to 512
[  578.776324][T10109] FAT-fs (loop4): Unrecognized mount option "erRors=remount-ro" or missing value
[  580.135441][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  580.530112][T10124] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  580.581459][T10134] device bridge1 entered promiscuous mode
[  580.749247][T10130] loop0: detected capacity change from 0 to 8192
[  580.782774][T10130] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  580.804110][T10130] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  580.814431][T10130] REISERFS (device loop0): using ordered data mode
[  580.821290][T10130] reiserfs: using flush barriers
[  580.837033][T10130] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  580.880863][T10130] REISERFS (device loop0): checking transaction log (loop0)
[  580.891382][   T52] block nbd4: Attempted send on invalid socket
[  580.898076][   T52] I/O error, dev nbd4, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  580.907515][T10144] qnx6: unable to read the first superblock
[  580.914189][   T52] block nbd4: Attempted send on invalid socket
[  580.920492][   T52] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  580.930355][T10144] qnx6: unable to read the first superblock
[  580.936376][T10144] qnx6: unable to read the first superblock
[  580.950329][T10130] REISERFS (device loop0): Using r5 hash to sort names
[  580.986871][T10130] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  581.262759][T10139] dlm: no local IP address has been set
[  581.268388][T10139] dlm: cannot start dlm midcomms -107
[  582.714343][T10155] block nbd0: NBD_DISCONNECT
[  584.490083][T10174] loop6: detected capacity change from 0 to 512
[  584.525437][T10173] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  584.550861][T10174] EXT4-fs: Ignoring removed nobh option
[  584.911971][T10174] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  584.974429][T10174] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  585.091569][T10187] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1374'.
[  585.100742][T10187] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1374'.
[  585.110579][T10187] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1374'.
[  585.119663][T10187] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1374'.
[  585.884554][ T7373] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  586.147084][ T7373] usb 3-1: Using ep0 maxpacket: 16
[  586.164452][ T7373] usb 3-1: config 0 has an invalid interface number: 189 but max is 0
[  586.225769][ T7373] usb 3-1: config 0 has no interface number 0
[  586.333799][ T7373] usb 3-1: config 0 interface 189 altsetting 7 has an invalid endpoint with address 0x95, skipping
[  586.444569][ T7373] usb 3-1: config 0 interface 189 altsetting 7 bulk endpoint 0x8 has invalid maxpacket 32
[  586.487677][ T7373] usb 3-1: config 0 interface 189 has no altsetting 0
[  586.523404][ T7373] usb 3-1: New USB device found, idVendor=19d2, idProduct=ff4c, bcdDevice=b5.82
[  586.562761][ T7373] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.601508][ T7373] usb 3-1: Product: syz
[  586.608764][ T7373] usb 3-1: Manufacturer: syz
[  586.618522][ T7373] usb 3-1: SerialNumber: syz
[  586.653525][ T7373] usb 3-1: config 0 descriptor??
[  586.769608][T10183] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  586.777602][T10183] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  586.817635][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  586.982901][T10196] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1378'.
[  587.009525][ T7373] option 3-1:0.189: GSM modem (1-port) converter detected
[  587.039454][T10196] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1378'.
[  587.066256][ T7373] usb 3-1: USB disconnect, device number 9
[  587.086567][ T7373] option 3-1:0.189: device disconnected
[  587.271452][T10202] dlm: no local IP address has been set
[  587.277190][T10202] dlm: cannot start dlm midcomms -107
[  587.428746][T10200] loop6: detected capacity change from 0 to 8192
[  587.479857][T10200] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  587.501945][T10200] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  587.522234][T10200] REISERFS (device loop6): using ordered data mode
[  587.529065][T10200] reiserfs: using flush barriers
[  587.546407][T10200] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  587.581132][T10200] REISERFS (device loop6): checking transaction log (loop6)
[  587.590528][T10200] REISERFS (device loop6): Using r5 hash to sort names
[  587.597842][T10200] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  587.812171][T10198] loop0: detected capacity change from 0 to 40427
[  587.856772][T10198] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  587.886008][T10198] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  587.981092][T10198] F2FS-fs (loop0): invalid crc value
[  588.077938][T10198] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  589.074004][T10198] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  589.149318][T10198] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  589.465498][T10235] syz.0.1379: attempt to access beyond end of device
[  589.465498][T10235] loop0: rw=2049, sector=53248, nr_sectors = 88 limit=40427
[  589.772251][ T4273] syz-executor: attempt to access beyond end of device
[  589.772251][ T4273] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  590.470072][T10240] dlm: no local IP address has been set
[  590.475794][T10240] dlm: cannot start dlm midcomms -107
[  590.721815][T10241] loop5: detected capacity change from 0 to 512
[  590.754009][T10246] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1394'.
[  590.763074][T10246] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1394'.
[  590.838761][T10246] device bond0 entered promiscuous mode
[  590.853115][T10248] loop6: detected capacity change from 0 to 8192
[  590.868869][T10248] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  590.882108][T10248] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  590.891533][T10248] REISERFS (device loop6): using ordered data mode
[  590.898226][T10248] reiserfs: using flush barriers
[  590.904560][T10248] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  590.921179][T10248] REISERFS (device loop6): checking transaction log (loop6)
[  590.930528][T10248] REISERFS (device loop6): Using r5 hash to sort names
[  590.937841][T10248] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  590.938560][T10246] device bridge0 entered promiscuous mode
[  591.000626][T10241] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  591.044935][T10246] device gretap0 entered promiscuous mode
[  591.083890][ T4442] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[  591.128181][T10254] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1392'.
[  591.145600][T10254] netlink: 'syz.0.1392': attribute type 10 has an invalid length.
[  591.175023][T10241] EXT4-fs (loop5): 1 orphan inode deleted
[  591.181299][T10241] EXT4-fs (loop5): 1 truncate cleaned up
[  591.187144][T10241] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  591.389480][T10259] loop4: detected capacity change from 0 to 512
[  591.514103][T10259] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  591.572815][T10259] ext4 filesystem being mounted at /291/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  592.906436][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  593.661475][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  594.052469][T10284] dlm: no local IP address has been set
[  594.058109][T10284] dlm: cannot start dlm midcomms -107
[  594.491105][T10283] IPVS: set_ctl: invalid protocol: 59 100.1.1.1:20004
[  598.214783][T10318] loop0: detected capacity change from 0 to 8192
[  598.302623][T10318] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  598.315864][T10318] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  598.325464][T10318] REISERFS (device loop0): using ordered data mode
[  598.332087][T10318] reiserfs: using flush barriers
[  598.338889][T10318] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  598.356155][T10318] REISERFS (device loop0): checking transaction log (loop0)
[  598.359264][T10325] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1412'.
[  598.381223][T10325] netlink: 'syz.5.1412': attribute type 10 has an invalid length.
[  598.393502][T10318] REISERFS (device loop0): Using r5 hash to sort names
[  598.400909][T10318] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  598.440264][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.458889][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.476485][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.492524][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.504271][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.516124][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.534686][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.568654][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.578192][ T9773] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  598.594425][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.647027][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.700673][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.749251][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.789092][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.802000][ T9773] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 122, changing to 7
[  598.828874][ T9773] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  598.863589][ T9773] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  598.881769][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.890840][ T9773] usb 5-1: Product: syz
[  598.896204][ T9773] usb 5-1: Manufacturer: syz
[  598.913241][ T9773] usb 5-1: SerialNumber: syz
[  598.941743][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  598.994083][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  599.037691][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  599.140196][T10333] loop6: detected capacity change from 0 to 512
[  599.180019][ T9773] usb 5-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  599.187760][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  599.212845][ T9773] usb 5-1: 2:1 : unknown format tag 0x3 is detected.  processed as MPEG.
[  599.231621][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  599.237964][ T9773] usb 5-1: found format II with max.bitrate = 13, frame size=7
[  599.298158][T10333] EXT4-fs: Ignoring removed nobh option
[  599.480367][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  599.956016][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  599.998666][ T9773] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  600.027160][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  600.046424][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  600.075888][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  600.117784][ T9773] usb 5-1: USB disconnect, device number 3
[  600.152794][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  600.201788][T10324] 9pnet_fd: p9_fd_create_tcp (10324): problem connecting socket to 127.0.0.1
[  600.219158][T10333] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  600.278724][T10333] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  600.408009][T10348] loop4: detected capacity change from 0 to 512
[  600.583582][T10348] FAT-fs (loop4): Unrecognized mount option "erRors=remount-ro" or missing value
[  600.698170][ T4596] udevd[4596]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  602.793792][   T52] block nbd4: Attempted send on invalid socket
[  602.800041][   T52] I/O error, dev nbd4, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  602.811948][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  602.818414][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  602.916723][T10360] qnx6: unable to read the first superblock
[  602.924864][ T1043] block nbd4: Attempted send on invalid socket
[  602.931102][ T1043] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  602.940326][T10360] qnx6: unable to read the first superblock
[  602.946300][T10360] qnx6: unable to read the first superblock
[  603.864852][T10365] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 36473 - 0
[  603.917927][T10365] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 36473 - 0
[  604.060936][T10365] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 36473 - 0
[  604.088050][T10365] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 36473 - 0
[  604.105235][T10365] device geneve2 entered promiscuous mode
[  604.371541][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  604.493921][T10379] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1429'.
[  604.701934][T10380] netlink: 'syz.2.1429': attribute type 10 has an invalid length.
[  607.020637][ T4310] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  607.259014][ T4310] usb 5-1: Using ep0 maxpacket: 32
[  607.273055][ T4310] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  607.515023][ T4310] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  607.570108][ T4310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.598479][ T4310] usb 5-1: Product: syz
[  607.606066][ T4310] usb 5-1: Manufacturer: syz
[  607.613783][ T4310] usb 5-1: SerialNumber: syz
[  607.637907][ T4310] usb 5-1: config 0 descriptor??
[  607.888809][ T4310] usb 5-1: USB disconnect, device number 4
[  608.011872][T10415] dlm: no local IP address has been set
[  608.017593][T10415] dlm: cannot start dlm midcomms -107
[  609.315583][T10426] loop0: detected capacity change from 0 to 512
[  609.438506][T10426] EXT4-fs: Ignoring removed nobh option
[  609.551963][T10438] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1446'.
[  609.567658][T10438] netlink: 'syz.6.1446': attribute type 10 has an invalid length.
[  609.737973][T10426] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  610.041808][T10426] ext4 filesystem being mounted at /273/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  612.994856][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  613.189077][T10474] Bluetooth: MGMT ver 1.22
[  615.839844][ T4312] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  616.388714][ T4312] usb 1-1: unable to get BOS descriptor or descriptor too short
[  616.402376][ T4312] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  616.421335][ T4312] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  616.463586][ T4312] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  616.865480][ T4312] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.875993][ T4312] usb 1-1: Product: syz
[  616.880285][ T4312] usb 1-1: Manufacturer: syz
[  616.898032][T10498] netlink: 56 bytes leftover after parsing attributes in process `syz.5.1464'.
[  616.907318][T10498] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1464'.
[  616.916473][T10498] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1464'.
[  616.925493][T10498] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1464'.
[  617.032435][ T4312] usb 1-1: SerialNumber: syz
[  617.327938][ T4312] usb 1-1: 0:1 : does not exist
[  617.379461][ T4312] usb 1-1: USB disconnect, device number 10
[  617.391479][T10505] ubi16: attaching mtd0
[  617.886887][ T4384] udevd[4384]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  618.731727][T10520] ucma_write: process 835 (syz.0.1471) changed security contexts after opening file descriptor, this is not allowed.
[  619.424699][T10537] device syzkaller0 entered promiscuous mode
[  619.479629][ T4310] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  619.493134][ T4310] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  621.242526][ T4277] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  621.242689][ T4281] Bluetooth: hci1: command 0x1003 tx timeout
[  622.255540][T10568] loop6: detected capacity change from 0 to 8192
[  622.393780][T10568] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  622.454017][T10568] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  622.463914][T10568] REISERFS (device loop6): using ordered data mode
[  622.470694][T10568] reiserfs: using flush barriers
[  622.494231][T10568] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  622.513541][T10568] REISERFS (device loop6): checking transaction log (loop6)
[  622.612140][T10568] REISERFS (device loop6): Using r5 hash to sort names
[  622.627101][T10568] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  624.650740][ T9672] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  624.661737][ T9672] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  625.155118][T10623] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1500'.
[  626.171246][T10635] loop6: detected capacity change from 0 to 8192
[  626.189015][T10635] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  626.202220][T10635] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  626.212185][T10635] REISERFS (device loop6): using ordered data mode
[  626.218792][T10635] reiserfs: using flush barriers
[  626.225397][T10635] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  626.241995][T10635] REISERFS (device loop6): checking transaction log (loop6)
[  626.255241][T10635] REISERFS (device loop6): Using r5 hash to sort names
[  626.262954][T10635] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  627.163748][T10648] device syzkaller0 entered promiscuous mode
[  627.673023][T10670] fuse: Bad value for 'fd'
[  628.657038][ T4311] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  628.685928][ T4311] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  628.696054][ T7373] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  628.796904][T10682] loop0: detected capacity change from 0 to 8192
[  628.820045][T10682] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  628.833469][T10682] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  628.842898][T10682] REISERFS (device loop0): using ordered data mode
[  628.849536][T10682] reiserfs: using flush barriers
[  628.872285][T10682] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  628.888971][T10682] REISERFS (device loop0): checking transaction log (loop0)
[  628.902679][T10682] REISERFS (device loop0): Using r5 hash to sort names
[  628.909859][T10693] device syzkaller0 entered promiscuous mode
[  628.910148][T10682] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  628.916598][ T7373] usb 5-1: Using ep0 maxpacket: 8
[  628.971077][ T7373] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  629.011026][ T7373] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  629.036395][ T7373] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  629.105213][ T7373] usb 5-1: New USB device found, idVendor=0079, idProduct=0006, bcdDevice= 0.00
[  629.148140][ T7373] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.203080][ T7373] usb 5-1: config 0 descriptor??
[  629.483846][T10697] autofs4:pid:10697:autofs_fill_super: called with bogus options
[  629.675792][ T7373] dragonrise 0003:0079:0006.0006: unbalanced collection at end of report description
[  629.712517][ T7373] dragonrise 0003:0079:0006.0006: parse failed
[  629.727891][ T7373] dragonrise: probe of 0003:0079:0006.0006 failed with error -22
[  629.898585][ T7373] usb 5-1: USB disconnect, device number 5
[  630.256681][ T3598] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  630.470195][T10722] loop0: detected capacity change from 0 to 512
[  630.473242][ T3598] usb 6-1: Using ep0 maxpacket: 16
[  630.484005][ T3598] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  630.516846][ T3598] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.527325][T10725] device syzkaller0 entered promiscuous mode
[  630.539369][ T3598] usb 6-1: config 0 descriptor??
[  630.564629][ T3598] gspca_main: sonixj-2.14.0 probing 0471:0327
[  630.595568][T10722] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  630.623811][T10722] ext4 filesystem being mounted at /284/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  630.769419][T10732] loop4: detected capacity change from 0 to 8192
[  630.886422][T10732] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  630.899697][T10732] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  630.909190][T10732] REISERFS (device loop4): using ordered data mode
[  630.915746][T10732] reiserfs: using flush barriers
[  630.926446][T10732] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  630.943872][T10732] REISERFS (device loop4): checking transaction log (loop4)
[  630.953955][T10732] REISERFS (device loop4): Using r5 hash to sort names
[  630.961496][T10732] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  631.077739][T10736] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1728497071 (13827976568 ns) > initial count (5811828296 ns). Using initial count to start timer.
[  631.423716][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  631.848666][ T3598] gspca_sonixj: reg_w1 err -71
[  631.916967][ T3598] sonixj: probe of 6-1:0.0 failed with error -71
[  631.925977][ T3598] usb 6-1: USB disconnect, device number 9
[  632.195504][T10760] loop6: detected capacity change from 0 to 512
[  632.236059][T10760] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  632.246844][T10760] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  632.608654][ T3598] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  632.876097][ T3598] usb 1-1: unable to get BOS descriptor or descriptor too short
[  632.927779][ T3598] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  633.188655][ T3598] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  633.222794][ T3598] usb 1-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  633.268750][ T3598] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.288813][ T3598] usb 1-1: Product: syz
[  633.309948][ T3598] usb 1-1: Manufacturer: syz
[  633.326067][ T3598] usb 1-1: SerialNumber: syz
[  633.374032][T10772] loop5: detected capacity change from 0 to 512
[  633.387007][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  633.467710][T10776] loop4: detected capacity change from 0 to 512
[  633.485656][T10772] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  633.505752][T10776] EXT4-fs: Ignoring removed nobh option
[  633.519337][T10778] fuse: Unknown parameter '0xffffffffffffffff'
[  633.541893][T10772] ext4 filesystem being mounted at /197/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  633.608018][ T3598] usb 1-1: 0:1 : does not exist
[  633.718665][T10782] loop6: detected capacity change from 0 to 8192
[  633.771693][ T3598] usb 1-1: USB disconnect, device number 11
[  633.849406][T10782] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  633.862815][T10782] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  633.873141][T10782] REISERFS (device loop6): using ordered data mode
[  633.879987][T10782] reiserfs: using flush barriers
[  633.891612][T10782] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  633.908443][T10782] REISERFS (device loop6): checking transaction log (loop6)
[  633.917418][T10782] REISERFS (device loop6): Using r5 hash to sort names
[  633.924742][T10782] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  633.950184][T10776] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  633.980532][T10776] ext4 filesystem being mounted at /322/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  634.122817][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  634.286433][ T4596] udevd[4596]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  636.350100][ T9773] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  636.382244][ T9773] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  636.520572][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  636.801370][T10818] fido_id[10818]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  636.836123][T10822] fuse: Unknown parameter '0x0000000000000003'
[  636.894287][T10820] fuse: Bad value for 'fd'
[  636.989027][T10824] loop6: detected capacity change from 0 to 512
[  637.108383][T10827] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  637.128052][T10824] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  637.178235][T10824] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  637.623636][ T8578] Bluetooth: hci1: received HCILL_GO_TO_SLEEP_ACK in state 1
[  637.761641][ T8578] Bluetooth: hci1: Frame reassembly failed (-84)
[  638.126169][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  638.739562][T10840] loop0: detected capacity change from 0 to 8192
[  639.183180][T10840] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  639.207834][T10840] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  639.228036][T10840] REISERFS (device loop0): using ordered data mode
[  639.265505][T10840] reiserfs: using flush barriers
[  639.281797][T10840] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  639.356242][T10840] REISERFS (device loop0): checking transaction log (loop0)
[  639.392907][ T4311] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  639.402518][T10840] REISERFS (device loop0): Using r5 hash to sort names
[  639.413801][T10840] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  639.544095][T10854] xt_l2tp: missing protocol rule (udp|l2tpip)
[  639.598795][ T4311] usb 7-1: Using ep0 maxpacket: 32
[  639.606418][ T4311] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  639.631545][ T4311] usb 7-1: config 0 has no interface number 0
[  639.641044][ T9672] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  639.658834][ T9672] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  639.667604][ T4311] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  639.689050][ T4311] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  639.720008][ T4311] usb 7-1: Product: syz
[  639.724386][ T4311] usb 7-1: Manufacturer: syz
[  639.735409][ T4311] usb 7-1: SerialNumber: syz
[  639.763401][T10556] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  639.808913][T10836] syz.4.1566 (10836) used greatest stack depth: 18096 bytes left
[  639.849073][ T4311] usb 7-1: config 0 descriptor??
[  639.925527][ T4311] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  640.181146][ T4311] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  640.295020][ T4311] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  640.470226][T10871] fuse: Bad value for 'fd'
[  640.561015][T10860] fido_id[10860]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  640.656255][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[  640.660011][ T9672] usb 7-1: USB disconnect, device number 4
[  640.808896][ T9672] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  640.839992][ T9672] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  640.852869][ T9672] quatech2 7-1:0.51: device disconnected
[  641.394352][   T26] audit: type=1326 audit(1776418978.591:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.425346][T10881] loop4: detected capacity change from 0 to 512
[  641.459146][   T26] audit: type=1326 audit(1776418978.627:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.492794][T10881] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  641.504447][   T26] audit: type=1326 audit(1776418978.627:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.527755][   T26] audit: type=1326 audit(1776418978.627:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.550845][   T26] audit: type=1326 audit(1776418978.627:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.573701][   T26] audit: type=1326 audit(1776418978.674:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.590920][T10881] ext4 filesystem being mounted at /326/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  641.596326][   T26] audit: type=1326 audit(1776418978.674:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.596369][   T26] audit: type=1326 audit(1776418978.674:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.596404][   T26] audit: type=1326 audit(1776418978.692:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10882 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f302379c819 code=0x7ffc0000
[  641.915326][   T26] audit: type=1326 audit(1776418978.692:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10885 comm="syz.6.1583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f302375d04e code=0x7ffc0000
[  642.662097][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  644.154767][T10900] xt_l2tp: missing protocol rule (udp|l2tpip)
[  644.217605][ T4311] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  644.252776][ T4311] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  644.786752][T10911] loop4: detected capacity change from 0 to 8192
[  644.827513][T10907] fido_id[10907]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  645.046114][T10911] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  645.124824][T10924] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  645.133302][T10924] overlayfs: overlapping lowerdir path
[  645.141982][T10911] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  645.152242][T10911] REISERFS (device loop4): using ordered data mode
[  645.159189][T10911] reiserfs: using flush barriers
[  645.174043][T10911] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  645.255016][T10911] REISERFS (device loop4): checking transaction log (loop4)
[  645.313026][T10911] REISERFS (device loop4): Using r5 hash to sort names
[  645.356741][T10911] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  648.018674][T10951] xt_l2tp: missing protocol rule (udp|l2tpip)
[  649.041703][   T26] kauditd_printk_skb: 4 callbacks suppressed
[  649.041718][   T26] audit: type=1326 audit(1776418985.649:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10957 comm="syz.4.1605" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7bc959c819 code=0x0
[  649.092701][ T7373] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  649.261995][T10934] loop6: detected capacity change from 0 to 40427
[  649.277373][T10934] F2FS-fs (loop6): invalid crc value
[  649.285118][T10934] F2FS-fs (loop6): Found nat_bits in checkpoint
[  649.333129][ T7373] usb 6-1: unable to get BOS descriptor or descriptor too short
[  649.344791][T10934] F2FS-fs (loop6): Start checkpoint disabled!
[  649.363931][ T7373] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  649.374105][ T7373] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  649.384289][T10934] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  649.478500][ T7373] usb 6-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  649.500202][ T7373] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.536085][ T7373] usb 6-1: Product: syz
[  649.559182][ T7373] usb 6-1: Manufacturer: syz
[  649.584448][ T7373] usb 6-1: SerialNumber: syz
[  649.898838][ T7373] usb 6-1: 0:1 : does not exist
[  650.008462][ T7373] usb 6-1: USB disconnect, device number 10
[  650.340385][ T9366] kworker/u4:25: attempt to access beyond end of device
[  650.340385][ T9366] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  650.609979][T10975] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  650.618579][T10975] overlayfs: overlapping lowerdir path
[  652.745424][T10985] loop6: detected capacity change from 0 to 512
[  652.853580][T10988] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1612'.
[  652.885263][T10985] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  652.896221][T10985] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  653.930716][ T8161] EXT4-fs (loop6): unmounting filesystem.
[  654.442712][ T4312] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0
[  654.582623][ T4312] hid-generic 0000:0000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  655.464912][T11013] fido_id[11013]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  656.116951][T11029] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1622'.
[  656.126376][T11029] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1622'.
[  656.135458][T11029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1622'.
[  656.144529][T11029] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1622'.
[  656.998859][T11030] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  657.007378][T11030] overlayfs: overlapping lowerdir path
[  659.061620][ T7373] hid-generic 0000:0000:0000.000B: unknown main item tag 0x0
[  659.160525][T11042] loop6: detected capacity change from 0 to 40427
[  659.236589][T11042] F2FS-fs (loop6): Invalid SB checksum offset: 0
[  659.355861][T11042] F2FS-fs (loop6): Can't find valid F2FS filesystem in 2th superblock
[  659.532993][T11042] F2FS-fs (loop6): invalid crc value
[  659.844413][ T7373] hid-generic 0000:0000:0000.000B: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  659.907014][T11042] F2FS-fs (loop6): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  660.242300][T11042] F2FS-fs (loop6): Try to recover 2th superblock, ret: 0
[  660.274285][T11042] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  661.184495][ T8161] syz-executor: attempt to access beyond end of device
[  661.184495][ T8161] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  661.229615][T11064] fido_id[11064]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  661.393635][ T4312] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  661.560794][T11079] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1635'.
[  661.570501][T11079] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1635'.
[  661.579635][T11079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1635'.
[  661.588567][T11079] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1635'.
[  661.599980][ T4312] usb 5-1: Using ep0 maxpacket: 16
[  661.650301][ T4312] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  661.811177][ T4312] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.901303][ T4312] usb 5-1: Product: syz
[  661.961336][ T4312] usb 5-1: Manufacturer: syz
[  662.042370][ T4312] usb 5-1: SerialNumber: syz
[  662.253662][ T4312] r8152-cfgselector 5-1: config 0 descriptor??
[  663.121371][ T4312] r8152-cfgselector 5-1: Unknown version 0x0000
[  663.142313][ T4312] r8152-cfgselector 5-1: bad CDC descriptors
[  663.177518][ T4312] r8152-cfgselector 5-1: Unknown version 0x0000
[  663.212960][ T4312] r8152-cfgselector 5-1: USB disconnect, device number 6
[  663.287616][T11092] loop5: detected capacity change from 0 to 512
[  663.385371][T11092] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  663.415179][T11092] ext4 filesystem being mounted at /211/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  664.122885][T11101] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  664.131625][T11101] overlayfs: overlapping lowerdir path
[  664.579282][ T6180] EXT4-fs (loop5): unmounting filesystem.
[  666.727357][T11124] loop6: detected capacity change from 0 to 8192
[  667.030567][T11124] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  667.052376][T11124] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  667.094278][ T4310] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  667.104630][T11124] REISERFS (device loop6): using ordered data mode
[  667.116465][T11124] reiserfs: using flush barriers
[  667.122768][T11124] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  667.141810][T11124] REISERFS (device loop6): checking transaction log (loop6)
[  667.154269][T11124] REISERFS (device loop6): Using r5 hash to sort names
[  667.179302][T11124] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  667.401957][ T4310] usb 5-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  667.411351][ T4310] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.875067][ T4310] usb 5-1: Product: syz
[  667.879325][ T4310] usb 5-1: Manufacturer: syz
[  667.883964][ T4310] usb 5-1: SerialNumber: syz
[  667.890521][ T4310] usb 5-1: config 0 descriptor??
[  667.960789][ T4310] hub 5-1:0.0: bad descriptor, ignoring hub
[  667.977514][ T4310] hub: probe of 5-1:0.0 failed with error -5
[  668.196052][ T4310] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in cold state, will try to load a firmware
[  668.365234][T11149] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  668.373733][T11149] overlayfs: overlapping lowerdir path
[  669.064379][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  669.088386][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  669.197909][ T4310] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  669.206019][ T4310] dib0700: firmware download failed at 7 with -22
[  669.252896][ T4310] usb 5-1: USB disconnect, device number 7
[  669.939263][T11162] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1654'.
[  670.769191][T11162] netlink: 'syz.5.1654': attribute type 10 has an invalid length.
[  671.513752][T11181] dlm: no local IP address has been set
[  671.533162][T11181] dlm: cannot start dlm midcomms -107
[  671.609999][T11179] loop6: detected capacity change from 0 to 8192
[  671.641005][T11179] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  671.656732][T11179] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal
[  671.670176][T11179] REISERFS (device loop6): using ordered data mode
[  671.676839][T11179] reiserfs: using flush barriers
[  671.683647][T11179] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  671.700830][T11179] REISERFS (device loop6): checking transaction log (loop6)
[  671.710310][T11179] REISERFS (device loop6): Using r5 hash to sort names
[  671.721211][T11179] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  673.222329][ T4311] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  673.240677][ T4311] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  674.010756][T11201] netlink: 56 bytes leftover after parsing attributes in process `syz.6.1665'.
[  674.019949][T11201] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1665'.
[  674.029030][T11201] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1665'.
[  674.038440][T11201] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1665'.
[  674.652190][T11195] fido_id[11195]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  675.722564][T11218] ufs: You didn't specify the type of your ufs filesystem
[  675.722564][T11218] 
[  675.722564][T11218] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  675.722564][T11218] 
[  675.722564][T11218] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  675.754411][T11218] ufs: ufstype=old is supported read-only
[  675.780589][T11218] ufs: ufs_fill_super(): bad magic number
[  676.866897][T11232] loop5: detected capacity change from 0 to 8192
[  678.266945][T11232] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  678.289829][T11223] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  678.296403][T11223] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  678.341143][T11232] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  678.375865][T11223] vhci_hcd vhci_hcd.0: Device attached
[  678.391614][T11242] loop6: detected capacity change from 0 to 512
[  678.398365][T11232] REISERFS (device loop5): using ordered data mode
[  678.404957][T11232] reiserfs: using flush barriers
[  678.420242][T11232] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  678.469853][T11232] REISERFS (device loop5): checking transaction log (loop5)
[  678.519778][T11232] REISERFS (device loop5): Using r5 hash to sort names
[  678.543674][T11247] loop0: detected capacity change from 0 to 512
[  678.551831][T11232] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  678.679738][ T3598] usb 41-1: new low-speed USB device number 3 using vhci_hcd
[  678.841695][T11247] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  679.287111][T11247] ext4 filesystem being mounted at /307/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  680.029873][T11228] vhci_hcd: connection reset by peer
[  680.040300][ T9366] vhci_hcd: stop threads
[  680.049218][ T9366] vhci_hcd: release socket
[  680.071513][ T9366] vhci_hcd: disconnect device
[  680.078795][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  680.124030][T11258] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1679'.
[  680.315128][T11258] netlink: 'syz.2.1679': attribute type 10 has an invalid length.
[  681.208546][T11264] block nbd0: NBD_DISCONNECT
[  681.746930][ T9773] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  681.974522][ T9773] usb 5-1: Using ep0 maxpacket: 32
[  681.995206][ T9773] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  682.097193][ T9773] usb 5-1: config 0 has no interface number 0
[  682.176304][ T9773] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  682.289974][ T9773] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.407975][ T9773] usb 5-1: Product: syz
[  682.412384][ T9773] usb 5-1: Manufacturer: syz
[  682.417023][ T9773] usb 5-1: SerialNumber: syz
[  682.460361][ T9773] usb 5-1: config 0 descriptor??
[  682.673914][ T9773] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  683.589204][    C1] hrtimer: interrupt took 51053 ns
[  683.838511][ T4311] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  684.239559][ T3598] vhci_hcd: vhci_device speed not set
[  684.631491][ T9773] usb 5-1: qt2_attach - failed to power on unit: -71
[  684.638528][ T9773] quatech2: probe of 5-1:0.51 failed with error -71
[  684.706939][ T9773] usb 5-1: USB disconnect, device number 8
[  686.266363][T11297] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  686.272963][T11297] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  687.122596][T11297] vhci_hcd vhci_hcd.0: Device attached
[  687.154858][ T4311] usb 6-1: Using ep0 maxpacket: 16
[  687.206389][T11311] block nbd6: NBD_DISCONNECT
[  687.293361][ T4311] usb 6-1: device descriptor read/all, error -71
[  687.436838][  T128] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  688.197052][T11301] vhci_hcd: connection reset by peer
[  688.244316][ T4442] vhci_hcd: stop threads
[  688.248680][ T4442] vhci_hcd: release socket
[  688.321705][ T4442] vhci_hcd: disconnect device
[  688.862674][T11333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1700'.
[  688.891411][T11333] netlink: 'syz.0.1700': attribute type 10 has an invalid length.
[  689.062543][ T9773] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  689.301157][ T9773] usb 6-1: Using ep0 maxpacket: 32
[  689.315698][ T9773] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  689.491175][ T9773] usb 6-1: config 0 has no interface number 0
[  689.710360][ T9773] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  689.723870][ T9773] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.732084][ T9773] usb 6-1: Product: syz
[  689.737036][ T9773] usb 6-1: Manufacturer: syz
[  689.741720][ T9773] usb 6-1: SerialNumber: syz
[  689.749462][ T9773] usb 6-1: config 0 descriptor??
[  689.986110][ T9773] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  691.895602][T11349] syz.0.1705 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  693.788178][ T9773] usb 6-1: qt2_attach - failed to power on unit: -71
[  693.807618][ T9773] quatech2: probe of 6-1:0.51 failed with error -71
[  693.929367][ T9773] usb 6-1: USB disconnect, device number 13
[  693.950181][  T128] vhci_hcd: vhci_device speed not set
[  694.037947][T11364] block nbd5: NBD_DISCONNECT
[  696.676497][T11366] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  696.683072][T11366] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  696.690822][T11366] vhci_hcd vhci_hcd.0: Device attached
[  697.017821][ T9773] usb 41-1: new low-speed USB device number 4 using vhci_hcd
[  697.249287][T11388] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1715'.
[  697.264484][T11388] netlink: 'syz.6.1715': attribute type 10 has an invalid length.
[  698.189381][T11370] vhci_hcd: connection reset by peer
[  698.200040][ T4765] vhci_hcd: stop threads
[  698.204884][ T4765] vhci_hcd: release socket
[  698.264407][ T4765] vhci_hcd: disconnect device
[  698.470592][T11406] block nbd0: NBD_DISCONNECT
[  700.096669][T11407] loop4: detected capacity change from 0 to 512
[  700.172330][T11407] EXT4-fs: Ignoring removed nobh option
[  701.122280][T11407] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  701.141420][T11407] ext4 filesystem being mounted at /353/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  701.216116][T11425] loop0: detected capacity change from 0 to 8192
[  701.262568][T11425] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  701.282746][T11425] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal
[  701.299437][T11425] REISERFS (device loop0): using ordered data mode
[  701.323162][T11425] reiserfs: using flush barriers
[  701.335290][T11425] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  701.385394][T11425] REISERFS (device loop0): checking transaction log (loop0)
[  701.416041][T11425] REISERFS (device loop0): Using r5 hash to sort names
[  701.438742][T11425] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  701.504512][T11434] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  701.511088][T11434] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  701.519050][T11434] vhci_hcd vhci_hcd.0: Device attached
[  702.017993][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  702.025722][ T9672] usb 43-1: new low-speed USB device number 3 using vhci_hcd
[  702.318939][T11435] vhci_hcd: connection reset by peer
[  702.354100][ T8778] vhci_hcd: stop threads
[  702.358447][ T8778] vhci_hcd: release socket
[  702.382122][ T8778] vhci_hcd: disconnect device
[  702.530309][T11450] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1732'.
[  702.562615][T11450] netlink: 'syz.4.1732': attribute type 10 has an invalid length.
[  702.795681][   T48] Bluetooth: hci1: command 0xfc11 tx timeout
[  702.802600][T10556] Bluetooth: hci1: Entering manufacturer mode failed (-110)
[  703.454885][ T9773] vhci_hcd: vhci_device speed not set
[  703.710308][T11461] block nbd4: NBD_DISCONNECT
[  706.572789][  T128] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  706.583030][  T128] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  708.060929][ T9672] vhci_hcd: vhci_device speed not set
[  708.147680][T11490] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[  708.154291][T11490] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  708.163607][T11490] vhci_hcd vhci_hcd.0: Device attached
[  708.218540][T11486] fido_id[11486]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  708.494546][ T9672] usb 43-1: device descriptor read/64, error -110
[  708.906413][ T9672] usb 43-1: new low-speed USB device number 4 using vhci_hcd
[  709.038629][T11491] vhci_hcd: connection reset by peer
[  709.045498][ T9363] vhci_hcd: stop threads
[  709.065509][ T9363] vhci_hcd: release socket
[  709.082607][ T9363] vhci_hcd: disconnect device
[  709.419460][T11523] loop4: detected capacity change from 0 to 512
[  709.528896][T11525] overlayfs: missing 'lowerdir'
[  709.906391][T11523] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  710.086836][T11523] ext4 filesystem being mounted at /363/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  710.298200][ T4346] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0
[  710.362230][ T4346] hid-generic 0000:0000:0000.000E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  711.502316][T11542] loop5: detected capacity change from 0 to 8192
[  711.549444][T11542] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  711.562648][T11542] REISERFS (device loop5): found reiserfs format "3.5" with non-standard journal
[  711.571906][T11542] REISERFS (device loop5): using ordered data mode
[  711.578766][T11542] reiserfs: using flush barriers
[  711.586770][T11542] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  711.588067][T11534] fido_id[11534]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  711.660336][T11542] REISERFS (device loop5): checking transaction log (loop5)
[  711.669633][T11542] REISERFS (device loop5): Using r5 hash to sort names
[  711.677339][T11542] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  711.791989][T11550] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1764'.
[  711.807124][T11550] netlink: 'syz.6.1764': attribute type 10 has an invalid length.
[  713.013180][T11567] overlayfs: missing 'lowerdir'
[  714.498800][ T9672] vhci_hcd: vhci_device speed not set
[  715.448046][ T4282] EXT4-fs (loop4): unmounting filesystem.
[  715.647315][ T4310] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  715.899058][ T4310] usb 7-1: unable to get BOS descriptor or descriptor too short
[  715.922452][ T4310] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  715.992944][ T4310] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  716.058484][ T4310] usb 7-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  716.131582][ T4310] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.173100][ T4310] usb 7-1: Product: syz
[  716.199246][ T4310] usb 7-1: Manufacturer: syz
[  716.232669][ T4310] usb 7-1: SerialNumber: syz
[  716.302232][T11598] loop0: detected capacity change from 0 to 512
[  716.341789][T11598] EXT4-fs: Ignoring removed nobh option
[  716.434344][T11598] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  716.462899][T11598] ext4 filesystem being mounted at /328/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  716.639006][T11606] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1781'.
[  716.654469][T11606] netlink: 'syz.5.1781': attribute type 10 has an invalid length.
[  716.935166][ T4310] usb 7-1: 0:1 : does not exist
[  716.968056][ T4310] usb 7-1: USB disconnect, device number 5
[  717.299580][T11613] overlayfs: missing 'lowerdir'
[  718.061701][ T4894] udevd[4894]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  718.625466][ T4273] EXT4-fs (loop0): unmounting filesystem.
[  719.937335][T11635] loop5: detected capacity change from 0 to 512
[  720.142399][T11635] FAT-fs (loop5): Unrecognized mount option "erRors=remount-ro" or missing value
[  720.740681][   T52] block nbd5: Attempted send on invalid socket
[  720.747178][   T52] I/O error, dev nbd5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  720.756868][T11647] qnx6: unable to read the first superblock
[  720.763550][   T52] block nbd5: Attempted send on invalid socket
[  720.769824][   T52] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  720.779159][T11647] qnx6: unable to read the first superblock
[  720.785176][T11647] qnx6: unable to read the first superblock
[  720.921042][T11649] dlm: no local IP address has been set
[  721.301216][T11652] overlayfs: unrecognized mount option "/" or missing value
[  721.411409][T11649] dlm: cannot start dlm midcomms -107
[  722.209501][T11661] dlm: no local IP address has been set
[  722.215288][T11661] dlm: cannot start dlm midcomms -107
[  723.015537][T11663] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1796'.
[  723.189404][T11665] netlink: 'syz.2.1796': attribute type 10 has an invalid length.
[  726.031456][ T4311] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  726.410012][ T4311] usb 1-1: Using ep0 maxpacket: 32
[  726.425392][ T4311] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  726.458705][ T4311] usb 1-1: config 0 has no interface number 0
[  726.479969][ T4311] usb 1-1: config 0 interface 184 has no altsetting 0
[  726.514153][ T4311] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  726.552242][ T4311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.592039][ T4311] usb 1-1: Product: syz
[  726.598755][ T4311] usb 1-1: Manufacturer: syz
[  726.671387][T11701] overlayfs: unrecognized mount option "/" or missing value
[  726.710139][ T4311] usb 1-1: SerialNumber: syz
[  727.493389][ T4311] usb 1-1: config 0 descriptor??
[  727.505951][ T4311] smsc75xx v1.0.0
[  727.807504][  T128] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  728.564549][  T128] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  728.576067][  T128] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9865, setting to 1024
[  728.647354][  T128] usb 5-1: New USB device found, idVendor=1c4f, idProduct=0059, bcdDevice= 0.00
[  728.657197][  T128] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.675360][  T128] usb 5-1: config 0 descriptor??
[  728.725299][T11715] loop6: detected capacity change from 0 to 512
[  728.740118][T11715] FAT-fs (loop6): Unrecognized mount option "erRors=remount-ro" or missing value
[  728.881192][T11698] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  728.908251][ T4311] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[  728.918865][ T4894] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  729.888324][ T4311] smsc75xx: probe of 1-1:0.184 failed with error -71
[  729.920216][ T4311] usb 1-1: USB disconnect, device number 12
[  730.026045][  T128] usbhid 5-1:0.0: can't add hid device: -71
[  730.036475][  T128] usbhid: probe of 5-1:0.0 failed with error -71
[  730.071067][  T128] usb 5-1: USB disconnect, device number 9
[  730.103905][ T1043] block nbd6: Attempted send on invalid socket
[  730.110267][ T1043] I/O error, dev nbd6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  730.119777][T11723] qnx6: unable to read the first superblock
[  730.125963][ T1043] block nbd6: Attempted send on invalid socket
[  730.132211][ T1043] I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  730.141588][T11723] qnx6: unable to read the first superblock
[  730.147559][T11723] qnx6: unable to read the first superblock
[  731.628347][T11741] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1819'.
[  731.809341][T11741] netlink: 'syz.0.1819': attribute type 10 has an invalid length.
[  732.218787][T11750] overlayfs: unrecognized mount option "/" or missing value
[  733.572055][T11765] block nbd4: NBD_DISCONNECT
[  735.149929][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  735.165292][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  737.506276][T11800] overlayfs: failed to clone lowerpath
[  738.414711][T11807] loop5: detected capacity change from 0 to 512
[  738.434349][T11807] FAT-fs (loop5): Unrecognized mount option "erRors=remount-ro" or missing value
[  739.120876][ T1043] block nbd5: Attempted send on invalid socket
[  739.127723][ T1043] I/O error, dev nbd5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  739.138063][T11813] qnx6: unable to read the first superblock
[  739.146113][ T1043] block nbd5: Attempted send on invalid socket
[  739.153111][ T1043] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  739.163010][T11813] qnx6: unable to read the first superblock
[  739.169132][T11813] qnx6: unable to read the first superblock
[  739.780967][T11816] block nbd4: NBD_DISCONNECT
[  742.075236][ T4310] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  742.612057][T11845] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  742.636239][ T4310] usb 5-1: Using ep0 maxpacket: 16
[  744.091211][ T4310] usb 5-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  744.102520][ T4310] usb 5-1: config 0 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 25
[  744.115530][ T4310] usb 5-1: config 0 interface 0 has no altsetting 0
[  744.124368][ T4310] usb 5-1: New USB device found, idVendor=0c45, idProduct=5112, bcdDevice= 0.00
[  744.133515][ T4310] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  744.144799][ T4310] usb 5-1: config 0 descriptor??
[  744.344212][T11851] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1852'.
[  744.386269][T11851] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1852'.
[  744.537201][T11856] 
[  744.539603][T11856] ============================================
[  744.545788][T11856] WARNING: possible recursive locking detected
[  744.551991][T11856] syzkaller #0 Not tainted
[  744.556436][T11856] --------------------------------------------
[  744.562616][T11856] syz.4.1847/11856 is trying to acquire lock:
[  744.568724][T11856] ffffffff8d3f31b8 (qp_broker_list.mutex){+.+.}-{3:3}, at: vmci_qp_broker_detach+0x114/0xf00
[  744.579003][T11856] 
[  744.579003][T11856] but task is already holding lock:
[  744.586491][T11856] ffffffff8d3f31b8 (qp_broker_list.mutex){+.+.}-{3:3}, at: vmci_qp_broker_detach+0x114/0xf00
[  744.596746][T11856] 
[  744.596746][T11856] other info that might help us debug this:
[  744.604852][T11856]  Possible unsafe locking scenario:
[  744.604852][T11856] 
[  744.612344][T11856]        CPU0
[  744.615660][T11856]        ----
[  744.618979][T11856]   lock(qp_broker_list.mutex);
[  744.623878][T11856]   lock(qp_broker_list.mutex);
[  744.628770][T11856] 
[  744.628770][T11856]  *** DEADLOCK ***
[  744.628770][T11856] 
[  744.636972][T11856]  May be due to missing lock nesting notation
[  744.636972][T11856] 
[  744.645327][T11856] 1 lock held by syz.4.1847/11856:
[  744.650508][T11856]  #0: ffffffff8d3f31b8 (qp_broker_list.mutex){+.+.}-{3:3}, at: vmci_qp_broker_detach+0x114/0xf00
[  744.661194][T11856] 
[  744.661194][T11856] stack backtrace:
[  744.667113][T11856] CPU: 0 PID: 11856 Comm: syz.4.1847 Not tainted syzkaller #0
[  744.674614][T11856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  744.684712][T11856] Call Trace:
[  744.688031][T11856]  <TASK>
[  744.691002][T11856]  dump_stack_lvl+0x188/0x24e
[  744.695741][T11856]  ? show_regs_print_info+0x12/0x12
[  744.701006][T11856]  ? load_image+0x400/0x400
[  744.705590][T11856]  __lock_acquire+0x123e/0x7d10
[  744.710505][T11856]  ? __lock_acquire+0x7d10/0x7d10
[  744.715590][T11856]  ? verify_lock_unused+0x140/0x140
[  744.720861][T11856]  ? mark_lock+0x94/0x320
[  744.725249][T11856]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  744.731301][T11856]  ? lock_chain_count+0x20/0x20
[  744.736307][T11856]  lock_acquire+0x1bb/0x4a0
[  744.740862][T11856]  ? vmci_qp_broker_detach+0x114/0xf00
[  744.746374][T11856]  ? __might_sleep+0xd0/0xd0
[  744.751006][T11856]  ? read_lock_is_recursive+0x10/0x10
[  744.756430][T11856]  ? kasan_set_track+0x60/0x70
[  744.761246][T11856]  ? kasan_save_free_info+0x2d/0x50
[  744.766487][T11856]  ? ____kasan_slab_free+0x126/0x1e0
[  744.771819][T11856]  ? slab_free_freelist_hook+0x131/0x1a0
[  744.777527][T11856]  __mutex_lock+0x12d/0xaf0
[  744.782099][T11856]  ? vmci_qp_broker_detach+0x114/0xf00
[  744.787606][T11856]  ? exit_to_user_mode_loop+0xe6/0x110
[  744.793127][T11856]  ? exit_to_user_mode_prepare+0xee/0x180
[  744.798904][T11856]  ? do_syscall_64+0x58/0xa0
[  744.803557][T11856]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  744.809780][T11856]  ? vmci_qp_broker_detach+0x114/0xf00
[  744.815306][T11856]  ? mutex_lock_nested+0x10/0x10
[  744.820321][T11856]  ? mark_lock+0x94/0x320
[  744.824731][T11856]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  744.830776][T11856]  vmci_qp_broker_detach+0x114/0xf00
[  744.836127][T11856]  ? kasan_quarantine_put+0xd4/0x220
[  744.841515][T11856]  ? lockdep_hardirqs_on+0x94/0x140
[  744.846818][T11856]  ? qp_notify_peer+0x1f0/0x1f0
[  744.851729][T11856]  ? slab_free_freelist_hook+0x131/0x1a0
[  744.857426][T11856]  ? vmci_ctx_put+0x5ca/0xc40
[  744.862233][T11856]  ? __kmem_cache_free+0xb6/0x1f0
[  744.867416][T11856]  vmci_ctx_put+0x629/0xc40
[  744.871969][T11856]  ? vmci_ctx_put+0x13e/0xc40
[  744.876692][T11856]  ? preempt_schedule_common+0xa5/0xd0
[  744.882227][T11856]  ? vmci_ctx_destroy+0xf0/0xf0
[  744.887115][T11856]  ? preempt_schedule+0xbc/0xd0
[  744.892022][T11856]  ? schedule_preempt_disabled+0x20/0x20
[  744.897719][T11856]  ? __lock_acquire+0x7d10/0x7d10
[  744.902843][T11856]  ? __rwlock_init+0x140/0x140
[  744.907679][T11856]  vmci_ctx_enqueue_datagram+0x3a7/0x420
[  744.913388][T11856]  vmci_datagram_dispatch+0x449/0xc10
[  744.918846][T11856]  ? vmci_is_context_owner+0xd0/0xd0
[  744.924187][T11856]  vmci_qp_broker_detach+0x8ca/0xf00
[  744.929619][T11856]  ? qp_notify_peer+0x1f0/0x1f0
[  744.934530][T11856]  ? vmci_ctx_put+0x5ca/0xc40
[  744.939259][T11856]  ? __kmem_cache_free+0xb6/0x1f0
[  744.944349][T11856]  vmci_ctx_put+0x629/0xc40
[  744.948935][T11856]  ? vmci_ctx_put+0x13e/0xc40
[  744.953663][T11856]  ? vmci_ctx_destroy+0xf0/0xf0
[  744.958571][T11856]  ? do_raw_spin_lock+0x128/0x2f0
[  744.963649][T11856]  ? __rwlock_init+0x140/0x140
[  744.968475][T11856]  ? do_raw_spin_unlock+0x11d/0x230
[  744.973738][T11856]  vmci_host_close+0x97/0x160
[  744.978574][T11856]  ? vmci_host_open+0xe0/0xe0
[  744.983329][T11856]  __fput+0x22c/0x920
[  744.987364][T11856]  task_work_run+0x1d0/0x260
[  744.992009][T11856]  ? task_work_cancel+0x220/0x220
[  744.997109][T11856]  ? exit_to_user_mode_loop+0x3b/0x110
[  745.002847][T11856]  exit_to_user_mode_loop+0xe6/0x110
[  745.008213][T11856]  exit_to_user_mode_prepare+0xee/0x180
[  745.013829][T11856]  syscall_exit_to_user_mode+0x16/0x40
[  745.019347][T11856]  do_syscall_64+0x58/0xa0
[  745.023823][T11856]  ? clear_bhb_loop+0x60/0xb0
[  745.028564][T11856]  ? clear_bhb_loop+0x60/0xb0
[  745.033304][T11856]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  745.039251][T11856] RIP: 0033:0x7f7bc959c819
[  745.043736][T11856] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  745.063407][T11856] RSP: 002b:00007f7bca3d3028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  745.071879][T11856] RAX: 0000000000000000 RBX: 00007f7bc9816090 RCX: 00007f7bc959c819
[  745.079959][T11856] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000005
[  745.087992][T11856] RBP: 00007f7bc9632c91 R08: 0000000000000000 R09: 0000000000000000
[  745.096097][T11856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  745.104109][T11856] R13: 00007f7bc9816128 R14: 00007f7bc9816090 R15: 00007ffffa4e78b8
[  745.112140][T11856]  </TASK>
[  749.615753][ T4310] usbhid 5-1:0.0: can't add hid device: -32
[  749.621866][ T4310] usbhid: probe of 5-1:0.0 failed with error -32