last executing test programs:

4m52.171043533s ago: executing program 4 (id=60):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f00000004c0)=ANY=[@ANYBLOB="4c4c10"], 0x0, 0x0, 0x0, 0x0})

4m51.901391754s ago: executing program 3 (id=61):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
setsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x31, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000900)}, {&(0x7f0000000380)="901bc96187dd3ead2743f1445d7153fdaf0974a7d47281f9a8bb3e0b86b47cc12fdad9433b8d8f4bdab0219334605585be75fdd7bf42b6b745d76d22e8ca9925e1e48d582a0db6b1fa26f8041d78ebbef3f40f9b983f0ac52cb0235f5bb503981ca0b8f52aad0fcc327e62d3cd5167b4d2007a43d9a5e113b0b97ba8571466dfca8b7b945c21e1f597dc59182a5035a690990c365d24c0eb23", 0x99}], 0x2)
syz_usb_control_io$hid(r0, 0x0, 0x0)

4m50.078803s ago: executing program 3 (id=71):
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e21, @multicast1}, @in={0x2, 0x4e23, @rand_addr=0x64010100}], 0x20)
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000000)={0x8, {{0x2, 0x4e21, @remote}}, {{0x2, 0x4e27, @local}}}, 0x108)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

4m49.931765162s ago: executing program 4 (id=72):
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0xdf, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x54, 0x0, 0xfffffffffffffd9c)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0xe, 0x0, 0x0, '\x00', 0x400000000000008})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m49.621818517s ago: executing program 3 (id=73):
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8}, 0x94)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000", @ANYBLOB="ebffffffffffffff280012800b00010065"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4m48.902937584s ago: executing program 4 (id=75):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGMASK(r2, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)

4m47.663475284s ago: executing program 3 (id=81):
r0 = syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x40002)
writev(r0, &(0x7f0000000c40)=[{0x0}, {&(0x7f00000005c0)="c21cfb", 0x3}, {&(0x7f00000007c0)}, {0x0}], 0x4)

4m47.465833219s ago: executing program 4 (id=83):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e8629867d7bdaee, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0)

4m47.422455993s ago: executing program 3 (id=84):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.events\x00', 0x275a, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

4m46.138942215s ago: executing program 4 (id=87):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f0000000440)={{0x6, 0x500000}, 0x100, './file0\x00'})
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='hybla\x00', 0x6)
write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d)

4m45.050400473s ago: executing program 3 (id=90):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)

4m45.017069175s ago: executing program 4 (id=93):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000186000000800081e000000000000000095"], &(0x7f0000000680)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)}, 0x94)
recvmmsg(r2, &(0x7f00000005c0)=[{{&(0x7f00000004c0)=@alg, 0x80, &(0x7f0000000540)=[{0x0}], 0x1, &(0x7f0000000580)=""/40, 0x28}, 0x83}], 0x1, 0x10020, 0x0)
r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000003c0)={0x3, 0x6, 0x2, {0x1, @pix_mp={0x131c, 0x9, 0x20363159, 0x2, 0x0, [{0x2776463d, 0x7}, {0x0, 0x7f}, {0xffffffff, 0xffff}, {0x1, 0x42}, {0x7, 0x310cb2b8}, {0x7fffffff, 0x80}, {0x614, 0xfffffffc}, {0x81, 0x6}], 0xa0, 0x7f, 0x7, 0x1, 0x7}}, 0x4})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
read(0xffffffffffffffff, &(0x7f0000002500)=""/126, 0x7e)

4m28.278235215s ago: executing program 32 (id=86):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4m28.122364137s ago: executing program 33 (id=91):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000100))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$dsp(r0, &(0x7f00000011c0)=""/4117, 0x200021d5)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000000)={<r1=>0x0, 0x10, "4feb3298c01dc4db01d3e6d1fc154535"}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={r1, @in6={{0xa, 0x4e22, 0x8, @remote, 0x1}}, 0x9597, 0x5, 0x10000, 0xff, 0x40, 0xf, 0xf2}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000004300), 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_GET_STATS_FD_vm(r6, 0xaece)
read(r7, 0x0, 0x0)
fchmodat(r7, &(0x7f0000000280)='./file0\x00', 0x48)
openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0)

4m28.060228212s ago: executing program 34 (id=92):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000980)=ANY=[], 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x84, &(0x7f0000000640)={0x0, 0xe, 0x1, "06"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000940)=ANY=[@ANYRES8], 0x0, 0x0})

4m27.974364989s ago: executing program 35 (id=90):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000600)=""/203, 0xcb}], 0x1}, 0x0)
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})
syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)

4m27.874774067s ago: executing program 36 (id=93):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = socket$l2tp(0x2, 0x2, 0x73)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x5, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000000000000186000000800081e000000000000000095"], &(0x7f0000000680)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)}, 0x94)
recvmmsg(r2, &(0x7f00000005c0)=[{{&(0x7f00000004c0)=@alg, 0x80, &(0x7f0000000540)=[{0x0}], 0x1, &(0x7f0000000580)=""/40, 0x28}, 0x83}], 0x1, 0x10020, 0x0)
r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000003c0)={0x3, 0x6, 0x2, {0x1, @pix_mp={0x131c, 0x9, 0x20363159, 0x2, 0x0, [{0x2776463d, 0x7}, {0x0, 0x7f}, {0xffffffff, 0xffff}, {0x1, 0x42}, {0x7, 0x310cb2b8}, {0x7fffffff, 0x80}, {0x614, 0xfffffffc}, {0x81, 0x6}], 0xa0, 0x7f, 0x7, 0x1, 0x7}}, 0x4})
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
read(0xffffffffffffffff, &(0x7f0000002500)=""/126, 0x7e)

3m16.814435103s ago: executing program 5 (id=314):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e9b5b0007e03dd65193dfb6c575963f6558", 0x12}, {&(0x7f00000001c0)="d4523df4cecbddaa28d0306cd6ca", 0xe}], 0x2)

3m16.149678676s ago: executing program 5 (id=319):
socket$inet(0x2, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
open(0x0, 0x80ff, 0x88)
r3 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x4)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000000))
fcntl$setlease(r3, 0x400, 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)

3m14.563683582s ago: executing program 5 (id=320):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000540)={<r1=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={r1, 0x3, r0})

3m12.332437711s ago: executing program 5 (id=331):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a", 0x2, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

3m11.752540138s ago: executing program 5 (id=335):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x115)
setpgid(r0, 0x0)
setpgid(0x0, r0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)

3m11.405170205s ago: executing program 5 (id=336):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff000000000000000000048510000006", @ANYRES32], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2m56.160816745s ago: executing program 37 (id=336):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x11, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000d0ff000000000000000000048510000006", @ANYRES32], 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2m13.809742702s ago: executing program 9 (id=745):
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x3}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8}, 0x94)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504000000000000", @ANYBLOB="ebffffffffffffff28"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2m13.400161195s ago: executing program 9 (id=750):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
r0 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={0x0, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2m12.668782294s ago: executing program 9 (id=758):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2m12.360026508s ago: executing program 9 (id=760):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1500, &(0x7f0000001900)="$eJzs3Au0TlX3MPA511qb4+TyJLnvuebmSS6LJAklySVJkpA7CUmSJEnikFsSkpDrSXIPuaeTjvv9knvSyStJkpCQZH3jdPn8ey//3vf99//0vWf+xtjjrPnsPdee68zxnGfvPcZ5vuo2vHqjGlXqMzP8O/SvA/z5RxIAJADAIADIAQABAJTNWTZn+v4sGpP+rZOI/yUNZl7pCsSVJP3P2KT/GZv0P2OT/mds0v+MTfqfsUn/MzbpvxAZ2ux8V8uWcTd5/v//OfU/SZbP/wwB/9EO6f9/Gv0vHS39z9ik/xmb9D9jk/5nZMGVLkBcYfL+z9ik/0JkaH/4M+WN56/0M23Z/oVNCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYT4f+C8v8wAwK/jK12XEEIIIYQQQggh/jj+nStdgRBCCCGEEEIIIf73ISjQYCCATJAZEiALJMJVkBWyQXbIATG4GnLCNZALroXckAfyQj7IDwWgIIRAYIEhgkJQGOJwHRSB66EoFIPiUAIclIRScAOUhhuhDNwEZeFmKAe3QHmo8NM5090OleEOqAJ3QlWoBtWhBtwFNeFuqAX3QG24F+rAfVAX7od68ADUhwbQEB6ERtAYmkBTaAbNoQW0hFa/k5+c4+/lPwc94XnoBb0hCfpAX3gB+kF/GAADYRC8CIPhJRgCL8NQGAbD4RUYAa/CSHgNRsFoGAOvw1gYB+NhAkyESZAMb8BkeBOmwFuNs8E0mA4zYCbMgtnwNsyBuTAP3oH5sAAWQnKWxbAElsK7sAzegxR4H5bDB5AKK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A4fwg7YCbtgN+yBvbAPPoL98DEcgE8gDT/9F/PP/TYfuiMgoEKFBg1mwkyYgAmYiImYFbNidsyOMYxhTsyJuTAX5sbcmBfzYhLmx4JYEAkJGRkLYSGMYxyLYBEsikWxOBZHhw5LYSksjTdiGSyDZbEslsNyWB4rYAW8FW/FSlgJK2NlrIJVsCpWxepYHe/Cu/BurIW1sDbWxjpYB+tiXayH9bA+1seG2BAbYSNsgk2wGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHbAjdsRO2Ak7Y2fsgl2wK3bFbtgNu+Oz+Cw+h8/h8/g89saqqg/2xb7YD/vhAByIA/FFHIwv4Uv4Mg7FYTgcX8FX8FUciWdxFI7GMTgGK6lxOB4nIKtJmIzJmBkm4xScglNxGk7DGTgTZ+FsnI1zcC7OxXdwPi7ABbgIF+ESXIpLcRm+hymYgsvxHKbiClyJq3A1rsHVuA7X4zrciJtwI27BLbgNt+GH+CHuxJ24G3fjXtyLH+FH+DF+jEMxDdPwIB7EQ3gID+NhPIJH8CgexWN4DI/jcTyBJ/AknsLTeArP4Bk8i+fwPABcwAt4ES/iJbyU/uZX6YwyKpPKpBJUgkpUiSqryqqyq+wqpmIqp8qpcqlcKrfKrfKqvCq/yq8KqoKKFClWkSqkCqm4iqsiqogqqoqq4qq4csqpUqqUKq1KqzKqjCqrblbl1C2qvKqg2rpb1a2qkmrnKqs7VBVVRVVV1VR1VUPVUDVVTVVL1VK1VW1VR9VRddX9qp7qgwOwgUrvTCM1DJuo4dhMNVctVEv1Kj6kWquR2Ea1Ve3UI2o0jsIOqrXrqB5XndR47KyeVBPwKdVVTcJu6hnVXT2reqjnVE/VxvVSvdVU7KP6qhnYT/VXA9RANQerqfSOVVcvq+cyD1PD1StqCb6qRqrX1Cg1Wo1Rr6uxapwaryaoiWqSSlZvqMnqTTVFvaWmqmlqupqhZqpZarZ6W81Rc9U89Y6arxaohWqRWqyWqKXqXbVMvadS1PtqufpApaoVaqVapVarNWqtWqfWqw1qo9qkNqstaqvaprarD9UOtVPtUrvVHrVX7VMfqf3qY3VAfaLS1KfqoPqLOqQ+U4fV5+qI+kIdVV+qY+ordVx9rU6ob9RJdUqdVt+qM+o7dVadU+fV9+qC+kFdVD+qS8or0KiV1troQGfSmXWCzqIT9VU6q86ms+scOqav1jn1NTqXvlbn1nl0XpNP59cFdEEdatJWs450IV1Yx/V1uoi+XhfVxXRxXUI7XVKX0jfo0vpGXUbfpMvqm3U5fYsuryvoih70bbqSvl1X1nfoKvpOXVVX09V1DX2Xrqnv1rX0Pbq2vlfX0ffpuvp+XU8/oOvrBrqhflA30o11E91UN9PNdQvdUrfSD+nW+mHdRrfV7fQjur1+VHfQj+mO+nHdST+hO+sndRf9lO6qn9bd9DO6u35W99A/6kva6166t07SfXRf/YLup/vrAXqgHqRf1IP1S3qIflkP1cP0cP2KHqFf1SP1a3qUHq3H6Nf1WD1Oj9cT9EQ9SSfrN/Rk/aaeot/SU/U0PV3P0DP1LD3gl5nm/RP5b/6d/CE/nX2b3q4/1Dv0Tr1L79Z79F69T+/T+/V+fUAf0Gk6TR/UB/UhfUgf1of1EX1EH9VH9TF9TB/Xx/UJfUKf1Kf09/pbfUZ/p8/qc/qc/l5f0Bf0xV9+B2DQKKONMYHJZDKbBJPFJJqrTFaTzWQ3OUzMXG1ymmtMLnOtyW3ymLwmn8lvCpiCJjRkrGETmUKmsImb60wRc70paoqZ4qaEcaakKWVu+B/n/159rUwr09q0Nm1MG9POtDPtTXvTwXQwHU1H08l0Mp1NZ9PFdDFdTVfTzXQz3U1308P0MD1NT9PL9DJJJsn0NS+Yfqa/GWAGmkHmRTPYDDZDzBAz1Aw1w81wM8KMMCPNSDPKjDJjzBgz1ow14814M9FMNMk+h5lsJpspZoqZaqaa6YNymJlmppltZps5Zo6ZZ+aZ+Wa+WWgWmsVmsVlqlpplZplJMSlmuVluUs0Ks8KsMqvMGrPGrDPrzAazwWwym8wWs8Wkmu1mu9lhdphdZpfZY/aYfWaf2W/2mwPmgEkzaeagOWgOmUPmsDlsjpgj5qg5ao6ZY+a4OW5OmBPmpDlpTpvT5ow5Y86as+a8OW8umAvmorloLplL6Zd9gQpUYAITZAoyBQlBQpAYJAZZg6xB9iB7EAtiQc4gZ5AruDbIHeQJ8gb5gvxBgaBgEAYU2ICDKCgUFA7iwXVBkeD6oGhQLCgelAhcUDIoFdwQlA5uDMoENwVlg5uDcsEtQfmgQlAxuDW4LagU3B5UDu4IqgR3BlWDakH1oEZwV1AzuDuoFdwT1A7uDeoE9wV1g/uDesEDQf2gQdAweDBoFDQOmgRNg2ZB86BF0DJo9YfO7/3ZPA+7XmHvMCnsE/YNXwj7hf3DAeHAcFD4Yjg4fCkcEr4cDg2HhcPDV8IR4avhyPC1cFQ4OhwTvh6ODceF48MJ4cRwUpgcvhFODt8Mp4RvhVPDaeH0YEY4M5wVzg7fDueEc8N54Tvh/HBBuDBcFC4Ol4T48yUxpITvh8vDD8LUcEW4MlwVrg7XhGvDdeH6cEO4MdwUbg63lB3886HhjnBnuCvcHe4J94b7wo/C/eHH4YHwkzAt/DQ8GP4lPBR+Fh4OPw+PhF+ER8Mvw2PhV+Hx8OvwRPhNeDI8FZ4Ovw3PhN+FZ8Nz4fnw+/BC+EN4MfwxvBT69Iv79I93MmQoE2WiBEqgREqkrJSVslN2ilGMclJOykW5KDflpryUl/JTfipIBSkdE1MhKkRxilMRKkJFqSgVp+LkyFEpKkWlqTSVoTJUlspSOSpH5ak8VaSKdBvdRrfT7XQH3UF30p1UjapRDapBNakm1aJaVJtqUx2qQ3WpLtWjelSf6lNDakiNqBE1oSbUjJpRC2pBragVtabW1IbaUDtqR+2pPXWgDtSROlIn6kSdqTN1oS7UlbpSN+pG3ak79aAe1JN6Ui/qRUmURH2pL/WjfjSABtAgGkSDaTANoSE0lIbScBpOI2gEjaSRNIpG0xh6ncbSOBpPE2giTaJkSqbJNJmm0BSaSlNpOk2nmTSTZtNsmkNzaB7No/k0nxbSQlpMi2kpLaVltIxSKIWW03JKpVRaSStpNa2mtbSW1tN62kgbaTNtpq20lbbTdtpBO2gX7aI9tIf20T7aT/vpAB2gNEqjg3SQDtEhOkyH6QgdoaN0lI7RMTpOx+kEnaCTdJJO02k6Q2foLJ2l83SeLtAPdJF+pEvkKcFmsYn2KpvVZrPZbQ7713Fem8/mtwVsQRva3DbPb2Ky1ha1xWxxW8I6W9KWsjf8TVzeVrAV7a32NlvJ3m4r2/I2C/zXuKa929ay99ja9l5bw971m7iOvc/WtY1tPdvU1rfNbUPb0jayjW0T29Q2s81tC9vStreP2g72MdvRPm472Sf+Jl5m37Pr7Qa70W6y++3H9rz93h6zX9kL9gfby/a2g+yLdrB9yQ6xL9uhdthvYwA7xr5ux9pxdrydYCfaSX8TT7cz7Ew7y862b9s5du7fxEvtu3a+TbEL7SK72C75KU6vKcW+b5fbD2yqXWFX2lV2tV1j19p1/7fWVXaL3Wq32X32I7vD7rS77G67x+79KU5fxwH7iU2zn9qj9kt7yH5mD9vj9oj94qc4fX3H7df2hP3GnrSn7Gn7rT1jv7Nn7bmf1p++9m/tj/aS9RYYWbFmwwFn4sycwFk4ka/irJyNs3MOjvHVnJOv4Vx8LefmPJyX83F+LsAFOWRiy8wRF+LCHOfruAhfz0W5GBfnEuy4JJfiG7g038hl+CYuyzdzOb6Fy3MFrsi38m1ciW/nynwHV+E7uSpX4+pcg+/imnw31+J7uDbfy3X4Pq7L93M9foDrcwNuyA9yI27MTbgpN+Pm3IJbcit+iFvzw9yG23I7foTb86PcgR/jjvw4d+InuDM/yV34Ke7KT3M3foa787Pcg5/jnvw89+LenMR9uC+/wP24Pw/ggTyIX+TB/BIP4Zd5KA/j4fwKj+BXeSS/xqN4NI/h13ksj+PxPIEn8iRO5jd4Mr/JU/gtnsrTeDrP4Jk8i2fz2zyH5/I8fofn8wJeyIt4MS/hpfwuL+P3OIXf5+X8AafyCl7Jq3g1r+G1vI7X8wbeyJt4M2/hrbyNt/OHvIN38i7ezXt4L+/jj3g/f8wH+BNO40/5IP+FD/FnfJg/5yP8BR/lL/kYf8XH+Ws+wd/wST7Fp/lbPsPf8Vk+x+f5e77AP/BF/pEvsWeIMFKRjkwURJmizFFClCVKjK6KskbZouxRjigWXR3ljK6JckXXRrmjPFHeKF+UPyoQFYzCiCIbcRRFhaLCUTy6LioSXR8VjYpFxaMSkYtKRqWiG6LS0Y1RmeimqGx0c1QuuiUqH1WIKka3RrdFlaLbo8rRHVGV6M6oalQtqh7ViO6KakZ3R7Wie6La0b1Rmei+qG50f1QveiCqHzWIGkYPRo2ixlGTqGnULGoetYhaRq2ih6LW0cNRm6ht1C56JGofPRp1iB6LOkaPR52iJy7vLxb8/Gn6V/uToj6R/uUJ2T16cXxJfGn83fiy+Hvxxt1+fjU1viK+Mr4qvjq+Jr42vi6+Pr4hvjG+Kb45viW+Nb4t7n2NzOAw/UYYjAtcJpfZJbgsLtFd5bK6bC67y+Fi7mqX013jcrlrXW6Xx+V1+Vx+V8AVdKEjZx27yBVyhV3cXeeKuOtdUVfMFXclnHMlXSnX0rVyrVxr97Br49q6du4R94h71D3qHkv4pXDX2T3purinXFf3tHvaPeO6u2ddD/ec6+med71cb5fkklxf19f1c/3cADfADXKD3GA32A1xQ9xQN9QNd8PdCDfCjXQj3Sg3yo1xY9xYN9aNd+PdRDfRJbtkN9lNdlPcFDfVTXXT3XQ30810s91sN8fNcfPcPDffzXcL3UK32C12S91St8wtcykuxS13y12qS3Ur3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt8vtcnvcHrfP7XP73X53wB1waS7NHXQH3SF3yB12n7sj7gt31H3pjrmv3HH3tTvhvnEn3Sl32nl9xn3nzrpz7rz73l1wP7iL7kd3yXmXHHsjNjn2ZmxK7K3Y1Ni02PTYjNjM2KzY7NjbsTmxubF5sXdi82MLYgtji2KLY0tiS2PvxpbF3oulxN6PLY99EEuNrYitjK2KrY6tiXlfYEfkC/nCPu6v80X89b6oL+aL+xLe+ZK+lL/Bl/Y3+jL+Jl/W3+zL+Vt8eV/BV/RNfTPf3LfwLX0r/5Bv7R/2bXxb384/4tv7R30H/5jv6B/3nfwTvrN/0nfxT/mu/mnfzT+z4Jcu+57+ed/L9/ZJvo/v61/w/Xx/P8AP9IP8i36wf8kP8S/7oX6YH+5f8SP8q36kf82P8qP9GP+6H+vH+fF+gp/oJ/lk/4af7N/0U/xbfqqf5qf7GX6mn+Vn+7f9HD/Xz/Pv+Pl+gV/oF/nFfolf6t/1y/x7PsW/75f7D3yqX+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u//Q7/A7/S6/2+/xe/0+/5Hf7z/2B/wnPs1/6g/6v/hD/jN/2H/uj/gv/FH/pT/mv/LH/df+hP/Gn/Sn/Gn/rT/jv/Nn/Tl/3n/vL/gf/EX/o78k/7MmhBBCCPFP0b+zv8/feU39sqXrCwDZduY78tdzbs7987i/2t8pBgCP9+7W4NetQYOkpKRfjk3VEBReBACxy/k/ff/AL/EKaAePQkdoC6X/bn39VcWfrvv+u/njNwMkAmT5NSf99igR/nr+G//B/E3f5d+bfxFA0cKXc9JP9Gt8ef4y/2D+ve1/Z/4snyUDtPkvOVnhcnx5/lLwMDwBHX9zpBBCCCGEEEII8bP+6kL337u/Tb8/z28u52SGy/Hv3Z//jsp/xBqEEEIIIYQQQgjx33vq2R6PPdSxY9su/8mDzH+OMv4EAwSAP0EZMvjzD670XyYhhBBCCCHEH+3yRf+VrkQIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhMi4/v1vCFP/9MFXeo1CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHElfZ/AgAA///M7VMc")
prctl$PR_SET_SECUREBITS(0x1c, 0x1d)
setuid(0xee01)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000000)=@chain)
add_key(&(0x7f00000003c0)='encrypted\x00', &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, r4)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x7ff, 0x8bb, 0xb6, 0x8, 0x0, 0x8000000000000000, 0x500, 0x3b2, 0x3, 0x5, 0x7, 0x7, 0x7, 0x3, 0x7, 0x200], 0xf000, 0x66000})
r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, 0xf1, 0x8, 0x0, 0x0, 0x0, 0x1, 0x6, 0x6, 0x0, 0x80, '\x00', 0x0, 0xffffffff})

2m10.84045277s ago: executing program 9 (id=767):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000000c0)={0x1, 0x0, @pic={0xd8, 0xff, 0x4, 0x40, 0x7f, 0xff, 0x7, 0x7f, 0x2, 0x4, 0x4, 0x3, 0xf, 0x7f, 0x2, 0xe2}})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000340)={[0xa, 0x800000000000000, 0x10, 0x1, 0xf4, 0x1, 0x0, 0x3, 0x7f, 0x4000000000000004, 0x8000, 0x7ff, 0x8396, 0x200, 0x9, 0xf], 0x80a0000, 0xd7c6})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m10.127781137s ago: executing program 9 (id=776):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000440)="97"})

2m9.521599986s ago: executing program 38 (id=776):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x1000000, &(0x7f0000000440)="97"})

1m47.484890744s ago: executing program 7 (id=867):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002})
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r1 = dup3(r0, 0xffffffffffffffff, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1003}], 0x0, 0x0, 0x0})

1m46.732256155s ago: executing program 7 (id=872):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x4011, &(0x7f0000000040)={[{@journal_dev={'journal_dev', 0x3d, 0x5}}, {@dioread_lock}, {@journal_checksum}, {@noblock_validity}, {@bh}, {@dioread_nolock}]}, 0x0, 0x64a, &(0x7f0000002380)="$eJzs3c9vFG8ZAPBnZrfd/kC3EKPiQRqNgURpaQFDjAn04okQ/HHzVGkhyEIJrdEiiW2CFxPjxYOJJw/if6EkXj158+DFkyEhxnAQQ77sN7M7W7a73Xa77Xbp9vNJls7Muzvvs2SffWfefd+ZAE6s6eyfNOJsRDxOIspNZcXIC6frz3vz32d3skcS1er3/5PEs18kG837SvK/k/mLPynXt5wptNe7uv70wWKlsvwkX59de/h4dnX96cX7DxfvLd9bfjT/zflrV69cvTZ36UDvL4tgJF+++fzHPy3/6tYP//j7d8ncn/55K4kb8T6PLXtfra8tHajm7P9sOqp1b7cVpBHXDrjvj8X/yo3PSU0p+0AkxUFGxH6kEXE9z5EvRDkK8SFZy/HL7w40OKCvqknU2qjpKnDyJNGx6P5Y/iXRbqyvMQFHoXEc0Di33+k8uF3az0MS4Ii8Xqj31dVzfyQiGvlfrPcNxlitb2DiTdLcz1PrVztYz1xdVsff/nrrefaIDv1wQH9sbDZ6uVvb/6SWm1NRPweYeJNuy/+F/CggzX8n+F7rjrvsPJ9uWZf/cHQ2NiPii3n7Pxpd53+a524j/3/UY/095v+pHqsDAAAAAACAofZyISK+sdP4v3Rr/M9ooX38z2RE3DiE+vf+/S99lS8kh1Ad0OT1QsS3dxz/uzXGd6qQr32mNh5gJLl7v7J8KSI+GxEXYqSUrc+17Ld5hPDFX5/5Xaf6m8f/ZY+s/sZYwHxPr4otY4mWFtcWD/q+gYjXmxFfqo3/PZdv2T7+J2v/k63xvx+G3WT5/bjLOs587cXtTmV75z/QL9U/RJzfsf3/cLid7H59jtna8cBs46ig3Zd//ps/d6pf/sPgZO3/xO75X0qar9ezur/9j0bE5fVitVN5r8f/o8kPCo39Z362uLb2ZC5iNLnZvn1+fzHDsGrkQyNfsvy/8NXd+/+2jv+b8nA8Ija6rPPz7yf/1alM+w+Dk+X/0u7tf3l7+7//hfkXU3/pVP/trtr/K7U2/UK+Rf8fNGu/Hke3CTqQcAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgmEsj4lQk6czWcprOzERMRsTnYiKtrKyuff3uyk8eLUXt7t9TMZI27vRbrq8njfv/TzWtz7esX46I0xHx28J4bX3mzkpladBvHgAAAAAAAAAAAAAAAAAAAD4Sk7U5/9VS6/z/zL8Lg44O6Lti/le+w8lT7PmV1dKhBgIcud7zHzjONveV/yN9jQU4ep3z/+27ak3L5u98pe8xAUej6/b/7073Ydj0eP7v5wIYAvr/4KTqsk9vrN9xAIOg/QcAAAAAgKFy+tzLfyQRsfGt8dojM5qXjQ80MqDf0j3KfQfA8DKGF06u4sqgIwAGxYR+INla+n/rZP+azqP/k/4EBAAAAAAAAAAAAAC0OX+28/x/cwNguO06/3+viwMAx9ou8/93mtjjcgEwRDrf+sO8Phh2zvGBvVp78/8BAAAAAAAAAAAA4CMw9vTBYqWy/GR1/fgtXO/pVYWIGGDwG4sH20+1NKjgx6JT0fv+VDoSEYP+jB3aQpZslcpytRqx95Mbl+AYYMx7f3WU+vzVBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1H0aAAD///UvHMY=")
syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x2040400)
r2 = fsopen(&(0x7f0000000440)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r2, 0x4000000000000000, 0x3)
setitimer(0x1, 0x0, &(0x7f00000003c0))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240)={<r3=>0xffffffffffffffff})
fstat(r3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
setresuid(0x0, r4, 0x0)

1m42.80434573s ago: executing program 7 (id=875):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
setpgid(0x0, 0x0)
setpgid(0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom1\x00', 0x0, 0x0)

1m40.282082463s ago: executing program 7 (id=880):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
close(r0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f00000000c0)={0x0, 0x0, r2, <r3=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000600)={r3, 0x0, 0x0, 0x0, 0x3, [<r4=>0x0, 0x0, 0x0, <r5=>0x0], [0x800000], [0x6, 0x1001001], [0xfffffffffffffffe, 0x0, 0xe8a6]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r4, 0x0, 0x0, r5], [0x2b8]})
ioctl$DRM_IOCTL_MODE_RMFB(r1, 0xc00464af, 0x0)

1m38.552940481s ago: executing program 7 (id=883):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_create1(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
pselect6(0x0, 0x0, &(0x7f0000000240)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0xa)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x1a, 0x0, &(0x7f0000000000))

1m37.035914883s ago: executing program 7 (id=885):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x200000000008, 0x4, 0x0, 0x209}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r3 = socket$inet6(0xa, 0x3, 0x5)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2}, 0x38)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000180)=0xffffffc1, 0x4)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)

1m21.421206146s ago: executing program 39 (id=885):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x200000000008, 0x4, 0x0, 0x209}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r3 = socket$inet6(0xa, 0x3, 0x5)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2}, 0x38)
setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f0000000180)=0xffffffc1, 0x4)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)

12.704468411s ago: executing program 8 (id=1166):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, 0x0)

12.704109421s ago: executing program 2 (id=1167):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1003}], 0x0, 0x0, 0x0})

11.952907551s ago: executing program 8 (id=1170):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a0000080480020009", @ANYBLOB="f7"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close(0x3)
write$char_usb(r0, 0x0, 0x0)

9.818410142s ago: executing program 6 (id=1175):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_PROBE_CLIENT(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000740)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01ec4c62c200fddbdf25140000000800", @ANYRES32=r2, @ANYBLOB="0a0006"], 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)

9.782773395s ago: executing program 2 (id=1176):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f", 0x7, 0xfffffffffffffffe)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x10, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000000c0), 0x10}, 0x94)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

9.485343949s ago: executing program 6 (id=1177):
syz_mount_image$msdos(&(0x7f00000008c0), &(0x7f0000001200)='./file0\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="646973636172642c646f74732c646f74732c6e6f646f74732c636865636b3d7374726963742c646f74732c0080fcdc5c3dd34a5bee25f099008bade73ed878442a18112f260a6de8f9de23ca03128aff6e01"], 0x1, 0x11c1, &(0x7f0000001240)="$eJzs209LdFUcB/CfPtpj86TZP0s3HWpTm0u6aNVGQiEcKNQJNAiuONYw08wwdxYz0kJo16rXES3bBdEb8F20kyBq46qJHNMUIw30Bn0+m/nB95y5v8OFC+dyz8k7X33WPCiyg7wfkxMTMdWdjnSaIsVkPIqxo3jzi/Vfv9za2d1YrVbXNlNaX91efjulNPfq9x99/s1rP/SffPjt3HeP43j+45OfV348XjhePPlt+9NGkRpFanf6KU97nU4/32vV036jaGYpfdCq50U9NdpFvXclP2h1ut1hytv7s5Vur14UKW8PU7M+TP1O6veGKf8kb7RTlmVpthJcNxqNRrcdW/v69Gz0aDQdT53NfDoq8SSeidmYi2djPp6L5+OFeDFeioV4OV6JxTv9PwAAAAAAAAAAAAAAAAAAAHAbzv8DAAAAAAAAAAAAAAAAAABA+Zz/BwAAAAAAAAAAAAAAAAAAgPI5/w8AAAAAAAAAAAAAAAAAAADl29rZ3VitVtc2U5qJ+OloUBvUxr/jfP296tpb6cz85axfBoPao4t8eZynq/njqJznKzfmM/HG6+P8j+zd96vX8qXYv//lAwAAwP9Cli7cuL/Psr/Lx9Vf3g9c279PxdLUTVecua+l8C8Uw8Nm3mrVe8Vw+s/isLRi4ryrkttQKO6rmPxvtPHPRckPJh7E5U0vuxMAAAAAAAAAAADu4iE+Jyx7jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOztwLAAAAAAgzN86jY4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCqAAAA//9fwpXh")
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.net/syz0\x00', 0x200002, 0x0)

9.028388995s ago: executing program 8 (id=1179):
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

8.741878629s ago: executing program 6 (id=1180):
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000340)={0x0, 0x2e, 0x0, @thr={0x0, 0x0}}, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000240)=@filter={'filter\x00', 0x2, 0x4, 0x3f8, 0xffffffff, 0x0, 0x0, 0x1a0, 0xfeffffff, 0xffffffff, 0x328, 0x328, 0x328, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev, @mcast1, [], [], 'macsec0\x00', 'bond_slave_0\x00'}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@ipv6={@rand_addr=' \x01\x00', @empty, [], [], 'sit0\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@eui64={{0x28}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @local, @loopback, @remote}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458)
setitimer(0x1, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
fsopen(&(0x7f0000000180)='ext4\x00', 0x1)
syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000001540)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x5, 0xc8}}}, 0x6)

8.499600328s ago: executing program 2 (id=1182):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32], 0x4)

6.527593986s ago: executing program 6 (id=1184):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

6.172433265s ago: executing program 8 (id=1185):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_create1(0x0)
pselect6(0x0, 0x0, &(0x7f0000000240)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000100)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x82, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xc7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x45c)
ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0xa)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
getsockopt$sock_buf(r2, 0x1, 0x1a, 0x0, &(0x7f0000000000))

5.781743806s ago: executing program 2 (id=1186):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1003}], 0x0, 0x0, 0x0})

5.528295917s ago: executing program 0 (id=1188):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0, 0x0, 0x1f00c00e}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.48075643s ago: executing program 2 (id=1189):
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a0000080480020009", @ANYBLOB="f7"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close(0x3)
write$char_usb(r0, 0x0, 0x0)

5.278592037s ago: executing program 1 (id=1190):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

5.144376377s ago: executing program 0 (id=1191):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom1\x00', 0x0, 0x0)

3.86246737s ago: executing program 8 (id=1192):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600894f0000200002"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000)={'#! ', './file0', [{0x20, 'axA\x9b^\xfb^$\r\'uij\r\xd9\xef\xd2Et^Q\v\x9fOFL\x95`Z\xae\xc3a\xfe%\x94\x1a\xebt\xc6\x06\x8fD,\xf7\xae#\x80\x80\xdf\xa3\xcaO\xc6\x8a\x91\x90\xadR\aW\xe1\xf3n\xca\xa3\x8f\xd6F\x03\x0e\x9b\xe5yb\xfc\xa19wUs\x83\xf1{&\n\x1d\x8e\x82y\x1a.B\x0e\xea\x17\xc7\xe7H\xa9\xd4\x8e\xe7 gD\x89*\xb5c<d\x1f\\\x10$o\x93\x02\x9c@\x9ddt\x8c\x875\xf7@\x9aM\xa3j\xfa\x1f\xe5\x81\xc9u<\xf0?w8P>\xc5\x8a\xe6R\xe5YGq\xf5\xb6\x95\xbc\x112\x9bno\xc8\x06\xb6\b\xcc\x03{Sn\x94G\x01\xb4\xffJQ8t\x99vY\xaaf\xc7,\x9f\xbb\x15G\x1cr\x19\xef\xab\n\xa8\xbc\xbd\xa2E\x16\x1cm\xbd=\x98\x7fU\xcbg\x15%\x95\xb11\x017\x83*\x14\xcbt\xc2\xcb\x04\x1e~?\xb9j\x18\x96\x84EA\xeaB\a\x83\xba\xdco<\x00'/256}]}, 0x10c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
ioctl$sock_rose_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x6, @null, @bpq0, 0x0, [@bcast, @bcast, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
socket(0x2, 0x80805, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r3, &(0x7f0000000040)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1, @default}, 0x1c)
connect$rose(r3, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@null, @null, @null, @default, @bcast, @default]}, 0x40)

3.635848248s ago: executing program 1 (id=1193):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000001b40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f6fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe508185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c6be0ed9257851ed916219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c5b901dbd7387f49e0b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000053046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25132a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a068c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238e3fee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e89884cb73f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182060e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000008835196ed0c6a1c1d4c140e5ff0000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fcd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d372e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36d3cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f200d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c5100000000000000000000000000028bfaaf1dce7970ae04e33a3d130761c0c0a53997716ebfa0e03c0acdb52e4af877a339d154fea243453e69bc89bb18fc501cf3a623bb871047060234ebc21155d0dc6efa64749afb63a0f8a9c28f62861e826ddf243bd9dda895a9b24d38641856dc058040a418e15139c0b13d52258254eacf045386abe27e8756c29758330146da2e25822afd92467974f70fa71a971517be63845c1eeb1a7a39a8e01750a67925746ffbc35c0046a1d660ebe5967bbc0496d0c9ba9758f9fcf46ecbd2e07523af5e56ff1d8eee549ecc92b0d13ad2edb0149b25debe70d227afb1ad45991bfb63f7cf6a8b5bcabf504d7fe21df0a23e8615055df856d88b7379a4c4499d01221d10c286c10b12ff5c89903806eab61c18721be6edc3d0fdbe2448f130b87b375f0de009ac38fd159a9f54771388f54b50caf5caf896ceb214b298b524c6cfeca9e0343038c68de8856772de2c498e191b9da24cc2a4b722c88a0fd2cca32ea9445e06549d1b5e9c1c90f4de9ce818694c1ced8354729bbec6a828876dae455e24f0f40490aaf80825d0fcdd8620b43da6b7f94c82aac9b256a469312aff3411ac73a377f01f7329a8027d9b47212c2ae9f2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r1, 0x2004, 0x0)

3.531430816s ago: executing program 0 (id=1194):
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000340)={0x0, 0x2e, 0x0, @thr={0x0, 0x0}}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
setitimer(0x1, 0x0, 0x0)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000440), 0x10)
fsopen(&(0x7f0000000180)='ext4\x00', 0x1)
syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0)
pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000001540)=@HCI_EVENT_PKT={0x4, @hci_ev_auth_complete={{0x6, 0x3}, {0x5, 0xc8}}}, 0x6)

3.401259867s ago: executing program 1 (id=1195):
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, 0x0, 0x0, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.924194786s ago: executing program 6 (id=1196):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000080)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c, 0x0}}], 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYRES64, @ANYRES32=0x41424344], 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000500)={0x10, 0x34, 0x1}, 0x10}], 0x1}, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400000000000000", @ANYBLOB="ebffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.920255836s ago: executing program 0 (id=1197):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0))
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x40089}, 0x8004)
write$nci(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="414601", @ANYRES32], 0x4)

1.793405376s ago: executing program 1 (id=1198):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, 0x0, 0x0, 0x1f00c00e}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="817bb97cdac2f8f819447aa4a50c293af3", 0x11}], 0x1}, 0x24040050)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.576284594s ago: executing program 2 (id=1199):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x1c802, &(0x7f0000002740)=ANY=[@ANYRES8=0x0], 0x1, 0x5f55, &(0x7f000000efc0)="$eJzs3cuOHFcZB/CvL9NzCXGsCEXGYuE4EBJCfLch3OKwYAFIICGvsTWZRAYHkG0QiSw8kReIBZdHgE02LPIi4RUQD4AlD6tIEArVzDl2TU2Pexx7urrn/H7SuOrr0zV9yv+pqe6pywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIL733R+f7kXE5V+nBw5HfCYGEf2I5bo+FvXMxfz8YUQcic3meC4iBosR9fKb/zwTcS4iPjoUcW/j1mr98Jk99uP8qZvXP/n+d/7xuz/dOfLTN3/yQbv9R589++Hvb0cc/uFrH35y+8msOwAAAJSiqqqqlz7mH02f7/tddwoAmIq8/6+S/LharVarn2j9x/5s9UddaN1UjXe7WUTEenOZ+j2Dw/EAMGfW4+Ouu0CH5F+0YUQ81XUngJnW67oD7It7G7dWeynfXnN/cGyrPf+dclv+673713fsNp2kfY7JtH6+7sQgnt2lP8tT6sMsyfn32/lf3mofpeftd/7Tslv+o61Ln4qT8x+082/Zlv+fI2Ju8++Pzb9UOf/ho+S/Ppjj7V/+AAAAAAAcfPnv/4c7Pv67+PirsicPO/57bEp9AAAAAAAAAIAn7XHH/7vP+H8AAAAws+rP6rW/HHrw2G73Yqsfv9SLeLr1fKAw6WKZla77AQAAAAAAAAAAAAAlGW6dw3upF7EQEU+vrFRVVX81tetH9bjLz7vS1x9K1vUveQAA2PLRoda1/L2IpYi4lO71t7CyslJVS8sr1Uq1vJjfz44Wl6rlxufaPK0fWxzt4Q3xcFTV32ypsVzTpM/Lk9rb369+rVE12EPHpqPDwAEgIrb2RvfskQ6Yqnomun6Xw3yw/R88tn/2ouufUwAAAGD/VVVV9dLtvI+mY/79rjsFAEzDUt7/t48LqNVqtVqtPnh1UzXe7WYREevNZer3DIbjB4A5sx4fd90FOiT/og0j4kjXnQBmWq/rDrAv7m3cWu2lfHvN/UEa3z2fC7It//Xe5nJ5+XHTSdrnmEzr5+tODOLZXfrz3JT6MEty/v12/pe32kfpefud/7Tsln+9noc76E/Xcv6Ddv4tByf//tj8S5XzHz5S/gP5AwAAAADADMt//z9c/PFfdz0AAAAAAAAAYH7d27i1mq97zcf/Pz/meb3mnOs/D4ycf2/P+bv+9yDJ+ffb+bdOyBk05u++8SD/f2/cWv3g5r8+l6czn//CYFS/9kKvPxim05yqhbfialyLtTi14/nDbe2nd7QvbGs/M6H97I72Ud2+nNtPxGr8Iq7Fm/fbFyecGLU0ob2a0J7zH9j+i5TzHza+6vxXUnuvNa3dfb+/Y7tvTse9zsW//ffFnVvX9N2Jwf11a6rX73gH/dn8P3lqFL+6sXb9xG+u3Lx5/XSkybZHz0SaPGE5/4X0lfN/6YWt9vx7v7m93n1/9Mj5z4o7Mdw1/xca8/X6vjzlvnUh5z9KXzn/vAcav/3Pc/67b/+vdNAfAAAAAAAAAAAAAAAAeJiqqjYvEb0YERfS9T/uhA8ARfjDD9JMlYRarVar1eoDWzdV473eLGJp+zIXIuK3474ZADDL/hcR/+y6E3RG/gXL9/urp1/oujPAVN14972fXbl2be36ja57AgAAAAAAAAB8Wnn8z2ON8Z83zwNqjRu9bfzXN+LY3I7/2R8NNsc6Tyv0fDx8/O/j8fDxv4cTXm9hQvtoQvvihPalCe1jL/RoyPk/nzLO+R9NK1bS+K8vddCfruX8j6exnnP+X2o9r5l/9dd5zr+/Lf+TN9/55ckb77736tV3rry99vbaz0+funDu7PlzZ8+fP/nW1Wtrp7b+7bDH+yvnn8e+dh5oWXL+OXP5lyXn/8VUy78sOf8XUy3/suT88/s9+Zcl558/+8i/LDn/l1Mt/7Lk/L+cavmXJef/SqrlX5ac/1dSLf+y5PxfTbX8y5LzP5Fq+Zcl538y1fIvS84/H+GSf1ly/vnMBvmXJed/JtXyL0vO/2yq5V+WnP+5VMu/LDn/86mWf1ly/hdSLf+y5Py/mmr5lyXn/7VUy78sOf/XUi3/suT8v55q+Zcl5/+NVMu/LDn/b6Za/mXJ+X8r1fIvS87/26mWf1ly/q+nWv5leXD/fzNTnvnP3yNmoBtmzIyb6fo3EwAAAAAAAAAAAADQNo3TibteRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP7PDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1Eaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwd3cxcpX3GcDPftlrQ4IbCCHECWtjiAOLd9df4BCDSUJKSZtSEtKmJTWOvTZO/FXvOgGEylJoSxSkIrUX9KJpEqVRpLYCRZGaSjRCaqT2rlwl4iZqJS4sFSoHJZVSBbY6M+/77szs7Mz6Y+3z8fsh/PfOnJl558yZ2X3WemYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBWGz42/ecDWZbl/zf+WJdll+d/X5Ptyb+c23mpVwgAAACcr7caf/7DFemEPcu4UMs2//aB//j+/Pz8fPaFN0+//Zfz8+mMsSwbWp1ljfOif//lL+ZbtwmeykYHBlu+Huxz80N9zh/uc/5In/NX9Tl/dZ/zR/ucv2gHLLKm+fuYxpVtavx1XXOXZldlI43zNnW51FMDqwcH4+9yGgYal5kfOZgdzo5k09nkossMNP7Lspc25Ld1TxZva7DlttZnWXbmZ4/vj2sYCPt4U9Z2Yw2tj90bd2Vjb/7s8f3fmX39vd1m392waKVZtnljvs6ns2zh11XZQLY67ZO4zsGWda7vss6htnUONC6X/71znWeWuc54v0fDOl/psc714bRHrs+ybC5bcptOT2WD2dqOW037e7R5ROTXkT+U78qGz+o42bCM4yS/zGvXtx8nncdk3P8bwj4ZXmINrQ/HG0+uWrTfz/U4ye91EY7V/Lrvy290dLT1V6ttx2q+zeM3LH0MdH3suhwD6VhuOQY29jsGBlcNNY6BwYU1b2w7BqYWXWYwG2jc1ukbeh8DE7NHT0zMPPrYLYeP7js0fWj62NTkzu3bdmzftmPHxMHDR6Ynm3+e3S4tkbXZYDoGN4bXmngMfrBj29ZDcv6bF+55MFqQ50F+3z9zY76gywezJY7xfJunN5//8yB93295Hgy3PA+6vqZ2eR4ML+N5kG9zZvPyvmcOt/zfbQ0r9Vq4ruUYuJTfD/PbfPBDS78Wrg/reuams/1+OLToGIh3ayA89/JT0s97o7eF/bL4uLg2P+OyVdmpmemTWx7ZNzt7cioL46K4suWx6jxe1rbcp2zR8TJ41sfLnr//1Y3Xdjl9XdhXozf3fqzybbaP936sGq/u7ftzVdbcn22nbs3CuMAu9v7s9t0s358pS/TYn/k2T99y/j8LplzS8vo30u/1b2hkuPn6N5T2xkjb69/ih2aosbIsO3PL8l7/RsL/F/v176qCvP7l++rBLb2PgXybZybO9hgY7vn6d32YA2E9HwqJYbQl97/dOH+ueZi2PJZ9j5vh4ZFw3AzHW2w/brYtukx+bfltb548t+Nm8/Xtj1Xbzy0VPG7yffVXk72Pm3ybl6fO/7VjTfxry2vHqn7HwMjQqny9I+kgaL7eza+Jx8CWbH92PDuSHUiXyR/l/LbGty7vGFgV/r/Yrx3XFOQYyPfV81t7HwP5Nj/admF/dtocTknbtPzs1Pn7haUy/7XDC9fXudsudObP1/nxH38qndYtQ+TbvL79bHNG7/10czjlsi77qfP5s9QxfSC7OPvpmrDOIzt6/24q3+aqncs8nvZkWfbq1KuN33eF3+9+79SPv9/2e99uv1N+derVeyfu/8nZrB8AgHP3duPPuVXNnzVb/sV6Of/+DwAAAJRCzP2DYSbyPwAAAFRGzP1DYSbyPwAAAFRGzP3DYSY1yf8P37brhbeeyNK7Ac4H8fy4G+67o7ld7HjPha/H5hfkp3/02yMvfPWJ5d32YJZlv7r3fV23f/iOuK6mE3GdH24/fZFrrlvW7T/0wMJ2re+fcGZX8/rj/VnuYRC7yi9NbG1c79ijU4358r1ZY94/98xTzetvfh23P72tuf3fhDct2XNwoO3ym8N6NoU5Ft5T5r49C/shn/FyL6z/wL9e+dmF24uXG9j4zsbdfP6Pm9cb3yPquSub28f7vdT6/+Vr330h3/6RG7qv/4nB7us/Ha73tTB/ubu5fes+/2rL+v80rD/eXrzclm/9sOv6X3xPc/sXw3HxjTA713/XX7z/rW6PV7ydPbc3Lxdvf/J/tzcuF68vXn/n+kefmGrbH53X//KbzevZ/eWfD7VuH0+PtxM9dHv78T0QHt+2HnmWZd/9s6xtP2cfaV7unzvWH6/vxO3d139zxzpPDFzXuPzC/VnXdr++/ndbu97fuJ49/7iu7f48d3fYf29O/Ci/3tP3h+MxnP9/rzSvr/O9TF+8u/31Jm7/jXXN5228vomO9T/Xsf656/J913/997zZXP+Ld65uW/+eT4Tj6Z7m7Lf+Q397Rdvlv/md5uNx8ivjx47PnDp8oGWvtj6PV4+uWXvZ5e945xXhtbTz673HZx+ePjk2OTaZZWMlfMvAlV7/t8L8n+aYu/C30PSTnzePu2c/2fy+9cFfNL9+Lpz+UHg84/fHr//1SNvx2vm4z93ZnOe7/pvCOpbrPV/7r+uWteHpz7906p/+5PXOnwvi/Tnx7tHG/Xt+w9WN8wZebp7f+XrVz3++u/15/dPhycb8Qdiv8+GdmTde3by9zuuP703y7Kebz9/4k1y8fNbxfiLrhtrvx/mu/6fh55gfXtP++hePjx880fFuzuuygXwJc+H1IZtrnh+3ivv72TNXd729+D482dx7z2aZS5p5dGbiyOFjpx6ZmJ2emZ2YefSxvUePnzo2u7fx3qV7v9jv8gvP77WN5/eB6Z3bs8az/XhzrLBLvf4TD+w/cOvkjQemD+47dXD2gRPTJw/tn5nZP31g5sZ9Bw9Of6Xf5Q8f2D21dde2W7eOHzp8YPdtu3Zt2zV++NjxfBnNRfWxc/JL48dO7m1cZGb39l1TO3Zsnxw/evzA9O5bJyfHT/W7fON703h+6S+Pn5w+sm/28NHp8ZnDj03vntq1c+fWvu/+ePTEwZmxiZOnjk2cGp4+OdG8L2OzjZPz7339Lk89zBwPr3cdBsJP55+7eWd6f9zct59c8qqam7T/eJq9Ed4LKn5/6/d1zP0jYSY1yf8AAABQBzH3hzf+XzhD/gcAAIDKiLl/dZiJ/A8AAACVEXN/M/mPpo9/r0v+v1D9/yf1/xv0//X/M/3/RP9f/z/T/9f/70P/X/+/zOvX/0/9/xn9f5ZStP5/yP3Zmizz7/8AAABQUTH3rw0zkf8BAACgMmLuvyzMRP4HAACAyoi5//Iwk5rkf5//r/+v/9+r/x+31f/P9P+L0P/f9N/6/4vo/+v/Z/r/5+xS9+fLvv4C9v/X6P9TNEXr/8fc/44wk5rkfwAAAKiDmPvfGWYi/wMAAEBlxNx/RZiJ/A8AAACVEXP/ujCTmuR//X/9f/1/n/+v/1+a/r/P/+9C/1//P9P/P2eXuj9f9vUXsP/v8/8pnKL1/2Pu/7Uwk5rkfwAAAKiDmPvfFWYi/wMAAEBlxNx/ZZiJ/A8AAACVEXP/VWEmNcn/9ez/v5Zlmf5/pv+v/9+xTv1//f+VoP+v/9+L/r/+f5nXr/+v/09/Rev/x9z/7jCTmuR/AAAAqIOY+68OM5H/AQAAoDJi7n9PmIn8DwAAAJURc/81YSY1yf/17P/7/H/9/yb9//Z16v/r/68E/X/9/170/5fR/x9e+Kv+f7HWr/+v/09/Rev/x9z/3jCTmuR/AAAAqIOY+68NM5H/AQAAoDJi7n9fmIn8DwAAAJURc//6MJOa5H/9f/1//X/9f/1//f+VVK7+/+CS5+j/N+n/t7tw/f+5hQX4/P/SrF//X/+f/orW/4+5//1hJjXJ/wAAAFAHMfd/IMxE/gcAAIDKiLn/ujAT+R8AAAAqI+b+sTCTmuR//X/9f/1//X/9f/3/lVSu/v/S9P+b9P/bXZTP/2+h/1+s9ev/6//TX9H6/zH3bwgzqUn+BwAAgDqIuX9jmIn8DwAAAJURc//1YSbyPwAAAFRGzP2bwkxqkv/1//X/9f/1//X/9f9Xkv6//n8v+v/6/2Vev/6//j/9Fa3/H3P/DWEmNcn/AAAAUAcx998YZiL/AwAAQGXE3P/BMBP5HwAAACoj5v7NYSY1yf/6//r/+v8l7v8P6f9n+v+Fp/+v/9+L/r/+f5nXr/+v/09/Rev/x9z/oTCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7r85zET+BwAAgMqIuX88zKQm+V//X/9f/7/E/X+f/9+2fv3/YtL/1//vRf9f/7/M69f/1/+nv6L1/2PuvyXMpCb5HwAAAOog5v4tYSbyPwAAAFRGzP0TYSbyPwAAAFRGzP2TYSY1yf/6//r/+v/6//r/+v8rSf9f/78X/X/9/zKvX/9f/5/+itb/j7l/KsykJvkfAAAA6iDm/q1hJvI/AAAAVEbM/dvCTOR/AAAAqIyY+7eHmdQk/5ek/78lFaD0//X/9f/1//X/S0X/X/+/F/1//f8yr1//X/+fdoNdTita/z/m/h1hJjXJ/wAAAFAHMffvDDOR/wEAAKAyYu6/NcxE/gcAAIDKiLn/tjCTmuT/kvT/ff6//r/+fwv9f/3/MtH/1//vRf9f/7/M69f/1/+nv6L1/2Pu3xVmUpP8DwAAAHUQc/+Hw0zkfwAAAKiMmPtvDzOR/wEAAKBUun0OYRRz/0fCTGqS//X/q97/n1+t/6//r//fe/36/ytL/1//vxf9f/3/Mq9f/1//n/6K1v+PuX93mElN8j8AAADUQcz9d4SZyP8AAABQGTH33xlmIv8DAABAZcTcvyfMpCb5X/+/6v1/n/+v/6//32/9+v8rS/9f/78X/f9y9v/Djy36/wXq/+fHkP4/RVS0/n/M/XeFmdQk/wMAAEAdxNz/0TAT+R8AAAAqI+b+j4WZyP8AAABQGTH3fzzMpCb5X/9f/1//X/9f/1//fyXp/69Y/7/xUljk/v+aZdyM/n85+/+R/n9x+v8+/5+iKlr/P+b+u8NMapL/AQAAoA5i7v9EmIn8DwAAAJURc/+vh5nI/wAAAFAZMfffE2ZSk/yv/6//r/+v/6//r/+/kvT/ff5/L/r/+v9lXr/+v/4//RWt/x9z/2+EmdQk/wMAAEAdxNx/b5iJ/A8AAACVEXP/J8NM5H8AAAAomVVLnhNz/2+GmdQk/5ev/z9Wyv7/YLp+/X/9f/1//X/9/wtJ/1//P9P/P2eXuj9f9vXr/+v/01/R+v8x9/9WmElN8j8AAADUQcz9nwozkf8BAACgMmLu/+0wE/kfAAAAKiPm/vvCTGqS/y90/7/z8r34/H/9/0z/X/9f/1///zzp/+v/Z/r/5+xS9+fLvn79f/1/+ita/z/m/t8JM6lJ/gcAAIA6iLn//jAT+R8AAAAK6uGzvkTM/Z8OM5H/AQAAoDJi7v9MmElN8n/5Pv9f/1//X/9f/1//v0z0//X/e9H/1/8v8/r1//X/6a9o/f+Y+x8IM6lJ/gcAAIA6iLn/s2Em8j8AAABURsz9vxtmIv8DAABAZcTc/3thJj3y/9KVhPLR/9f/1//X/9f/1/9fSfr/i/v/+WuY/n+T/r/+f5nXr/+v/09/Rev/x9z/uTAT//4PAAAAlRFz/++Hmcj/AAAAUBkx9/9BmIn8DwAAAJURc/+DYSY1yf/6//r/+v/6//r/+v8rSf/f5//3ov+v/1/m9ev/6//TX9H6/zH3fz7MpCb5HwAAAOog5v4/DDOR/wEAAKAyYu7fG2Yi/wMAAEBlxNz/UJhJTfK//r/+v/6//r/+v/7/StL/1//vRf9f/7/M69f/1/+nv6L1/2Pu3xdmsqf9ZgAAAIDyirn/C2EmNfn3fwAAAKiDmPv3h5nI/wAAAFAZMfcfCDOpSf7X/9f/1//X/9f/1/9fSfr/+v+96P/r/5d5/fr/+v/0V7T+f8z902EmNcn/AAAAUAcx9x8MM5H/AQAAoDJi7j8UZiL/AwAAQGXE3P9wmElN8r/+v/6//n9t+/+vfK9jnfr/+v8rQf9f/78X/X/9/zKvX/9f/5/+itb/j7n/cJhJTfI/AAAA1EHM/V8MM5H/AQAAoDJi7v9SmIn8DwAAAJURc/+RMJOa5H/9f/1//f/a9v+X9/n/axZuV/9f//9c6P/r//ei/6//X+b16//r/9Nf0fr/MfcfDTOpSf4HAACAOoi5/1iYifwPAAAAlRFz//EwE/kfAAAAKiPm/hNhJjXJ//r/Z9X/XzWwRDdQ/7/7+vX/K9D/b6H/r/9/LvT/9f970f/X/y/z+vX/9f/pr2j9/5j7/yjMpCb5HwAAAOog5v6TYSbyPwAAAFRGzP0zYSbyPwAAAFRGzP2zYSY1yf/6/z7/X/9f/1//X/9/Jen/6//3ov+v/1/m9ev/6//TX9H6/zH3nwozqUn+B4D/Z+8+c/U6qz4OP6/zOiRCwBTCEGACDIExIDEGeknooUPovYXeQofQe++99x4IvUpB8VlrhWPsvW2f8/jc+17X9SELTpB8RzEf/kp+2gAAHeTuv1/cYv8DAADANHL33z9usf8BAABgGrn7HxC3NNn/+n/9v/5f/6//1//vk/5f/79E/6//3/L79f/6f9aN1v/n7n9g3NJk/wMAAEAHufsfFLfY/wAAADCN3P0PjlvsfwAAAJhG7v6HxC1N9r/+X/+v/9f/6//1//uk/9f/L9H/6/+3/H79v/6fdaP1/7n7Hxq3NNn/AAAA0EHu/ofFLfY/AAAATCN3/8PjFvsfAAAAppG7/9q4pcn+1//r//X/G+z//1//r//fDv2//n+J/l//v+X36//1/6wbrf/P3X9d3NJk/wMAAEAHufsfEbfY/wAAADCN3P2PjFvsfwAAAJhG7v5HxS1N9r/+X/+v/99g/+/7//r/DdH/6/+X6P/1/1t+v/5f/8+60fr/3P2Pjlua7H8AAADoIHf/Y+IW+x8AAACmkbv/sXGL/Q8AAADTyN3/uLilyf7X/+v/9f/6f/2//n+f9P/6/yX6f/3/lt+v/9f/s27v/f+9rz9zL7T/z91/fdzSZP8DAABAB7n7Hx+32P8AAAAwjdz9T4hb7H8AAACYRu7+J8YtTfa//l//f0f/f9v/6f/1//r/O36u/z8e+n/9/xL9v/5/y+/X/+v/Wbf3/n+l9z/7v+fuf1Lc0mT/AwAAQAe5+58ct9j/AAAAMI3c/U+JW+x/AAAAmEbu/qfGLU32v/5f/+/7//p//b/+f5/0/8P2/2f/X+8w/f8F0f/r/8/X/9/rAt6v/6eD0fr/3P1Pi1ua7H8AAADoIHf/0+MW+x8AAACmkbv/hrjF/gcAAIBp5O5/RtzSZP/r//X/+n/9/+H+/1TL/v/2n+n/90P/P2z/v0z/f0H0//p/3//X/7NstP4/d/8z45Ym+x8AAAA6yN3/rLjF/gcAAIBp5O5/dtxi/wMAAMA0cvc/J25psv/1//p//b/+/0jf/79ijv7f9//3R/+v/1+i/9f/b/n9+n/9P+tG6/9z9z83bmmy/wEAAGB6p3a1+58Xt9j/AAAAMI3c/c+PW+x/AAAAmEbu/hfELU32v/5f/6//1/8fqf+f5Pv/+v/90f/r/5dcaP+/0//XX4v+f5z36//1/6wbrf/P3f/CuKXJ/gcAAIAOcve/KG6x/wEAAGAauftfHLfY/wAAADCN3P0viVua7H/9v/5f/6//1//r//dJ/6//X+L7//r/Lb9f/6//Z91o/X/u/pfGLU32PwAAAHSQu/9lcYv9DwAAANPI3f/yuMX+BwAAgGnk7n9F3HL2/j91OV91+ej/9f/6f/2//l//v0/6f/3/Ev3/ufv/q87z6+n/x3q//l//z7rR+v/c/TfGLf75PwAAAEwjd/8r4xb7HwAAAKaRu/9VcYv9DwAAANPI3f/quKXJ/j9f/3/rnQ/+vP7/wuj/z/1+/b/+X/+v/9f/6/+X6P99/3/L79f/6/9ZN1r/n7v/NXFLk/0PAAAAHeTuf23cYv8DAADANHL3vy5usf8BAABgGrn7Xx+3NNn/x//9/2v0//p//X9c/b/+X/+v/9f/L9P/6/+3/H79v/6fdaP1/7n73xC3NNn/AAAA0EHu/jfGLfY/AAAATCN3/5viFvsfAAAAppG7/81xS5P9f/z9v+//6/8vsv8/pf9P+v/4+6r/1/9fBP2//n+n/79kJ93Pb/39+n/9P+tG6/9z9990Zur12/8AAADQwU1n/njV7i1xi/0PAAAA08jd/9a4xf4HAACAaeTuf1vc0mT/6//1/yfe//v+f9H/x99X/b/+/yLo//X/O/3/JTvpfn7r79f/6/9ZN1r/n7v/7XFLk/0PAAAAHeTuf0fcYv8DAADANGL3H/zL7/Y/AAAATOmdZ/541e5dcUuT/d+4/7/mqP3/1f/1n/X/536//v9Y+v+bzv69p//X/2+J/l//v0T/r//f8vvH6f/jB9fq/xnPaP1/7v53xy1N9j8AAAB0kLv/PXGL/Q8AAADTyN1/c9xi/wMAAMA0cve/N25psv8b9/+TfP//PrfEC/T/8/b/vv8fV/+v/z8X/b/+f6f/v2Qn3c9v/f3j9P++/8+4Ruv/c/e/L25psv8BAACgg9z9749b7H8AAACYRu7+D8Qt9j8AAABMI3f/B+OWJvtf/7/1/t/3//X/+n/9/9j0//r/Jfp//f+W36//1/+zbrT+P3f/h+KWJvsfAAAAOsjd/+G4xf4HAACAaeTu/0jcYv8DAADANHL3fzRuabL/9f/6/331/7f/Ivr/Jv3/dfr/nf7/vPT/+v8l+n/9/5bfr//X/7NutP4/d//H4pYm+x8AAAA6yN3/8bjF/gcAAIBp5O7/RNxi/wMAAMA0cvd/Mm64x11O7knH6/R5fh69uf5f/+/7//p/3//X/++T/l//v0T/r//f8vv1//p/1o3W/+fu/1Tc4p//AwAAwDRy9386brH/AQAAYBq5+z8Tt9j/AAAAMI3c/Z+NW5rsf/2//l//v9n+/2r9/+H36//HpP/X/y/R/+v/t/x+/b/+n3Wj9f+5+z8XtzTZ/wAAANBB7v7Pxy32PwAAAEwjd/8X4hb7HwAAAKaRu/+LcUuT/a//1//r/zfb//v+/1nv1/+PSf+v/1+i/9f/b/n9+n/9P+tG6/9z938pbmmy/wEAAKCD3P1fjlvsfwAAAJhG7v6vxC32PwAAAEwjd/9X45Ym+1//r//X/+v/9f/6/33S/+v/l+j/9f9bfr/+X//PutH6/9z9X4tbmux/AAAA6CB3/9fjFvsfAAAAppG7/xtxi/0PAAAA08jd/824pcn+n7n/X/qf6f8P6P/1/zv9v/5/z/T/+v8l+n/9/5bfr//X/7NutP4/d/+34pYm+x8AAAA6yN3/7bjF/gcAAIBp5O7/Ttxi/wMAAMA0cvd/N25psv9n7v+X6P8P6P/1/zv9v/5/z/T/+v8l+n/9/5bfr//X/7PuhPr/07vz9P+5+78XtzTZ/wAAANBB7v7vxy32PwAAAEwjd/8P4hb7HwAAAKaRu/+Hccs8+/++Ny/8Sf3/sff/Z34T6f/1/7sh+//Th96p/z+g/98v/b/+f4n+X/+/5ffr//X/rBvt+/+5+38Ut8yz/wEAAKC93P0/jlvsfwAAAJhG7v6fxC32PwAAAEwjd/9P45Ym+1//7/v/+v9O/f89r9j5/r/+/zLT/+v/l+j/9f9bfr/+X//PutH6/9z9P4tbmux/AAAA6CB3/8/jFvsfAAAAppG7/xdxi/0PAAAA08jd/8u4pcn+1//r//X/rfr/Q+/X/x/Q/++X/l//v0T/r//f8vuz/8/fd/p//T//a7T+P3f/r+KWJvsfAAAAOsjd/+u4xf4HAACAaeTu/03cYv8DAADANHL3/zZuabL/9f/6f/1/m/7/trvtdvp//f9lN1D/f+VRfh39/wH9/2H6f/2/7//r/1k2Wv+fu/+WuKXJ/gcAAIAOcvf/Lm6x/wEAAGAauft/H7fY/wAAADCN3P23xi1N9r/+X/8/Zf9/J/2/7//r/0cxUP9/JPr/A/r/w/T/+n/9v/6fZaP1/7n7/xC3NNn/AAAA0EHu/j/GLfY/AAAATCN3/5/iFvsfAAAAppG7/89xS5P9r//X/198/3+6/rqH7f99/1//r/8fxrz9/5X6f/3/kfv/G248+LH+f5vv1//r/1k3Wv+fu/8vcUuT/Q8AAAAd5O7/a9xi/wMAAMA0cvf/LW6x/wEAAGAaufv/Hrc02f/T9P93v+vB1f/7/r/+X/8fP9f/j2He/t/3//X/vv+v/9f/6/9ZM1r/n7v/H3FLk/0PAAAAHeTu/2fcYv8DAADANHL3/ytusf8BAABgGrn7/x23NNn/0/T/Sf+v/9f/6//j5/r/Mej/9f9L9P/6/y2/X/+v/2fdaP1/7v7/BAAA//9RaTCH")
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x20000, 0x0, 0x0, 0x0, &(0x7f0000000100))
mount(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x2012024, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)

1.49664981s ago: executing program 0 (id=1200):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100a, 0x8000800000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340), 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1003}], 0x0, 0x0, 0x0})

1.275836288s ago: executing program 1 (id=1201):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0, 0x0, 0x1f00c00e}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f478e"])
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0xb0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

489.958801ms ago: executing program 0 (id=1202):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
unshare(0x6a040000)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x84, @multicast2, 0x4e20, 0x3, 'none\x00', 0x30, 0x4, 0x68}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @broadcast, 0x4e21, 0x3, 'fo\x00', 0x11, 0x3240, 0x3a}, {@loopback, 0x4e23, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @pix={0x434c, 0x8, 0x584e4f53, 0x4, 0x2, 0x7, 0x0, 0x3, 0x1, 0x4, 0x2, 0x7}})
unshare(0x10000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}}, 0x20050800)
socket$qrtr(0x2a, 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x40f9, 0x217, 0xa5, 0x0, 0x0)

102.513002ms ago: executing program 8 (id=1203):
syz_usb_connect$cdc_ncm(0x4, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000002505a1a440000102030109025c0002010000000904000001a3f45747d649f9a30105240000000d240f81000000"], 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r0, 0xffffffffffffffff, 0x0)

52.057696ms ago: executing program 6 (id=1204):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
open_tree(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x89901)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/custom1\x00', 0x0, 0x0)

0s ago: executing program 1 (id=1205):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000001b40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f6fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe508185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c6be0ed9257851ed916219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c5b901dbd7387f49e0b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000053046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25132a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a068c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238e3fee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e89884cb73f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182060e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000008835196ed0c6a1c1d4c140e5ff0000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fcd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d372e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36d3cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f200d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c5100000000000000000000000000028bfaaf1dce7970ae04e33a3d130761c0c0a53997716ebfa0e03c0acdb52e4af877a339d154fea243453e69bc89bb18fc501cf3a623bb871047060234ebc21155d0dc6efa64749afb63a0f8a9c28f62861e826ddf243bd9dda895a9b24d38641856dc058040a418e15139c0b13d52258254eacf045386abe27e8756c29758330146da2e25822afd92467974f70fa71a971517be63845c1eeb1a7a39a8e01750a67925746ffbc35c0046a1d660ebe5967bbc0496d0c9ba9758f9fcf46ecbd2e07523af5e56ff1d8eee549ecc92b0d13ad2edb0149b25debe70d227afb1ad45991bfb63f7cf6a8b5bcabf504d7fe21df0a23e8615055df856d88b7379a4c4499d01221d10c286c10b12ff5c89903806eab61c18721be6edc3d0fdbe2448f130b87b375f0de009ac38fd159a9f54771388f54b50caf5caf896ceb214b298b524c6cfeca9e0343038c68de8856772de2c498e191b9da24cc2a4b722c88a0fd2cca32ea9445e06549d1b5e9c1c90f4de9ce818694c1ced8354729bbec6a828876dae455e24f0f40490aaf80825d0fcdd8620b43da6b7f94c82aac9b256a469312aff3411ac73a377f01f7329a8027d9b47212c2ae9f2038152d0e99b4622a6eb35ba206e43cfbb50ef80b84a1854208c8414b309eb8a3408"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r1, 0x2004, 0x0)

kernel console output (not intermixed with test programs):

 usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  187.532852][ T4319] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.571190][ T4319] usb 6-1: config 0 descriptor??
[  188.009831][ T4319] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  188.033235][ T4319] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  188.051860][ T5387] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  188.119794][   T27] audit: type=1326 audit(1754386558.011:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5381 comm="syz.8.193" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a78eb69 code=0x0
[  188.610499][ T5397] kvm: pic: single mode not supported
[  188.611545][ T5397] kvm: pic: single mode not supported
[  188.913048][ T4947] usb 6-1: USB disconnect, device number 6
[  189.573305][ T5421] Falling back ldisc for ttyS3.
[  190.282154][   T27] audit: type=1326 audit(1754386560.171:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5444 comm="syz.8.209" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a78eb69 code=0x0
[  190.503776][ T5453] kvm: pic: non byte write
[  190.538828][ T5457] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  190.572951][ T5453] kvm: pic: non byte write
[  190.621353][ T5452] kvm [5451]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  190.669957][ T5452] kvm [5451]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  191.562163][ T4336] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  191.808724][ T4336] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.820866][ T4336] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  191.833012][ T4336] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  191.849403][ T4336] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  191.858929][ T4336] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.896956][ T4336] usb 8-1: config 0 descriptor??
[  192.339892][ T4336] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  192.348231][ T5512] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  192.396494][ T4336] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  192.451005][   T27] audit: type=1326 audit(1754386562.341:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5516 comm="syz.8.228" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a78eb69 code=0x0
[  193.828505][ T4319] usb 8-1: reset high-speed USB device number 2 using dummy_hcd
[  195.127804][ T4369] usb 8-1: USB disconnect, device number 2
[  196.437792][ T5573] kvm: pic: non byte write
[  196.467749][ T5573] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  196.484734][ T4336] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  196.494803][ T5573] kvm: pic: non byte write
[  196.662136][ T4319] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  196.680511][ T4336] usb 7-1: Using ep0 maxpacket: 8
[  196.688581][ T4336] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  196.716339][ T4336] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  196.737227][ T4336] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  196.756584][ T4336] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  196.767276][ T4336] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  196.791061][ T5582] binder: 5581:5582 ioctl c0306201 0 returned -14
[  196.798845][ T4336] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  196.815036][ T4336] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.866691][ T4319] usb 8-1: Using ep0 maxpacket: 8
[  196.894472][ T4319] usb 8-1: config index 0 descriptor too short (expected 28277, got 36)
[  196.922367][ T4319] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  196.953379][ T4319] usb 8-1: config 0 has no interfaces?
[  196.960051][ T4319] usb 8-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  196.969393][ T4319] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.987838][ T4319] usb 8-1: config 0 descriptor??
[  197.168615][ T4336] usb 7-1: GET_CAPABILITIES returned 0
[  197.176529][ T4336] usbtmc 7-1:16.0: can't read capabilities
[  197.420108][ T4319] usb 7-1: USB disconnect, device number 5
[  199.050387][ T5615] kvm: pic: non byte write
[  199.194611][ T4946] usb 8-1: USB disconnect, device number 3
[  199.720521][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  199.727354][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  200.064413][ T5629] kvm [5628]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000
[  200.084107][ T5629] kvm [5628]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x187 data 0x4000
[  200.536519][   T27] audit: type=1326 audit(1754386570.431:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5639 comm="syz.8.270" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a78eb69 code=0x0
[  201.962406][   T14] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  202.153377][   T14] usb 7-1: Using ep0 maxpacket: 8
[  202.165474][   T14] usb 7-1: config index 0 descriptor too short (expected 28277, got 36)
[  202.194619][   T14] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  202.229808][   T14] usb 7-1: config 0 has no interfaces?
[  202.256801][   T14] usb 7-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  202.270536][ T5683] netlink: 'syz.8.281': attribute type 10 has an invalid length.
[  202.312217][   T14] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.333757][   T14] usb 7-1: config 0 descriptor??
[  202.400547][ T5683] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  202.857631][ T5702] netlink: 4 bytes leftover after parsing attributes in process `syz.5.288'.
[  202.885441][ T5702] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.915200][ T5702] batman_adv: batadv0: Removing interface: batadv_slave_0
[  202.945470][ T5702] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  202.968619][ T5702] batman_adv: batadv0: Removing interface: batadv_slave_1
[  202.976511][   T27] audit: type=1326 audit(1754386572.871:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5697 comm="syz.8.287" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a78eb69 code=0x0
[  204.217637][ T4369] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  204.404900][ T4369] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  204.418371][ T4271] usb 7-1: USB disconnect, device number 6
[  204.450726][ T4369] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  204.486192][ T4369] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  204.532240][ T4369] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  204.573292][ T4369] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.628203][ T4369] usb 9-1: config 0 descriptor??
[  205.086688][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.119009][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.146169][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.182138][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.206328][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.245085][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.269881][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.292069][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.317712][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.346398][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.366538][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.386495][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.412820][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.430614][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.455420][ T4369] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  205.482829][ T4369] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  205.504022][ T4369] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  205.551383][ T4369] usb 9-1: USB disconnect, device number 4
[  205.936094][ T5758] fido_id[5758]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  206.710622][ T5788] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  206.855284][ T5788] kvm: pic: non byte write
[  206.947382][ T5790] netlink: 'syz.5.308': attribute type 10 has an invalid length.
[  207.170636][ T5790] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  208.003587][ T5804] orangefs_mount: mount request failed with -4
[  209.512165][ T5807] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  209.542117][ T4749] Bluetooth: hci2: command 0x0c1a tx timeout
[  209.548966][ T5807] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  209.596343][ T5807] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  209.644670][ T5807] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  209.682290][ T5807] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  209.694345][ T5807] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  209.725312][ T5807] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  209.747800][ T5807] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  209.762163][ T5807] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  209.789989][ T5807] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[  209.800741][ T5807] Bluetooth: hci6: Opcode 0x0406 failed: -4
[  209.810822][ T5807] Bluetooth: hci6: Suspend notifier action (1) failed: -4
[  209.841674][ T5807] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  209.861583][ T5807] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  209.879327][ T5807] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  210.185224][ T5845] fuse: Bad value for 'fd'
[  210.462067][ T4319] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  210.655059][ T4319] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  210.695339][ T4319] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  210.713220][ T4319] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  210.809118][ T4319] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  210.846098][ T4319] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.863059][ T4319] usb 7-1: Product: syz
[  210.869580][ T4319] usb 7-1: Manufacturer: syz
[  210.887707][ T4319] usb 7-1: SerialNumber: syz
[  210.935666][ T4319] hub 7-1:1.0: bad descriptor, ignoring hub
[  210.960438][ T4319] hub: probe of 7-1:1.0 failed with error -5
[  211.134686][ T4319] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  211.622717][ T4749] Bluetooth: hci2: command 0x0406 tx timeout
[  211.702130][ T4749] Bluetooth: hci3: command 0x0c1a tx timeout
[  211.782200][ T4749] Bluetooth: hci5: command 0x0c1a tx timeout
[  211.865677][ T4749] Bluetooth: hci1: command 0x0c1a tx timeout
[  211.872377][ T4284] Bluetooth: hci6: command 0x0c1a tx timeout
[  212.308738][   T14] usb 7-1: USB disconnect, device number 7
[  212.332925][   T14] usblp0: removed
[  212.483894][ T5901] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  212.549837][ T5890] kvm: pic: non byte write
[  212.662232][ T4947] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  212.870647][ T4947] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  212.879838][ T4369] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  212.900142][ T4947] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  212.931194][ T4947] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  212.971896][ T4947] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  213.006997][ T4947] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  213.033153][   T27] audit: type=1326 audit(1754386582.931:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5909 comm="syz.8.338" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f4a78eb69 code=0x0
[  213.040011][ T4947] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  213.092130][ T4369] usb 10-1: Using ep0 maxpacket: 8
[  213.099417][ T4369] usb 10-1: config index 0 descriptor too short (expected 28277, got 36)
[  213.118454][ T4947] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  213.127201][ T4369] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  213.152038][ T4947] usb 8-1: Product: syz
[  213.161842][ T4947] usb 8-1: Manufacturer: syz
[  213.173615][ T4369] usb 10-1: config 0 has no interfaces?
[  213.190676][ T4947] cdc_wdm 8-1:1.0: skipping garbage
[  213.198689][ T4369] usb 10-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00
[  213.213348][ T4947] cdc_wdm 8-1:1.0: skipping garbage
[  213.228923][ T4369] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.238038][ T4947] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[  213.251573][ T4947] cdc_wdm 8-1:1.0: Unknown control protocol
[  213.266451][ T4369] usb 10-1: config 0 descriptor??
[  213.434999][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  213.441701][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  213.452649][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  213.459334][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  213.472324][    C1] cdc_wdm 8-1:1.0: nonzero urb status received: -71
[  213.479003][    C1] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes
[  213.485394][ T4369] usb 8-1: USB disconnect, device number 4
[  213.514403][ T5892] cdc_wdm 8-1:1.0: Tx URB error: -19
[  213.787301][ T4284] Bluetooth: hci3: command 0x0406 tx timeout
[  213.862197][ T4284] Bluetooth: hci5: command 0x0406 tx timeout
[  213.946970][ T4749] Bluetooth: hci6: command 0x0406 tx timeout
[  213.946986][ T4284] Bluetooth: hci1: command 0x0406 tx timeout
[  214.340726][ T5938] fuse: Bad value for 'fd'
[  215.279377][ T5956] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  215.388494][ T4946] usb 10-1: USB disconnect, device number 6
[  218.162996][ T5997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  218.186019][ T5997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  218.204630][ T5997] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  218.346199][ T6001] fuse: Bad value for 'fd'
[  218.716016][ T6010] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  219.162087][ T4947] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  219.296316][ T4468] Bluetooth: hci0: Frame reassembly failed (-84)
[  219.384622][ T4947] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.402059][ T4947] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.427385][ T4947] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  219.451807][ T4947] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  219.466187][ T4947] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.478737][ T4947] usb 10-1: config 0 descriptor??
[  219.582234][ T4890] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  219.773711][ T4890] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  219.792688][ T4890] usb 9-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  219.832104][ T4890] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  219.841345][ T4890] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  219.860663][ T4890] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  219.898050][ T4890] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  219.918126][ T4890] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  219.920194][ T4947] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  219.935598][ T4890] usb 9-1: Product: syz
[  219.949288][ T4890] usb 9-1: Manufacturer: syz
[  219.976049][ T4947] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.9-1/input0
[  219.977148][ T4890] cdc_wdm 9-1:1.0: skipping garbage
[  220.060364][ T4890] cdc_wdm 9-1:1.0: skipping garbage
[  220.077882][ T4890] cdc_wdm 9-1:1.0: cdc-wdm1: USB WDM device
[  220.084179][ T4890] cdc_wdm 9-1:1.0: Unknown control protocol
[  220.210307][ T4271] usb 9-1: USB disconnect, device number 5
[  221.019968][ T6083] overlayfs: failed to get inode (-116)
[  221.026954][ T6083] overlayfs: failed to get inode (-116)
[  221.302193][ T4749] Bluetooth: hci0: Entering manufacturer mode failed (-110)
[  221.302461][ T4279] Bluetooth: hci0: command 0xfc11 tx timeout
[  221.412208][ T4947] usb 10-1: reset high-speed USB device number 7 using dummy_hcd
[  221.606566][ T4947] usb 10-1: device descriptor read/64, error -32
[  221.892081][ T4947] usb 10-1: reset high-speed USB device number 7 using dummy_hcd
[  221.908461][   T27] audit: type=1326 audit(1754386591.801:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6110 comm="syz.7.381" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8809d8eb69 code=0x0
[  222.672254][ T4319] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  222.893823][ T4319] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  222.914539][ T4319] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  222.932056][ T4319] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  222.938353][ T6141] overlayfs: failed to get inode (-116)
[  222.952139][ T4319] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  222.977108][ T6141] overlayfs: failed to get inode (-116)
[  222.980355][ T4319] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  222.996405][ T4319] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  223.052099][ T4319] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  223.060193][ T4319] usb 7-1: Product: syz
[  223.076776][ T4319] usb 7-1: Manufacturer: syz
[  223.118727][ T4319] cdc_wdm 7-1:1.0: skipping garbage
[  223.132699][ T4319] cdc_wdm 7-1:1.0: skipping garbage
[  223.164952][ T4319] cdc_wdm 7-1:1.0: cdc-wdm1: USB WDM device
[  223.170935][ T4319] cdc_wdm 7-1:1.0: Unknown control protocol
[  223.335644][ T4946] usb 10-1: USB disconnect, device number 7
[  223.399971][ T4319] usb 7-1: USB disconnect, device number 8
[  223.626169][ T6164] netlink: 'syz.9.395': attribute type 1 has an invalid length.
[  223.667030][ T6164] 8021q: adding VLAN 0 to HW filter on device bond1
[  223.715124][ T6168] 8021q: adding VLAN 0 to HW filter on device bond1
[  223.730563][ T6168] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  223.756858][ T6168] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  223.786771][ T6164] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  223.801602][ T6164] device batadv_slave_1 entered promiscuous mode
[  223.832969][ T6164] batman_adv: batadv0: Removing interface: batadv_slave_1
[  223.854462][ T6164] bond1: (slave batadv_slave_1): making interface the new active one
[  223.885802][ T6164] bond1: (slave batadv_slave_1): Enslaving as an active interface with an up link
[  223.915238][ T6173] tipc: Started in network mode
[  223.920198][ T6173] tipc: Node identity 080211000001, cluster identity 4711
[  223.936875][ T6173] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  223.952293][ T6170] device syzkaller0 entered promiscuous mode
[  224.077831][ T6172] tipc: Resetting bearer <eth:syzkaller0>
[  224.239398][   T27] audit: type=1326 audit(1754386594.131:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6181 comm="syz.9.398" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa414f8eb69 code=0x0
[  224.430189][ T6192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  224.477883][ T6192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  224.545590][ T6192] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  224.944185][ T4946] tipc: Node number set to 134418688
[  225.102274][ T4319] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  225.304014][ T4319] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.332488][ T4319] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.382011][ T4319] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  225.432838][ T4319] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  225.458307][ T4319] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.510433][ T4319] usb 8-1: config 0 descriptor??
[  225.646841][ T6235] binder: 6234:6235 ioctl c0306201 200000000240 returned -11
[  225.933059][ T4319] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[  225.954701][ T4319] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  226.343530][   T27] audit: type=1326 audit(1754386596.231:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6256 comm="syz.6.418" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd8478eb69 code=0x0
[  226.431790][ T6266] kvm: pic: non byte write
[  226.818161][ T4947] usb 8-1: USB disconnect, device number 5
[  226.894013][ T6279] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  227.280020][ T6289] binder: 6288:6289 ioctl c0306201 200000000240 returned -11
[  227.485371][    T9] wlan1: Trigger new scan to find an IBSS to join
[  228.524807][ T6314] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  228.551627][ T6323] netlink: 'syz.8.435': attribute type 1 has an invalid length.
[  228.586830][ T6314] kvm: pic: non byte read
[  228.600786][   T27] audit: type=1326 audit(1754386598.491:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6320 comm="syz.9.433" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa414f8eb69 code=0x0
[  228.639819][ T6314] kvm: pic: level sensitive irq not supported
[  228.640675][ T6314] kvm: pic: non byte read
[  228.667708][ T6314] kvm: pic: level sensitive irq not supported
[  228.667875][ T6314] kvm: pic: non byte read
[  228.748477][ T6323] 8021q: adding VLAN 0 to HW filter on device bond1
[  228.899430][ T4279] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  228.917426][ T4279] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  228.936473][ T4279] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  228.945939][ T4279] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  228.953963][ T6327] 8021q: adding VLAN 0 to HW filter on device bond1
[  228.961400][ T4279] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  228.969288][ T4279] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  228.971495][ T6327] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  229.065310][ T6327] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  229.142349][ T6329] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  229.161879][ T6329] device batadv_slave_1 entered promiscuous mode
[  229.185603][ T6329] batman_adv: batadv0: Removing interface: batadv_slave_1
[  229.239454][ T6329] bond1: (slave batadv_slave_1): making interface the new active one
[  229.251853][ T6329] bond1: (slave batadv_slave_1): Enslaving as an active interface with an up link
[  229.263329][ T6340] binder: 6338:6340 ioctl c0306201 200000000240 returned -11
[  229.706333][ T5032] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.890731][ T5032] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.545554][ T4468] wlan1: Trigger new scan to find an IBSS to join
[  230.659634][ T5032] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.968691][ T5032] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  231.062423][ T4749] Bluetooth: hci0: command 0x0409 tx timeout
[  231.406095][ T6380] tipc: Started in network mode
[  231.420220][ T6380] tipc: Node identity de08d36146b6, cluster identity 4711
[  231.497422][ T6380] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  231.516101][ T6330] chnl_net:caif_netlink_parms(): no params data found
[  231.555669][ T6382] device syzkaller0 entered promiscuous mode
[  231.689327][ T6382] tipc: Resetting bearer <eth:syzkaller0>
[  231.746862][ T6390] binder: 6388:6390 ioctl c0306201 200000000240 returned -11
[  231.797099][ T6378] tipc: Resetting bearer <eth:syzkaller0>
[  231.885755][ T6378] tipc: Disabling bearer <eth:syzkaller0>
[  231.917893][   T27] audit: type=1326 audit(1754386601.811:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6392 comm="syz.9.451" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa414f8eb69 code=0x0
[  231.939500][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.172368][ T6330] bridge0: port 1(bridge_slave_0) entered blocking state
[  232.179520][ T6330] bridge0: port 1(bridge_slave_0) entered disabled state
[  232.269128][ T6330] device bridge_slave_0 entered promiscuous mode
[  232.318677][ T6330] bridge0: port 2(bridge_slave_1) entered blocking state
[  232.327943][ T6330] bridge0: port 2(bridge_slave_1) entered disabled state
[  232.340828][ T6330] device bridge_slave_1 entered promiscuous mode
[  232.418638][ T6330] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  232.443046][ T6330] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  232.496374][ T5031] wlan1: Creating new IBSS network, BSSID 72:ae:22:2c:3e:62
[  232.590223][ T6330] team0: Port device team_slave_0 added
[  232.630507][ T6330] team0: Port device team_slave_1 added
[  233.061673][ T5032] bond0: (slave wlan1): Releasing backup interface
[  233.143823][ T4284] Bluetooth: hci0: command 0x041b tx timeout
[  233.544237][ T4284] Bluetooth: hci2: command 0xfc11 tx timeout
[  233.550766][ T4749] Bluetooth: hci2: Entering manufacturer mode failed (-110)
[  233.773381][ T6330] batman_adv: batadv0: Adding interface: batadv_slave_0
[  233.792098][ T6330] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  233.916721][ T6330] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  234.022894][ T6330] batman_adv: batadv0: Adding interface: batadv_slave_1
[  234.030112][ T6330] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  234.165145][ T6330] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  234.620181][ T6330] device hsr_slave_0 entered promiscuous mode
[  234.629061][ T6330] device hsr_slave_1 entered promiscuous mode
[  234.648371][ T5032] device hsr_slave_0 left promiscuous mode
[  234.704793][ T5032] device hsr_slave_1 left promiscuous mode
[  234.718117][ T5032] device bridge_slave_1 left promiscuous mode
[  234.746736][ T5032] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.810026][ T5032] device bridge_slave_0 left promiscuous mode
[  234.855701][ T5032] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.992985][ T5032] device veth1_macvtap left promiscuous mode
[  235.002392][ T5032] device veth0_macvtap left promiscuous mode
[  235.027223][ T5032] device veth1_vlan left promiscuous mode
[  235.043719][ T5032] device veth0_vlan left promiscuous mode
[  235.191298][ T6475] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  235.212162][ T4946] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  235.232725][ T4749] Bluetooth: hci0: command 0x040f tx timeout
[  235.404015][ T4946] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  235.422105][ T4946] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.438064][ T4946] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  235.459121][ T4946] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  235.470024][ T4946] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.488516][ T4946] usb 8-1: config 0 descriptor??
[  235.918389][ T4946] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  235.932246][ T4946] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.7-1/input0
[  236.029342][ T5032] team0 (unregistering): Port device team_slave_1 removed
[  236.084983][ T5032] team0 (unregistering): Port device team_slave_0 removed
[  236.131897][ T5032] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  236.176047][ T5032] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  236.634174][ T5032] bond0 (unregistering): Released all slaves
[  236.711500][ T6464] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  236.741545][ T6467] device syzkaller0 entered promiscuous mode
[  236.770866][ T6479] tipc: Resetting bearer <eth:syzkaller0>
[  236.790780][ T6461] tipc: Resetting bearer <eth:syzkaller0>
[  236.858199][ T4458] usb 8-1: USB disconnect, device number 6
[  236.865231][ T6461] tipc: Disabling bearer <eth:syzkaller0>
[  237.302304][ T4284] Bluetooth: hci0: command 0x0419 tx timeout
[  238.525836][   T27] audit: type=1326 audit(1754386608.421:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6519 comm="syz.6.482" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd8478eb69 code=0x0
[  238.767669][ T6528] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  238.857269][ T6330] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  238.869333][ T6330] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  238.880676][ T6330] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  238.890507][ T6531] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  238.902217][ T4284] Bluetooth: hci2: command 0xfc11 tx timeout
[  238.909997][ T4749] Bluetooth: hci2: Entering manufacturer mode failed (-110)
[  238.951784][ T6330] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  239.226346][ T6330] 8021q: adding VLAN 0 to HW filter on device bond0
[  239.242201][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  239.258299][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  239.270593][ T6330] 8021q: adding VLAN 0 to HW filter on device team0
[  239.290959][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  239.307528][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  239.318887][ T4468] bridge0: port 1(bridge_slave_0) entered blocking state
[  239.326099][ T4468] bridge0: port 1(bridge_slave_0) entered forwarding state
[  239.362257][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  239.374350][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  239.393479][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  239.412085][ T4947] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  239.421541][ T4468] bridge0: port 2(bridge_slave_1) entered blocking state
[  239.428791][ T4468] bridge0: port 2(bridge_slave_1) entered forwarding state
[  239.518040][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  239.537325][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  239.557531][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  239.571410][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  239.598839][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  239.611386][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  239.625536][ T4947] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  239.628289][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  239.650416][ T4947] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  239.661921][ T4947] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  239.669033][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  239.675556][ T4947] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  239.685063][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  239.701573][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  239.735948][ T4947] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.749619][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  239.755432][ T4947] usb 9-1: config 0 descriptor??
[  239.781134][ T6330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  240.180916][ T4947] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  240.227080][ T4947] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  240.799323][ T6330] 8021q: adding VLAN 0 to HW filter on device batadv0
[  240.823313][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  240.832347][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  240.888328][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  240.898833][   T27] audit: type=1326 audit(1754386610.791:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6584 comm="syz.7.498" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8809d8eb69 code=0x0
[  240.911114][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  240.920620][    C0] vkms_vblank_simulate: vblank timer overrun
[  241.004688][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  241.014171][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  241.033790][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  241.052626][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  241.067593][ T4947] usb 9-1: USB disconnect, device number 6
[  241.070303][ T6330] device veth0_vlan entered promiscuous mode
[  241.097428][ T6330] device veth1_vlan entered promiscuous mode
[  241.160825][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  241.180071][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  241.189452][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  241.198880][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  241.225854][ T6330] device veth0_macvtap entered promiscuous mode
[  241.244593][ T6330] device veth1_macvtap entered promiscuous mode
[  241.286135][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.297208][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.320659][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.331593][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.342160][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.370482][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.380760][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  241.400037][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.411831][ T6330] batman_adv: batadv0: Interface activated: batadv_slave_0
[  241.425888][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.436857][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.447330][ T6330] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  241.458527][ T6330] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  241.475539][ T6330] batman_adv: batadv0: Interface activated: batadv_slave_1
[  241.493060][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  241.528173][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  241.550613][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  241.560031][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  241.593059][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  241.617180][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  241.655054][ T6330] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  241.689782][ T6330] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  241.715428][ T6330] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  241.733317][ T6330] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  241.963477][   T47] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.977122][   T47] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.026378][   T47] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  242.081112][ T5032] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.100759][ T5032] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.110427][ T6608] fuse: Bad value for 'fd'
[  242.151183][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  242.495673][ T6621] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  242.525054][ T6621] device syzkaller0 entered promiscuous mode
[  242.592383][ T6621] tipc: Resetting bearer <eth:syzkaller0>
[  242.634695][ T6620] tipc: Resetting bearer <eth:syzkaller0>
[  242.698899][   T27] audit: type=1326 audit(1754386612.591:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6628 comm="syz.0.514" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9246b8eb69 code=0x0
[  242.720782][    C0] vkms_vblank_simulate: vblank timer overrun
[  242.728252][ T6620] tipc: Disabling bearer <eth:syzkaller0>
[  243.341729][ T6654] fuse: Bad value for 'fd'
[  243.944003][ T6679] netlink: 'syz.8.530': attribute type 1 has an invalid length.
[  244.074881][ T6679] 8021q: adding VLAN 0 to HW filter on device bond2
[  244.230123][ T6690] tipc: Started in network mode
[  244.255942][ T6690] tipc: Node identity 468ac5412994, cluster identity 4711
[  244.308294][ T6690] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  244.348733][ T6692] device syzkaller0 entered promiscuous mode
[  244.398453][ T6692] tipc: Resetting bearer <eth:syzkaller0>
[  244.473598][ T6688] tipc: Resetting bearer <eth:syzkaller0>
[  244.485014][ T6702] fuse: Bad value for 'fd'
[  244.597319][ T6688] tipc: Disabling bearer <eth:syzkaller0>
[  244.731352][   T27] audit: type=1326 audit(1754386614.621:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6710 comm="syz.6.537" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efd8478eb69 code=0x0
[  244.753103][    C0] vkms_vblank_simulate: vblank timer overrun
[  245.783304][ T6743] binder_alloc: 6742: binder_alloc_buf, no vma
[  245.790473][ T6743] binder: 6742:6743 ioctl c0306201 200000000240 returned -11
[  248.066283][   T27] audit: type=1326 audit(1754386617.961:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6800 comm="syz.0.555" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9246b8eb69 code=0x0
[  248.087886][    C0] vkms_vblank_simulate: vblank timer overrun
[  249.274617][ T6760] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  249.291729][ T6808] netlink: 'syz.0.556': attribute type 1 has an invalid length.
[  249.446086][ T6808] 8021q: adding VLAN 0 to HW filter on device bond1
[  249.528744][ T6814] tipc: Started in network mode
[  249.534263][ T6814] tipc: Node identity 3e616cf2a136, cluster identity 4711
[  249.541632][ T6814] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  249.563124][ T6814] device syzkaller0 entered promiscuous mode
[  249.618171][ T6814] tipc: Resetting bearer <eth:syzkaller0>
[  249.647322][ T6813] tipc: Resetting bearer <eth:syzkaller0>
[  249.714790][ T6813] tipc: Disabling bearer <eth:syzkaller0>
[  249.782533][ T4369] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  250.001661][ T4369] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.037757][ T4369] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.058063][ T4749] Bluetooth: Unknown LE signaling command 0x00
[  250.058819][ T6832] netlink: 'syz.0.565': attribute type 8 has an invalid length.
[  250.064476][ T4749] Bluetooth: Wrong link type (-22)
[  250.082097][ T4369] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  250.112231][ T4369] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  250.131642][ T4369] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.153185][ T4369] usb 9-1: config 0 descriptor??
[  250.179346][ T6832] netlink: 'syz.0.565': attribute type 1 has an invalid length.
[  250.191635][ T6832] netlink: 'syz.0.565': attribute type 5 has an invalid length.
[  250.569468][ T4369] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving
[  250.594714][ T4369] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  250.756619][ T6852] binder: BINDER_SET_CONTEXT_MGR already set
[  250.781765][ T6852] binder: 6851:6852 ioctl 4018620d 200000000040 returned -16
[  250.823610][ T6852] binder: 6851:6852 ioctl c0306201 200000000240 returned -11
[  251.017765][ T6860] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  251.034411][ T6859] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  251.053132][ T6860] device syzkaller0 entered promiscuous mode
[  251.083605][ T6860] tipc: Resetting bearer <eth:syzkaller0>
[  251.101246][ T6855] tipc: Resetting bearer <eth:syzkaller0>
[  251.153197][ T6855] tipc: Disabling bearer <eth:syzkaller0>
[  251.444580][ T6865] kvm [6862]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0x186 data 0x4000
[  251.847405][ T6887] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  251.859325][ T6887] device syzkaller0 entered promiscuous mode
[  251.896275][ T6887] tipc: Resetting bearer <eth:syzkaller0>
[  251.910360][ T6886] tipc: Resetting bearer <eth:syzkaller0>
[  251.922034][ T4369] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  251.962136][   T26] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  251.975132][ T6886] tipc: Disabling bearer <eth:syzkaller0>
[  252.055103][ T4319] usb 9-1: reset high-speed USB device number 7 using dummy_hcd
[  252.092306][ T4369] usb 7-1: device descriptor read/64, error -71
[  252.172139][   T26] usb 10-1: Using ep0 maxpacket: 8
[  252.180688][   T26] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  252.216181][   T26] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2
[  252.248298][   T26] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  252.267061][   T26] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  252.279856][   T26] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  252.289863][   T26] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.321086][   T26] hub 10-1:1.0: bad descriptor, ignoring hub
[  252.372249][ T4369] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  252.382208][   T26] hub: probe of 10-1:1.0 failed with error -5
[  252.404402][   T26] cdc_wdm 10-1:1.0: skipping garbage
[  252.417928][   T26] cdc_wdm 10-1:1.0: skipping garbage
[  252.436225][   T26] cdc_wdm 10-1:1.0: cdc-wdm1: USB WDM device
[  252.447706][   T26] cdc_wdm 10-1:1.0: Unknown control protocol
[  252.542174][ T4369] usb 7-1: device descriptor read/64, error -71
[  252.663993][ T4369] usb usb7-port1: attempt power cycle
[  252.682433][   T26] usb 10-1: USB disconnect, device number 8
[  253.052189][   T26] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  253.092106][ T4369] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  253.137159][ T4369] usb 7-1: device descriptor read/8, error -71
[  253.262081][   T26] usb 10-1: Using ep0 maxpacket: 8
[  253.271140][   T26] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  253.323179][   T26] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 2
[  253.359747][   T26] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[  253.406147][   T26] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[  253.424182][ T4947] usb 9-1: USB disconnect, device number 7
[  253.462226][ T4369] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  253.485572][   T26] usb 10-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  253.505018][   T26] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.514655][ T4369] usb 7-1: device descriptor read/8, error -71
[  253.540843][ T6919] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  253.552418][   T26] hub 10-1:1.0: bad descriptor, ignoring hub
[  253.558519][   T26] hub: probe of 10-1:1.0 failed with error -5
[  253.575246][   T26] cdc_wdm 10-1:1.0: skipping garbage
[  253.582295][   T26] cdc_wdm 10-1:1.0: skipping garbage
[  253.612259][   T26] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  253.618329][   T26] cdc_wdm 10-1:1.0: Unknown control protocol
[  253.633046][ T4369] usb usb7-port1: unable to enumerate USB device
[  253.879545][ T6922] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  253.902322][ T4947] usb 10-1: USB disconnect, device number 9
[  254.153837][ T6933] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  254.473933][ T6942] Bluetooth: MGMT ver 1.22
[  254.812164][ T4271] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  255.002054][ T4271] usb 9-1: Using ep0 maxpacket: 8
[  255.026803][ T4271] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  255.058875][ T4271] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  255.120310][ T4271] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  255.128469][ T6961] binder: 6960:6961 ioctl c0306201 200000000240 returned -11
[  255.148375][ T4271] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  255.190697][ T4271] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  255.210331][ T4271] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.443754][ T6968] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  255.458737][ T4271] usb 9-1: GET_CAPABILITIES returned 0
[  255.466034][ T6968] device syzkaller0 entered promiscuous mode
[  255.469240][ T4271] usbtmc 9-1:16.0: can't read capabilities
[  255.532914][ T6968] tipc: Resetting bearer <eth:syzkaller0>
[  255.574331][ T6967] tipc: Resetting bearer <eth:syzkaller0>
[  255.642860][ T6967] tipc: Disabling bearer <eth:syzkaller0>
[  255.675168][ T4271] usb 9-1: USB disconnect, device number 8
[  255.710681][ T6973] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  255.739635][ T6973] device syzkaller0 entered promiscuous mode
[  255.767990][ T6973] tipc: Resetting bearer <eth:syzkaller0>
[  255.799162][ T6972] tipc: Resetting bearer <eth:syzkaller0>
[  255.889649][ T6972] tipc: Disabling bearer <eth:syzkaller0>
[  256.552076][ T4271] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  256.653982][ T7006] binder: 7005:7006 ioctl c0306201 200000000240 returned -11
[  256.732381][ T4271] usb 1-1: device descriptor read/64, error -71
[  257.002851][ T4271] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  257.085615][ T7024] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  257.094626][ T7024] device syzkaller0 entered promiscuous mode
[  257.120072][ T7024] tipc: Resetting bearer <eth:syzkaller0>
[  257.130284][ T7021] tipc: Resetting bearer <eth:syzkaller0>
[  257.172196][ T4271] usb 1-1: device descriptor read/64, error -71
[  257.236723][ T7021] tipc: Disabling bearer <eth:syzkaller0>
[  257.292333][ T4271] usb usb1-port1: attempt power cycle
[  257.432225][ T4947] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  257.632166][ T4947] usb 9-1: Using ep0 maxpacket: 8
[  257.644704][ T4947] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  257.656245][ T7043] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  257.677222][ T7043] device syzkaller0 entered promiscuous mode
[  257.695078][ T4947] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  257.702139][ T4271] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  257.729771][ T4947] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  257.747746][ T7043] tipc: Resetting bearer <eth:syzkaller0>
[  257.753095][ T4271] usb 1-1: device descriptor read/8, error -71
[  257.763854][ T4947] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  257.797378][ T4947] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  257.821859][ T4947] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.870595][ T7041] tipc: Resetting bearer <eth:syzkaller0>
[  257.933338][ T7041] tipc: Disabling bearer <eth:syzkaller0>
[  258.029113][ T4271] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  258.067463][ T4947] usb 9-1: GET_CAPABILITIES returned 0
[  258.073239][ T4947] usbtmc 9-1:16.0: can't read capabilities
[  258.089292][ T4271] usb 1-1: device descriptor read/8, error -71
[  258.144981][ T4749] Bluetooth: Unknown LE signaling command 0x00
[  258.151262][ T4749] Bluetooth: Wrong link type (-22)
[  258.242382][ T4271] usb usb1-port1: unable to enumerate USB device
[  258.277149][ T4947] usb 9-1: USB disconnect, device number 9
[  259.056563][ T7086] binder: BINDER_SET_CONTEXT_MGR already set
[  259.097076][ T7086] binder: 7085:7086 ioctl 4018620d 200000000040 returned -16
[  259.145878][ T7086] binder: 7085:7086 ioctl c0306201 200000000240 returned -11
[  259.438785][ T4749] Bluetooth: Unknown LE signaling command 0x00
[  259.445579][ T4749] Bluetooth: Wrong link type (-22)
[  260.222061][ T4947] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  260.422204][ T4947] usb 1-1: Using ep0 maxpacket: 8
[  260.434980][ T4947] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  260.487899][ T4947] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  260.527115][ T4947] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  260.588698][ T4947] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  260.640174][ T4947] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  260.667725][ T4947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.717534][ T7140] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  260.763443][ T7146] device syzkaller0 entered promiscuous mode
[  260.864503][ T7138] tipc: Resetting bearer <eth:syzkaller0>
[  260.893318][ T4947] usb 1-1: GET_CAPABILITIES returned 0
[  260.899093][ T4947] usbtmc 1-1:16.0: can't read capabilities
[  260.987341][ T7138] tipc: Disabling bearer <eth:syzkaller0>
[  261.112310][ T4369] usb 1-1: USB disconnect, device number 9
[  261.146335][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  261.153213][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  261.253759][ T7156] Bluetooth: hci0: unsupported parameter 256
[  261.259838][ T7156] Bluetooth: hci0: unsupported parameter 256
[  261.472242][ T4466] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  261.916216][ T7177] tipc: Started in network mode
[  261.921172][ T7177] tipc: Node identity 8ea71497281c, cluster identity 4711
[  261.951655][ T7177] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  261.978713][ T7187] device syzkaller0 entered promiscuous mode
[  262.003560][ T7183] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  262.024543][ T7183] device syzkaller0 entered promiscuous mode
[  262.134375][ T7177] tipc: Resetting bearer <eth:syzkaller0>
[  262.160465][ T7181] tipc: Resetting bearer <eth:syzkaller0>
[  262.234356][ T7181] tipc: Disabling bearer <eth:syzkaller0>
[  262.286118][ T7176] tipc: Resetting bearer <eth:syzkaller0>
[  262.343532][ T7176] tipc: Disabling bearer <eth:syzkaller0>
[  263.008434][ T7220] netlink: 'syz.8.679': attribute type 1 has an invalid length.
[  263.069937][ T7220] 8021q: adding VLAN 0 to HW filter on device bond3
[  263.162540][ T4890] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  263.232389][ T4279] Bluetooth: hci3: command 0x0406 tx timeout
[  263.238498][ T4279] Bluetooth: hci6: command 0x0406 tx timeout
[  263.247474][ T4279] Bluetooth: hci1: command 0x0406 tx timeout
[  263.247607][ T4749] Bluetooth: hci5: command 0x0406 tx timeout
[  263.362296][ T4890] usb 1-1: Using ep0 maxpacket: 8
[  263.370176][ T4890] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  263.382818][ T4890] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  263.393415][ T4890] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  263.407423][ T4890] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  263.421819][ T4890] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  263.431372][ T4890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  263.622482][ T7237] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  263.660117][ T4890] usb 1-1: usb_control_msg returned -71
[  263.682099][ T4890] usbtmc 1-1:16.0: can't read capabilities
[  263.690177][ T7240] device syzkaller0 entered promiscuous mode
[  263.734785][ T4890] usb 1-1: USB disconnect, device number 10
[  263.828571][ T7235] tipc: Resetting bearer <eth:syzkaller0>
[  263.923264][ T7235] tipc: Disabling bearer <eth:syzkaller0>
[  264.917369][ T7273] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  264.953642][ T7273] device syzkaller0 entered promiscuous mode
[  265.034345][ T7273] tipc: Resetting bearer <eth:syzkaller0>
[  265.066728][ T7269] tipc: Resetting bearer <eth:syzkaller0>
[  265.179569][ T7269] tipc: Disabling bearer <eth:syzkaller0>
[  265.218228][ T7284] binder: 7282:7284 ioctl c0306201 200000000240 returned -11
[  265.452120][ T4369] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  265.556581][ T4284] Bluetooth: Unknown LE signaling command 0x00
[  265.562987][ T4284] Bluetooth: Wrong link type (-22)
[  265.670205][ T4369] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  265.701670][ T4369] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  265.732220][ T4369] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  265.752143][ T4369] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  265.801326][ T4369] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  265.837344][ T4369] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  265.868619][ T4369] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  265.900342][ T4369] usb 7-1: Product: syz
[  265.915089][ T4369] usb 7-1: Manufacturer: syz
[  265.937476][ T4369] cdc_wdm 7-1:1.0: skipping garbage
[  265.972112][ T4369] cdc_wdm 7-1:1.0: skipping garbage
[  265.990524][ T4369] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  266.012117][ T4369] cdc_wdm 7-1:1.0: Unknown control protocol
[  266.680558][    C0] cdc_wdm 7-1:1.0: Unexpected error -71
[  266.687238][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  266.693890][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  266.700671][    C0] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  266.707322][    C0] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  266.725981][ T4890] usb 7-1: USB disconnect, device number 13
[  267.140996][ T7340] netlink: 'syz.7.713': attribute type 1 has an invalid length.
[  267.286405][ T4284] Bluetooth: Unknown LE signaling command 0x00
[  267.292852][ T4284] Bluetooth: Wrong link type (-22)
[  267.341558][ T7340] 8021q: adding VLAN 0 to HW filter on device bond1
[  267.544369][ T7355] binder: BINDER_SET_CONTEXT_MGR already set
[  267.576798][ T7355] binder: 7354:7355 ioctl 4018620d 200000000040 returned -16
[  267.969756][ T7368] kvm [7367]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  268.049798][ T7368] kvm [7367]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe706111
[  268.584664][ T4284] Bluetooth: Unknown LE signaling command 0x00
[  268.590905][ T4284] Bluetooth: Wrong link type (-22)
[  269.002715][ T7404] binder: BINDER_SET_CONTEXT_MGR already set
[  269.038880][ T7404] binder: 7403:7404 ioctl 4018620d 200000000040 returned -16
[  269.102045][ T4271] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  269.294000][ T4271] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  269.312973][ T4271] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  269.361291][ T4271] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  269.405546][ T4271] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  269.451162][ T4271] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  269.533023][ T4271] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  269.600270][ T4271] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  269.630163][ T4271] usb 1-1: Product: syz
[  269.661682][ T4271] usb 1-1: Manufacturer: syz
[  269.697791][ T4271] cdc_wdm 1-1:1.0: skipping garbage
[  269.720957][ T4271] cdc_wdm 1-1:1.0: skipping garbage
[  269.746992][ T4271] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  269.794751][ T4271] cdc_wdm 1-1:1.0: Unknown control protocol
[  270.190107][    C0] cdc_wdm 1-1:1.0: Unexpected error -71
[  270.195802][    C0] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  270.202439][    C0] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  270.235618][ T4271] usb 1-1: USB disconnect, device number 11
[  270.413106][ T7450] binder: BINDER_SET_CONTEXT_MGR already set
[  270.458018][ T7450] binder: 7448:7450 ioctl 4018620d 200000000040 returned -16
[  271.142137][ T4284] Bluetooth: hci0: command 0x0405 tx timeout
[  271.812070][ T7498] Zero length message leads to an empty skb
[  271.921037][ T7498] loop9: detected capacity change from 0 to 256
[  272.058254][ T7498] exFAT-fs (loop9): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  272.299847][ T7506] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  272.308388][ T7506] device syzkaller0 entered promiscuous mode
[  272.319246][ T7506] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  272.362821][ T7509] binder: 7507:7509 ioctl c0306201 200000000240 returned -11
[  272.671666][ T7505] tipc: Resetting bearer <eth:syzkaller0>
[  272.973883][ T7505] tipc: Disabling bearer <eth:syzkaller0>
[  273.832157][ T7535] binder: BINDER_SET_CONTEXT_MGR already set
[  273.849811][ T7535] binder: 7534:7535 ioctl 4018620d 200000000040 returned -16
[  273.999697][ T7542] netlink: 12 bytes leftover after parsing attributes in process `syz.0.773'.
[  274.157551][   T75] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.166679][ T7548] loop8: detected capacity change from 0 to 1024
[  274.349826][   T75] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.494261][   T75] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.634196][   T75] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.970103][ T7571] loop8: detected capacity change from 0 to 128
[  275.080685][ T7571] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none.
[  275.156004][   T75] tipc: Left network mode
[  275.166348][ T7571] ext4 filesystem being mounted at /157/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  275.291143][ T4956] udevd[4956]: incorrect jbd checksum on /dev/loop8
[  275.501571][ T4744] EXT4-fs (loop8): unmounting filesystem.
[  275.521215][ T4956] udevd[4956]: incorrect jbd checksum on /dev/loop8
[  275.780911][ T7591] netlink: 32 bytes leftover after parsing attributes in process `syz.6.789'.
[  275.862527][ T4284] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  275.873792][ T4284] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  275.883523][ T4284] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  275.891830][ T4284] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  275.901243][ T4284] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  275.910544][ T4284] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  276.252326][   T22] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  276.412182][   T22] usb 1-1: device descriptor read/64, error -71
[  277.390102][ T7592] chnl_net:caif_netlink_parms(): no params data found
[  277.492112][   T22] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  277.544903][ T7633] binder: BINDER_SET_CONTEXT_MGR already set
[  277.568118][ T7633] binder: 7631:7633 ioctl 4018620d 200000000040 returned -16
[  277.652035][   T22] usb 1-1: device descriptor read/64, error -71
[  277.772436][   T22] usb usb1-port1: attempt power cycle
[  277.839537][ T7647] netlink: 12 bytes leftover after parsing attributes in process `syz.7.802'.
[  277.942388][ T4279] Bluetooth: hci2: command 0x0409 tx timeout
[  277.970896][ T7592] bridge0: port 1(bridge_slave_0) entered blocking state
[  277.977837][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x5e7d
[  277.985596][ T7592] bridge0: port 1(bridge_slave_0) entered disabled state
[  277.990911][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0xa3b1
[  278.007731][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0x9681
[  278.022794][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbb6a, nop
[  278.039409][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbe81, nop
[  278.041673][ T7592] device bridge_slave_0 entered promiscuous mode
[  278.079735][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbb6a, nop
[  278.105949][ T7592] bridge0: port 2(bridge_slave_1) entered blocking state
[  278.132552][ T7592] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.143756][ T7592] device bridge_slave_1 entered promiscuous mode
[  278.160815][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbe81, nop
[  278.212036][   T22] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  278.212643][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbb6a, nop
[  278.254563][   T22] usb 1-1: device descriptor read/8, error -71
[  278.299202][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbe81, nop
[  278.344900][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbb6a, nop
[  278.420920][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbe81, nop
[  278.463840][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbb6a, nop
[  278.490780][ T7641] kvm [7640]: vcpu0, guest rIP: 0x18e vmx_set_msr: BTF|LBR in IA32_DEBUGCTLMSR 0xbe81, nop
[  278.534579][   T22] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  278.565144][   T75] device hsr_slave_0 left promiscuous mode
[  278.582824][   T75] device hsr_slave_1 left promiscuous mode
[  278.600419][   T22] usb 1-1: device descriptor read/8, error -71
[  278.632476][   T75] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  278.662432][   T75] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.683926][   T75] device bridge_slave_1 left promiscuous mode
[  278.694988][   T75] bridge0: port 2(bridge_slave_1) entered disabled state
[  278.715564][   T75] device bridge_slave_0 left promiscuous mode
[  278.730048][   T75] bridge0: port 1(bridge_slave_0) entered disabled state
[  278.740458][   T22] usb usb1-port1: unable to enumerate USB device
[  278.924609][   T75] device veth1_macvtap left promiscuous mode
[  278.930778][   T75] device veth0_macvtap left promiscuous mode
[  278.943932][   T75] device veth1_vlan left promiscuous mode
[  278.962453][   T75] device veth0_vlan left promiscuous mode
[  279.258511][ T7679] binder: BINDER_SET_CONTEXT_MGR already set
[  279.314517][ T7679] binder: 7678:7679 ioctl 4018620d 200000000040 returned -16
[  279.676506][ T7697] loop8: detected capacity change from 0 to 256
[  279.893647][ T7697] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  280.120830][ T4279] Bluetooth: hci2: command 0x041b tx timeout
[  281.690691][   T75] bond1 (unregistering): (slave batadv_slave_1): Releasing active interface
[  281.736281][   T75] bond1 (unregistering): Released all slaves
[  282.182125][ T4279] Bluetooth: hci2: command 0x040f tx timeout
[  282.685131][ T7729] binder: BINDER_SET_CONTEXT_MGR already set
[  282.691212][ T7729] binder: 7728:7729 ioctl 4018620d 200000000040 returned -16
[  283.332144][   T22] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  283.546566][   T75] team0 (unregistering): Port device team_slave_1 removed
[  283.591782][   T22] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  285.072663][ T4279] Bluetooth: hci2: command 0x0419 tx timeout
[  285.090894][   T22] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  285.127536][   T22] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  285.165639][   T22] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.245627][   T75] team0 (unregistering): Port device team_slave_0 removed
[  285.277978][ T7740] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  285.429978][   T75] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  285.573290][   T75] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  285.682466][ T7758] loop0: detected capacity change from 0 to 256
[  285.751646][ T7758] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  287.973679][   T75] bond0 (unregistering): Released all slaves
[  288.097254][  T127] usb 9-1: USB disconnect, device number 10
[  288.178927][ T7592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  288.227214][ T7780] loop0: detected capacity change from 0 to 1024
[  288.263561][ T7592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  288.328345][ T7780] EXT4-fs: Ignoring removed bh option
[  288.382674][ T7780] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  288.406026][ T7780] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  288.426800][ T7780] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  288.438663][ T7780] EXT4-fs (loop0): filesystem has both journal inode and journal device!
[  288.460097][ T7592] team0: Port device team_slave_0 added
[  288.537987][ T7592] team0: Port device team_slave_1 added
[  290.208951][ T7592] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.242244][ T7592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.342548][ T7592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  290.390633][ T7592] batman_adv: batadv0: Adding interface: batadv_slave_1
[  290.408132][ T7592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  290.513160][ T7592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  290.717575][ T7592] device hsr_slave_0 entered promiscuous mode
[  290.754978][ T7592] device hsr_slave_1 entered promiscuous mode
[  290.775059][ T7592] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  290.809385][ T7592] Cannot create hsr debugfs directory
[  291.502464][ T4369] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  293.194354][ T4369] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  293.226696][   T47] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  293.239251][ T4369] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  293.272148][ T4369] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  293.301686][ T4369] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.357777][ T7819] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  294.357996][   T27] audit: type=1326 audit(1754386664.251:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7857 comm="syz.7.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8809d8eb69 code=0x7ffc0000
[  294.449242][   T27] audit: type=1326 audit(1754386664.281:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7857 comm="syz.7.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f8809d8eb69 code=0x7ffc0000
[  294.568741][   T27] audit: type=1326 audit(1754386664.281:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7857 comm="syz.7.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8809d8eb69 code=0x7ffc0000
[  294.707333][   T27] audit: type=1326 audit(1754386664.281:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7857 comm="syz.7.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8809d8eb69 code=0x7ffc0000
[  294.916798][ T7592] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  295.083340][ T7592] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  295.094348][ T7592] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  295.105411][ T7592] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  295.227247][ T7877] ip6t_REJECT: ECHOREPLY is not supported
[  295.236024][ T7877] syz.6.863 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  296.879148][ T7592] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.929390][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  296.972689][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  297.008228][ T7592] 8021q: adding VLAN 0 to HW filter on device team0
[  297.090594][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  297.112897][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  297.152218][ T7762] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.159386][ T7762] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.227928][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  297.276909][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  297.309600][ T7762] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.316834][ T7762] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.431826][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  297.473162][ T7762] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  297.507954][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  298.995030][ T7909] loop7: detected capacity change from 0 to 1024
[  299.054170][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  299.072940][ T7909] EXT4-fs: Ignoring removed bh option
[  299.102307][ T7909] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  299.144557][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  299.172051][ T4891] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  299.181190][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  299.215100][ T7909] EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  299.233182][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  299.286370][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  299.308475][ T7909] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  299.323017][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  299.358760][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  299.372294][ T7909] EXT4-fs (loop7): filesystem has both journal inode and journal device!
[  299.382929][ T4891] usb 7-1: Using ep0 maxpacket: 8
[  299.389876][ T4891] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  299.422950][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  299.431649][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  299.439921][ T4891] usb 7-1: config 0 has no interface number 0
[  299.462262][ T4891] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  300.994419][ T7592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  301.034008][ T4891] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  301.102607][ T4891] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.238406][ T4891] usb 7-1: config 0 descriptor??
[  301.250606][ T4891] usb 7-1: can't set config #0, error -71
[  301.267464][ T4891] usb 7-1: USB disconnect, device number 14
[  301.317883][ T4947] usb 9-1: USB disconnect, device number 11
[  302.722708][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  302.734855][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  302.769625][ T7592] 8021q: adding VLAN 0 to HW filter on device batadv0
[  302.847131][ T4360] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  302.868839][ T4360] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  302.917806][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  302.940595][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  303.005293][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  303.034547][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  303.063186][ T7592] device veth0_vlan entered promiscuous mode
[  303.100126][ T7592] device veth1_vlan entered promiscuous mode
[  303.413702][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  303.428105][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  303.679718][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  303.688799][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  303.697722][ T7946] ip6t_REJECT: ECHOREPLY is not supported
[  303.727801][ T7592] device veth0_macvtap entered promiscuous mode
[  303.755488][ T5031] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  303.794582][ T7592] device veth1_macvtap entered promiscuous mode
[  303.854779][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  303.881520][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  303.891650][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  303.902781][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  304.005980][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  304.096001][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.466111][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.496617][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.553229][ T7592] batman_adv: batadv0: Interface activated: batadv_slave_0
[  307.013048][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  307.057157][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  307.087740][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  307.106167][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  307.148691][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  307.211816][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  307.277799][ T7592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  307.298581][ T7592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  307.317426][ T7592] batman_adv: batadv0: Interface activated: batadv_slave_1
[  307.328329][ T5032] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  307.341551][ T5032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  307.397119][ T7592] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  307.442026][ T7592] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  307.492393][ T7592] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  307.501172][ T7592] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  307.868242][ T5032] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  307.916036][ T5032] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  307.971210][ T5031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  307.994717][ T7971] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  308.036844][ T5031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  308.143472][ T4502] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  309.780999][ T8022] tipc: Started in network mode
[  309.803757][ T8022] tipc: Node identity aecdabe3a15, cluster identity 4711
[  311.267249][ T8022] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  311.305640][ T8027] device syzkaller0 entered promiscuous mode
[  311.341126][ T8022] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  311.426108][ T8021] tipc: Resetting bearer <eth:syzkaller0>
[  311.518623][ T8021] tipc: Disabling bearer <eth:syzkaller0>
[  311.601990][ T4369] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  311.832975][ T4369] usb 9-1: Using ep0 maxpacket: 8
[  311.842688][ T4369] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  311.874083][ T4369] usb 9-1: config 0 has no interface number 0
[  311.897905][ T4369] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  311.929486][ T4369] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  311.949833][ T4369] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.011593][ T8038] netlink: 12 bytes leftover after parsing attributes in process `syz.1.896'.
[  312.029603][ T4369] usb 9-1: config 0 descriptor??
[  312.045141][ T4369] iowarrior 9-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  312.147318][ T4387] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  312.240587][ T4369] usb 9-1: USB disconnect, device number 12
[  314.122759][ T4387] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  314.154207][ T4387] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  314.194745][ T4387] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  314.226999][ T4387] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.281453][ T8035] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  314.832204][   T14] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  315.154631][ T8074] input: syz0 as /devices/virtual/input/input16
[  316.011492][   T14] usb 9-1: device descriptor read/64, error -71
[  316.282223][   T14] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  316.452190][   T14] usb 9-1: device descriptor read/64, error -71
[  316.582218][   T14] usb usb9-port1: attempt power cycle
[  316.956454][ T8085] netlink: 12 bytes leftover after parsing attributes in process `syz.6.907'.
[  316.997145][   T14] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  317.046255][   T14] usb 9-1: device descriptor read/8, error -71
[  317.322199][   T14] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  317.393002][   T14] usb 9-1: device descriptor read/8, error -71
[  317.491275][ T8096] loop6: detected capacity change from 0 to 1024
[  317.512257][   T14] usb usb9-port1: unable to enumerate USB device
[  317.594512][ T8096] EXT4-fs: Ignoring removed bh option
[  317.691615][ T8096] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  317.810624][ T8096] EXT4-fs (loop6): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  317.877740][ T8096] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  317.959841][ T8096] EXT4-fs (loop6): filesystem has both journal inode and journal device!
[  320.155720][ T8133] ip6t_REJECT: ECHOREPLY is not supported
[  322.460667][ T8139] loop1: detected capacity change from 0 to 1024
[  322.468694][ T8139] EXT4-fs: Ignoring removed bh option
[  322.515151][ T4458] usb 8-1: USB disconnect, device number 7
[  322.573394][ T8139] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  322.588615][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  322.588718][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  322.742943][ T8139] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  322.774866][ T8139] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  322.812170][ T8139] EXT4-fs (loop1): filesystem has both journal inode and journal device!
[  324.191938][    C1] sched: RT throttling activated
[  324.445777][ T5034] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  324.773295][ T4369] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  324.954129][ T4369] usb 9-1: device descriptor read/64, error -71
[  325.137282][ T4468] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.202479][ T4279] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  325.222054][ T4369] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  325.251808][ T4279] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  325.261528][ T4279] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  325.276311][ T4279] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  325.286202][ T4279] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  325.296216][ T4279] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  325.372170][ T4369] usb 9-1: device descriptor read/64, error -71
[  325.427540][ T8162] kvm [8161]: vcpu3, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010002 data 0x2b6714aa
[  325.444298][ T4468] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.492548][ T4369] usb usb9-port1: attempt power cycle
[  325.611673][ T4468] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.836810][ T4468] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.902231][ T4369] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  325.943500][ T4369] usb 9-1: device descriptor read/8, error -71
[  325.965513][ T8173] kvm: MWAIT instruction emulated as NOP!
[  326.154598][ T8159] chnl_net:caif_netlink_parms(): no params data found
[  326.222198][ T4369] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  326.272934][ T4369] usb 9-1: device descriptor read/8, error -71
[  326.369233][ T4468] tipc: Left network mode
[  326.392563][ T4369] usb usb9-port1: unable to enumerate USB device
[  326.586309][ T8192] loop0: detected capacity change from 0 to 1024
[  326.608347][ T8192] EXT4-fs: Ignoring removed bh option
[  326.637241][ T8192] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  326.666119][ T8159] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.683125][ T8159] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.692137][ T8192] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  326.713404][ T8159] device bridge_slave_0 entered promiscuous mode
[  326.742258][ T8192] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  326.758812][ T8192] EXT4-fs (loop0): filesystem has both journal inode and journal device!
[  326.792482][ T8159] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.801442][ T8159] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.820201][ T8159] device bridge_slave_1 entered promiscuous mode
[  328.319830][ T4279] Bluetooth: hci3: command 0x0409 tx timeout
[  328.464695][ T8159] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  329.887310][ T8159] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  330.124125][ T8159] team0: Port device team_slave_0 added
[  330.152959][ T8159] team0: Port device team_slave_1 added
[  330.317594][ T8159] batman_adv: batadv0: Adding interface: batadv_slave_0
[  330.332232][ T8159] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.358695][ T4279] Bluetooth: hci3: command 0x041b tx timeout
[  330.371262][ T8159] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  330.462717][ T8159] batman_adv: batadv0: Adding interface: batadv_slave_1
[  330.482168][ T8159] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  330.596538][ T8159] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  330.887265][ T8159] device hsr_slave_0 entered promiscuous mode
[  330.940188][ T8159] device hsr_slave_1 entered promiscuous mode
[  330.963009][ T8159] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  330.970637][ T8159] Cannot create hsr debugfs directory
[  332.801540][ T4279] Bluetooth: hci3: command 0x040f tx timeout
[  334.772120][ T4468] device hsr_slave_0 left promiscuous mode
[  334.822322][ T4468] device hsr_slave_1 left promiscuous mode
[  334.822420][ T4279] Bluetooth: hci3: command 0x0419 tx timeout
[  334.890607][ T4468] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  334.908697][ T4468] batman_adv: batadv0: Removing interface: batadv_slave_0
[  334.949891][ T4468] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  334.984068][ T4468] batman_adv: batadv0: Removing interface: batadv_slave_1
[  335.028273][ T4468] device bridge_slave_1 left promiscuous mode
[  335.062224][ T4468] bridge0: port 2(bridge_slave_1) entered disabled state
[  335.142690][ T4468] device bridge_slave_0 left promiscuous mode
[  335.148991][ T4468] bridge0: port 1(bridge_slave_0) entered disabled state
[  335.530612][ T4468] device veth1_macvtap left promiscuous mode
[  335.563969][ T4468] device veth0_macvtap left promiscuous mode
[  335.592825][ T4468] device veth1_vlan left promiscuous mode
[  335.598811][ T4468] device veth0_vlan left promiscuous mode
[  338.362409][ T8313] ip6t_REJECT: ECHOREPLY is not supported
[  338.905277][ T4468] bond1 (unregistering): Released all slaves
[  341.280772][ T8321] loop1: detected capacity change from 0 to 32768
[  341.315068][ T8321] XFS: noikeep mount option is deprecated.
[  341.413486][ T8321] XFS (loop1): Mounting V5 Filesystem
[  341.434584][ T8333] binder: 8332:8333 ioctl c0306201 0 returned -14
[  341.474095][ T4468] team0 (unregistering): Port device team_slave_1 removed
[  341.516476][ T8321] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  341.552746][ T4468] team0 (unregistering): Port device team_slave_0 removed
[  341.587959][ T8321] XFS (loop1): Starting recovery (logdev: internal)
[  341.646944][ T8321] XFS (loop1): Ending recovery (logdev: internal)
[  341.668111][ T4468] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  341.730704][ T4468] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  342.390712][ T7592] XFS (loop1): Unmounting Filesystem
[  342.725395][ T4468] bond0 (unregistering): Released all slaves
[  344.582248][ T4284] Bluetooth: hci0: command 0x0406 tx timeout
[  344.643054][ T8319] netlink: 'syz.0.951': attribute type 10 has an invalid length.
[  345.355442][ T8362] ip6t_REJECT: ECHOREPLY is not supported
[  346.547884][ T4336] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  346.743119][ T4336] usb 1-1: not running at top speed; connect to a high speed hub
[  346.783016][ T4336] usb 1-1: config 127 has an invalid interface number: 29 but max is 0
[  346.812067][ T4336] usb 1-1: config 127 has no interface number 0
[  346.832173][ T4336] usb 1-1: config 127 interface 29 has no altsetting 0
[  346.878013][ T4336] usb 1-1: New USB device found, idVendor=06cd, idProduct=010b, bcdDevice=6b.12
[  346.931971][ T4336] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.992008][ T4336] usb 1-1: Product: syz
[  346.996255][ T4336] usb 1-1: Manufacturer: syz
[  347.000897][ T4336] usb 1-1: SerialNumber: syz
[  347.016703][ T8374] binder: 8373:8374 ioctl c0306201 0 returned -14
[  347.134710][ T8159] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  347.174429][ T8159] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  347.236833][ T8380] netlink: 28 bytes leftover after parsing attributes in process `syz.6.964'.
[  347.259953][ T4336] keyspan 1-1:127.29: Keyspan - (without firmware) converter detected
[  347.270842][ T8159] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  347.306087][ T4336] usb 1-1: USB disconnect, device number 16
[  347.314969][ T4336] keyspan 1-1:127.29: device disconnected
[  347.534431][ T8159] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  349.522990][ T8159] 8021q: adding VLAN 0 to HW filter on device bond0
[  349.542841][ T8402] netlink: 8 bytes leftover after parsing attributes in process `syz.8.968'.
[  349.564438][ T8159] 8021q: adding VLAN 0 to HW filter on device team0
[  349.571667][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  349.593009][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  349.616807][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  349.652988][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  349.693678][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  349.700849][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  349.767758][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  349.818783][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  349.854210][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  349.904031][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  349.911192][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  349.996562][ T8407] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  350.028831][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  350.058761][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  350.098171][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  350.129498][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  350.149392][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  350.174453][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  350.213117][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  350.238536][ T8413] device syzkaller0 entered promiscuous mode
[  350.248643][ T8413] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready
[  350.296734][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  350.314965][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  350.346551][ T8428] binder: BINDER_SET_CONTEXT_MGR already set
[  350.366333][ T8428] binder: 8427:8428 ioctl 4018620d 200000000040 returned -16
[  350.389462][ T8159] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  350.418642][ T8159] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  350.473431][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  350.486616][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  350.734232][   T26] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  351.051328][   T26] usb 9-1: Using ep0 maxpacket: 8
[  351.071509][   T26] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  351.090106][   T26] usb 9-1: config 0 has no interface number 0
[  351.106726][   T26] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  351.138486][   T26] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  351.205404][ T8445] ip6t_REJECT: ECHOREPLY is not supported
[  351.908555][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  351.920142][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  351.960793][ T8159] 8021q: adding VLAN 0 to HW filter on device batadv0
[  352.083021][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  352.100964][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  352.118639][   T26] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.130099][   T26] usb 9-1: config 0 descriptor??
[  352.140002][   T26] iowarrior 9-1:0.1: no interrupt-in endpoint found
[  352.176052][ T8450] loop1: detected capacity change from 0 to 4096
[  352.213183][ T8450] EXT4-fs: Ignoring removed mblk_io_submit option
[  352.219752][ T8450] EXT4-fs: quotafile must be on filesystem root
[  352.252806][ T5032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  352.277311][ T5032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  352.282816][ T8456] loop6: detected capacity change from 0 to 256
[  352.297639][ T5032] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  352.309052][ T8456] =======================================================
[  352.309052][ T8456] WARNING: The mand mount option has been deprecated and
[  352.309052][ T8456]          and is ignored by this kernel. Remove the mand
[  352.309052][ T8456]          option from the mount to silence this warning.
[  352.309052][ T8456] =======================================================
[  352.309490][ T5032] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  352.369855][ T8456] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  352.375074][   T26] usb 9-1: USB disconnect, device number 21
[  352.405411][ T8456] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  352.430116][ T8159] device veth0_vlan entered promiscuous mode
[  352.459774][ T8456] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  352.505818][ T8159] device veth1_vlan entered promiscuous mode
[  352.647395][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  352.675828][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  352.720810][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  352.756388][ T8456] exFAT-fs (loop6): hint_cluster is invalid (17)
[  352.766655][   T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  352.796863][ T8159] device veth0_macvtap entered promiscuous mode
[  352.841156][ T8159] device veth1_macvtap entered promiscuous mode
[  352.930202][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  352.949930][ T4468] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  352.971332][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  353.000348][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.056220][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  353.096244][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.143704][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  353.179256][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.201640][ T8472] autofs4:pid:8472:autofs_fill_super: called with bogus options
[  353.215184][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  353.249621][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.287887][ T8159] batman_adv: batadv0: Interface activated: batadv_slave_0
[  353.323853][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  353.342856][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  353.384199][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  353.444247][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.512724][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  353.560182][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.583818][ T8159] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  353.607162][ T8159] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  353.626108][ T8159] batman_adv: batadv0: Interface activated: batadv_slave_1
[  353.663699][ T8159] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  353.707381][ T8159] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  353.732321][ T8159] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  353.753194][ T8159] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  353.779509][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  353.804649][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  353.843381][ T4947] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  354.008967][ T5034] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.037505][ T5034] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.048505][ T4947] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  354.067560][ T4947] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  354.068558][ T8471] loop1: detected capacity change from 0 to 32768
[  354.078617][ T8494] binder: BINDER_SET_CONTEXT_MGR already set
[  354.103200][   T75] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.104703][ T4393] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  354.119035][ T4947] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  354.132280][   T75] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.136487][ T8494] binder: 8492:8494 ioctl 4018620d 200000000040 returned -16
[  354.156742][ T4947] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  354.177834][ T5034] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  354.198189][ T8471] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.983 (8471)
[  354.218327][ T4947] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  354.256861][ T4947] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  354.309547][ T4947] usb 1-1: Product: syz
[  354.324171][ T4947] usb 1-1: Manufacturer: syz
[  354.355962][ T4947] cdc_wdm: probe of 1-1:1.0 failed with error -22
[  354.413035][ T8471] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  354.464590][ T8471] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  354.498930][ T8471] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  354.540620][ T8502] netlink: 12 bytes leftover after parsing attributes in process `syz.2.918'.
[  354.559952][ T8471] BTRFS info (device loop1): use zstd compression, level 3
[  354.568328][ T4336] usb 1-1: USB disconnect, device number 17
[  354.602988][ T8471] BTRFS info (device loop1): using free space tree
[  354.792174][ T4271] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  354.962449][ T4271] usb 7-1: device descriptor read/64, error -71
[  354.989336][ T8471] BTRFS info (device loop1): enabling ssd optimizations
[  355.241979][ T4271] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  355.431997][ T4271] usb 7-1: device descriptor read/64, error -71
[  355.484431][ T5034] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  355.552164][ T4271] usb usb7-port1: attempt power cycle
[  355.619403][ T7592] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  356.722136][ T4271] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  356.764200][ T4271] usb 7-1: device descriptor read/8, error -71
[  357.072123][ T4271] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  357.120405][ T4271] usb 7-1: device descriptor read/8, error -71
[  357.292351][ T4271] usb usb7-port1: unable to enumerate USB device
[  357.932146][ T8558] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  358.144772][ T8558] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  358.172095][ T8558] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  358.207073][ T8558] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  358.220134][ T8558] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  358.269638][ T8558] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  358.309210][ T8558] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  358.334020][ T8558] usb 1-1: Product: syz
[  358.338266][ T8558] usb 1-1: Manufacturer: syz
[  358.373321][ T8558] cdc_wdm 1-1:1.0: skipping garbage
[  358.378618][ T8558] cdc_wdm: probe of 1-1:1.0 failed with error -22
[  358.587629][ T8558] usb 1-1: USB disconnect, device number 18
[  359.177471][ T8598] loop6: detected capacity change from 0 to 32768
[  359.240783][ T8598] XFS: noikeep mount option is deprecated.
[  359.274186][ T8629] device syzkaller0 entered promiscuous mode
[  359.317631][ T8635] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1014'.
[  359.346656][ T8629] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  359.372863][ T8598] XFS (loop6): Mounting V5 Filesystem
[  359.541673][ T8598] XFS (loop6): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  359.643297][ T8598] XFS (loop6): Starting recovery (logdev: internal)
[  359.755408][ T8598] XFS (loop6): Ending recovery (logdev: internal)
[  360.338945][ T4742] XFS (loop6): Unmounting Filesystem
[  361.890799][ T8697] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1028'.
[  362.144093][ T8702] device syzkaller0 entered promiscuous mode
[  362.173224][ T8702] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  362.424053][ T3653] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  362.693797][ T3653] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  362.721963][ T3653] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  362.762648][ T3653] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  362.771738][ T3653] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  362.817089][ T8722] binder: BINDER_SET_CONTEXT_MGR already set
[  362.832837][ T8722] binder: 8721:8722 ioctl 4018620d 200000000040 returned -16
[  362.858396][ T3653] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  362.887131][ T3653] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  362.907248][ T3653] usb 7-1: Product: syz
[  362.911571][ T3653] usb 7-1: Manufacturer: syz
[  362.949847][ T3653] cdc_wdm 7-1:1.0: skipping garbage
[  362.962327][ T3653] cdc_wdm: probe of 7-1:1.0 failed with error -22
[  363.154944][ T8561] usb 7-1: USB disconnect, device number 19
[  367.038724][ T8789] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  368.573036][ T8561] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  368.776286][ T8561] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  368.800412][ T8561] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  368.822819][ T8561] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  368.843691][ T8561] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  368.878987][ T8561] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  368.907205][ T8561] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  368.947792][ T8561] usb 3-1: Product: syz
[  368.963088][ T8561] usb 3-1: Manufacturer: syz
[  368.994152][ T8561] cdc_wdm 3-1:1.0: skipping garbage
[  368.999465][ T8561] cdc_wdm: probe of 3-1:1.0 failed with error -22
[  369.199603][ T8561] usb 3-1: USB disconnect, device number 6
[  371.196418][ T8852] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  373.044896][   T14] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  373.243804][   T14] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  373.266423][   T14] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  373.316617][   T14] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  373.352012][   T14] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  373.379826][ T8925] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  373.394620][   T14] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  373.417456][   T14] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  373.446208][   T14] usb 7-1: Product: syz
[  373.450453][   T14] usb 7-1: Manufacturer: syz
[  373.486655][   T14] cdc_wdm 7-1:1.0: skipping garbage
[  373.525997][   T14] cdc_wdm 7-1:1.0: skipping garbage
[  373.541662][   T14] cdc_wdm: probe of 7-1:1.0 failed with error -22
[  373.695428][ T8561] usb 7-1: USB disconnect, device number 20
[  374.230462][ T8953] autofs4:pid:8953:autofs_fill_super: called with bogus options
[  374.848896][ T8977] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  376.409548][ T9014] binder: 9013:9014 ioctl 4018620d 0 returned -22
[  376.548139][ T9019] autofs4:pid:9019:autofs_fill_super: called with bogus options
[  376.666936][ T9025] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1098'.
[  376.695129][   T22] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  376.706480][ T9028] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  376.902705][   T22] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  376.938440][   T22] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  376.966200][   T22] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  377.214656][   T22] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  377.251322][   T22] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  377.298456][   T22] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  377.315384][   T22] usb 1-1: Product: syz
[  377.327822][   T22] usb 1-1: Manufacturer: syz
[  377.364904][   T22] cdc_wdm 1-1:1.0: skipping garbage
[  377.370192][   T22] cdc_wdm 1-1:1.0: skipping garbage
[  377.399296][ T9048] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  377.404397][   T22] cdc_wdm: probe of 1-1:1.0 failed with error -22
[  377.583117][ T4271] usb 1-1: USB disconnect, device number 19
[  377.953004][ T9076] binder: 9072:9076 ioctl 4018620d 0 returned -22
[  378.403733][ T9086] tipc: Started in network mode
[  378.421675][ T9086] tipc: Node identity 4ee63bfdcdf4, cluster identity 4711
[  378.449769][ T9086] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  378.485289][ T9086] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  379.788828][   T22] tipc: Node number set to 2199010301
[  379.846787][ T9086] tipc: Resetting bearer <eth:syzkaller0>
[  380.199976][ T9085] tipc: Disabling bearer <eth:syzkaller0>
[  380.527314][ T9110] binder: 9108:9110 ioctl c0306201 0 returned -14
[  380.782969][ T4890] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  380.983532][ T4890] usb 2-1: not running at top speed; connect to a high speed hub
[  381.002707][ T4890] usb 2-1: config 127 has an invalid interface number: 29 but max is 0
[  381.011128][ T4890] usb 2-1: config 127 has no interface number 0
[  381.022437][   T22] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  381.041145][ T4890] usb 2-1: config 127 interface 29 has no altsetting 0
[  381.048579][   T14] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  381.106805][ T4890] usb 2-1: New USB device found, idVendor=06cd, idProduct=010b, bcdDevice=6b.12
[  381.142880][ T4890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.162002][ T4890] usb 2-1: Product: syz
[  381.172849][ T4890] usb 2-1: Manufacturer: syz
[  381.187148][ T4890] usb 2-1: SerialNumber: syz
[  381.226459][   T22] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  381.250418][   T22] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  381.252196][   T14] usb 9-1: Using ep0 maxpacket: 8
[  381.282525][   T22] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  381.291828][   T22] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  381.292656][   T14] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  381.326381][   T22] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  381.361656][   T22] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  381.362412][   T14] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  381.378509][   T22] usb 7-1: Product: syz
[  381.407301][   T22] usb 7-1: Manufacturer: syz
[  381.422517][ T4890] keyspan 2-1:127.29: Keyspan - (without firmware) converter detected
[  381.433039][   T22] cdc_wdm 7-1:1.0: skipping garbage
[  381.441997][   T14] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  381.459757][   T22] cdc_wdm 7-1:1.0: skipping garbage
[  381.464001][ T4890] usb 2-1: USB disconnect, device number 4
[  381.479911][ T4890] keyspan 2-1:127.29: device disconnected
[  381.483985][   T22] cdc_wdm: probe of 7-1:1.0 failed with error -22
[  381.492922][   T14] usb 9-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  381.534220][   T14] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  381.551445][   T14] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.590143][   T14] usbtmc 9-1:16.0: bulk endpoints not found
[  381.637203][   T22] usb 7-1: USB disconnect, device number 21
[  383.078746][ T9172] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  383.113920][ T9172] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  383.131727][ T9177] binder: 9176:9177 ioctl c0306201 0 returned -14
[  383.156177][ T9172] tipc: Resetting bearer <eth:syzkaller0>
[  383.211724][ T9171] tipc: Disabling bearer <eth:syzkaller0>
[  384.525753][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  384.532178][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  384.669823][ T4890] usb 9-1: USB disconnect, device number 22
[  385.210284][ T9210] binder: 9209:9210 ioctl c0306201 0 returned -14
[  385.212016][ T4890] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  385.425959][ T4890] usb 2-1: not running at top speed; connect to a high speed hub
[  385.444265][ T4890] usb 2-1: config 127 has an invalid interface number: 29 but max is 0
[  385.458224][ T9214] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  385.497095][ T4890] usb 2-1: config 127 has no interface number 0
[  385.517180][ T4890] usb 2-1: config 127 interface 29 has no altsetting 0
[  385.560028][ T4890] usb 2-1: New USB device found, idVendor=06cd, idProduct=010b, bcdDevice=6b.12
[  385.597095][ T4890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.617172][ T4890] usb 2-1: Product: syz
[  385.621428][ T4890] usb 2-1: Manufacturer: syz
[  385.654398][ T4890] usb 2-1: SerialNumber: syz
[  385.821197][ T9198] loop6: detected capacity change from 0 to 32768
[  385.898796][ T4890] keyspan 2-1:127.29: Keyspan - (without firmware) converter detected
[  385.951864][ T4890] usb 2-1: USB disconnect, device number 5
[  385.981394][ T4890] keyspan 2-1:127.29: device disconnected
[  386.017087][ T9198] XFS (loop6): Mounting V5 Filesystem
[  386.225674][ T9236] kvm: pic: single mode not supported
[  386.225699][ T9236] kvm: pic: level sensitive irq not supported
[  386.239282][ T9198] XFS (loop6): Ending clean mount
[  386.382084][ T8561] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  386.443927][ T9243] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1148'.
[  386.554943][ T4742] XFS (loop6): Unmounting Filesystem
[  387.243372][ T8561] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  387.252250][ T8561] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  387.292189][ T8561] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  387.301239][ T8561] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  387.392116][ T8561] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  387.401258][ T8561] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  387.422462][ T8561] usb 1-1: Product: syz
[  387.426715][ T8561] usb 1-1: Manufacturer: syz
[  387.467869][ T9254] autofs4:pid:9254:autofs_fill_super: called with bogus options
[  387.475019][ T8561] cdc_wdm 1-1:1.0: skipping garbage
[  387.482280][ T8561] cdc_wdm 1-1:1.0: skipping garbage
[  387.493092][ T8561] cdc_wdm 1-1:1.0: skipping garbage
[  387.498372][ T8561] cdc_wdm: probe of 1-1:1.0 failed with error -22
[  387.532308][ T5032] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  387.681632][ T8561] usb 1-1: USB disconnect, device number 20
[  387.841052][ T9261] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  387.875998][ T9261] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  387.917456][ T9261] tipc: Resetting bearer <eth:syzkaller0>
[  387.986635][ T9260] tipc: Disabling bearer <eth:syzkaller0>
[  389.825731][ T9297] netlink: 'syz.8.1161': attribute type 2 has an invalid length.
[  389.837595][ T9297] netlink: 'syz.8.1161': attribute type 8 has an invalid length.
[  389.847596][ T9297] netlink: 132 bytes leftover after parsing attributes in process `syz.8.1161'.
[  390.198135][ T9299] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1163'.
[  390.267736][ T9281] loop0: detected capacity change from 0 to 32768
[  390.305585][ T9281] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1160 (9281)
[  390.362447][ T9281] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  390.379437][ T9281] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  390.549044][ T9281] BTRFS info (device loop0): use no compression
[  390.559702][ T9305] autofs4:pid:9305:autofs_fill_super: called with bogus options
[  390.572301][ T9281] BTRFS info (device loop0): doing ref verification
[  391.241471][ T4890] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  391.249596][ T9281] BTRFS info (device loop0): force clearing of disk cache
[  391.292224][ T9281] BTRFS info (device loop0): turning off barriers
[  391.298773][ T9281] BTRFS info (device loop0): setting nodatasum
[  391.365898][ T9281] BTRFS info (device loop0): enabling ssd optimizations
[  391.410277][ T9281] BTRFS info (device loop0): using spread ssd allocation scheme
[  391.442092][ T4890] usb 7-1: Using ep0 maxpacket: 8
[  391.450435][ T4890] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  391.467265][ T9281] BTRFS info (device loop0): not using ssd optimizations
[  391.492068][ T9281] BTRFS info (device loop0): not using spread ssd allocation scheme
[  391.499545][ T4890] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  391.500118][ T9281] BTRFS info (device loop0): using free space tree
[  391.551411][ T4890] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  391.595626][ T4890] usb 7-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  391.646152][ T4890] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  391.686104][ T4890] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.750658][ T4890] usbtmc 7-1:16.0: bulk endpoints not found
[  391.954909][ T9281] BTRFS error (device loop0): open_ctree failed: -12
[  393.703196][ T4271] usb 7-1: USB disconnect, device number 22
[  393.731999][   T14] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  393.924068][   T14] usb 9-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  393.963508][   T14] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  393.993553][   T14] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 66
[  394.042091][   T14] usb 9-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  394.087112][   T14] usb 9-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  394.101861][   T14] usb 9-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  394.119998][   T14] usb 9-1: Product: syz
[  394.157693][   T14] usb 9-1: Manufacturer: syz
[  394.185680][   T14] cdc_wdm 9-1:1.0: skipping garbage
[  394.191014][   T14] cdc_wdm 9-1:1.0: skipping garbage
[  394.237448][   T14] cdc_wdm 9-1:1.0: skipping garbage
[  394.258419][   T14] cdc_wdm: probe of 9-1:1.0 failed with error -22
[  394.400737][ T9369] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1175'.
[  394.417480][ T4271] usb 9-1: USB disconnect, device number 23
[  394.973557][ T9375] loop6: detected capacity change from 0 to 8192
[  395.185348][ T9381] autofs4:pid:9381:autofs_fill_super: called with bogus options
[  395.942307][ T9398] ip6t_REJECT: ECHOREPLY is not supported
[  398.672080][ T4336] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  398.902975][ T4336] usb 7-1: Using ep0 maxpacket: 8
[  398.917020][ T4336] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  400.123935][ T4336] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  400.124446][ T4947] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  400.135601][ T4336] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  400.153667][ T4336] usb 7-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  400.167647][ T4336] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  400.178676][ T9439] autofs4:pid:9439:autofs_fill_super: called with bogus options
[  400.199758][ T4336] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  400.238577][ T4336] usbtmc 7-1:16.0: bulk endpoints not found
[  400.376878][ T4947] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  400.398761][ T4947] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  400.424260][ T4947] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  400.478595][ T4947] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  400.535500][ T4947] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  400.562078][ T4947] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  400.583053][ T4947] usb 3-1: Product: syz
[  400.587283][ T4947] usb 3-1: Manufacturer: syz
[  400.617716][ T4947] cdc_wdm 3-1:1.0: skipping garbage
[  400.632259][ T4947] cdc_wdm 3-1:1.0: skipping garbage
[  400.658948][ T4947] cdc_wdm 3-1:1.0: skipping garbage
[  400.681723][ T4947] cdc_wdm: probe of 3-1:1.0 failed with error -22
[  400.862414][ T4947] usb 3-1: USB disconnect, device number 7
[  401.970336][ T4890] usb 7-1: USB disconnect, device number 23
[  402.182082][ T4279] Bluetooth: hci2: command 0x0406 tx timeout
[  402.855714][ T9484] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  403.848862][ T9474] loop2: detected capacity change from 0 to 32768
[  404.158014][ T9474] ERROR: (device loop2): duplicateIXtree: 
[  404.158014][ T9474] 
[  404.187295][ T9497] autofs4:pid:9497:autofs_fill_super: called with bogus options
[  404.213903][ T9474] ERROR: (device loop2): remounting filesystem as read-only
[  404.293329][ T9474] BUG: Bad page state in process syz.2.1199  pfn:57b1a
[  404.311353][ T9474] page:ffffea00015ec680 refcount:0 mapcount:0 mapping:0000000000000000 index:0x33 pfn:0x57b1a
[  404.360286][ T9474] flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[  404.372721][ T4947] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  404.437773][ T9502] ERROR: (device loop2): dtSearch: stack overrun!
[  404.437773][ T9502] 
[  404.447502][ T9474] raw: 00fff00000002006 ffffea0001e95f48 ffffc9000e287980 0000000000000000
[  404.476932][ T9502] btstack dump:
[  404.491054][ T9474] raw: 0000000000000033 ffff888061fbb4d8 00000000ffffffff 0000000000000000
[  404.520211][ T9502] bn = 0, index = 0
[  404.543665][ T9502] bn = 2d, index = 0
[  404.567859][ T9474] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  404.582021][ T4947] usb 9-1: Using ep0 maxpacket: 8
[  404.597715][ T4947] usb 9-1: config 0 has an invalid interface number: 1 but max is 0
[  404.613438][ T9502] bn = 0, index = 0
[  404.629251][ T4947] usb 9-1: config 0 has no interface number 0
[  404.638300][ T9502] bn = 2d, index = 0
[  404.667610][ T9474] page_owner tracks the page as allocated
[  404.675086][ T4947] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  404.713809][ T9502] bn = 0, index = 0
[  404.720037][ T9502] bn = 2d, index = 0
[  404.738035][ T9474] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 9474, tgid 9472 (syz.2.1199), ts 404259425025, free_ts 388659725887
[  404.746592][ T9502] bn = 0, index = 0
[  404.769427][ T4947] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  404.791194][ T4947] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.806253][ T9502] bn = 0, index = 0
[  404.820224][ T4947] usb 9-1: config 0 descriptor??
[  404.839826][ T4947] iowarrior 9-1:0.1: no interrupt-in endpoint found
[  404.850629][ T9474]  post_alloc_hook+0x173/0x1a0
[  404.861593][ T9502] jfs_lookup: dtSearch returned -5
[  404.870013][ T9474]  get_page_from_freelist+0x1a26/0x1ac0
[  404.876355][ T9474]  __alloc_pages+0x1df/0x4e0
[  404.881313][ T9474]  folio_alloc+0x1c/0x60
[  404.886931][ T9474]  filemap_alloc_folio+0xdb/0x460
[  404.893094][ T9474]  __filemap_get_folio+0x697/0xdd0
[  404.898433][ T9474]  pagecache_get_page+0x26/0x250
[  404.904085][ T9474]  __get_metapage+0x2a4/0xfa0
[  404.908974][ T9474]  diNewExt+0x9eb/0x2cb0
[  404.913645][ T9474]  diAllocAG+0xde9/0x1c20
[  404.918388][ T9474]  diAlloc+0x1c9/0x1910
[  404.923158][ T9474]  ialloc+0x88/0x950
[  404.927201][ T9474]  jfs_mkdir+0x190/0xa70
[  404.937436][ T9474]  vfs_mkdir+0x387/0x570
[  404.943802][ T9474]  do_mkdirat+0x1d0/0x430
[  404.948715][ T9474]  __x64_sys_mkdirat+0x85/0x90
[  404.958929][ T3653] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  404.968205][ T9474] page last free stack trace:
[  404.973553][ T9474]  free_unref_page_prepare+0x8b4/0x9a0
[  404.979399][ T9474]  free_unref_page+0x2e/0x3f0
[  404.985520][ T9474]  __mmdrop+0xb0/0x480
[  404.989956][ T9474]  finish_task_switch+0x3e4/0x8f0
[  404.995666][ T9474]  __schedule+0x10f4/0x40b0
[  405.000539][ T9474]  schedule+0xb9/0x180
[  405.005147][ T9474]  pipe_read+0xb6e/0x1200
[  405.009659][ T9474]  vfs_read+0x434/0x920
[  405.015261][ T9474]  ksys_read+0x143/0x240
[  405.019675][ T9474]  do_syscall_64+0x4c/0xa0
[  405.024673][ T9474]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  405.042745][ T9474] Modules linked in:
[  405.046894][ T9474] CPU: 1 PID: 9474 Comm: syz.2.1199 Not tainted 6.1.147-syzkaller #0
[  405.055063][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  405.065174][ T9474] Call Trace:
[  405.068499][ T9474]  <TASK>
[  405.071473][ T9474]  dump_stack_lvl+0x168/0x22e
[  405.076206][ T9474]  ? show_regs_print_info+0x12/0x12
[  405.081465][ T9474]  ? swiotlb_print_info+0x60/0x60
[  405.086562][ T9474]  bad_page+0x14b/0x170
[  405.090783][ T9474]  free_unref_page_prepare+0x42a/0x9a0
[  405.096293][ T9474]  ? percpu_ref_put+0x19/0x180
[  405.101095][ T9474]  free_unref_page_list+0xbb/0x8e0
[  405.106248][ T9474]  release_pages+0x1f92/0x2200
[  405.111049][ T9474]  ? lru_cache_disable+0x30/0x30
[  405.116042][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  405.121556][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  405.127032][ T9474]  ? mlock_page_drain_local+0x289/0x490
[  405.132601][ T9474]  __pagevec_release+0x6d/0xe0
[  405.137390][ T9474]  truncate_inode_pages_range+0x2f6/0xff0
[  405.143150][ T9474]  ? mapping_evict_folio+0x520/0x520
[  405.148466][ T9474]  ? parse_options+0xc03/0xdb0
[  405.153257][ T9474]  ? jfs_fill_super+0xac0/0xac0
[  405.158140][ T9474]  ? sync_filesystem+0x103/0x220
[  405.163189][ T9474]  jfs_remount+0x337/0x5a0
[  405.167638][ T9474]  ? jfs_statfs+0x550/0x550
[  405.172185][ T9474]  ? __might_sleep+0xd0/0xd0
[  405.176899][ T9474]  ? hook_sb_remount+0x19/0xc0
[  405.181690][ T9474]  reconfigure_super+0x219/0x880
[  405.186669][ T9474]  path_mount+0xdfd/0x1010
[  405.191215][ T9474]  ? kmem_cache_free+0xf7/0x290
[  405.196114][ T9474]  __se_sys_mount+0x2d6/0x3c0
[  405.200827][ T9474]  ? __x64_sys_mount+0xc0/0xc0
[  405.205615][ T9474]  ? lockdep_hardirqs_on+0x94/0x140
[  405.210833][ T9474]  ? __x64_sys_mount+0x1c/0xc0
[  405.215614][ T9474]  do_syscall_64+0x4c/0xa0
[  405.220100][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  405.224800][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  405.229497][ T9474]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  405.235420][ T9474] RIP: 0033:0x7f912f38eb69
[  405.239868][ T9474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  405.259508][ T9474] RSP: 002b:00007f9130196038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  405.267948][ T9474] RAX: ffffffffffffffda RBX: 00007f912f5b5fa0 RCX: 00007f912f38eb69
[  405.275941][ T9474] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[  405.283931][ T9474] RBP: 00007f912f411df1 R08: 0000000000000000 R09: 0000000000000000
[  405.291945][ T9474] R10: 0000000002012024 R11: 0000000000000246 R12: 0000000000000000
[  405.299942][ T9474] R13: 0000000000000000 R14: 00007f912f5b5fa0 R15: 00007ffd59ae5eb8
[  405.307967][ T9474]  </TASK>
[  405.320569][ T4336] usb 9-1: USB disconnect, device number 24
[  405.352117][ T3653] usb 2-1: Using ep0 maxpacket: 8
[  405.357070][ T9474] Disabling lock debugging due to kernel taint
[  405.361580][ T3653] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  405.363847][ T9474] BUG: Bad page state in process syz.2.1199  pfn:7a57d
[  405.381777][ T9474] page:ffffea0001e95f40 refcount:0 mapcount:0 mapping:0000000000000000 index:0x32 pfn:0x7a57d
[  405.388980][ T3653] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  405.401547][ T9474] flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[  405.412989][ T9474] raw: 00fff00000002006 ffffea0001633fc8 ffffc9000e287980 0000000000000000
[  405.424619][ T9474] raw: 0000000000000032 ffff888061fbb3e0 00000000ffffffff 0000000000000000
[  405.427488][ T3653] usb 2-1: config 16 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  405.433664][ T9474] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  405.464507][ T9474] page_owner tracks the page as allocated
[  405.473544][ T9474] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 9474, tgid 9472 (syz.2.1199), ts 404241777146, free_ts 388660245631
[  405.475543][ T3653] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  405.495428][ T9474]  post_alloc_hook+0x173/0x1a0
[  405.522335][ T9474]  get_page_from_freelist+0x1a26/0x1ac0
[  405.530216][ T9474]  __alloc_pages+0x1df/0x4e0
[  405.541900][ T9474]  folio_alloc+0x1c/0x60
[  405.564266][ T9474]  filemap_alloc_folio+0xdb/0x460
[  405.575660][ T3653] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  405.576082][ T9474]  __filemap_get_folio+0x697/0xdd0
[  405.595238][ T9474]  pagecache_get_page+0x26/0x250
[  405.601158][ T9474]  __get_metapage+0x2a4/0xfa0
[  405.602917][ T3653] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.609989][ T9474]  diNewExt+0x9eb/0x2cb0
[  405.620648][ T9474]  diAllocAG+0xde9/0x1c20
[  405.625657][ T9474]  diAlloc+0x1c9/0x1910
[  405.628450][ T3653] usbtmc 2-1:16.0: bulk endpoints not found
[  405.637255][ T9474]  ialloc+0x88/0x950
[  405.641652][ T9474]  jfs_mkdir+0x190/0xa70
[  405.654906][ T9474]  vfs_mkdir+0x387/0x570
[  405.660279][ T9474]  do_mkdirat+0x1d0/0x430
[  405.665145][ T9474]  __x64_sys_mkdirat+0x85/0x90
[  405.670354][ T9474] page last free stack trace:
[  405.694458][ T9474]  free_unref_page_prepare+0x8b4/0x9a0
[  405.719287][ T9474]  free_unref_page+0x2e/0x3f0
[  405.737206][ T9474]  __vunmap+0x856/0xa00
[  405.746516][ T9474]  kvm_arch_free_memslot+0xfb/0x170
[  405.761291][ T9474]  kvm_put_kvm+0x1185/0x1950
[  405.772036][ T9474]  kvm_vm_release+0x42/0x50
[  405.776698][ T9474]  __fput+0x22c/0x920
[  405.780903][ T9474]  task_work_run+0x1ca/0x250
[  405.786021][ T9474]  exit_to_user_mode_loop+0xe6/0x110
[  405.792191][ T9474]  exit_to_user_mode_prepare+0xb1/0x140
[  405.801938][ T9474]  syscall_exit_to_user_mode+0x16/0x40
[  405.807808][ T9474]  do_syscall_64+0x58/0xa0
[  405.814627][ T9474]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  405.820934][ T9474] Modules linked in:
[  405.825770][ T9474] CPU: 1 PID: 9474 Comm: syz.2.1199 Tainted: G    B              6.1.147-syzkaller #0
[  405.835458][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  405.845562][ T9474] Call Trace:
[  405.848872][ T9474]  <TASK>
[  405.851864][ T9474]  dump_stack_lvl+0x168/0x22e
[  405.856586][ T9474]  ? show_regs_print_info+0x12/0x12
[  405.861835][ T9474]  ? swiotlb_print_info+0x60/0x60
[  405.866916][ T9474]  bad_page+0x14b/0x170
[  405.871117][ T9474]  free_unref_page_prepare+0x42a/0x9a0
[  405.876670][ T9474]  ? percpu_ref_put+0x19/0x180
[  405.881483][ T9474]  free_unref_page_list+0xbb/0x8e0
[  405.886647][ T9474]  release_pages+0x1f92/0x2200
[  405.891466][ T9474]  ? lru_cache_disable+0x30/0x30
[  405.896465][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  405.901969][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  405.907473][ T9474]  ? mlock_page_drain_local+0x289/0x490
[  405.913066][ T9474]  __pagevec_release+0x6d/0xe0
[  405.917955][ T9474]  truncate_inode_pages_range+0x2f6/0xff0
[  405.923721][ T9474]  ? mapping_evict_folio+0x520/0x520
[  405.929095][ T9474]  ? parse_options+0xc03/0xdb0
[  405.934017][ T9474]  ? jfs_fill_super+0xac0/0xac0
[  405.938927][ T9474]  ? sync_filesystem+0x103/0x220
[  405.943921][ T9474]  jfs_remount+0x337/0x5a0
[  405.948392][ T9474]  ? jfs_statfs+0x550/0x550
[  405.952943][ T9474]  ? __might_sleep+0xd0/0xd0
[  405.957849][ T9474]  ? hook_sb_remount+0x19/0xc0
[  405.962664][ T9474]  reconfigure_super+0x219/0x880
[  405.967819][ T9474]  path_mount+0xdfd/0x1010
[  405.972278][ T9474]  ? kmem_cache_free+0xf7/0x290
[  405.977186][ T9474]  __se_sys_mount+0x2d6/0x3c0
[  405.981903][ T9474]  ? __x64_sys_mount+0xc0/0xc0
[  405.986799][ T9474]  ? lockdep_hardirqs_on+0x94/0x140
[  405.992043][ T9474]  ? __x64_sys_mount+0x1c/0xc0
[  405.996854][ T9474]  do_syscall_64+0x4c/0xa0
[  406.001314][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  406.006059][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  406.010785][ T9474]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  406.016730][ T9474] RIP: 0033:0x7f912f38eb69
[  406.021190][ T9474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.040843][ T9474] RSP: 002b:00007f9130196038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  406.049395][ T9474] RAX: ffffffffffffffda RBX: 00007f912f5b5fa0 RCX: 00007f912f38eb69
[  406.057408][ T9474] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[  406.065468][ T9474] RBP: 00007f912f411df1 R08: 0000000000000000 R09: 0000000000000000
[  406.073490][ T9474] R10: 0000000002012024 R11: 0000000000000246 R12: 0000000000000000
[  406.081558][ T9474] R13: 0000000000000000 R14: 00007f912f5b5fa0 R15: 00007ffd59ae5eb8
[  406.089583][ T9474]  </TASK>
[  406.097072][ T9474] BUG: Bad page state in process syz.2.1199  pfn:58cff
[  406.107620][ T9474] page:ffffea0001633fc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x31 pfn:0x58cff
[  406.119606][ T9474] flags: 0xfff00000002006(referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[  406.131511][ T9474] raw: 00fff00000002006 ffffea00019cd448 ffffc9000e287980 0000000000000000
[  406.140922][ T9474] raw: 0000000000000031 ffff888061fbb2e8 00000000ffffffff 0000000000000000
[  406.150330][ T9474] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  406.158643][ T9474] page_owner tracks the page as allocated
[  406.172600][ T9474] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 9474, tgid 9472 (syz.2.1199), ts 404241729319, free_ts 388660293360
[  406.192124][ T9474]  post_alloc_hook+0x173/0x1a0
[  406.202188][ T9474]  get_page_from_freelist+0x1a26/0x1ac0
[  406.216539][ T9474]  __alloc_pages+0x1df/0x4e0
[  406.231422][ T9474]  folio_alloc+0x1c/0x60
[  406.246314][ T9474]  filemap_alloc_folio+0xdb/0x460
[  406.259240][ T9474]  __filemap_get_folio+0x697/0xdd0
[  406.266107][ T9474]  pagecache_get_page+0x26/0x250
[  406.284962][ T9474]  __get_metapage+0x2a4/0xfa0
[  406.305796][ T9474]  diNewExt+0x9eb/0x2cb0
[  406.310251][ T9474]  diAllocAG+0xde9/0x1c20
[  406.316392][ T9474]  diAlloc+0x1c9/0x1910
[  406.320921][ T9474]  ialloc+0x88/0x950
[  406.326579][ T9474]  jfs_mkdir+0x190/0xa70
[  406.332337][ T9474]  vfs_mkdir+0x387/0x570
[  406.338828][ T9474]  do_mkdirat+0x1d0/0x430
[  406.351952][ T9474]  __x64_sys_mkdirat+0x85/0x90
[  406.356989][ T9474] page last free stack trace:
[  406.362244][ T9474]  free_unref_page_prepare+0x8b4/0x9a0
[  406.368190][ T9474]  free_unref_page+0x2e/0x3f0
[  406.380098][ T9474]  __vunmap+0x856/0xa00
[  406.392736][ T9474]  kvm_arch_free_memslot+0x13a/0x170
[  406.412090][ T9474]  kvm_put_kvm+0x1185/0x1950
[  406.417412][ T9474]  kvm_vm_release+0x42/0x50
[  406.428093][ T9474]  __fput+0x22c/0x920
[  406.437651][ T9474]  task_work_run+0x1ca/0x250
[  406.447104][ T9474]  exit_to_user_mode_loop+0xe6/0x110
[  406.455564][ T9474]  exit_to_user_mode_prepare+0xb1/0x140
[  406.463880][ T9474]  syscall_exit_to_user_mode+0x16/0x40
[  406.475053][ T9474]  do_syscall_64+0x58/0xa0
[  406.489348][ T9474]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  406.497338][ T9474] Modules linked in:
[  406.501401][ T9474] CPU: 0 PID: 9474 Comm: syz.2.1199 Tainted: G    B              6.1.147-syzkaller #0
[  406.510979][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  406.521068][ T9474] Call Trace:
[  406.524360][ T9474]  <TASK>
[  406.527298][ T9474]  dump_stack_lvl+0x168/0x22e
[  406.531994][ T9474]  ? show_regs_print_info+0x12/0x12
[  406.537212][ T9474]  ? swiotlb_print_info+0x60/0x60
[  406.542251][ T9474]  bad_page+0x14b/0x170
[  406.546425][ T9474]  free_unref_page_prepare+0x42a/0x9a0
[  406.551919][ T9474]  ? percpu_ref_put+0x19/0x180
[  406.556715][ T9474]  free_unref_page_list+0xbb/0x8e0
[  406.561852][ T9474]  release_pages+0x1f92/0x2200
[  406.566663][ T9474]  ? lru_cache_disable+0x30/0x30
[  406.571645][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  406.577111][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  406.582614][ T9474]  ? mlock_page_drain_local+0x289/0x490
[  406.588292][ T9474]  __pagevec_release+0x6d/0xe0
[  406.593151][ T9474]  truncate_inode_pages_range+0x2f6/0xff0
[  406.598903][ T9474]  ? mapping_evict_folio+0x520/0x520
[  406.604202][ T9474]  ? parse_options+0xc03/0xdb0
[  406.609006][ T9474]  ? jfs_fill_super+0xac0/0xac0
[  406.613869][ T9474]  ? sync_filesystem+0x103/0x220
[  406.618828][ T9474]  jfs_remount+0x337/0x5a0
[  406.623256][ T9474]  ? jfs_statfs+0x550/0x550
[  406.627765][ T9474]  ? __might_sleep+0xd0/0xd0
[  406.632388][ T9474]  ? hook_sb_remount+0x19/0xc0
[  406.637179][ T9474]  reconfigure_super+0x219/0x880
[  406.642144][ T9474]  path_mount+0xdfd/0x1010
[  406.646562][ T9474]  ? kmem_cache_free+0xf7/0x290
[  406.651418][ T9474]  __se_sys_mount+0x2d6/0x3c0
[  406.656109][ T9474]  ? __x64_sys_mount+0xc0/0xc0
[  406.660878][ T9474]  ? lockdep_hardirqs_on+0x94/0x140
[  406.666083][ T9474]  ? __x64_sys_mount+0x1c/0xc0
[  406.670871][ T9474]  do_syscall_64+0x4c/0xa0
[  406.675309][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  406.680000][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  406.684721][ T9474]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  406.690642][ T9474] RIP: 0033:0x7f912f38eb69
[  406.695093][ T9474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.714737][ T9474] RSP: 002b:00007f9130196038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  406.723176][ T9474] RAX: ffffffffffffffda RBX: 00007f912f5b5fa0 RCX: 00007f912f38eb69
[  406.731163][ T9474] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[  406.739141][ T9474] RBP: 00007f912f411df1 R08: 0000000000000000 R09: 0000000000000000
[  406.747130][ T9474] R10: 0000000002012024 R11: 0000000000000246 R12: 0000000000000000
[  406.755126][ T9474] R13: 0000000000000000 R14: 00007f912f5b5fa0 R15: 00007ffd59ae5eb8
[  406.763124][ T9474]  </TASK>
[  406.842090][ T9474] BUG: Bad page state in process syz.2.1199  pfn:79c5b
[  406.849545][ T9474] page:ffffea0001e716c0 refcount:0 mapcount:0 mapping:0000000000000000 index:0xd pfn:0x79c5b
[  406.861662][ T9474] flags: 0xfff08000002046(referenced|uptodate|workingset|private|node=0|zone=1|lastcpupid=0x7ff)
[  406.874476][ T9474] raw: 00fff08000002046 ffffea00018302c8 ffffea00016022c8 0000000000000000
[  406.888684][ T9474] raw: 000000000000000d ffff888065ce9e88 00000000ffffffff 0000000000000000
[  406.897950][ T9474] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  406.908258][ T9474] page_owner tracks the page as allocated
[  406.914096][ T9474] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 9474, tgid 9472 (syz.2.1199), ts 403950558596, free_ts 402547644293
[  406.932492][ T9474]  post_alloc_hook+0x173/0x1a0
[  406.937324][ T9474]  get_page_from_freelist+0x1a26/0x1ac0
[  406.943296][ T9474]  __alloc_pages+0x1df/0x4e0
[  406.948156][ T9474]  folio_alloc+0x1c/0x60
[  406.952820][ T9474]  filemap_alloc_folio+0xdb/0x460
[  406.958105][ T9474]  do_read_cache_folio+0x1bb/0x760
[  406.963633][ T9474]  do_read_cache_page+0x32/0x220
[  406.968745][ T9474]  __get_metapage+0x316/0xfa0
[  406.974991][ T9474]  diReadSpecial+0x257/0x6f0
[  406.979742][ T9474]  jfs_mount+0x3cd/0x860
[  406.986220][ T9474]  jfs_fill_super+0x4de/0xac0
[  406.991085][ T9474]  mount_bdev+0x287/0x3c0
[  406.995884][ T9474]  legacy_get_tree+0xe6/0x180
[  407.000721][ T9474]  vfs_get_tree+0x88/0x270
[  407.007652][ T9474]  do_new_mount+0x24a/0xa40
[  407.012519][ T9474]  __se_sys_mount+0x2d6/0x3c0
[  407.017349][ T9474] page last free stack trace:
[  407.024183][ T9474]  free_unref_page_prepare+0x8b4/0x9a0
[  407.029839][ T9474]  free_unref_page_list+0xbb/0x8e0
[  407.035389][ T9474]  release_pages+0x1f92/0x2200
[  407.040335][ T9474]  tlb_flush_mmu+0xff/0x210
[  407.047172][ T9474]  tlb_finish_mmu+0xbd/0x1c0
[  407.052142][ T9474]  exit_mmap+0x343/0x8e0
[  407.056566][ T9474]  __mmput+0x118/0x3c0
[  407.061034][ T9474]  exit_mm+0x1e6/0x2c0
[  407.068028][ T9474]  do_exit+0x8c1/0x2400
[  407.072551][ T9474]  do_group_exit+0x217/0x2d0
[  407.077338][ T9474]  get_signal+0x1272/0x1350
[  407.083571][ T9474]  arch_do_signal_or_restart+0xb0/0x1230
[  407.089393][ T9474]  exit_to_user_mode_loop+0x70/0x110
[  407.095320][ T9474]  exit_to_user_mode_prepare+0xb1/0x140
[  407.101107][ T9474]  syscall_exit_to_user_mode+0x16/0x40
[  407.107049][ T9474]  do_syscall_64+0x58/0xa0
[  407.111639][ T9474] Modules linked in:
[  407.116406][ T9474] CPU: 0 PID: 9474 Comm: syz.2.1199 Tainted: G    B              6.1.147-syzkaller #0
[  407.126010][ T9474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  407.136100][ T9474] Call Trace:
[  407.139389][ T9474]  <TASK>
[  407.142330][ T9474]  dump_stack_lvl+0x168/0x22e
[  407.147028][ T9474]  ? show_regs_print_info+0x12/0x12
[  407.152242][ T9474]  ? swiotlb_print_info+0x60/0x60
[  407.157318][ T9474]  bad_page+0x14b/0x170
[  407.161496][ T9474]  free_unref_page_prepare+0x42a/0x9a0
[  407.166978][ T9474]  free_unref_page_list+0xbb/0x8e0
[  407.172134][ T9474]  release_pages+0x1f92/0x2200
[  407.176950][ T9474]  ? lru_cache_disable+0x30/0x30
[  407.181946][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  407.187429][ T9474]  ? mlock_page_drain_local+0x75/0x490
[  407.192909][ T9474]  ? mlock_page_drain_local+0x289/0x490
[  407.198473][ T9474]  __pagevec_release+0x6d/0xe0
[  407.203263][ T9474]  truncate_inode_pages_range+0x2f6/0xff0
[  407.209019][ T9474]  ? mapping_evict_folio+0x520/0x520
[  407.214328][ T9474]  ? parse_options+0xc03/0xdb0
[  407.219125][ T9474]  ? jfs_fill_super+0xac0/0xac0
[  407.224006][ T9474]  ? sync_filesystem+0x103/0x220
[  407.228966][ T9474]  jfs_remount+0x337/0x5a0
[  407.233405][ T9474]  ? jfs_statfs+0x550/0x550
[  407.237945][ T9474]  ? __might_sleep+0xd0/0xd0
[  407.242596][ T9474]  ? hook_sb_remount+0x19/0xc0
[  407.247399][ T9474]  reconfigure_super+0x219/0x880
[  407.252365][ T9474]  path_mount+0xdfd/0x1010
[  407.256797][ T9474]  ? kmem_cache_free+0xf7/0x290
[  407.261668][ T9474]  __se_sys_mount+0x2d6/0x3c0
[  407.266368][ T9474]  ? __x64_sys_mount+0xc0/0xc0
[  407.271145][ T9474]  ? lockdep_hardirqs_on+0x94/0x140
[  407.276361][ T9474]  ? __x64_sys_mount+0x1c/0xc0
[  407.281156][ T9474]  do_syscall_64+0x4c/0xa0
[  407.285591][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  407.290280][ T9474]  ? clear_bhb_loop+0x60/0xb0
[  407.294999][ T9474]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  407.300927][ T9474] RIP: 0033:0x7f912f38eb69
[  407.305358][ T9474] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  407.325067][ T9474] RSP: 002b:00007f9130196038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  407.333673][ T9474] RAX: ffffffffffffffda RBX: 00007f912f5b5fa0 RCX: 00007f912f38eb69
[  407.341661][ T9474] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000000
[  407.349643][ T9474] RBP: 00007f912f411df1 R08: 0000000000000000 R09: 0000000000000000
[  407.357627][ T9474] R10: 0000000002012024 R11: 0000000000000246 R12: 0000000000000000
[  407.365612][ T9474] R13: 0000000000000000 R14: 00007f912f5b5fa0 R15: 00007ffd59ae5eb8
[  407.373607][ T9474]  </TASK>
[  407.405426][  T108] BUG: Bad page state in process jfsCommit  pfn:1ee45
[  407.414816][  T108] page:ffffea00007b9140 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2d pfn:0x1ee45
[  407.425287][  T108] flags: 0xfff00000002007(locked|referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[  407.437332][  T108] raw: 00fff00000002007 dead000000000100 dead000000000122 0000000000000000
[  407.448359][  T108] raw: 000000000000002d ffff888061fbb5d0 00000000ffffffff 0000000000000000
[  407.458878][  T108] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set
[  407.468253][  T108] page_owner tracks the page as allocated
[  407.475886][  T108] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 9474, tgid 9472 (syz.2.1199), ts 404261594500, free_ts 388659087911
[  407.501422][  T108]  post_alloc_hook+0x173/0x1a0
[  407.507101][  T108]  get_page_from_freelist+0x1a26/0x1ac0
[  407.514695][  T108]  __alloc_pages+0x1df/0x4e0
[  407.519374][  T108]  folio_alloc+0x1c/0x60
[  407.523907][  T108]  filemap_alloc_folio+0xdb/0x460
[  407.528991][  T108]  __filemap_get_folio+0x697/0xdd0
[  407.543609][  T108]  pagecache_get_page+0x26/0x250
[  407.548631][  T108]  __get_metapage+0x2a4/0xfa0
[  407.561594][ T4948] usb 2-1: USB disconnect, device number 6
[  407.569311][  T108]  dtSplitRoot+0x1de/0x14e0
[  407.580955][  T108]  dtInsert+0xe2a/0x58a0
[  407.607691][  T108]  jfs_mkdir+0x6e5/0xa70
[  407.614471][  T108]  vfs_mkdir+0x387/0x570
[  407.618789][  T108]  do_mkdirat+0x1d0/0x430
[  407.625159][  T108]  __x64_sys_mkdirat+0x85/0x90
[  407.629984][  T108]  do_syscall_64+0x4c/0xa0
[  407.634746][  T108]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  407.640694][  T108] page last free stack trace:
[  407.647388][  T108]  free_unref_page_prepare+0x8b4/0x9a0
[  407.653106][  T108]  free_unref_page+0x2e/0x3f0
[  407.657842][  T108]  tlb_finish_mmu+0x10c/0x1c0
[  407.664519][  T108]  exit_mmap+0x343/0x8e0
[  407.668825][  T108]  __mmput+0x118/0x3c0
[  407.673123][  T108]  exit_mm+0x1e6/0x2c0
[  407.677288][  T108]  do_exit+0x8c1/0x2400
[  407.681484][  T108]  do_group_exit+0x217/0x2d0
[  407.688266][  T108]  __x64_sys_exit_group+0x3b/0x40
[  407.693504][  T108]  do_syscall_64+0x4c/0xa0
[  407.699325][  T108]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  407.709745][  T108] Modules linked in:
[  407.719398][  T108] CPU: 1 PID: 108 Comm: jfsCommit Tainted: G    B              6.1.147-syzkaller #0
[  407.728917][  T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  407.739012][  T108] Call Trace:
[  407.742324][  T108]  <TASK>
[  407.745356][  T108]  dump_stack_lvl+0x168/0x22e
[  407.750076][  T108]  ? show_regs_print_info+0x12/0x12
[  407.755388][  T108]  ? swiotlb_print_info+0x60/0x60
[  407.760473][  T108]  bad_page+0x14b/0x170
[  407.764676][  T108]  free_unref_page_prepare+0x42a/0x9a0
[  407.770190][  T108]  free_unref_page+0x2e/0x3f0
[  407.774914][  T108]  ? __folio_put+0xf1/0x210
[  407.779466][  T108]  txUnlock+0x27e/0xcb0
[  407.783665][  T108]  jfs_lazycommit+0x56c/0xa50
[  407.788390][  T108]  ? txFreelock+0x5a0/0x5a0
[  407.792929][  T108]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  407.798917][  T108]  ? do_task_dead+0xd0/0xd0
[  407.803553][  T108]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  407.809496][  T108]  ? __kthread_parkme+0x162/0x1c0
[  407.814577][  T108]  kthread+0x29d/0x330
[  407.818782][  T108]  ? txFreelock+0x5a0/0x5a0
[  407.823324][  T108]  ? kthread_blkcg+0xd0/0xd0
[  407.827960][  T108]  ret_from_fork+0x1f/0x30
[  407.832430][  T108]  </TASK>
[  407.845251][  T108] page:ffffea00007b9140 refcount:0 mapcount:0 mapping:0000000000000000 index:0x2d pfn:0x1ee45
[  407.855643][  T108] flags: 0xfff00000002007(locked|referenced|uptodate|private|node=0|zone=1|lastcpupid=0x7ff)
[  407.881967][  T108] raw: 00fff00000002007 dead000000000100 dead000000000122 0000000000000000
[  407.890635][  T108] raw: 000000000000002d ffff888061fbb5d0 00000000ffffffff 0000000000000000
[  407.905385][  T108] page dumped because: VM_BUG_ON_FOLIO(((unsigned int) folio_ref_count(folio) + 127u <= 127u))
[  407.927242][  T108] page_owner tracks the page as allocated
[  407.933191][  T108] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x140c40(GFP_NOFS|__GFP_COMP|__GFP_HARDWALL), pid 9474, tgid 9472 (syz.2.1199), ts 404261594500, free_ts 388659087911
[  407.951835][  T108]  post_alloc_hook+0x173/0x1a0
[  407.956866][  T108]  get_page_from_freelist+0x1a26/0x1ac0
[  407.962972][  T108]  __alloc_pages+0x1df/0x4e0
[  407.967616][  T108]  folio_alloc+0x1c/0x60
[  407.972111][  T108]  filemap_alloc_folio+0xdb/0x460
[  407.977184][  T108]  __filemap_get_folio+0x697/0xdd0
[  407.982511][  T108]  pagecache_get_page+0x26/0x250
[  407.987486][  T108]  __get_metapage+0x2a4/0xfa0
[  407.992387][  T108]  dtSplitRoot+0x1de/0x14e0
[  407.996946][  T108]  dtInsert+0xe2a/0x58a0
[  408.001237][  T108]  jfs_mkdir+0x6e5/0xa70
[  408.006975][  T108]  vfs_mkdir+0x387/0x570
[  408.011272][  T108]  do_mkdirat+0x1d0/0x430
[  408.015867][  T108]  __x64_sys_mkdirat+0x85/0x90
[  408.020699][  T108]  do_syscall_64+0x4c/0xa0
[  408.026996][  T108]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  408.033122][  T108] page last free stack trace:
[  408.037829][  T108]  free_unref_page_prepare+0x8b4/0x9a0
[  408.045296][  T108]  free_unref_page+0x2e/0x3f0
[  408.050035][  T108]  tlb_finish_mmu+0x10c/0x1c0
[  408.055002][  T108]  exit_mmap+0x343/0x8e0
[  408.059295][  T108]  __mmput+0x118/0x3c0
[  408.069475][  T108]  exit_mm+0x1e6/0x2c0
[  408.073769][  T108]  do_exit+0x8c1/0x2400
[  408.077975][  T108]  do_group_exit+0x217/0x2d0
[  408.084691][  T108]  __x64_sys_exit_group+0x3b/0x40
[  408.089788][  T108]  do_syscall_64+0x4c/0xa0
[  408.094445][  T108]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  408.100764][  T108] ------------[ cut here ]------------
[  408.106858][  T108] kernel BUG at include/linux/mm.h:1135!
[  408.116128][  T108] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  408.122257][  T108] CPU: 1 PID: 108 Comm: jfsCommit Tainted: G    B              6.1.147-syzkaller #0
[  408.131682][  T108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  408.141772][  T108] RIP: 0010:put_metapage+0x24f/0x340
[  408.147097][  T108] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 1b 89 e4 fe e9 25 ff ff ff e8 a1 6c 94 fe 48 8b 3c 24 48 c7 c6 80 21 c6 8a e8 91 f8 ce fe <0f> 0b 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff e8 5a 70 94
[  408.166742][  T108] RSP: 0018:ffffc90002d47ce0 EFLAGS: 00010246
[  408.172848][  T108] RAX: 35f722b02642d800 RBX: ffff888061fbb5d0 RCX: 35f722b02642d800
[  408.180861][  T108] RDX: 0000000000000000 RSI: ffffffff8adef300 RDI: ffffffff8adef2c0
[  408.188869][  T108] RBP: 000000000000007f R08: dffffc0000000000 R09: fffffbfff1c3e976
[  408.196887][  T108] R10: fffffbfff1c3e976 R11: 1ffffffff1c3e975 R12: ffff888061fbb5f8
[  408.204905][  T108] R13: ffffea00007b9174 R14: 1ffff1100c3f76bf R15: 1ffff1100c3f76cc
[  408.212917][  T108] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  408.221885][  T108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  408.228505][  T108] CR2: 00007f0daeb84198 CR3: 0000000031618000 CR4: 00000000003506e0
[  408.236530][  T108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  408.244574][  T108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  408.252582][  T108] Call Trace:
[  408.255893][  T108]  <TASK>
[  408.258857][  T108]  txUnlock+0x427/0xcb0
[  408.263058][  T108]  jfs_lazycommit+0x56c/0xa50
[  408.267778][  T108]  ? txFreelock+0x5a0/0x5a0
[  408.272314][  T108]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  408.278256][  T108]  ? do_task_dead+0xd0/0xd0
[  408.282805][  T108]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  408.288756][  T108]  ? __kthread_parkme+0x162/0x1c0
[  408.293835][  T108]  kthread+0x29d/0x330
[  408.297952][  T108]  ? txFreelock+0x5a0/0x5a0
[  408.302492][  T108]  ? kthread_blkcg+0xd0/0xd0
[  408.307142][  T108]  ret_from_fork+0x1f/0x30
[  408.311635][  T108]  </TASK>
[  408.314681][  T108] Modules linked in:
[  408.322476][  T108] ---[ end trace 0000000000000000 ]---
[  408.327981][  T108] RIP: 0010:put_metapage+0x24f/0x340
[  408.333892][  T108] Code: 38 c1 0f 8c 32 ff ff ff 4c 89 ef e8 1b 89 e4 fe e9 25 ff ff ff e8 a1 6c 94 fe 48 8b 3c 24 48 c7 c6 80 21 c6 8a e8 91 f8 ce fe <0f> 0b 4c 8b 2c 24 4c 89 ee 48 81 e6 ff 0f 00 00 31 ff e8 5a 70 94
[  408.355982][  T108] RSP: 0018:ffffc90002d47ce0 EFLAGS: 00010246
[  408.362411][  T108] RAX: 35f722b02642d800 RBX: ffff888061fbb5d0 RCX: 35f722b02642d800
[  408.370458][  T108] RDX: 0000000000000000 RSI: ffffffff8adef300 RDI: ffffffff8adef2c0
[  408.380631][  T108] RBP: 000000000000007f R08: dffffc0000000000 R09: fffffbfff1c3e976
[  408.388933][  T108] R10: fffffbfff1c3e976 R11: 1ffffffff1c3e975 R12: ffff888061fbb5f8
[  408.398984][  T108] R13: ffffea00007b9174 R14: 1ffff1100c3f76bf R15: 1ffff1100c3f76cc
[  408.407219][  T108] FS:  0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  408.419585][  T108] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  408.427546][  T108] CR2: 00007f0daeb84198 CR3: 0000000031618000 CR4: 00000000003506e0
[  408.435879][  T108] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  408.444101][  T108] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  408.452333][  T108] Kernel panic - not syncing: Fatal exception
[  408.458748][  T108] Kernel Offset: disabled
[  408.463089][  T108] Rebooting in 86400 seconds..