last executing test programs:

1m36.404022536s ago: executing program 0 (id=918):
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x200, 0x15b)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000380)='.\x00', 0x2042023, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, 0x0)
r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
fremovexattr(r0, &(0x7f00000000c0)=@random={'security.', ')@/\xa0)..]\xfe\x00'})
r5 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3)
ftruncate(r5, 0xffff)
fcntl$addseals(r5, 0x409, 0x7)
r6 = ioctl$UDMABUF_CREATE(r4, 0x40187542, &(0x7f00000002c0)={r5, 0x0, 0x0, 0x8000})
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r7, 0x4040534e, &(0x7f0000000180)={0x37, @time={0x65757100, 0x4}})
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x2c, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfcf0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000800}, 0x84)
fcntl$dupfd(r6, 0x406, r1)
close_range(r2, 0xffffffffffffffff, 0x0)

1m36.077975121s ago: executing program 0 (id=923):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, 0xffffffffffffffff, 0xb}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0}}, 0x18)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, 0x0, 0x0)

1m35.087850146s ago: executing program 0 (id=927):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001b00)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0xf, 0x4, 0x8, 0x1}, 0x37)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r2}, &(0x7f0000000100), &(0x7f0000000140)=r0}, 0x20)
sendmsg(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001400)='H', 0x20001401}], 0x1}, 0x0)

1m34.451858206s ago: executing program 0 (id=931):
mount$tmpfs(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000700), 0x8c03, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1be)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)

1m34.220083289s ago: executing program 0 (id=933):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), r0)
sendmsg$NL802154_CMD_SET_ACKREQ_DEFAULT(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x40, r1, 0x4ff7cb090c14a865, 0x70bd2d, 0x25dfdbfd, {}, [@NL802154_ATTR_ACKREQ_DEFAULT={0x5}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x80000002}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x48854)

1m32.932105029s ago: executing program 0 (id=937):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, 0xffffffffffffffff, 0xb}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0}}, 0x18)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, 0x0, 0x0)

1m32.350730068s ago: executing program 32 (id=937):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000280)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x7ff, @empty, 0x1}, {0xa, 0x4e20, 0x1ff, @dev={0xfe, 0x80, '\x00', 0x2f}, 0x9}, 0xffffffffffffffff, 0xb}}, 0x48)
write$RDMA_USER_CM_CMD_DESTROY_ID(r4, &(0x7f0000000380)={0x1, 0x10, 0xfa00, {0x0}}, 0x18)
setsockopt$inet6_tcp_int(r0, 0x6, 0x8, 0x0, 0x0)

13.659602531s ago: executing program 5 (id=1231):
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x200, 0x15b)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000380)='.\x00', 0x2042023, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, 0x0)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
fremovexattr(r0, 0x0)
r7 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x8000})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r9, 0x4040534e, &(0x7f0000000180)={0x37, @time={0x65757100, 0x4}})
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x2c, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfcf0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000800}, 0x84)
fcntl$dupfd(r8, 0x406, r1)
close_range(r2, 0xffffffffffffffff, 0x0)

11.971966577s ago: executing program 5 (id=1232):
fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={0x0, 0x0, 0x26}, 0x28)
setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, &(0x7f0000000c80)=0x1, 0x4)
syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000ac0)=[{{0x0, 0x0, &(0x7f0000000100)}}, {{0x0, 0x0, &(0x7f0000000700)=[{0x0}, {&(0x7f0000000680)=""/66, 0x42}, {0x0}], 0x3}}], 0x2, 0x0, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x8, 0x3, 0x260, 0x0, 0x11, 0x148, 0x0, 0x10, 0x20c, 0x2a8, 0x2a8, 0x20c, 0x2a8, 0xac, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'veth1_vlan\x00', 'sit0\x00'}, 0x10, 0xb4, 0xfc, 0x1c, {}, [@common=@unspec=@helper={{0x44}, {0x0, 'irc-20000\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local, 'ip6gre0\x00', {0x2}}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x2, 0x0, 0x5, 0x7, 0x6, 0x1], 0x5, 0x3}, {0x3, [0x2, 0x2, 0x3, 0x6, 0x2, 0x3], 0x2, 0x3}}}}], {{'\x00', 0xc8, 0x70, 0x94}, {0x24}}}}, 0x2bc)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)={0x114, 0x2d, 0x101, 0x0, 0x0, "", [@nested={0x104, 0x0, 0x0, 0x1, [@typed={0xc, 0x11, 0x0, 0x0, @u64=0x8000000000000000}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@loopback={0x100000000000}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd3f8cd1"]}]}, 0x114}], 0x1}, 0x0)

10.880033234s ago: executing program 4 (id=1240):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x20010, 0xffffffffffffffff, 0xcd2db000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

6.51845717s ago: executing program 1 (id=1252):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={<r1=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000840)={r1, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0x75466a0ac5329e88, 0x7, 0x4}, 0x9c)

6.481359351s ago: executing program 2 (id=1253):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000001000000850000000e000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
setuid(0x0)

6.423888472s ago: executing program 5 (id=1254):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
timer_create(0x8, 0x0, 0x0)
r0 = getpgrp(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r3, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
kcmp(r0, r4, 0x5, 0xffffffffffffffff, 0xffffffffffffffff)
timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {0x77359400}}, 0x0)

6.219445085s ago: executing program 1 (id=1255):
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x200, 0x15b)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000380)='.\x00', 0x2042023, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, 0x0)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
fremovexattr(r0, &(0x7f00000000c0)=@random={'security.', ')@/\xa0)..]\xfe\x00'})
r7 = memfd_create(0x0, 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x8000})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r9, 0x4040534e, &(0x7f0000000180)={0x37, @time={0x65757100, 0x4}})
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x2c, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfcf0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000800}, 0x84)
fcntl$dupfd(r8, 0x406, r1)
close_range(r2, 0xffffffffffffffff, 0x0)

6.218543375s ago: executing program 2 (id=1256):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
setsockopt$ax25_int(r3, 0x101, 0xa, &(0x7f0000000040)=0xb0d5, 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

6.165883436s ago: executing program 5 (id=1257):
openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
io_setup(0x1, &(0x7f0000000b80)=<r2=>0x0)
io_submit(r2, 0x0, &(0x7f0000000800))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@bridge_getlink={0x78, 0x12, 0x10, 0x70bd2d, 0x25dfdbff, {0x7, 0x0, 0x0, 0x0, 0x20060, 0x20000}, [@IFLA_OPERSTATE={0x5, 0x10, 0xfb}, @IFLA_NET_NS_FD={0x8, 0x1c, r1}, @IFLA_MAP={0x20, 0xe, {0x40, 0x0, 0x2be3, 0x2, 0x2, 0x1}}, @IFLA_EVENT={0x8, 0x2c, 0xff}, @IFLA_MAP={0x20, 0xe, {0x8, 0x200, 0x0, 0x1, 0x3, 0x9}}]}, 0x78}}, 0x40)
sendmsg$IPSET_CMD_SAVE(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r8 = epoll_create(0x2)
r9 = signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r9, &(0x7f0000000140))
signalfd4(r9, &(0x7f0000000000), 0x8, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

5.795125171s ago: executing program 4 (id=1258):
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
syz_io_uring_setup(0x5b0f, &(0x7f0000000000)={0x0, 0xfffffffc, 0x1000, 0xfffffffb, 0x359}, &(0x7f00000002c0), &(0x7f0000ff4000))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(0x0)
r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000a9ffffff0000000000000000850000003600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.23848825s ago: executing program 4 (id=1259):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x20010, 0xffffffffffffffff, 0xcd2db000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x7)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x3, 0xfff, 0x6, 0xb49, 0xc, 0xa, 0x3, 0x4}, 0x0)
madvise(&(0x7f000003e000/0x3000)=nil, 0x3000, 0x14)

4.975810124s ago: executing program 2 (id=1260):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000540), &(0x7f0000000580)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000005010040"])
r3 = dup(r1)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
getsockopt$inet_mreqn(r3, 0x0, 0x24, &(0x7f0000000280)={@remote, @initdev, <r5=>0x0}, &(0x7f0000000380)=0xc)
ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f00000003c0)={@loopback, 0x23, r5})
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x10000000)
r6 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r6, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='block_split\x00', r3, 0x0, 0x25cd7166}, 0x18)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)={0x34, r8, 0x1, 0x0, 0x25dfdbfb, {0x25}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x41}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x2, &(0x7f00000000c0)=[{0x2b, 0xff, 0x2, 0x17d}, {0x8, 0xf9, 0x80}]})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r9, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000340)={'geneve0\x00'})
recvmmsg(r6, &(0x7f00000006c0)=[{{0x0, 0x0, 0x0}, 0xa1}, {{0x0, 0x0, 0x0}, 0x1ff}], 0x2, 0x0, 0x0)

4.759931797s ago: executing program 1 (id=1261):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write(r0, 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000800)={'#! ', './bus'}, 0x9)
capset(0x0, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, 0x0, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x0, 0x2, {0x0, 0x1}, {0x47, 0x2}, @cond=[{0x84, 0x3ff, 0x404, 0x4, 0x1, 0xd}, {0x0, 0xa0, 0x1, 0x5, 0x800, 0xff01}]})
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
write$evdev(r2, &(0x7f0000000400)=[{{0x77359400}, 0x14, 0x1}, {{0x0, 0x2710}, 0x17, 0xd, 0xffffffff}, {{0x0, 0x2710}, 0x5, 0xe92b}], 0x48)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x12d8)

4.729750318s ago: executing program 3 (id=1262):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000000c0)="440f20c03507000000440f22c067420f8f04000000c443ad68b60080000095c4828947b600000000b99d090000b82f624a48baf4e055500f30263636f3430fc73636f2360fa5a10050aa37f39066b817018ec8c4c1795a5100", 0x59}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000007c0)=[@text64={0x40, 0x0, 0x10}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

4.665790769s ago: executing program 1 (id=1263):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
fanotify_init(0x8, 0x80000)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380))
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1000000000003, 0x5, 0x8, 0x3, 0x1, {0x5, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00007f3000/0x3000)=nil, 0x3000, 0x0)

4.52797842s ago: executing program 3 (id=1264):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x400, 0xc}, 0x48)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, 0x0, &(0x7f0000000780)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r6 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r6, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
sendmsg$nl_route(r4, 0x0, 0x0)
getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000001000390400"/20, @ANYRES32=r7, @ANYBLOB="059900f3ffffff111800128008000100677470000c000280050005"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x8000)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x0, 0xfff3}}}, 0x24}}, 0x20000000)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r2, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r9, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
r10 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r10, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r11=>0x0})
sendto$packet(r10, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb100c117080086dd4803", 0x10000, 0xffffffffffffc117, &(0x7f0000000140)={0x11, 0x0, r11}, 0x14)
mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000000, 0x12, r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.2785061s ago: executing program 1 (id=1265):
r0 = syz_clone(0x20300000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[], 0x0)
r2 = syz_open_procfs(r0, &(0x7f00000002c0)='oom_score\x00')
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000340)=""/228, 0xe4}], 0x1, 0x1, 0x9)

3.017573564s ago: executing program 3 (id=1266):
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x35f48f9e250dba0b, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
clock_adjtime(0x0, &(0x7f0000000000)={0xb, 0x86, 0xfffffffffffffffe, 0x9, 0x7, 0xfffffff8, 0x651, 0xfffffffffffffffc, 0x9657, 0x0, 0x7fffffff, 0x0, 0x4, 0xb, 0x80000000000000, 0xcc0, 0x1, 0x1, 0x94d6, 0x0, 0xfffffffd, 0x8, 0x8, 0x2, 0x3, 0x2000000000000})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c000000100a00042200002b519bbb4ba7747a2e86f86b685a2df5c30426", @ANYRES32=0x0, @ANYBLOB="adffa888e1600000240012800b00010067656e6576650000140002800500080000000000060005004e200000"], 0x44}}, 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r4 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000400)='syz0\x00', 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000440)='freezer.state\x00', 0x275a, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000000a0601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x56, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f088a81bff886411004048633321fbac14142ce934a0a662079f4b4d2f87e56dca6aab845013f208001a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000001c40)="beb61ec2ca90080239f2a54e2368fa761313c3a024a98109ba1e2e7b780d03c54b7a83d56fce397842e724674507d531762055fca371ea775f418df7bee236c9b9968146efb3232ae3413b617445e98bb644a892b9337f1a9135d9f30457a8ffb21aef4a95a155fab70a40b086056b0f63331a66b3457c", 0x2}, 0x2c)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000020000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000003000010850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f00000001c0)='f2fs_lookup_start\x00', r5, 0x0, 0xfffffffffffffffc}, 0x18)
r8 = syz_open_procfs(0x0, &(0x7f0000000040)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
r9 = syz_pidfd_open(0x0, 0x0)
socket(0x40000000015, 0x5, 0x0)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
setns(r9, 0x20000)

2.745813448s ago: executing program 4 (id=1267):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
timer_create(0x8, 0x0, 0x0)
r0 = getpgrp(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x9)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r3, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x80)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x0)
kcmp(r0, r4, 0x5, 0xffffffffffffffff, 0xffffffffffffffff)
timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {0x77359400}}, 0x0)

2.57863963s ago: executing program 4 (id=1268):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

2.458619273s ago: executing program 2 (id=1269):
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x200, 0x15b)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000380)='.\x00', 0x2042023, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, 0x0)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
fremovexattr(r0, 0x0)
r7 = memfd_create(&(0x7f0000000580)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecj\x02\xc8\xc4\f\x04\x99\xf6\xfc', 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x8000})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r9, 0x4040534e, &(0x7f0000000180)={0x37, @time={0x65757100, 0x4}})
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x2c, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfcf0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000800}, 0x84)
fcntl$dupfd(r8, 0x406, r1)
close_range(r2, 0xffffffffffffffff, 0x0)

2.131802908s ago: executing program 5 (id=1270):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
setsockopt$ax25_int(r3, 0x101, 0xa, &(0x7f0000000040)=0xb0d5, 0x4)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.539583896s ago: executing program 3 (id=1271):
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file1\x00', 0x200, 0x15b)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000380)='.\x00', 0x2042023, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, 0x0)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
fremovexattr(r0, &(0x7f00000000c0)=@random={'security.', ')@/\xa0)..]\xfe\x00'})
r7 = memfd_create(0x0, 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f00000002c0)={r7, 0x0, 0x0, 0x8000})
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r9, 0x4040534e, &(0x7f0000000180)={0x37, @time={0x65757100, 0x4}})
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x2c, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x6}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xfcf0}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000800}, 0x84)
fcntl$dupfd(r8, 0x406, r1)
close_range(r2, 0xffffffffffffffff, 0x0)

1.3182589s ago: executing program 2 (id=1272):
r0 = syz_clone(0x1222080, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
syz_usb_connect$uac1(0x0, 0xad, 0x0, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
syz_open_procfs(r0, 0x0)

701.120199ms ago: executing program 3 (id=1273):
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write(r0, 0x0, 0x0)
openat$cgroup_type(0xffffffffffffffff, &(0x7f00000001c0), 0x2, 0x0)
write$binfmt_script(r0, &(0x7f0000000800)={'#! ', './bus'}, 0x9)
capset(0x0, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, 0x0, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f00000006c0)={0x0, 0x0, 0x2, {0x0, 0x1}, {0x47, 0x2}, @cond=[{0x84, 0x3ff, 0x404, 0x4, 0x1, 0xd}, {0x0, 0xa0, 0x1, 0x5, 0x800, 0xff01}]})
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
write$evdev(r2, &(0x7f0000000400)=[{{0x77359400}, 0x14, 0x1}, {{0x0, 0x2710}, 0x17, 0xd, 0xffffffff}, {{0x0, 0x2710}, 0x5, 0xe92b}], 0x48)
write$char_usb(r2, &(0x7f0000000040)="e2", 0x12d8)

700.33111ms ago: executing program 5 (id=1274):
syz_usb_connect(0x2, 0x35, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000545e0d209904b76b2f680102030109022300010000c0050904970001ff7079"], 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r0, 0x4068aea3, &(0x7f0000000380)={0xbc, 0x0, 0x3})
ioctl$KVM_SET_GUEST_DEBUG(r1, 0x4048ae9b, &(0x7f0000000300)={0x4376ea830d4d549b, 0x0, [0xffffffffffffffff, 0x7, 0x1000000, 0x0, 0x5, 0x3, 0xfffffffffffffffc, 0x800000]})
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f00000ab000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f0000000140)="36d0e866b8970000000f23c80f21f866350c00a0000f23f89d0f326635000400000f302e8dcc0f23742e3b5753baf80466b8f494f78e66efbafc0c66b83ac80000666fda6509", 0x46}], 0x1, 0x12, 0x0, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)
ioctl$KVM_RUN(r1, 0xae80, 0x0)

578.797701ms ago: executing program 3 (id=1275):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = shmget$private(0x0, 0x8000, 0x10, &(0x7f0000ff5000/0x8000)=nil)
r4 = shmat(r3, &(0x7f0000ffc000/0x2000)=nil, 0x4000)
shmat(r3, &(0x7f0000ff9000/0x1000)=nil, 0x5000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000fff000/0x1000)=nil)
shmdt(r4)

151.345747ms ago: executing program 4 (id=1276):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
fanotify_init(0x8, 0x80000)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r1 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1000000000003, 0x5, 0x8, 0x3, 0x1, {0x5, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r1, r1, &(0x7f0000000080), 0x7f03)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00007f3000/0x3000)=nil, 0x3000, 0x0)

45.666649ms ago: executing program 2 (id=1277):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto]}}, 0x0, 0x26}, 0x28)
r3 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
setsockopt$ax25_int(r3, 0x101, 0xa, &(0x7f0000000040)=0xb0d5, 0x4)

0s ago: executing program 1 (id=1278):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r2, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000000)=0x1)

kernel console output (not intermixed with test programs):

BTRFS info (device loop3): force clearing of disk cache
[  224.028590][ T5961] BTRFS info (device loop3): enabling ssd optimizations
[  224.035570][ T5961] BTRFS info (device loop3): max_inline at 4096
[  224.041799][ T5961] BTRFS info (device loop3): disk space caching is enabled
[  224.077580][ T4862] usb 5-1: USB disconnect, device number 3
[  224.236924][ T5976] binder: 5967:5976 ioctl c018620c 200000000000 returned -1
[  225.088524][ T5961] BTRFS info (device loop3): rebuilding free space tree
[  225.108316][ T5961] BTRFS info (device loop3): disabling free space tree
[  225.115274][ T5961] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  225.124967][ T5961] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  225.365254][ T4266] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  226.187925][ T4261] EXT4-fs (loop2): unmounting filesystem.
[  228.962541][ T4301] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  229.057157][ T6028] loop4: detected capacity change from 0 to 40427
[  229.126991][ T6028] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  229.135658][ T6028] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  229.154933][ T4301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.166287][ T6028] F2FS-fs (loop4): invalid crc value
[  229.171247][ T4301] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  229.207785][ T4301] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  229.234736][ T4301] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  229.252298][ T4301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.262219][ T4301] usb 4-1: config 0 descriptor??
[  229.273311][ T6028] F2FS-fs (loop4): Found nat_bits in checkpoint
[  229.405574][ T6028] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  229.421740][ T6028] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  229.566150][ T6028] syz.4.381: attempt to access beyond end of device
[  229.566150][ T6028] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  229.660859][ T6028] syz.4.381: attempt to access beyond end of device
[  229.660859][ T6028] loop4: rw=2049, sector=77960, nr_sectors = 2432 limit=40427
[  229.688801][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.698405][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.712373][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.733830][ T6028] syz.4.381: attempt to access beyond end of device
[  229.733830][ T6028] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427
[  229.742572][ T5778] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  229.753997][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.786895][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.802899][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.816957][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.839508][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.861653][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.881467][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  229.954173][ T5778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.978810][ T5778] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  230.002613][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  230.021588][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  230.029819][ T4301] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0
[  230.049138][ T5778] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  230.058746][ T4301] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  230.082859][ T5778] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  230.091936][ T5778] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.138728][ T5778] usb 2-1: config 0 descriptor??
[  230.138861][ T4301] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  230.205370][ T4301] usb 4-1: USB disconnect, device number 3
[  230.509984][ T6052] fido_id[6052]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  230.537291][ T6055] loop0: detected capacity change from 0 to 512
[  230.567948][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.579455][ T6055] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  230.628261][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.676578][ T6055] EXT4-fs (loop0): 1 truncate cleaned up
[  230.682312][ T6055] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  230.701871][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.738025][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.769570][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.936601][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.945124][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.953411][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.960823][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.969075][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.976546][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.983995][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  230.991394][ T5778] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  231.000229][ T5778] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  231.691862][ T5778] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  231.722654][ T5778] usb 2-1: USB disconnect, device number 2
[  231.756139][ T4256] EXT4-fs (loop0): unmounting filesystem.
[  231.867564][ T1077] block nbd1: Attempted send on invalid socket
[  231.873926][ T1077] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  231.883424][ T1077] block nbd1: Attempted send on invalid socket
[  231.890423][ T1077] I/O error, dev nbd1, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  231.899837][ T6072] Mount JFS Failure: -5
[  231.904089][ T6072] jfs_mount failed w/return code = -5
[  231.955802][ T6075] netlink: 64 bytes leftover after parsing attributes in process `syz.4.395'.
[  234.167823][ T6103] loop4: detected capacity change from 0 to 1024
[  234.534897][ T6103] hub 6-0:1.0: USB hub found
[  234.540633][ T6103] hub 6-0:1.0: 1 port detected
[  234.689964][   T26] audit: type=1326 audit(1751116244.704:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  234.880258][ T6102] fido_id[6102]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  234.917941][   T26] audit: type=1326 audit(1751116244.714:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.032820][   T26] audit: type=1326 audit(1751116244.814:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.110835][   T26] audit: type=1326 audit(1751116244.834:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.139789][   T26] audit: type=1326 audit(1751116244.874:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.223199][   T26] audit: type=1326 audit(1751116244.934:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.245375][    C0] vkms_vblank_simulate: vblank timer overrun
[  235.282520][   T26] audit: type=1326 audit(1751116244.934:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.317389][   T26] audit: type=1326 audit(1751116244.934:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.343832][   T26] audit: type=1326 audit(1751116244.934:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.388906][   T26] audit: type=1326 audit(1751116244.934:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.1.404" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  235.411241][    C0] vkms_vblank_simulate: vblank timer overrun
[  235.492611][  T951] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  235.722004][  T951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  235.752766][  T951] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.784933][  T951] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  235.808152][  T951] usb 5-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00
[  235.839048][  T951] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  236.643079][  T951] usb 5-1: config 0 descriptor??
[  237.412546][  T951] usb 5-1: language id specifier not provided by device, defaulting to English
[  237.815298][   T52] block nbd3: Attempted send on invalid socket
[  237.821568][   T52] I/O error, dev nbd3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  237.833423][   T52] block nbd3: Attempted send on invalid socket
[  237.839956][   T52] I/O error, dev nbd3, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  237.850451][ T6156] Mount JFS Failure: -5
[  237.855175][ T6156] jfs_mount failed w/return code = -5
[  237.862647][ T5417] usb 3-1: new low-speed USB device number 3 using dummy_hcd
[  237.872991][  T951] uclogic 0003:5543:0047.0004: interface is invalid, ignoring
[  238.089104][ T5417] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  238.216475][ T5417] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.349509][ T5417] usb 3-1: config 0 descriptor??
[  238.581256][  T951] usb 5-1: USB disconnect, device number 4
[  238.757140][ T6163] loop3: detected capacity change from 0 to 256
[  239.510999][ T6163] syz.3.425: attempt to access beyond end of device
[  239.510999][ T6163] loop3: rw=2049, sector=256, nr_sectors = 64 limit=256
[  239.606854][ T6174] syz.3.425: attempt to access beyond end of device
[  239.606854][ T6174] loop3: rw=2049, sector=256, nr_sectors = 4 limit=256
[  239.652090][ T6174] Buffer I/O error on dev loop3, logical block 64, lost async page write
[  239.972289][ T4335] kworker/u4:6: attempt to access beyond end of device
[  239.972289][ T4335] loop3: rw=1, sector=256, nr_sectors = 4 limit=256
[  240.081456][ T6183] netlink: 'syz.1.429': attribute type 10 has an invalid length.
[  240.228782][ T5417] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  240.321599][ T5417] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  240.347936][ T5417] asix: probe of 3-1:0.0 failed with error -71
[  240.502895][ T5417] usb 3-1: USB disconnect, device number 3
[  242.179390][ T6226] loop4: detected capacity change from 0 to 32768
[  242.198940][ T6226] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.443 (6226)
[  242.213493][ T6226] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  242.223815][ T6226] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  242.233030][ T6226] BTRFS info (device loop4): setting nodatacow, compression disabled
[  242.241122][ T6226] BTRFS info (device loop4): max_inline at 0
[  242.247166][ T6226] BTRFS info (device loop4): enabling disk space caching
[  242.254237][ T6226] BTRFS info (device loop4): turning off barriers
[  242.260630][ T6226] BTRFS info (device loop4): turning on flush-on-commit
[  242.267596][ T6226] BTRFS info (device loop4): doing ref verification
[  242.274207][ T6226] BTRFS info (device loop4): force clearing of disk cache
[  242.281329][ T6226] BTRFS info (device loop4): enabling ssd optimizations
[  242.288290][ T6226] BTRFS info (device loop4): max_inline at 4096
[  242.294593][ T6226] BTRFS info (device loop4): disk space caching is enabled
[  242.708248][ T6226] BTRFS info (device loop4): rebuilding free space tree
[  242.722312][ T6226] BTRFS info (device loop4): disabling free space tree
[  242.729347][ T6226] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  242.739224][ T6226] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  243.228352][ T4254] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  245.605592][ T6304] loop2: detected capacity change from 0 to 32768
[  245.617925][ T6304] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.465 (6304)
[  245.631745][ T6304] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  245.641955][ T6304] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  245.650650][ T6304] BTRFS info (device loop2): setting nodatacow, compression disabled
[  245.658759][ T6304] BTRFS info (device loop2): max_inline at 0
[  245.664750][ T6304] BTRFS info (device loop2): enabling disk space caching
[  245.671755][ T6304] BTRFS info (device loop2): turning off barriers
[  245.678199][ T6304] BTRFS info (device loop2): turning on flush-on-commit
[  245.685154][ T6304] BTRFS info (device loop2): doing ref verification
[  245.691724][ T6304] BTRFS info (device loop2): force clearing of disk cache
[  245.698900][ T6304] BTRFS info (device loop2): enabling ssd optimizations
[  245.705945][ T6304] BTRFS info (device loop2): max_inline at 4096
[  245.712471][ T6304] BTRFS info (device loop2): disk space caching is enabled
[  245.821335][ T6314] loop4: detected capacity change from 0 to 256
[  245.927996][ T6314] syz.4.470: attempt to access beyond end of device
[  245.927996][ T6314] loop4: rw=2049, sector=256, nr_sectors = 64 limit=256
[  246.669736][ T4405] kworker/u4:8: attempt to access beyond end of device
[  246.669736][ T4405] loop4: rw=1, sector=256, nr_sectors = 4 limit=256
[  246.928358][ T6304] BTRFS info (device loop2): rebuilding free space tree
[  246.947308][ T6304] BTRFS info (device loop2): disabling free space tree
[  246.954369][ T6304] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  246.964059][ T6304] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  247.074767][ T6341] overlayfs: './file1' not a directory
[  247.373687][ T4261] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  248.239824][ T4704] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 12 /dev/loop2 scanned by udevd (4704)
[  248.460228][ T6368] loop4: detected capacity change from 0 to 256
[  248.522295][ T6368] syz.4.485: attempt to access beyond end of device
[  248.522295][ T6368] loop4: rw=2049, sector=256, nr_sectors = 64 limit=256
[  248.680940][ T4460] kworker/u4:10: attempt to access beyond end of device
[  248.680940][ T4460] loop4: rw=1, sector=256, nr_sectors = 4 limit=256
[  250.422542][ T4868] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  250.572726][ T4301] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  250.664960][ T4868] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  250.772161][ T4868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 10
[  250.888890][ T4868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  250.942917][ T4301] usb 5-1: Using ep0 maxpacket: 16
[  250.962025][ T4301] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  251.028790][ T4868] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  251.047720][ T4301] usb 5-1: config 0 has no interfaces?
[  251.054494][ T4301] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  251.067026][ T4301] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.079762][ T4868] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  251.094849][ T4868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.107769][ T4301] usb 5-1: config 0 descriptor??
[  251.115403][ T4868] usb 3-1: Product: syz
[  251.119958][ T4868] usb 3-1: Manufacturer: syz
[  251.129752][ T4868] usb 3-1: SerialNumber: syz
[  251.148584][ T4868] usb 3-1: config 0 descriptor??
[  251.364769][ T5782] usb 3-1: USB disconnect, device number 4
[  251.410847][ T4329] usb 5-1: USB disconnect, device number 5
[  252.064519][ T4868] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  252.252977][ T4868] usb 4-1: Using ep0 maxpacket: 8
[  252.264985][ T4868] usb 4-1: config 0 interface 0 has no altsetting 0
[  252.290340][ T4868] usb 4-1: New USB device found, idVendor=1430, idProduct=474c, bcdDevice= 0.00
[  252.312207][ T4868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.360155][ T4868] usb 4-1: config 0 descriptor??
[  253.463513][ T4868] sony 0003:1430:474C.0005: unknown main item tag 0x6
[  253.565817][ T4868] sony 0003:1430:474C.0005: hidraw0: USB HID v0.00 Device [HID 1430:474c] on usb-dummy_hcd.3-1/input0
[  253.595924][ T4868] sony 0003:1430:474C.0005: failed to claim input
[  253.678712][ T4329] usb 4-1: USB disconnect, device number 4
[  253.788828][ T6438] fido_id[6438]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  255.990316][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  255.996722][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  257.391139][ T6482] loop0: detected capacity change from 0 to 1024
[  257.412070][ T6482] hub 6-0:1.0: USB hub found
[  257.417146][ T6482] hub 6-0:1.0: 1 port detected
[  257.494372][ T6485] kvm: pic: non byte write
[  260.454208][ T6527] loop0: detected capacity change from 0 to 32768
[  260.483405][ T6527] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 12
[  260.563155][ T6530] overlayfs: failed to resolve './file0': -2
[  261.579865][ T5233] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 12
[  262.312618][    T7] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  262.522561][    T7] usb 2-1: Using ep0 maxpacket: 16
[  262.530509][    T7] usb 2-1: config 0 has no interfaces?
[  262.550335][    T7] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  262.571577][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  262.582281][    T7] usb 2-1: Product: syz
[  262.591673][    T7] usb 2-1: Manufacturer: syz
[  262.596726][    T7] usb 2-1: SerialNumber: syz
[  262.609903][    T7] usb 2-1: config 0 descriptor??
[  262.838157][    T7] usb 2-1: USB disconnect, device number 3
[  263.755685][ T6573] loop3: detected capacity change from 0 to 32768
[  263.788974][ T6573] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 12
[  263.890083][ T5233] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  263.998733][ T6578] overlayfs: failed to resolve './file0': -2
[  264.671694][ T6588] loop3: detected capacity change from 0 to 256
[  264.936579][ T6595] loop4: detected capacity change from 0 to 256
[  265.369428][ T6595] FAT-fs (loop4): Directory bread(block 64) failed
[  265.388005][ T6595] FAT-fs (loop4): Directory bread(block 65) failed
[  265.406301][ T6597] loop0: detected capacity change from 0 to 1024
[  265.424641][ T6595] FAT-fs (loop4): Directory bread(block 66) failed
[  265.460410][ T6595] FAT-fs (loop4): Directory bread(block 67) failed
[  265.467970][ T6595] FAT-fs (loop4): Directory bread(block 68) failed
[  265.474674][ T6595] FAT-fs (loop4): Directory bread(block 69) failed
[  265.492833][ T6597] hfsplus: failed to load catalog file
[  265.592196][ T6595] FAT-fs (loop4): Directory bread(block 70) failed
[  265.609122][ T6595] FAT-fs (loop4): Directory bread(block 71) failed
[  265.643334][ T6595] FAT-fs (loop4): Directory bread(block 72) failed
[  266.400787][ T6595] FAT-fs (loop4): Directory bread(block 73) failed
[  267.370542][ T6621] loop3: detected capacity change from 0 to 32768
[  267.397204][ T6621] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 12
[  267.484911][ T6623] overlayfs: failed to resolve './file0': -2
[  268.261575][ T4704] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 12
[  270.207399][  T126] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  270.250064][ T6660] binder: 6658:6660 ioctl c0306201 0 returned -14
[  270.409819][  T126] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  270.442601][  T126] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.482823][  T126] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.502542][  T126] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  270.533828][  T126] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  270.567122][  T126] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  270.587112][  T126] usb 2-1: Manufacturer: syz
[  270.598125][  T126] usb 2-1: config 0 descriptor??
[  270.776058][   T26] kauditd_printk_skb: 48 callbacks suppressed
[  270.776072][   T26] audit: type=1326 audit(1751116280.794:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6663 comm="syz.4.577" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x0
[  271.142249][  T126] appleir 0003:05AC:8243.0006: item fetching failed at offset 0/1
[  271.151541][  T126] appleir 0003:05AC:8243.0006: parse failed
[  271.163906][  T126] appleir: probe of 0003:05AC:8243.0006 failed with error -22
[  271.773719][  T126] usb 2-1: USB disconnect, device number 4
[  271.928405][   T26] audit: type=1326 audit(1751116281.944:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  271.951580][   T26] audit: type=1326 audit(1751116281.964:360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  271.990703][   T26] audit: type=1326 audit(1751116282.004:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  272.042511][   T26] audit: type=1326 audit(1751116282.004:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  272.078159][ T6691] MPTCP: kernel_bind error, err=-99
[  272.085189][   T26] audit: type=1326 audit(1751116282.034:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  272.163920][   T26] audit: type=1326 audit(1751116282.034:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  272.186651][   T26] audit: type=1326 audit(1751116282.044:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  272.208890][   T26] audit: type=1326 audit(1751116282.044:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  272.231231][   T26] audit: type=1326 audit(1751116282.044:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6685 comm="syz.3.586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  272.450256][ T6700] loop1: detected capacity change from 0 to 512
[  272.544809][ T6700] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.589: casefold flag without casefold feature
[  272.577488][ T6700] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.589: couldn't read orphan inode 15 (err -117)
[  272.595134][ T6700] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  273.110711][ T6701] loop2: detected capacity change from 0 to 1024
[  273.126817][ T6701] hfsplus: failed to load catalog file
[  273.192815][ T6708] loop3: detected capacity change from 0 to 256
[  273.214537][ T5233] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  273.314535][ T6708] FAT-fs (loop3): Directory bread(block 64) failed
[  273.321119][ T6708] FAT-fs (loop3): Directory bread(block 65) failed
[  273.369220][ T6708] FAT-fs (loop3): Directory bread(block 66) failed
[  273.402581][ T6708] FAT-fs (loop3): Directory bread(block 67) failed
[  273.422578][ T6708] FAT-fs (loop3): Directory bread(block 68) failed
[  273.429151][ T6708] FAT-fs (loop3): Directory bread(block 69) failed
[  273.479685][ T6708] FAT-fs (loop3): Directory bread(block 70) failed
[  273.507647][ T6708] FAT-fs (loop3): Directory bread(block 71) failed
[  273.538099][ T6708] FAT-fs (loop3): Directory bread(block 72) failed
[  273.558267][ T6708] FAT-fs (loop3): Directory bread(block 73) failed
[  276.642516][ T4242] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  276.686146][ T4251] EXT4-fs (loop1): unmounting filesystem.
[  276.878496][ T6763] loop2: detected capacity change from 0 to 32768
[  276.894371][ T6763] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  276.904565][ T6763] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  276.913290][ T6763] BTRFS info (device loop2): setting nodatacow, compression disabled
[  276.921492][ T6763] BTRFS info (device loop2): max_inline at 0
[  276.927522][ T6763] BTRFS info (device loop2): enabling disk space caching
[  276.934564][ T6763] BTRFS info (device loop2): turning off barriers
[  276.940961][ T6763] BTRFS info (device loop2): turning on flush-on-commit
[  276.948360][ T6763] BTRFS info (device loop2): doing ref verification
[  276.954964][ T6763] BTRFS info (device loop2): force clearing of disk cache
[  276.962079][ T6763] BTRFS info (device loop2): enabling ssd optimizations
[  276.969193][ T6763] BTRFS info (device loop2): max_inline at 4096
[  276.975482][ T6763] BTRFS info (device loop2): disk space caching is enabled
[  277.025530][ T4242] usb 4-1: config 0 has an invalid interface number: 64 but max is 0
[  277.051308][ T4242] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  277.092832][ T4242] usb 4-1: config 0 has no interface number 0
[  277.126880][ T4242] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  277.307210][ T4242] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.316080][ T4242] usb 4-1: Product: syz
[  277.320275][ T4242] usb 4-1: Manufacturer: syz
[  277.325944][ T4242] usb 4-1: SerialNumber: syz
[  277.332969][ T4242] usb 4-1: config 0 descriptor??
[  277.375026][ T6763] BTRFS info (device loop2): rebuilding free space tree
[  277.399360][ T6763] BTRFS info (device loop2): disabling free space tree
[  277.406319][ T6763] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  277.416006][ T6763] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  277.996302][  T126] usb 4-1: USB disconnect, device number 5
[  278.648300][ T4261] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  279.101215][ T6806] loop3: detected capacity change from 0 to 256
[  279.258292][ T6812] loop4: detected capacity change from 0 to 512
[  279.353718][ T6812] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.618: casefold flag without casefold feature
[  279.422866][ T6812] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.618: couldn't read orphan inode 15 (err -117)
[  279.492972][ T6812] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  279.712534][   T22] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  279.894100][   T22] usb 2-1: Using ep0 maxpacket: 16
[  279.943785][   T22] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  279.952122][   T22] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  279.981358][   T22] usb 2-1: config 0 has no interface number 0
[  280.005230][   T22] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  280.022478][   T22] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.030515][   T22] usb 2-1: Product: syz
[  280.042532][   T22] usb 2-1: Manufacturer: syz
[  280.047180][   T22] usb 2-1: SerialNumber: syz
[  280.079998][   T22] usb 2-1: config 0 descriptor??
[  280.353883][ T5780] usb 2-1: USB disconnect, device number 5
[  280.413149][ T6833] loop0: detected capacity change from 0 to 1024
[  280.457896][ T6833] hfsplus: failed to load catalog file
[  281.082169][ T6855] loop0: detected capacity change from 0 to 256
[  282.074616][ T4254] EXT4-fs (loop4): unmounting filesystem.
[  282.106111][ T6881] 9pnet_fd: p9_fd_create_unix (6881): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  282.215025][ T4301] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  282.409036][ T4301] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[  282.423538][ T4301] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  282.479028][ T4301] usb 2-1: config 0 has no interface number 0
[  282.485247][ T4301] usb 2-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  282.521077][ T4301] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  282.564025][ T4301] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.572329][ T6889] loop4: detected capacity change from 0 to 256
[  282.582681][ T4301] usb 2-1: Product: syz
[  282.586878][ T4301] usb 2-1: Manufacturer: syz
[  282.598032][ T4301] usb 2-1: SerialNumber: syz
[  282.604764][ T4301] usb 2-1: config 0 descriptor??
[  282.690611][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  282.690625][   T26] audit: type=1326 audit(1751116292.704:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  282.791280][   T26] audit: type=1326 audit(1751116292.724:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  282.818552][ T6897] MPTCP: kernel_bind error, err=-99
[  282.913743][   T26] audit: type=1326 audit(1751116292.754:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  283.054447][   T26] audit: type=1326 audit(1751116292.754:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  283.104847][ T4301] usb 2-1: USB disconnect, device number 6
[  283.105223][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  283.145159][   T26] audit: type=1326 audit(1751116292.754:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  283.242627][ T1077] block nbd2: Attempted send on invalid socket
[  283.248927][ T1077] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  283.260392][ T1077] block nbd2: Attempted send on invalid socket
[  283.266737][ T1077] I/O error, dev nbd2, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  283.277730][ T6907] Mount JFS Failure: -5
[  283.281947][ T6907] jfs_mount failed w/return code = -5
[  283.472212][   T26] audit: type=1326 audit(1751116292.754:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  283.817846][   T26] audit: type=1326 audit(1751116292.754:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  283.983855][   T26] audit: type=1326 audit(1751116292.754:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  284.006038][   T26] audit: type=1326 audit(1751116292.754:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  284.028730][   T26] audit: type=1326 audit(1751116292.774:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6893 comm="syz.3.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  284.385011][ T6916] overlayfs: failed to resolve './file0': -2
[  285.371332][ T6930] loop1: detected capacity change from 0 to 256
[  285.423968][ T6930] syz.1.657: attempt to access beyond end of device
[  285.423968][ T6930] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256
[  285.458878][ T6927] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  285.729565][ T4454] kworker/u4:9: attempt to access beyond end of device
[  285.729565][ T4454] loop1: rw=1, sector=256, nr_sectors = 4 limit=256
[  287.481481][ T6953] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  287.529208][ T6961] loop2: detected capacity change from 0 to 1024
[  287.621381][ T6964] overlayfs: failed to resolve './file0': -2
[  288.249531][ T6961] hfsplus: failed to load catalog file
[  288.497758][   T26] kauditd_printk_skb: 86 callbacks suppressed
[  288.497771][   T26] audit: type=1326 audit(1751116298.514:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.506306][ T6979] loop0: detected capacity change from 0 to 256
[  288.542572][ T4868] usb 2-1: new low-speed USB device number 7 using dummy_hcd
[  288.557322][   T26] audit: type=1326 audit(1751116298.554:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.620005][   T26] audit: type=1326 audit(1751116298.554:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.660844][ T6979] syz.0.673: attempt to access beyond end of device
[  288.660844][ T6979] loop0: rw=2049, sector=256, nr_sectors = 4 limit=256
[  288.668834][   T26] audit: type=1326 audit(1751116298.554:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.727776][   T26] audit: type=1326 audit(1751116298.554:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.761297][   T26] audit: type=1326 audit(1751116298.554:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.783869][   T26] audit: type=1326 audit(1751116298.554:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.783908][ T4454] kworker/u4:9: attempt to access beyond end of device
[  288.783908][ T4454] loop0: rw=1, sector=256, nr_sectors = 4 limit=256
[  288.823228][ T4868] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  288.838526][   T26] audit: type=1326 audit(1751116298.554:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.838580][ T4868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.875582][   T26] audit: type=1326 audit(1751116298.554:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.904056][   T26] audit: type=1326 audit(1751116298.554:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6975 comm="syz.4.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  288.929601][ T4868] usb 2-1: config 0 descriptor??
[  290.516520][ T7011] overlayfs: failed to resolve './file0': -2
[  291.363382][ T7017] loop2: detected capacity change from 0 to 256
[  291.530732][ T7017] syz.2.684: attempt to access beyond end of device
[  291.530732][ T7017] loop2: rw=2049, sector=256, nr_sectors = 4 limit=256
[  291.558554][ T4868] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  291.596565][ T4868] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  291.635870][ T4868] asix: probe of 2-1:0.0 failed with error -71
[  291.691931][ T4868] usb 2-1: USB disconnect, device number 7
[  291.700218][ T4454] kworker/u4:9: attempt to access beyond end of device
[  291.700218][ T4454] loop2: rw=1, sector=256, nr_sectors = 4 limit=256
[  293.201176][ T7037] netlink: 'syz.0.691': attribute type 10 has an invalid length.
[  293.503692][   T26] kauditd_printk_skb: 108 callbacks suppressed
[  293.503707][   T26] audit: type=1326 audit(1751116303.524:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.570478][ T7041] MPTCP: kernel_bind error, err=-98
[  293.598846][   T26] audit: type=1326 audit(1751116303.564:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.648990][   T26] audit: type=1326 audit(1751116303.564:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.689653][   T26] audit: type=1326 audit(1751116303.564:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.719329][   T26] audit: type=1326 audit(1751116303.564:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.748338][   T26] audit: type=1326 audit(1751116303.564:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.799834][   T26] audit: type=1326 audit(1751116303.564:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.830922][   T26] audit: type=1326 audit(1751116303.564:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.874322][ T7052] overlayfs: failed to clone lowerpath
[  293.927437][   T26] audit: type=1326 audit(1751116303.584:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  293.984945][   T26] audit: type=1326 audit(1751116303.584:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7040 comm="syz.4.694" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f10f098e929 code=0x7ffc0000
[  294.598120][ T4329] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  294.745477][ T7070] netlink: 1339 bytes leftover after parsing attributes in process `syz.4.703'.
[  294.784384][ T4329] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  294.807249][ T4329] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  294.841695][ T4329] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  294.869729][ T4329] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.907761][ T7050] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  295.582193][ T7081] netlink: 'syz.1.706': attribute type 10 has an invalid length.
[  295.800791][ T7068] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  295.824516][ T7068] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  295.832049][ T7068] Bluetooth: hci0: Suspend notifier action (1) failed: -4
[  296.102276][ T7084] loop0: detected capacity change from 0 to 4096
[  296.812542][ T4255] Bluetooth: hci0: command 0x0c1a tx timeout
[  297.116282][ T7068] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  297.461328][ T7068] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  297.590495][ T7068] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  297.726727][ T7068] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  297.765475][ T7068] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  297.771475][ T7068] Bluetooth: hci2: Suspend notifier action (1) failed: -4
[  297.778976][ T7068] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  297.785019][ T7068] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  297.791131][ T7068] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  297.798432][ T7068] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  297.804589][ T7068] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  297.810573][ T7068] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  297.962764][ T5780] usb 1-1: USB disconnect, device number 2
[  298.196473][ T7093] loop3: detected capacity change from 0 to 256
[  298.279663][ T7093] syz.3.710: attempt to access beyond end of device
[  298.279663][ T7093] loop3: rw=2049, sector=256, nr_sectors = 64 limit=256
[  298.500020][   T75] kworker/u4:4: attempt to access beyond end of device
[  298.500020][   T75] loop3: rw=1, sector=256, nr_sectors = 4 limit=256
[  298.893559][ T4255] Bluetooth: hci0: command 0x0406 tx timeout
[  299.134673][ T4255] Bluetooth: hci1: command 0x0c1a tx timeout
[  299.240683][ T7121] loop2: detected capacity change from 0 to 512
[  299.256345][ T7121] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  299.298918][ T7122] overlayfs: failed to resolve './file0': -2
[  299.772545][ T4255] Bluetooth: hci2: command 0x0c1a tx timeout
[  299.810069][ T7121] EXT4-fs (loop2): 1 truncate cleaned up
[  299.815910][ T7121] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  299.852622][ T4255] Bluetooth: hci4: command 0x0c1a tx timeout
[  299.852677][ T4264] Bluetooth: hci3: command 0x0c1a tx timeout
[  300.728094][ T7139] loop3: detected capacity change from 0 to 1024
[  300.766892][ T7139] hub 6-0:1.0: USB hub found
[  300.771738][ T7139] hub 6-0:1.0: 1 port detected
[  300.869666][ T5418] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  301.074135][ T5418] usb 1-1: config 0 has an invalid interface number: 151 but max is 0
[  301.094140][ T5418] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  301.148755][ T5418] usb 1-1: config 0 has no interface number 0
[  301.165215][ T5418] usb 1-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  301.194784][ T4261] EXT4-fs (loop2): unmounting filesystem.
[  301.201364][ T5418] usb 1-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  301.212489][ T5780] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  301.218237][ T4264] Bluetooth: hci1: command 0x0406 tx timeout
[  301.257390][ T5418] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.296094][ T5418] usb 1-1: Product: syz
[  301.306247][ T5418] usb 1-1: Manufacturer: syz
[  301.322953][ T5418] usb 1-1: SerialNumber: syz
[  301.343693][ T5418] usb 1-1: config 0 descriptor??
[  301.351384][ T7152] capability: warning: `syz.4.729' uses deprecated v2 capabilities in a way that may be insecure
[  301.386061][ T7152] ./file0: Can't open blockdev
[  301.406281][ T5780] usb 4-1: Using ep0 maxpacket: 16
[  301.415840][ T5780] usb 4-1: config 0 has no interfaces?
[  301.431161][ T5780] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  301.449814][ T5780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.469281][ T5780] usb 4-1: Product: syz
[  301.482650][ T5780] usb 4-1: Manufacturer: syz
[  301.495104][ T5780] usb 4-1: SerialNumber: syz
[  301.509030][ T5780] usb 4-1: config 0 descriptor??
[  301.743865][ T5780] usb 4-1: USB disconnect, device number 6
[  301.852611][ T4264] Bluetooth: hci2: command 0x0406 tx timeout
[  301.932652][ T4255] Bluetooth: hci3: command 0x0406 tx timeout
[  301.938997][ T4264] Bluetooth: hci4: command 0x0406 tx timeout
[  301.999873][ T5418] usb 1-1: USB disconnect, device number 3
[  302.038909][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  303.033762][ T7171] overlayfs: failed to resolve './file0': -2
[  303.991774][ T7188] 9pnet_fd: Insufficient options for proto=fd
[  304.174420][ T7192] loop1: detected capacity change from 0 to 512
[  304.187269][ T7192] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  304.216312][ T7192] EXT4-fs (loop1): 1 truncate cleaned up
[  304.222066][ T7192] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  304.956866][ T4251] EXT4-fs (loop1): unmounting filesystem.
[  306.032943][ T7216] netlink: 'syz.3.747': attribute type 10 has an invalid length.
[  306.320096][ T7230] 9pnet_fd: Insufficient options for proto=fd
[  306.751728][ T4868] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  306.982980][ T4868] usb 2-1: Using ep0 maxpacket: 16
[  307.010202][ T4868] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  307.038280][ T4868] usb 2-1: config 0 has no interfaces?
[  307.059175][ T4868] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  307.098898][ T4868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.169942][ T4868] usb 2-1: config 0 descriptor??
[  307.360762][ T7257] loop2: detected capacity change from 0 to 32768
[  307.381843][ T7259] loop0: detected capacity change from 0 to 512
[  307.390796][ T7257] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.760 (7257)
[  307.392595][ T7259] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  307.439524][ T4868] usb 2-1: USB disconnect, device number 8
[  307.477479][ T7257] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  307.488091][ T7257] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  307.496992][ T7257] BTRFS info (device loop2): setting nodatacow, compression disabled
[  307.505165][ T7257] BTRFS info (device loop2): max_inline at 0
[  307.511194][ T7257] BTRFS info (device loop2): enabling disk space caching
[  307.518326][ T7257] BTRFS info (device loop2): turning off barriers
[  307.524831][ T7257] BTRFS info (device loop2): turning on flush-on-commit
[  307.531799][ T7257] BTRFS info (device loop2): doing ref verification
[  307.535998][ T7259] EXT4-fs (loop0): 1 truncate cleaned up
[  307.538512][ T7257] BTRFS info (device loop2): force clearing of disk cache
[  307.544146][ T7259] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  307.551222][ T7257] BTRFS info (device loop2): enabling ssd optimizations
[  307.567831][ T7257] BTRFS info (device loop2): max_inline at 4096
[  307.574161][ T7257] BTRFS info (device loop2): disk space caching is enabled
[  307.842021][ T7257] BTRFS info (device loop2): rebuilding free space tree
[  307.862975][ T7257] BTRFS info (device loop2): disabling free space tree
[  307.870410][ T7257] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  307.880232][ T7257] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  308.426606][   T52] block nbd1: Attempted send on invalid socket
[  308.432927][   T52] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  308.443012][   T52] block nbd1: Attempted send on invalid socket
[  308.449891][   T52] I/O error, dev nbd1, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  308.459533][ T7296] Mount JFS Failure: -5
[  308.463829][ T7296] jfs_mount failed w/return code = -5
[  309.145502][ T7298] netlink: 120 bytes leftover after parsing attributes in process `syz.4.767'.
[  309.246100][ T4261] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  309.537118][ T5233] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 13 /dev/loop2 scanned by udevd (5233)
[  310.407942][ T7321] loop1: detected capacity change from 0 to 256
[  310.458940][ T4256] EXT4-fs (loop0): unmounting filesystem.
[  310.472825][ T7321] syz.1.775: attempt to access beyond end of device
[  310.472825][ T7321] loop1: rw=2049, sector=256, nr_sectors = 64 limit=256
[  310.557577][ T7322] syz.1.775: attempt to access beyond end of device
[  310.557577][ T7322] loop1: rw=2049, sector=256, nr_sectors = 4 limit=256
[  310.620821][ T7322] Buffer I/O error on dev loop1, logical block 64, lost async page write
[  311.101413][ T1077] block nbd2: Attempted send on invalid socket
[  311.108346][ T1077] I/O error, dev nbd2, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  311.120993][ T1077] block nbd2: Attempted send on invalid socket
[  311.127490][ T1077] I/O error, dev nbd2, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  311.138566][ T7339] Mount JFS Failure: -5
[  311.142948][ T7339] jfs_mount failed w/return code = -5
[  312.864077][   T26] kauditd_printk_skb: 27 callbacks suppressed
[  312.864092][   T26] audit: type=1326 audit(1751116322.884:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  312.920096][   T26] audit: type=1326 audit(1751116322.934:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  312.988374][ T7361] MPTCP: kernel_bind error, err=-98
[  313.038235][   T26] audit: type=1326 audit(1751116323.054:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  313.116300][   T26] audit: type=1326 audit(1751116323.094:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  313.198424][   T26] audit: type=1326 audit(1751116323.094:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  313.302656][   T26] audit: type=1326 audit(1751116323.094:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  313.545463][   T26] audit: type=1326 audit(1751116323.094:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  313.548015][ T7381] random: crng reseeded on system resumption
[  313.734425][   T26] audit: type=1326 audit(1751116323.094:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  313.767234][   T26] audit: type=1326 audit(1751116323.094:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  313.900923][   T26] audit: type=1326 audit(1751116323.094:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7354 comm="syz.0.788" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f7d6e78e929 code=0x7ffc0000
[  314.721564][ T7384] loop2: detected capacity change from 0 to 1024
[  314.943441][ T7384] hub 6-0:1.0: USB hub found
[  314.975273][ T7384] hub 6-0:1.0: 1 port detected
[  316.333178][ T5782] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  316.530284][ T5782] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.561690][ T5782] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.640097][ T5782] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  316.801628][ T5782] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.023222][ T5782] usb 2-1: config 0 descriptor??
[  317.083170][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  317.098496][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  317.602459][ T4315] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  317.658262][ T5782] hid-thrustmaster 0003:044F:B65D.0007: unknown main item tag 0xd
[  317.667058][ T5782] hid-thrustmaster 0003:044F:B65D.0007: item fetching failed at offset 2/5
[  317.676076][ T5782] hid-thrustmaster 0003:044F:B65D.0007: parse failed with error -22
[  317.684123][ T5782] hid-thrustmaster: probe of 0003:044F:B65D.0007 failed with error -22
[  317.891687][ T7444] loop2: detected capacity change from 0 to 512
[  317.917067][ T7444] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  318.071925][ T4329] usb 2-1: USB disconnect, device number 9
[  318.144693][ T7444] EXT4-fs (loop2): 1 truncate cleaned up
[  318.150483][ T7444] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  318.322575][ T4315] usb 4-1: Using ep0 maxpacket: 32
[  318.329640][ T4315] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  318.356277][ T4315] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  318.392293][ T4315] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  318.401711][ T4315] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  318.412270][ T4315] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  318.422886][ T4315] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  318.435935][ T4315] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  318.465499][ T4315] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.506309][ T4261] EXT4-fs (loop2): unmounting filesystem.
[  318.513654][ T4315] usb 4-1: config 0 descriptor??
[  319.477671][ T4315] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  319.498392][ T4315] usb 4-1: USB disconnect, device number 7
[  319.516095][ T4315] usblp0: removed
[  320.291853][ T7465] loop2: detected capacity change from 0 to 1024
[  320.802732][ T7473] hub 6-0:1.0: USB hub found
[  320.828477][ T7473] hub 6-0:1.0: 1 port detected
[  321.545357][ T4329] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  321.675936][ T7494] loop0: detected capacity change from 0 to 512
[  321.985198][ T7494] EXT4-fs error (device loop0): ext4_orphan_get:1400: inode #15: comm syz.0.834: casefold flag without casefold feature
[  322.197791][ T7494] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.834: couldn't read orphan inode 15 (err -117)
[  322.402663][ T7494] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  322.482529][ T4329] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  322.494497][ T4329] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  322.504307][ T4329] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  322.517678][ T4329] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  322.527039][ T4329] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.552224][ T4329] usb 2-1: config 0 descriptor??
[  322.851172][ T4256] EXT4-fs (loop0): unmounting filesystem.
[  323.659471][ T4329] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  323.667058][ T4329] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  323.674837][ T4329] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  323.682326][ T4329] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  323.757948][ T4329] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  323.775948][ T4329] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0
[  323.803957][ T4329] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving
[  323.838344][ T4329] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  323.912661][ T5782] usb 2-1: USB disconnect, device number 10
[  324.039670][ T7516] netlink: 'syz.0.839': attribute type 10 has an invalid length.
[  325.302750][  T951] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  325.958401][ T7525] fido_id[7525]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  326.052465][  T951] usb 3-1: Using ep0 maxpacket: 16
[  326.059150][  T951] usb 3-1: config 0 has no interfaces?
[  326.087112][  T951] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  326.132444][  T951] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.140473][  T951] usb 3-1: Product: syz
[  326.162510][  T951] usb 3-1: Manufacturer: syz
[  326.180124][  T951] usb 3-1: SerialNumber: syz
[  326.218424][  T951] usb 3-1: config 0 descriptor??
[  326.439767][   T22] usb 3-1: USB disconnect, device number 5
[  328.440926][ T7576] netlink: 'syz.0.860': attribute type 10 has an invalid length.
[  328.710181][ T7581] loop1: detected capacity change from 0 to 512
[  328.743553][ T7581] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  328.872308][ T7581] EXT4-fs (loop1): 1 truncate cleaned up
[  328.927311][ T7581] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  330.255939][ T7614] fuse: Bad value for 'group_id'
[  330.928181][ T7631] loop0: detected capacity change from 0 to 1024
[  330.941571][   T22] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  330.941668][  T951] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  331.142819][  T951] usb 4-1: Using ep0 maxpacket: 16
[  331.182462][ T7633] hub 6-0:1.0: USB hub found
[  331.188151][ T7633] hub 6-0:1.0: 1 port detected
[  331.258284][  T951] usb 4-1: config 0 has no interfaces?
[  331.406243][  T951] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  331.531503][  T951] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.540019][  T951] usb 4-1: Product: syz
[  331.545294][  T951] usb 4-1: Manufacturer: syz
[  331.550094][  T951] usb 4-1: SerialNumber: syz
[  331.592848][  T951] usb 4-1: config 0 descriptor??
[  331.707072][   T22] usb 3-1: Using ep0 maxpacket: 16
[  331.713917][ T4251] EXT4-fs (loop1): unmounting filesystem.
[  331.714245][   T22] usb 3-1: config 0 has no interfaces?
[  331.745607][   T22] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  331.792645][   T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  331.810637][ T4362] usb 4-1: USB disconnect, device number 8
[  331.828089][   T22] usb 3-1: Product: syz
[  331.838593][   T22] usb 3-1: Manufacturer: syz
[  331.848488][   T22] usb 3-1: SerialNumber: syz
[  331.879098][   T22] usb 3-1: config 0 descriptor??
[  332.292880][ T7644] netlink: 'syz.1.881': attribute type 10 has an invalid length.
[  332.329588][ T4362] usb 3-1: USB disconnect, device number 6
[  332.649796][ T7656] kvm: MONITOR instruction emulated as NOP!
[  333.922459][   T22] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  334.039997][ T7685] loop2: detected capacity change from 0 to 512
[  334.078061][ T7685] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  334.144280][   T22] usb 1-1: config 17 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  334.166667][   T22] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  334.186497][   T22] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.207725][ T7668] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  334.228852][   T22] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[  334.252750][ T4866] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  334.270115][ T7685] EXT4-fs (loop2): 1 truncate cleaned up
[  334.417839][ T7685] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  334.443574][ T4866] usb 2-1: Using ep0 maxpacket: 16
[  334.476956][ T4866] usb 2-1: config 0 has no interfaces?
[  334.576303][ T4866] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  334.689384][ T4866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.820793][ T4866] usb 2-1: Product: syz
[  334.873785][ T4866] usb 2-1: Manufacturer: syz
[  334.937537][ T4866] usb 2-1: SerialNumber: syz
[  334.954776][ T4866] usb 2-1: config 0 descriptor??
[  335.171897][ T4866] usb 2-1: USB disconnect, device number 11
[  335.243654][ T7698] 9pnet: p9_errstr2errno: server reported unknown error 18446744073
[  336.262334][ T4261] EXT4-fs (loop2): unmounting filesystem.
[  336.418479][ T7711] loop1: detected capacity change from 0 to 1024
[  336.873394][ T7711] hfsplus: failed to load catalog file
[  336.920534][ T4858] usb 1-1: USB disconnect, device number 4
[  338.457246][ T7737] loop1: detected capacity change from 0 to 512
[  338.535934][ T7737] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.913: casefold flag without casefold feature
[  338.562014][ T7737] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.913: couldn't read orphan inode 15 (err -117)
[  338.574315][ T7737] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  338.998213][ T4251] EXT4-fs (loop1): unmounting filesystem.
[  339.385166][ T7765] 9pnet: p9_errstr2errno: server reported unknown error 18446744073
[  339.512578][ T5418] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  340.334208][ T5418] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  340.355285][ T5418] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  340.365292][ T5418] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  340.378655][ T5418] usb 2-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00
[  340.472651][ T5418] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.482288][ T5418] usb 2-1: config 0 descriptor??
[  341.227448][ T5418] usb 2-1: language id specifier not provided by device, defaulting to English
[  341.349798][ T7800] binder: 7799:7800 ioctl 400c620e 2000000001c0 returned -22
[  341.642652][ T5418] uclogic 0003:5543:0047.0009: failed retrieving string descriptor #100: -71
[  341.664465][ T5418] uclogic 0003:5543:0047.0009: failed retrieving pen parameters: -71
[  341.739183][ T5418] uclogic 0003:5543:0047.0009: failed probing pen v1 parameters: -71
[  342.519259][ T5418] uclogic 0003:5543:0047.0009: failed probing parameters: -71
[  342.542765][ T5418] uclogic: probe of 0003:5543:0047.0009 failed with error -71
[  342.568140][ T7791] loop2: detected capacity change from 0 to 32768
[  342.579185][ T5418] usb 2-1: USB disconnect, device number 12
[  342.620433][ T7791] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  342.666509][ T7791] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  342.717413][ T7791] BTRFS info (device loop2): setting nodatacow, compression disabled
[  342.859734][ T7791] BTRFS info (device loop2): max_inline at 0
[  342.886375][ T7791] BTRFS info (device loop2): enabling disk space caching
[  342.921403][ T7791] BTRFS info (device loop2): turning off barriers
[  342.956825][ T7791] BTRFS info (device loop2): turning on flush-on-commit
[  342.984513][ T7791] BTRFS info (device loop2): doing ref verification
[  343.023595][ T7791] BTRFS info (device loop2): force clearing of disk cache
[  343.056675][ T7791] BTRFS info (device loop2): enabling ssd optimizations
[  343.083624][ T7791] BTRFS info (device loop2): max_inline at 4096
[  343.116331][ T7791] BTRFS info (device loop2): disk space caching is enabled
[  343.655163][ T7830] loop3: detected capacity change from 0 to 1024
[  344.238517][ T7826] hub 6-0:1.0: USB hub found
[  344.245894][ T7826] hub 6-0:1.0: 1 port detected
[  344.427924][ T5233] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by udevd (5233)
[  344.445952][ T7791] BTRFS error (device loop2): open_ctree failed: -12
[  346.384694][ T4255] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  346.393933][ T4255] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  346.524307][ T4255] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  346.542708][ T4255] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  346.585607][ T4255] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  346.592889][ T4255] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  346.725787][ T7870] loop2: detected capacity change from 0 to 1024
[  346.783864][ T7870] hfsplus: failed to load catalog file
[  346.825452][ T5233] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  347.015499][ T7879] netlink: 'syz.4.955': attribute type 10 has an invalid length.
[  348.434176][ T7868] chnl_net:caif_netlink_parms(): no params data found
[  348.513505][ T7871] loop3: detected capacity change from 0 to 32768
[  348.684804][ T7871] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  348.732640][ T4255] Bluetooth: hci1: command 0x0409 tx timeout
[  348.741479][ T7871] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  348.772905][ T7871] BTRFS info (device loop3): setting nodatacow, compression disabled
[  348.799120][ T7871] BTRFS info (device loop3): max_inline at 0
[  348.825176][ T7871] BTRFS info (device loop3): enabling disk space caching
[  348.856317][ T7871] BTRFS info (device loop3): turning off barriers
[  348.866305][ T7868] bridge0: port 1(bridge_slave_0) entered blocking state
[  348.889233][ T7871] BTRFS info (device loop3): turning on flush-on-commit
[  348.902551][ T7868] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.919195][ T7871] BTRFS info (device loop3): doing ref verification
[  348.939732][ T7868] device bridge_slave_0 entered promiscuous mode
[  348.954871][ T7871] BTRFS info (device loop3): force clearing of disk cache
[  348.962822][ T7871] BTRFS info (device loop3): enabling ssd optimizations
[  349.006182][ T7868] bridge0: port 2(bridge_slave_1) entered blocking state
[  349.013673][ T7868] bridge0: port 2(bridge_slave_1) entered disabled state
[  349.021983][ T7868] device bridge_slave_1 entered promiscuous mode
[  349.023693][ T7871] BTRFS info (device loop3): max_inline at 4096
[  349.113368][ T7868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  349.122896][ T7871] BTRFS info (device loop3): disk space caching is enabled
[  349.202169][ T7868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  349.290148][ T7871] BTRFS info (device loop3): rebuilding free space tree
[  349.320053][ T7871] BTRFS info (device loop3): disabling free space tree
[  349.353902][ T7871] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  349.392702][ T7871] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  349.480402][ T7868] team0: Port device team_slave_0 added
[  349.538085][ T4266] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  349.544829][ T7868] team0: Port device team_slave_1 added
[  350.244282][ T7942] netlink: 'syz.1.967': attribute type 10 has an invalid length.
[  350.346640][ T7868] batman_adv: batadv0: Adding interface: batadv_slave_0
[  350.362514][ T7868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.420838][ T7868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  350.453537][ T7868] batman_adv: batadv0: Adding interface: batadv_slave_1
[  350.460524][ T7868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  350.665858][ T7868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  350.850746][ T4255] Bluetooth: hci1: command 0x041b tx timeout
[  351.558544][ T7964] 9pnet: p9_errstr2errno: server reported unknown error 18446744073
[  351.570256][ T7868] device hsr_slave_0 entered promiscuous mode
[  351.587806][ T7868] device hsr_slave_1 entered promiscuous mode
[  351.605422][ T7868] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  351.648933][ T7868] Cannot create hsr debugfs directory
[  351.830933][ T7972] loop2: detected capacity change from 0 to 512
[  351.901698][ T7972] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.979: casefold flag without casefold feature
[  351.979093][ T7972] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.979: couldn't read orphan inode 15 (err -117)
[  352.011742][ T7972] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  352.247116][ T7868] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  352.263594][ T7868] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  352.280593][ T7868] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  352.318139][ T7868] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  352.481049][ T8000] 9pnet_virtio: no channels available for device syz
[  352.539927][ T7868] 8021q: adding VLAN 0 to HW filter on device bond0
[  352.596419][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  352.616489][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  352.665571][ T7868] 8021q: adding VLAN 0 to HW filter on device team0
[  352.707737][ T4261] EXT4-fs (loop2): unmounting filesystem.
[  352.715589][ T8005] netlink: 'syz.1.987': attribute type 11 has an invalid length.
[  352.745346][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  352.755288][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  352.893041][ T4264] Bluetooth: hci1: command 0x040f tx timeout
[  352.932609][ T7578] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.939726][ T7578] bridge0: port 1(bridge_slave_0) entered forwarding state
[  352.947515][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  353.009614][ T7868] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  353.021019][ T7868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  354.904621][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  354.972632][ T4264] Bluetooth: hci1: command 0x0419 tx timeout
[  355.003971][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  355.012621][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.019715][ T5891] bridge0: port 2(bridge_slave_1) entered forwarding state
[  355.027444][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  355.074386][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  355.084629][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  355.094070][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  355.102907][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  355.111687][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  355.240325][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  355.585790][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  355.596186][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  355.604823][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  355.613995][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  355.622098][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  356.097592][ T8025] lo speed is unknown, defaulting to 1000
[  356.955976][ T8025] lo speed is unknown, defaulting to 1000
[  357.045899][ T8007] batman_adv: batadv0: Interface deactivated: wlan0
[  357.131926][ T8025] lo speed is unknown, defaulting to 1000
[  357.138033][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  357.163387][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  357.171967][ T8025] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  357.207282][ T8007] batman_adv: batadv0: Interface deactivated: wlan0
[  357.236075][ T7868] 8021q: adding VLAN 0 to HW filter on device batadv0
[  357.257566][ T8025] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  357.419221][ T8007] batman_adv: batadv0: Interface deactivated: wlan0
[  357.524767][ T8025] lo speed is unknown, defaulting to 1000
[  357.538706][ T8007] batman_adv: batadv0: Interface deactivated: wlan0
[  357.553460][ T8052] 9pnet_fd: Insufficient options for proto=fd
[  357.602910][ T8025] lo speed is unknown, defaulting to 1000
[  357.609293][ T8025] lo speed is unknown, defaulting to 1000
[  357.623987][ T8007] batman_adv: batadv0: Interface deactivated: wlan0
[  357.656878][ T8025] lo speed is unknown, defaulting to 1000
[  357.688906][ T8025] lo speed is unknown, defaulting to 1000
[  357.820427][ T8025] lo speed is unknown, defaulting to 1000
[  357.876100][ T8038] loop3: detected capacity change from 0 to 32768
[  357.928341][ T8038] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.993 (8038)
[  357.996348][ T8038] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  358.121826][ T8038] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  358.994096][ T8038] BTRFS info (device loop3): setting nodatacow, compression disabled
[  359.085981][ T8038] BTRFS info (device loop3): max_inline at 0
[  359.269414][ T8038] BTRFS info (device loop3): enabling disk space caching
[  359.392593][ T8038] BTRFS info (device loop3): turning off barriers
[  359.399149][ T8038] BTRFS info (device loop3): turning on flush-on-commit
[  359.406539][ T8038] BTRFS info (device loop3): doing ref verification
[  359.413444][ T8038] BTRFS info (device loop3): force clearing of disk cache
[  359.420747][ T8038] BTRFS info (device loop3): enabling ssd optimizations
[  359.432247][ T8038] BTRFS info (device loop3): max_inline at 4096
[  359.458907][ T8038] BTRFS info (device loop3): disk space caching is enabled
[  359.515460][ T8070] 9pnet_fd: Insufficient options for proto=fd
[  360.430456][ T8038] BTRFS error (device loop3): open_ctree failed: -12
[  360.492818][ T5233] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (5233)
[  360.795923][ T8098] fuse: Bad value for 'fd'
[  360.915941][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  360.959007][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  361.059380][ T7868] device veth0_vlan entered promiscuous mode
[  361.141085][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  361.159620][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  361.176370][ T8117] 9pnet_fd: Insufficient options for proto=fd
[  361.207409][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  361.244054][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  361.285543][ T7868] device veth1_vlan entered promiscuous mode
[  361.367533][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  361.387048][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  361.421761][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  361.474409][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  361.508387][ T7868] device veth0_macvtap entered promiscuous mode
[  361.531794][ T7868] device veth1_macvtap entered promiscuous mode
[  361.654098][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.336969][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.383422][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.394074][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.422577][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.477895][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.532463][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.622320][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.699891][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.787728][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.016950][ T7868] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.070499][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.081132][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.091054][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.111825][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.122763][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.153708][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.227707][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.316453][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.357861][ T7868] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.392893][ T7868] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.462154][ T7868] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.510731][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  363.526373][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  363.572315][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  363.643227][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  363.678957][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  363.737128][ T5284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  363.855741][ T8168] 9pnet_fd: Insufficient options for proto=fd
[  363.893823][ T7868] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.913105][ T7868] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.941801][ T7868] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.971821][ T7868] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.201090][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.224751][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.277491][ T7578] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  364.307240][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.330979][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.371394][ T4332] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  365.241056][ T8201] fuse: Unknown parameter 'grou00000000000000000000'
[  366.282569][ T4242] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  366.496872][ T8226] loop1: detected capacity change from 0 to 1024
[  366.515128][ T4242] usb 4-1: config 0 has an invalid interface number: 151 but max is 0
[  366.549709][ T4242] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  367.183227][ T4242] usb 4-1: config 0 has no interface number 0
[  367.189379][ T4242] usb 4-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  367.223551][ T8225] hub 6-0:1.0: USB hub found
[  367.250978][ T8225] hub 6-0:1.0: 1 port detected
[  367.296007][ T4242] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  367.312318][ T4242] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.320437][ T4242] usb 4-1: Product: syz
[  367.340321][ T4242] usb 4-1: Manufacturer: syz
[  367.361112][ T4242] usb 4-1: SerialNumber: syz
[  367.380912][ T4242] usb 4-1: config 0 descriptor??
[  368.145793][ T8259] fuse: Unknown parameter 'grou00000000000000000000'
[  368.874620][ T4242] usb 4-1: USB disconnect, device number 9
[  368.878016][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  370.432626][ T5201] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  370.542606][ T4242] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  370.632573][ T5201] usb 2-1: Using ep0 maxpacket: 8
[  370.649673][ T5201] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  370.680802][ T5201] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  370.727626][ T5201] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.745214][ T4242] usb 3-1: config 0 has an invalid interface number: 151 but max is 0
[  370.758829][ T4242] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  370.767192][ T5201] usb 2-1: config 0 descriptor??
[  370.781036][ T4242] usb 3-1: config 0 has no interface number 0
[  370.802249][ T4242] usb 3-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  370.865919][ T4242] usb 3-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  370.918702][ T4242] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.944706][ T4242] usb 3-1: Product: syz
[  370.978013][ T4242] usb 3-1: Manufacturer: syz
[  370.983476][ T5201] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  370.992438][ T4242] usb 3-1: SerialNumber: syz
[  371.011305][ T4242] usb 3-1: config 0 descriptor??
[  371.237525][ T8287] syz.1.1048 uses obsolete (PF_INET,SOCK_PACKET)
[  371.436004][ T4704] udevd[4704]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  371.454489][ T4242] usb 3-1: USB disconnect, device number 7
[  371.706184][ T5201] usb 2-1: USB disconnect, device number 13
[  371.838688][   T26] kauditd_printk_skb: 34 callbacks suppressed
[  371.838702][   T26] audit: type=1326 audit(1751116381.854:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  371.940270][   T26] audit: type=1326 audit(1751116381.894:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.052544][   T26] audit: type=1326 audit(1751116381.894:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.136291][   T26] audit: type=1326 audit(1751116381.894:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.279256][   T26] audit: type=1326 audit(1751116381.894:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.407164][   T26] audit: type=1326 audit(1751116381.894:678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.532690][   T26] audit: type=1326 audit(1751116381.894:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.761603][ T8361] loop1: detected capacity change from 0 to 32768
[  372.784342][   T26] audit: type=1326 audit(1751116381.894:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.845859][ T8361] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  372.856548][ T8361] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  372.865425][ T8361] BTRFS info (device loop1): setting nodatacow, compression disabled
[  372.873583][ T8361] BTRFS info (device loop1): max_inline at 0
[  372.879552][ T8361] BTRFS info (device loop1): enabling disk space caching
[  372.886604][ T8361] BTRFS info (device loop1): turning off barriers
[  372.893071][ T8361] BTRFS info (device loop1): turning on flush-on-commit
[  372.899996][ T8361] BTRFS info (device loop1): doing ref verification
[  372.906622][ T8361] BTRFS info (device loop1): force clearing of disk cache
[  372.913786][ T8361] BTRFS info (device loop1): enabling ssd optimizations
[  372.920731][ T8361] BTRFS info (device loop1): max_inline at 4096
[  372.927022][ T8361] BTRFS info (device loop1): disk space caching is enabled
[  372.942449][   T26] audit: type=1326 audit(1751116381.894:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  372.965556][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.178386][   T26] audit: type=1326 audit(1751116381.894:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.5.1064" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  373.200686][    C0] vkms_vblank_simulate: vblank timer overrun
[  373.313088][ T8361] BTRFS info (device loop1): rebuilding free space tree
[  373.327402][ T8361] BTRFS info (device loop1): disabling free space tree
[  373.334367][ T8361] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  373.344038][ T8361] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  373.929984][ T4251] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  376.780839][ T8411] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  376.912635][  T126] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  377.110621][ T8418] infiniband Syz0: RDMA CMA: cma_listen_on_dev, error -98
[  377.149043][  T126] usb 6-1: config 0 has an invalid interface number: 151 but max is 0
[  377.170206][  T126] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  377.204697][  T126] usb 6-1: config 0 has no interface number 0
[  377.222199][  T126] usb 6-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  377.260442][  T126] usb 6-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  377.286933][  T126] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.293421][ T8425] 9pnet_fd: Insufficient options for proto=fd
[  377.323563][  T126] usb 6-1: Product: syz
[  377.327776][  T126] usb 6-1: Manufacturer: syz
[  377.351956][  T126] usb 6-1: SerialNumber: syz
[  377.368035][  T126] usb 6-1: config 0 descriptor??
[  377.633260][ T8434] random: crng reseeded on system resumption
[  378.551632][ T1273] ieee802154 phy0 wpan0: encryption failed: -22
[  378.558055][ T1273] ieee802154 phy1 wpan1: encryption failed: -22
[  378.832867][  T126] usb 6-1: USB disconnect, device number 2
[  378.905352][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  379.311030][ T8457] 9pnet_fd: Insufficient options for proto=fd
[  380.677817][ T8468] 9pnet_fd: Insufficient options for proto=fd
[  382.406590][ T8505] 9pnet_fd: Insufficient options for proto=fd
[  382.580903][ T4315] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  382.799680][ T4315] usb 3-1: config 0 has an invalid interface number: 151 but max is 0
[  382.811434][ T4315] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  382.832767][ T4315] usb 3-1: config 0 has no interface number 0
[  382.855814][ T4315] usb 3-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  382.856869][ T8511] 9pnet_fd: Insufficient options for proto=fd
[  382.922292][ T8512] netlink: 'syz.4.1109': attribute type 4 has an invalid length.
[  382.951825][ T4315] usb 3-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  382.971943][ T4315] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.992311][ T4315] usb 3-1: Product: syz
[  382.996594][ T4315] usb 3-1: Manufacturer: syz
[  383.001196][ T4315] usb 3-1: SerialNumber: syz
[  383.066938][ T4315] usb 3-1: config 0 descriptor??
[  383.466440][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  383.500623][ T4315] usb 3-1: USB disconnect, device number 8
[  383.936789][ T8529] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus
[  384.114641][   T26] kauditd_printk_skb: 11 callbacks suppressed
[  384.114651][   T26] audit: type=1326 audit(1751116394.134:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.211952][   T26] audit: type=1326 audit(1751116394.164:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.329343][   T26] audit: type=1326 audit(1751116394.164:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.414266][   T26] audit: type=1326 audit(1751116394.184:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.482285][   T26] audit: type=1326 audit(1751116394.184:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.560469][   T26] audit: type=1326 audit(1751116394.184:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.564472][ T8529] 9pnet_virtio: no channels available for device syz
[  384.702970][   T26] audit: type=1326 audit(1751116394.184:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.808829][ T8529] fuse: Bad value for 'user_id'
[  384.808884][   T26] audit: type=1326 audit(1751116394.184:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  384.823922][   T26] audit: type=1326 audit(1751116394.184:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  385.131231][   T26] audit: type=1326 audit(1751116394.184:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8532 comm="syz.2.1115" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa3a158e929 code=0x7ffc0000
[  385.403969][ T8549] 9pnet_fd: Insufficient options for proto=fd
[  385.766488][ T8554] netlink: 'syz.1.1121': attribute type 10 has an invalid length.
[  388.502644][ T5780] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  388.704525][ T5780] usb 2-1: config 0 has an invalid interface number: 151 but max is 0
[  388.742861][ T5780] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  388.794644][ T5780] usb 2-1: config 0 has no interface number 0
[  388.814240][ T5780] usb 2-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  388.856201][ T5780] usb 2-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  388.887141][ T5780] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.913536][ T5780] usb 2-1: Product: syz
[  389.002293][ T5780] usb 2-1: Manufacturer: syz
[  389.236947][ T8591] netlink: 'syz.3.1133': attribute type 10 has an invalid length.
[  389.348546][ T5780] usb 2-1: SerialNumber: syz
[  389.508989][ T5780] usb 2-1: config 0 descriptor??
[  389.562210][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.575920][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.584005][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.618078][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.627265][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.689680][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.710407][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.732200][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.747006][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.763807][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.780714][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.796569][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.813566][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.829463][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.846311][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.863219][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.880205][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.895973][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.913653][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.932015][ T5780] usb 2-1: USB disconnect, device number 14
[  389.948979][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  389.980150][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.011611][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.041045][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.059175][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.075011][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.091671][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.106220][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.121502][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.129617][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.137607][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.145547][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.153517][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.161338][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.176420][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.202211][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.236534][ T8603] loop2: detected capacity change from 0 to 1024
[  390.258456][ T8603] hub 6-0:1.0: USB hub found
[  390.263424][ T8603] hub 6-0:1.0: 1 port detected
[  390.279460][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.434154][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.463975][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.483315][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.501749][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.518643][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.563592][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.598265][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: unknown main item tag 0x0
[  390.637354][ T4862] hid-generic 0000:007F:FFFFFFFE.000A: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  391.892642][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  392.311711][ T8624] fido_id[8624]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  392.681530][   T26] kauditd_printk_skb: 54 callbacks suppressed
[  392.681545][   T26] audit: type=1326 audit(1751116402.694:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  392.896848][   T26] audit: type=1326 audit(1751116402.744:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  392.949844][   T26] audit: type=1326 audit(1751116402.744:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.002559][   T26] audit: type=1326 audit(1751116402.744:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.067095][   T26] audit: type=1326 audit(1751116402.744:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.122978][   T26] audit: type=1326 audit(1751116402.744:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.180280][   T26] audit: type=1326 audit(1751116402.744:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.258616][   T26] audit: type=1326 audit(1751116402.744:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.320235][   T26] audit: type=1326 audit(1751116402.744:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.352299][   T26] audit: type=1326 audit(1751116402.744:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8635 comm="syz.1.1147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d2078e929 code=0x7ffc0000
[  393.762503][ T5780] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  393.964042][ T5780] usb 4-1: config 0 has an invalid interface number: 151 but max is 0
[  394.009899][ T5780] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  394.056859][ T5780] usb 4-1: config 0 has no interface number 0
[  394.118261][ T5780] usb 4-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  394.240253][ T5780] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  394.450169][ T5780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.552934][ T5780] usb 4-1: Product: syz
[  394.599113][ T5780] usb 4-1: Manufacturer: syz
[  394.635811][ T5780] usb 4-1: SerialNumber: syz
[  394.674074][ T5780] usb 4-1: config 0 descriptor??
[  395.115554][ T8673] loop2: detected capacity change from 0 to 32768
[  395.465424][ T8673] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1159 (8673)
[  395.488398][ T8673] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  395.498593][ T8673] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  395.507348][ T8673] BTRFS info (device loop2): setting nodatacow, compression disabled
[  395.515496][ T8673] BTRFS info (device loop2): max_inline at 0
[  395.521464][ T8673] BTRFS info (device loop2): enabling disk space caching
[  395.528597][ T8673] BTRFS info (device loop2): turning off barriers
[  395.535097][ T8673] BTRFS info (device loop2): turning on flush-on-commit
[  395.542031][ T8673] BTRFS info (device loop2): doing ref verification
[  395.548633][ T8673] BTRFS info (device loop2): force clearing of disk cache
[  395.556151][ T8673] BTRFS info (device loop2): enabling ssd optimizations
[  395.563148][ T8673] BTRFS info (device loop2): max_inline at 4096
[  395.569372][ T8673] BTRFS info (device loop2): disk space caching is enabled
[  395.759019][ T5780] usb 4-1: USB disconnect, device number 10
[  395.853667][ T8673] BTRFS info (device loop2): rebuilding free space tree
[  395.869988][ T8673] BTRFS info (device loop2): disabling free space tree
[  395.876957][ T8673] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  395.886684][ T8673] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  395.966228][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  396.670911][ T4261] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  396.938886][ T8716] netlink: 'syz.3.1165': attribute type 10 has an invalid length.
[  400.080789][ T8723] device wireguard0 entered promiscuous mode
[  400.831645][ T8750] loop1: detected capacity change from 0 to 1024
[  400.943669][ T8750] hfsplus: failed to load catalog file
[  401.318353][ T8755] netlink: 'syz.4.1177': attribute type 10 has an invalid length.
[  404.143626][ T5778] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  404.367289][ T5778] usb 3-1: config 0 has an invalid interface number: 151 but max is 0
[  404.400222][ T5778] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.500023][ T5778] usb 3-1: config 0 has no interface number 0
[  404.562000][ T5778] usb 3-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  404.600839][ T8783] sd 0:0:1:0: PR command failed: 1026
[  404.644722][ T8783] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  404.698118][ T5778] usb 3-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  404.718111][ T8783] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  404.772827][ T5778] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.848281][ T5778] usb 3-1: Product: syz
[  404.883748][ T5778] usb 3-1: Manufacturer: syz
[  404.916091][ T5778] usb 3-1: SerialNumber: syz
[  404.989401][ T5778] usb 3-1: config 0 descriptor??
[  405.871341][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  405.886934][ T8801] netlink: 'syz.5.1189': attribute type 10 has an invalid length.
[  405.896974][ T5778] usb 3-1: USB disconnect, device number 9
[  405.947829][ T8801] batman_adv: batadv0: Adding interface: wlan0
[  405.955552][ T8801] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  405.982734][ T8801] batman_adv: batadv0: Interface activated: wlan0
[  406.502504][   T26] kauditd_printk_skb: 43 callbacks suppressed
[  406.502519][   T26] audit: type=1326 audit(1751116416.484:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8805 comm="syz.3.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  407.071779][   T26] audit: type=1326 audit(1751116416.484:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8805 comm="syz.3.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  407.312859][   T26] audit: type=1326 audit(1751116416.494:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8805 comm="syz.3.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  407.353447][   T26] audit: type=1326 audit(1751116416.494:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8805 comm="syz.3.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  407.645584][ T8815] loop3: detected capacity change from 0 to 32768
[  407.690902][ T8815] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1194 (8815)
[  408.297314][   T26] audit: type=1326 audit(1751116416.494:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8805 comm="syz.3.1191" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f186c98e929 code=0x7ffc0000
[  408.365490][ T8815] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  408.375704][ T8815] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  408.384446][ T8815] BTRFS info (device loop3): setting nodatacow, compression disabled
[  408.392538][ T8815] BTRFS info (device loop3): max_inline at 0
[  408.398500][ T8815] BTRFS info (device loop3): enabling disk space caching
[  408.405540][ T8815] BTRFS info (device loop3): turning off barriers
[  408.411931][ T8815] BTRFS info (device loop3): turning on flush-on-commit
[  408.418946][ T8815] BTRFS info (device loop3): doing ref verification
[  408.425575][ T8815] BTRFS info (device loop3): force clearing of disk cache
[  408.432732][ T8815] BTRFS info (device loop3): enabling ssd optimizations
[  408.439666][ T8815] BTRFS info (device loop3): max_inline at 4096
[  408.445942][ T8815] BTRFS info (device loop3): disk space caching is enabled
[  408.602718][ T4294] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  408.726696][ T8815] BTRFS info (device loop3): rebuilding free space tree
[  408.749586][ T8815] BTRFS info (device loop3): disabling free space tree
[  408.756595][ T8815] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  408.766272][ T8815] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  408.804526][ T4294] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  408.846605][ T4294] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  409.102478][ T4294] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  409.137169][ T4294] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.228508][ T8824] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  409.261786][ T4266] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  409.354003][ T5233] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 13 /dev/loop3 scanned by udevd (5233)
[  409.756883][ T8861] loop5: detected capacity change from 0 to 4096
[  411.286002][ T8865] overlayfs: missing 'lowerdir'
[  411.520270][ T4294] usb 6-1: USB disconnect, device number 3
[  413.863909][ T8877] loop5: detected capacity change from 0 to 32768
[  413.892305][ T8877] BTRFS error: device /dev/loop5 already registered with a higher generation, found 8 expect 13
[  413.968233][ T8878] overlayfs: failed to resolve './file0': -2
[  415.134904][ T8880] loop2: detected capacity change from 0 to 1024
[  415.189010][ T8880] hfsplus: failed to load catalog file
[  415.341154][ T5233] BTRFS error: device /dev/loop5 already registered with a higher generation, found 8 expect 13
[  416.417388][ T8900] fuse: Bad value for 'fd'
[  416.500826][ T8906] overlayfs: missing 'lowerdir'
[  416.910084][ T8912] loop5: detected capacity change from 0 to 512
[  417.041076][    T7] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  417.881459][ T8912] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  417.948209][ T8912] EXT4-fs (loop5): 1 truncate cleaned up
[  417.954412][ T8912] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  418.115439][    T7] usb 3-1: config 0 has an invalid interface number: 151 but max is 0
[  418.142414][    T7] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  418.189519][    T7] usb 3-1: config 0 has no interface number 0
[  418.195953][    T7] usb 3-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  418.245749][ T7868] EXT4-fs (loop5): unmounting filesystem.
[  418.267298][    T7] usb 3-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  418.292567][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.317951][    T7] usb 3-1: Product: syz
[  418.322154][    T7] usb 3-1: Manufacturer: syz
[  418.342479][    T7] usb 3-1: SerialNumber: syz
[  418.349953][    T7] usb 3-1: config 0 descriptor??
[  418.681519][ T8920] loop1: detected capacity change from 0 to 32768
[  419.201495][ T8920] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 13
[  419.362814][ T8926] overlayfs: failed to resolve './file0': -2
[  419.586931][    T7] usb 3-1: USB disconnect, device number 10
[  419.648868][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  420.664528][ T4704] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 13
[  421.009931][ T8952] netlink: 'syz.2.1223': attribute type 46 has an invalid length.
[  421.018129][ T8952] netlink: 'syz.2.1223': attribute type 46 has an invalid length.
[  421.676375][ T8954] fuse: Bad value for 'fd'
[  422.467922][ T8969] loop3: detected capacity change from 0 to 512
[  423.281008][ T8969] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  423.387654][ T8969] EXT4-fs (loop3): 1 truncate cleaned up
[  423.393447][ T8969] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  423.800011][ T4266] EXT4-fs (loop3): unmounting filesystem.
[  424.918956][ T8996] loop2: detected capacity change from 0 to 1024
[  424.954199][ T8996] hfsplus: failed to load catalog file
[  426.724002][ T9014] ALSA: mixer_oss: invalid OSS volume ''
[  427.282397][ T9022] loop3: detected capacity change from 0 to 512
[  427.504405][ T9022] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  427.713290][ T9022] EXT4-fs (loop3): 1 truncate cleaned up
[  427.719083][ T9022] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  427.954682][ T4266] EXT4-fs (loop3): unmounting filesystem.
[  427.983887][ T9029] overlayfs: missing 'lowerdir'
[  429.122538][ T4294] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  429.173202][   T26] audit: type=1326 audit(1751116439.194:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.219726][   T26] audit: type=1326 audit(1751116439.194:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.248523][   T26] audit: type=1326 audit(1751116439.224:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.282826][   T26] audit: type=1326 audit(1751116439.234:819): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.324150][ T4294] usb 4-1: config 0 has an invalid interface number: 151 but max is 0
[  429.352608][ T4294] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  429.362412][   T26] audit: type=1326 audit(1751116439.234:820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.379650][ T4294] usb 4-1: config 0 has no interface number 0
[  429.396775][ T4294] usb 4-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  429.462250][ T4294] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  429.482432][   T26] audit: type=1326 audit(1751116439.234:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.502492][ T4294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.522239][ T4294] usb 4-1: Product: syz
[  429.532381][ T4294] usb 4-1: Manufacturer: syz
[  429.547268][ T4294] usb 4-1: SerialNumber: syz
[  429.553997][ T4294] usb 4-1: config 0 descriptor??
[  429.617926][   T26] audit: type=1326 audit(1751116439.234:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.677882][   T26] audit: type=1326 audit(1751116439.234:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.712319][   T26] audit: type=1326 audit(1751116439.234:824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.741730][   T26] audit: type=1326 audit(1751116439.234:825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9042 comm="syz.5.1254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fdb2a18e929 code=0x7ffc0000
[  429.809714][ T4294] usb 4-1: USB disconnect, device number 11
[  430.281617][ T4321] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  430.300045][ T9060] overlayfs: failed to clone upperpath
[  430.586039][ T5233] udevd[5233]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  430.853957][ T4321] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  430.882450][ T4321] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  430.942985][ T4321] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  431.056306][ T9077] overlayfs: missing 'lowerdir'
[  431.103624][ T4321] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.113744][ T4321] usb 6-1: config 0 descriptor??
[  431.126691][ T4321] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  432.300288][ T9068] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.360034][ T9080] device gtp0 entered promiscuous mode
[  432.373407][ T9082] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1264'.
[  432.564777][ T9068] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.707511][ T9068] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.742638][  T951] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  432.863774][ T9068] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.890803][ T9090] MPTCP: kernel_bind error, err=-99
[  432.902536][  T951] usb 2-1: device descriptor read/64, error -71
[  432.959461][ T9068] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  433.007047][ T9068] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  433.021930][ T9068] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  433.038717][ T9068] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  433.192492][  T951] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  433.395629][  T951] usb 2-1: device descriptor read/64, error -71
[  433.402659][ T5200] usb 6-1: USB disconnect, device number 4
[  433.537868][  T951] usb usb2-port1: attempt power cycle
[  434.052494][  T951] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  434.264472][  T951] usb 2-1: device descriptor read/8, error -71
[  434.862790][  T951] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  434.923120][  T951] usb 2-1: device descriptor read/8, error -71
[  435.052787][  T951] usb usb2-port1: unable to enumerate USB device
[  435.182514][ T4858] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  435.364027][ T4858] usb 6-1: config 0 has an invalid interface number: 151 but max is 0
[  435.387040][ T4858] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  435.441271][ T4858] usb 6-1: config 0 has no interface number 0
[  435.473952][ T4858] usb 6-1: config 0 interface 151 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  435.573622][ T4858] usb 6-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  435.586126][ T9122] page:ffffea000152ee80 refcount:4 mapcount:1 mapping:ffff888056d335e8 index:0x0 pfn:0x54bba
[  435.598001][ T9122] memcg:ffff888074a4e000
[  435.602282][ T9122] aops:shmem_aops ino:577
[  435.606631][ T9122] flags: 0xfff60000080015(locked|uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[  435.616429][ T9122] raw: 00fff60000080015 ffffea0001c67d48 ffffea00014de408 ffff888056d335e8
[  435.624997][ T9122] raw: 0000000000000000 0000000000000000 0000000400000000 ffff888074a4e000
[  435.633584][ T9122] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio))
[  435.640857][ T9122] page_owner tracks the page as allocated
[  435.647793][ T9122] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 9123, tgid 9122 (syz.1.1278), ts 435584131269, free_ts 435543496542
[  435.665497][ T9122]  post_alloc_hook+0x173/0x1a0
[  435.670260][ T9122]  get_page_from_freelist+0x1a26/0x1ac0
[  435.675794][ T9122]  __alloc_pages+0x1df/0x4e0
[  435.680369][ T9122]  __folio_alloc+0xe/0x30
[  435.684677][ T9122]  vma_alloc_folio+0x4a3/0x900
[  435.689427][ T9122]  shmem_alloc_and_acct_folio+0x42e/0xb60
[  435.695135][ T9122]  shmem_get_folio_gfp+0x1361/0x3400
[  435.700403][ T9122]  shmem_read_mapping_page_gfp+0x99/0x2b0
[  435.706103][ T9122]  udmabuf_create+0x981/0xf90
[  435.710776][ T9122]  udmabuf_ioctl+0x1d1/0x2c0
[  435.715350][ T9122]  __se_sys_ioctl+0xfa/0x170
[  435.719939][ T9122]  do_syscall_64+0x4c/0xa0
[  435.724341][ T9122]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  435.730222][ T9122] page last free stack trace:
[  435.734885][ T9122]  free_unref_page_prepare+0x8b4/0x9a0
[  435.740339][ T9122]  free_unref_page_list+0xbb/0x8e0
[  435.745434][ T9122]  release_pages+0x1f92/0x2200
[  435.750201][ T9122]  __pagevec_release+0x6d/0xe0
[  435.754955][ T9122]  shmem_undo_range+0x75b/0x2050
[  435.759876][ T9122]  shmem_evict_inode+0x248/0xa40
[  435.764804][ T9122]  evict+0x485/0x870
[  435.768699][ T9122]  __dentry_kill+0x431/0x650
[  435.773273][ T9122]  dentry_kill+0xb8/0x290
[  435.777586][ T9122]  dput+0xfa/0x1d0
[  435.781291][ T9122]  do_renameat2+0x8ad/0xc70
[  435.785777][ T9122]  __x64_sys_rename+0x82/0x90
[  435.790437][ T9122]  do_syscall_64+0x4c/0xa0
[  435.794838][ T9122]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  435.800805][ T9122] ------------[ cut here ]------------
[  435.806241][ T9122] kernel BUG at mm/filemap.c:153!
[  435.811279][ T9122] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  435.817345][ T9122] CPU: 1 PID: 9122 Comm: syz.1.1278 Not tainted 6.1.142-syzkaller #0
[  435.825387][ T9122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  435.835425][ T9122] RIP: 0010:filemap_unaccount_folio+0x5cf/0xa80
[  435.841654][ T9122] Code: 07 38 c1 0f 8c 19 fe ff ff 4c 89 e7 e8 0a 72 27 00 e9 0c fe ff ff e8 80 f6 d5 ff 48 89 df 48 c7 c6 60 0d 75 8a e8 a1 e1 11 00 <0f> 0b e8 6a f6 d5 ff 48 89 df 48 c7 c6 c0 12 75 8a e8 8b e1 11 00
[  435.861259][ T9122] RSP: 0018:ffffc9000519f618 EFLAGS: 00010046
[  435.867318][ T9122] RAX: 3b2948facaddb800 RBX: ffffea000152ee80 RCX: 3b2948facaddb800
[  435.875277][ T9122] RDX: 0000000000000002 RSI: ffffffff8a6c1160 RDI: ffffffff8abf14a0
[  435.883231][ T9122] RBP: ffffc9000519f778 R08: dffffc0000000000 R09: fffffbfff1bfd1a6
[  435.891218][ T9122] R10: fffffbfff1bfd1a6 R11: 1ffffffff1bfd1a5 R12: dffffc0000000000
[  435.899171][ T9122] R13: dffffc0000000000 R14: ffff888056d335e8 R15: ffff888056d335f0
[  435.907123][ T9122] FS:  000055555fa9c500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  435.916042][ T9122] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  435.922600][ T9122] CR2: 0000200000000000 CR3: 0000000078667000 CR4: 00000000003506e0
[  435.930553][ T9122] DR0: 0000000000000000 DR1: 0000000000000097 DR2: 0000000000000000
[  435.938503][ T9122] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  435.946451][ T9122] Call Trace:
[  435.949707][ T9122]  <TASK>
[  435.952619][ T9122]  __filemap_remove_folio+0xbb/0x860
[  435.957887][ T9122]  ? __rwlock_init+0x140/0x140
[  435.962630][ T9122]  ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30
[  435.969646][ T9122]  ? _raw_spin_lock_irq+0xab/0xe0
[  435.974663][ T9122]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  435.980026][ T9122]  filemap_remove_folio+0xed/0x2c0
[  435.985123][ T9122]  truncate_inode_folio+0x59/0x70
[  435.990161][ T9122]  shmem_undo_range+0x4d2/0x2050
[  435.995087][ T9122]  ? shmem_truncate_range+0xb0/0xb0
[  436.000275][ T9122]  ? do_raw_spin_lock+0x11d/0x280
[  436.005284][ T9122]  ? __rwlock_init+0x140/0x140
[  436.010030][ T9122]  shmem_evict_inode+0x248/0xa40
[  436.014954][ T9122]  ? _raw_spin_unlock+0x24/0x40
[  436.019808][ T9122]  ? inode_wait_for_writeback+0x1b0/0x200
[  436.025508][ T9122]  ? shmem_free_in_core_inode+0xb0/0xb0
[  436.031036][ T9122]  ? do_raw_spin_lock+0x11d/0x280
[  436.036050][ T9122]  ? bit_waitqueue+0x30/0x30
[  436.040624][ T9122]  ? do_raw_spin_unlock+0x11d/0x230
[  436.045802][ T9122]  ? shmem_free_in_core_inode+0xb0/0xb0
[  436.051328][ T9122]  evict+0x485/0x870
[  436.055204][ T9122]  ? __lock_acquire+0x7c50/0x7c50
[  436.060213][ T9122]  ? proc_nr_inodes+0x2f0/0x2f0
[  436.065043][ T9122]  ? do_raw_spin_unlock+0x11d/0x230
[  436.070226][ T9122]  ? _raw_spin_unlock+0x24/0x40
[  436.075056][ T9122]  ? iput+0x768/0x980
[  436.079024][ T9122]  __dentry_kill+0x431/0x650
[  436.083607][ T9122]  dentry_kill+0xb8/0x290
[  436.087913][ T9122]  ? dput+0x37/0x1d0
[  436.091780][ T9122]  dput+0xfa/0x1d0
[  436.095477][ T9122]  __fput+0x5e0/0x920
[  436.099437][ T9122]  task_work_run+0x1ca/0x250
[  436.104005][ T9122]  ? task_work_cancel+0x230/0x230
[  436.109006][ T9122]  ? __close_range+0x1c5/0x730
[  436.113748][ T9122]  ? exit_to_user_mode_loop+0x3b/0x110
[  436.119187][ T9122]  exit_to_user_mode_loop+0xe6/0x110
[  436.124462][ T9122]  exit_to_user_mode_prepare+0xb1/0x140
[  436.130004][ T9122]  syscall_exit_to_user_mode+0x16/0x40
[  436.135450][ T9122]  do_syscall_64+0x58/0xa0
[  436.139854][ T9122]  ? clear_bhb_loop+0x60/0xb0
[  436.144513][ T9122]  ? clear_bhb_loop+0x60/0xb0
[  436.149179][ T9122]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  436.155083][ T9122] RIP: 0033:0x7f0d2078e929
[  436.159491][ T9122] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.179081][ T9122] RSP: 002b:00007fff1fe27da8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  436.187472][ T9122] RAX: 0000000000000000 RBX: 000000000006a55a RCX: 00007f0d2078e929
[  436.195432][ T9122] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  436.203392][ T9122] RBP: 00007f0d209b7ba0 R08: 0000000000000001 R09: 000000071fe2809f
[  436.211351][ T9122] R10: 00007f0d20400000 R11: 0000000000000246 R12: 00007f0d209b5fac
[  436.219356][ T9122] R13: 00007f0d209b5fa0 R14: ffffffffffffffff R15: 00007fff1fe27ec0
[  436.227324][ T9122]  </TASK>
[  436.230337][ T9122] Modules linked in:
[  436.234225][ T9122] ---[ end trace 0000000000000000 ]---
[  436.239673][ T9122] RIP: 0010:filemap_unaccount_folio+0x5cf/0xa80
[  436.245906][ T9122] Code: 07 38 c1 0f 8c 19 fe ff ff 4c 89 e7 e8 0a 72 27 00 e9 0c fe ff ff e8 80 f6 d5 ff 48 89 df 48 c7 c6 60 0d 75 8a e8 a1 e1 11 00 <0f> 0b e8 6a f6 d5 ff 48 89 df 48 c7 c6 c0 12 75 8a e8 8b e1 11 00
[  436.265508][ T9122] RSP: 0018:ffffc9000519f618 EFLAGS: 00010046
[  436.271560][ T9122] RAX: 3b2948facaddb800 RBX: ffffea000152ee80 RCX: 3b2948facaddb800
[  436.279525][ T9122] RDX: 0000000000000002 RSI: ffffffff8a6c1160 RDI: ffffffff8abf14a0
[  436.287484][ T9122] RBP: ffffc9000519f778 R08: dffffc0000000000 R09: fffffbfff1bfd1a6
[  436.295439][ T9122] R10: fffffbfff1bfd1a6 R11: 1ffffffff1bfd1a5 R12: dffffc0000000000
[  436.303409][ T9122] R13: dffffc0000000000 R14: ffff888056d335e8 R15: ffff888056d335f0
[  436.311366][ T9122] FS:  000055555fa9c500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  436.320285][ T9122] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  436.327147][ T9122] CR2: 0000200000000000 CR3: 0000000078667000 CR4: 00000000003506e0
[  436.335119][ T9122] DR0: 0000000000000000 DR1: 0000000000000097 DR2: 0000000000000000
[  436.343110][ T9122] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  436.351081][ T9122] Kernel panic - not syncing: Fatal exception
[  436.357401][ T9122] Kernel Offset: disabled
[  436.361716][ T9122] Rebooting in 86400 seconds..