last executing test programs:

4.913261412s ago: executing program 3 (id=1375):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000180)="1000000000000000010000005c482e87", 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x3, 0x8}, 0xfffffffffffffd23)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000001b00007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x19, 0x1e, &(0x7f0000000580)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x4}, @call={0x85, 0x0, 0x0, 0x88}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0xc, 0x0, 0x0, 0x0, 0x4}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3f}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x1}], &(0x7f0000000380)='GPL\x00', 0x781, 0x92, &(0x7f0000000680)=""/146, 0x41100, 0x53, '\x00', 0x0, 0x12, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000500)={0x0, 0x8, 0xfffffffe, 0x4}, 0x10, 0x0, r2, 0x0, &(0x7f0000000780)=[r1, r1, r1], 0x0, 0x10, 0xa928}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, &(0x7f0000001c00), &(0x7f0000001c40)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
r4 = open(&(0x7f0000000040)='./bus\x00', 0x1451c2, 0x0)
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x800000, &(0x7f0000000300)=ANY=[], 0x3, 0x2b1, &(0x7f0000001a40)="$eJzs3U9LG2kcB/Cv/10vEXZPyx4G9rKnoL6DsLiwbGDBkoM9GapCMSJEKrSU6q2n9oX0rfTWl1HouRZKUzRpTTT9I5qONZ8PDPMjk2/ymzlknsDzJBt/7O5s7u1vr//6OvOrLx8/SI7yLkkmM5VBE6fb7MBjRwEAfjZra81a2T0wWu12rTmTZO7CkcaLUhoCAAAAAAAAAADgygbm/88XmU6Ocpws9s3/n+jtJ83/B4Bbwfz/26/drjUXeuO3Qeb/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOU57nQqna9sZfcHAFy/77r/z5XdJQBwnXz/B4Dxc9yZSvLpXj8R938AuP3urN/9r1avr64VxXyy+/SgcdDo7rvHa9u5n1a2spRK3udkfNDTrf/5t766VJxazMbuYS9/eNCYGswvp5LF4fnlbr4YzM9koT+/kkp+G55fGZqfzV9/9uWrqeTVveyllc2TEU9f/slyUfz9f/1cfu70eQAAAAAAAAAAAAAAAAAAAPAjVIvPhq7fr1a/dLybv8TvA5xbXz+d36fLPXcAAAAAAAAAAAAAAAAAAAC4KfYfPtpptlpb7WsvZjOqV75C8Xa0b/HLt6/qTJISzv1Z2Vf+QvGhc7nUZPbfPE9uRvNjUJT8wQQAAAAAAAAAAAAAAAAAAGPobNFv2Z0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHnO/v9/dEXZ5wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMh48BAAD//6JF5P0=")
open(&(0x7f00000001c0)='./bus\x00', 0x40a282, 0x140)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
pipe(&(0x7f00000000c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x74, 0x0, 0x1, 0x401, 0x0, 0x88ffffff, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6}]}]}]}, 0x74}, 0x1, 0x600000000000000}, 0x0)
setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000340)='wg0\x00', 0x3)
splice(r7, 0x0, r9, 0x0, 0xf3a, 0x0)
tee(r8, r6, 0x8, 0x2)
ftruncate(r4, 0x2007ffb)
sendfile(r4, r4, 0x0, 0x800000009)
lseek(r4, 0x0, 0x3)

3.447435962s ago: executing program 3 (id=1384):
semget$private(0x0, 0x3, 0x0)
semtimedop(0x0, &(0x7f0000000000)=[{0x0, 0x0, 0x1000}], 0x1, &(0x7f0000000040)={0x0, 0x989680})

3.268296573s ago: executing program 2 (id=1386):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000003, 0x20010, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x802, 0x0)
ioctl$sock_ifreq(r1, 0x8947, &(0x7f00000000c0)={'bond0\x00', @ifru_mtu})
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x10010, 0xffffffffffffffff, 0x10000000)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r0, r2, &(0x7f00000000c0)=@IORING_OP_SHUTDOWN={0x22, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xb}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0)

3.22561703s ago: executing program 3 (id=1387):
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r3, &(0x7f0000000680)=ANY=[@ANYBLOB='('], 0x28)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='5'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

3.215956556s ago: executing program 0 (id=1388):
sched_setaffinity(0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)={0x5c, r1, 0xe17, 0x0, 0x0, {0x1, 0x0, 0x6000}, [@L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @empty}, @L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @loopback}]}, 0x5c}}, 0x0)

3.048281212s ago: executing program 2 (id=1390):
r0 = open(&(0x7f0000007f80)='./bus\x00', 0x145142, 0x0)
r1 = socket(0x1e, 0x5, 0x0)
openat2(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x242}, 0x18)
r2 = creat(0x0, 0x0)
fspick(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000"], &(0x7f0000001840)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
write$binfmt_elf64(r2, 0x0, 0x7168)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc}, 0x10)
r7 = dup2(r1, r0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, &(0x7f0000000080))
mount$9p_fd(0x0, &(0x7f00000003c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[{@version_9p2000}]}})

3.047545061s ago: executing program 5 (id=1391):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x32, &(0x7f0000001500)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
mmap(&(0x7f00009ff000/0x600000)=nil, 0x600000, 0x0, 0x11, r2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendto$inet6(r2, 0x0, 0x0, 0xfffffeffffff7ffe, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000000300)="c20f0d278934358545ad914303ca8e5623f4e94f7757310aeb9be547737e99f4d69e56a1b04760ce19b9c49cf49899da97f06ed548da74c59c3b2b4accc8ab42b6692fd338754fa39cf2b1b3023087f14795eb9428d6b88dbcad93e31f408f29794fdd045cb7d20b50c90faf7c88f2d810cdf1f8a844ce26c88d35ffe1db7a32ed6414244405f5554171e7d8641ade39454166936a84fa7f36e277ce1c53f4078dfe0bde514650611ce4c369ecc034f452eff839a6d4ed0e75c47fbb9a865eaf3d464c10fb5ec0873cda96608db92b5cb5691303f236e4200628056c30a501276567fb2ea522967d39c4b463622152dd8b6ca76c9192998eaeafd36fb07caeee73a4a311f9b24a1004ec9d3625b0b79060199c9b4849e912b7c63fcb85f3ecd752425fc8afb417394ed9cecc4cd51eefb1f6304aecb16fd328d1cc98223b2a34a8392383ec2781d766e674333bdb08dcfbada438217fbd1a133bd484cc8690f197784a09937b2b14e2d5472c7e6ce53745768bf229d3049d79ba2df079f57223773abe9d54c27c6464b59a0936b03b3c01b388d47fdf657357cca707d72a4c679c33d8b8edadecbbd72a9baa6f146c84e924db435186cc135a9c1343d248132e38c6ee52909bd989f8116bebbc271f0513af53e4354c719380625dbd5e89264dc9716fa64db17807f2f72d6fa8b58360c372f3a6e8d22c18b4b1c5de94ea4917ba8dae90a8b0c72d3629cb72bd96748803a61b66f4064c9090354352b054e29a97342704393033429211d51c491cc1d8e34b27a3d526f31dd3d4fd21e782698efcbd0e2e8c55e28ed06e1064d0170a33587aacf8effd7d36ae9451caa541a9cbeb08d52d6d560403c7a57ed74f5bdcb3e580c7c261c58517afc81cbbab1861bcd69c183b398aa11d573e57218912d00914e50f0777c887199f90ff67d1e1f3f1a63086c14acf830165097faa385e1b94fd87c8018fa53ba8696b0ebaebfe3ee6d4c62937fa24921ddc6a4c8fcbc42023fb29bf96975fc1a2172e114dc7365a0d6a27d497ea2ba1b304673ac2d83dc26c8e3005da2b4730afea6ac54ac29cbd115fce5144ed383348fd781ab19ec9de9c07b2c6556596be3df2b5e465f91c46b2cf50b717c5b58d886b2695d10cdbb09803ab381a3a1d513a6a977d05c24a44263fde79cd466ca32ce2883760433a5ff4faa329a0c126e4903ea3dec1e07e057dd8fb8ba5ab390e81234bca767a5dd209e588a41d765668bcca077003cb3b332ef54549777678fed3f17d946990ca0812b207e704eda95dcaee23d6795db34779433869fb2ef9a0eeff13c43a42dabeee9f4a69a74008ea973c3a8e4c30c850b30d48915b7cbbba1e7db1988d27d036845c5fb8520bfec10bd70a5bc5853ee8985db9c7135813c32657b13747fd02735bc0f3fc54774f9ef97fac6f12ec24a55fa066e8f387170208da8615355e2e21a7363b11a3cab94b8ee411bbecf9b1f71662f50557f03e1fb64e5da0a18c18225a612235ed6337480debc9e4f45a32297a09735285cbb3254431980626bb46ab07993284629ff28558dea766cc4a8c511982a934d25088531aba09169c5855070924f36180abf8ca9fb6669e7bca5df76a3e0d8ddd4eaa99fbce9f24b91f8d1316791de91f9d6a96d2a8ee9f7bebf95804d0c136745acf372e38ff88a69167e79ff3ef3058f9ab2f4e8250de697ceca6a9f67477d6fe450bb23cba11dda80c7b3634d50bf22002d269e69a6c43a6888d0d20759bf2dcac1c18492f2ce4d85547fd7e6dc03fdbe02c63b656190929f1f4198b46b44623fa500402ff56a87107b9a3e668687899c3c06b73e94000349c14f56d5f730cc75cd628f931a187b11ad4f240218c9cb6b1e036e560aa68d8e7258d8236ba1f1805ea4d75258bbc321c9eb7aa0f4d7eccfb630faff7e3c8c278570bd5ea77719bd33b83d1f8580496282859cc48fe99680ec546cf9f6e10b89f08d659dc0b2636398135c64c37aa567bf5fb157627c8fa9fe404924ba4e60363b353f4f3eaaf8b4197785ae04ee3b64aee53a8f961f79a3e6076d217c1692596e5bf9a7f94dc92072c53994dc658c74ff68c329a92ee2d6602d6b9acbedd19db3b717b7d4c816b1fd6c3e77a03fd0eae9a40140779899b3a770b3c20a889971fce8b35e768ef387cce2c777b915ce4e7df9463f5eef54e0e918d3e904c8770c1bbc6eb77c3e43353e13d1c0b7667d06b20715526b17e0b8968ae3254f626c59ab232ac0835e5b07ad838e81ca7a86a4b42e5807e8a316eb7fe6afae53877e1d87b3e1e9302d595cf033e95c42d42f7e31f8d46e78d412be66120948ce552b68d3f8b4fd1a0eed888c514a37040fb28dbf96af88ec96e5d7e476cfeaa4092dd80f5fe6f67fbf27c20e3169d9971602caf6a4d8679558aa2119a751fc1ad9870086370fcdcccb280ee591a7fe8b319be2d9f0ab3fb0040d45ca6e3b938c991b5beb93499bf77e098c662d075dd66dd6a2df2b48f649ce9ec01f17eb287f6eef766b26b014a7cd459d368b00bc4c73af17fbec17b663f619b68ca517d55e50e498b91d609dbcbec3a5ac0cd47506ef493ecf7ef9bf66ae3e706bcc7d8894f1cf05e7841e6f1198e2b27a1b2dd5e39cf7b0d97319f6d4711c6ddde8f8e0226d19a5f65ce2c35c5ae2bbfbb016a518ea97f9a7b62a7860b9c98563b7727d6c462df0cd98dedb9f3559e020f5b513513976c8a8080addb6e57a0b9beaa744ed818e24e687ca0b3aee27448ccbd918a6773ae7c37a00ebce5c8eee030930e806234d884ba4038feebf05ddd946b6d78c543c198612fb9fa7634c1463428b9eef86cb9c703f9e6be22367a55926c2ff1e31f0caabaceaac08872807dcbf41c1ac46a411e80e7a87a14282b837a4c5e016aac38e5ba5a6463421612ba493ac7cd2decd0d63e58410f43d169c8bb649f44aeac5d3f17c3709bc9f9533d307a7a062d87d0ce5e726de778d502bdcaa441db875dcb8a9e8c49607ab5c8a233ded286e8d1ee4a98cd18085c808d9409560a205f0bb979f3c9c31b2a13bcbd4cfa91b6d8fe6a3a6167da6a6b3eef799358829e3e95cd007d2eb49e38fede07b042b0485bd9311fbd2c89e3c11ed179f1a7c71cf743642533e9fa2ae41d9972b2c6a3ca01484c2abb563311927b97f21ec6573bc25918f8110028c63f16d7bffd29f753cb7bd00124b00159e94ebd875ad899f9e92148b331fc88b02d80b5c1c290177083c0a002a92936a6b304936393688e8e7af019ac6b0760fd04b63ac5f89a0d0b99dab49c56b6373116c2056bd4c9227be7ec1970e1f2544150172d10ab759c68d5646b1673b083e87b62c0b60da658e0e397b4c283edd70ad164d7f43c7c2b38ca7ec47df6a0d7c534d48931523fa29ac0d950ac0c13335769f8e957e686abf02fa8974a4ffca48f08656e7d8a944affab6beb622afc5e444e5345ac416ce1d2ba2ef34641641fcd2d632680b98ea1e917d7e6c9505c99d0f487fcb00880a9eeee91a2c9f3601fbfd810dc55731d17317381e3c78c62dc3fad2ad1d269469c1b9da265f185feba1c1bde19e71a4e5e0bea38065081d28c6fb189087c32cf277212cc6fb12fd1af3692a1c9817f531b7ee4323cd7a3b8e61c6ea2e4c3f6a1e8f0c35374d3eda3054bee6293ce306613d24f5b7316cc10b1ae66d70839948eb71be7a0b31d69c7b07777cb6dc07ddb667f88e20f25e51e710c5bfbdf8baa2ac11c4a25b635a92b68eb32fce851409b7d96e403647ed85a0419db468ed36b1a0cd08691b08f054d237629d3c1a4bb85ca5a9c8ce7ae0ec0976e885ca29ff7049a77867b3a49d597e4d71a50110f508247682f85b992d38bc49982f6065a5e8c1589bb05227f966964f651811c050613a109faa70b9593b77c4ad395cd294f05d3ef30debb452f67cc487e9da4652aebe4dbb06ba2e320399df21bfae5c929ca97bae41b58c37d0ab54d8e8303f923faec1eb576f2a39b29fc94532c147c48221e1cc7305df72ed7c97897059403894eddab4adc4b86d415694562c62191f827b9de4e1f5c98c7cd6a9afc235e63112e88a13c2f53e419f277def82d8d2f51944bea4028e5b84f1cc42510ee5f73f339b83b0d64d1213c0a296da16dc1e0ec4ea71770999fba35108b1adce0b2639c8e95f3bca00191815a8e748e57e36d1958eda0be07a35b5f92a913d04812b0454fe57e0f3b3ebd37aca1b53cf2454d8c7cbb12e7f303af33aa50f96e0c2758990126d6630bb22e93cac0ceef3ad9028cb203d0b191f25a92384684b0421258be9a057f5b1b40e6418dac1b9bc349e5d20cbe9e0aa4b1e4483f07cb55417b9f58cbb4ae92cbe5a81f17dba9d48a330b7acde8dab0583fe603bae9d5a5308287996053919eabf8ea5a0a1677a269d8fd4926697a4eb0ced0858e3185247bad3be05733a4165470de6a533d1b24059f913339a09a6eace182b6c9280a7fc1af0c836c132f1d7dff8871353832c7f5b25614dc2a7c8e8237bec5425618cf353cf146ff21f672e4b06ccbe6bef2f2e51a47f153a97c9370be6b5832d2063ffc17614880d87682cd2d897ad19e040eb0d3bddb066c30a3c670e8e9a097d4b2244485e90912a0154b72db0a37c42c3ffcdf9272a5d2ad68139bb87cb641eaa1b0df9588570ca05c9840011b29a6cfe053e1095d59128bfb9665157d2665c66cacd39a681975ed24c336856f0cd98ac15c9cda2b6e556fb4b54b7b11840e2d2bf190391f1bd6e381bbeed39d8005bd6b725ad18c6d50836f5af027512753941447cf02e92d011ae6f094ee0a23804c800945d706771218bf6e18eee81fa1cb9e27fec38b1f575610604f7cacb35d7c37933df72fa189db607a752d5f3badd0385bf93ca4f2887458da090cd42f87b8def0c6341900dd6f16cf7c77393581ba1551482c757af4e6ace754d75dd010ca34cc2b68f6946b189e67867ca53ef6aff36e23c7f694427a9475e8acf2130d3841730530d49021833ab506a7eb9652a10df25f7b2007998e4e6aa41d130b2bcf41851df9ed76f8cba800f4a093c43c7717f204275942d822c739539dc11fdca1b9b1fa5f17232c5ce12873692fbf054796e9b435db5145b87b67e3de45d252fd6805f31dec22eb88757316800be404b5ff7dcb196c92ecab9fb04032b5fd42ef585e2ca10f109ddabf0941017747d39cdc65717f4ca7cc0bbe98d5dc2d11eed68efba99ea2ba26a4e3a5173805c4c97656d233799174f908ae50465337968903adb91bd658833327865865cf3875b2503a105942620e6dd62526aa8e9a05b5ab348b2ca68b4ca4f4c487ade7ca7650a6bfb4e27b65161462928d6a0ba186db908be3d8afd409c489969ef0f8b1dd71bea5a5c438a32010d1fccc34adee482bdc6d7d654b2ff5879467ea22d18da9884486273a51ceca842cfe0cd6fd50e5116acb58e7657ac6ec7b99d58a6e7232c84b28ebafdf2ec5737ce837223d3d59f48ec5fd37e36929c342a853047ea1f4eb4543757b27dbadfeadcc16205f9486bcf4ad479a7c75f8c34820b57431aab2b4e509e18728727e1de74104c5be581ac4ae9b2bf894bb8495f1cff51d44e9079cb0332ad5d40df729da592e2029bc13f1f467e70c529467577ac39c24e4d33c53f476078ba843a807a281767fb6f68c0ac79709134270642853c7b914b5b21b5235b57a63331e9d646463dc7595066c42efcebe786d9abd6c25c3e10a16beff021223c9db08505de524040bcc4f335faeaa199fe1692a2c9568ab06d908dd76", 0x1000, 0x0, 0x0, 0x0)
dup3(r2, r1, 0x0)
sendmmsg$inet6(r1, &(0x7f0000009dc0)=[{{0x0, 0x0, &(0x7f0000002ac0)=[{&(0x7f0000000000)="97", 0x1}], 0x1}}], 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000280)=0x40)

3.037131626s ago: executing program 3 (id=1392):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$NL80211_CMD_SET_CQM(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00000000000000004a433f00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x33fe0}, 0x7}, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r1, 0x541b, &(0x7f0000000e80))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x14, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100004fe4042a4575a39a4f60f71a47ff52010232cca2bf15627ff3ee2e9ab24928fe6da9b9715a171d636043c53aca71291d07e4c8550df23ab9761e28cab18b1c7b2043d68e3a3f07fada75dd1867afa4c5330be7cb7182b768c0edad73f8a6fdafecd637bfb11bc7e3e704eb47cf752b", @ANYRES32=r0, @ANYBLOB="000000000000006c1700b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000808000000b742b13eba040000004b11954f859a516800000018010000786c6c2500000000002020207b81f8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b"], &(0x7f00000003c0)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0x43400)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540), 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
connect$vsock_stream(r2, &(0x7f0000000380)={0x28, 0x0, 0x2710}, 0x10)
r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01)
write$evdev(r6, &(0x7f0000000880)=[{{0x0, 0xea60}, 0x0, 0x0, 0x4}, {{0x77359400}, 0x11, 0x401}, {{0x77359400}, 0x12, 0x1, 0x40}], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
mmap(&(0x7f00008b5000/0x2000)=nil, 0x2000, 0x0, 0x1010, 0xffffffffffffffff, 0x0)
r7 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
io_setup(0x2, &(0x7f0000000b80)=<r8=>0x0)
io_submit(r8, 0x0, &(0x7f0000001d00))
syz_read_part_table(0x4030, &(0x7f0000004040)="$eJzszjFKw3AYxuE3avCPZBHchGAQHCVuTrlFLpAzODuYmziGHqDH6wFaKB0aCH2e9fte+IVN2k+75yRvXea+T0qShxNv/Vfqp3KXJsnP8Xlc1mgFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2bXrN/Dvku0nKY5K/+9RDW+Ul6T7Pz8dljUgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Kb9v2ce2iol6T4un4/LNaIAAAAAAAAAAAA4sAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7MABCQAAAICg/6/bESgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwUgAAAP//1SYMTA==")
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r7)
sendmsg$NL80211_CMD_GET_REG(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="24010000", @ANYRES16=r9, @ANYBLOB="20002cbd7000fedbdf251f000000b000220000000000000000000300000008000500ff07000008000500880c0000080005004806000008000300000070c2080003001f00000008000100040000000800030002000000080007000004000024000080080004000800000008000400949d0000080002000800000008000200030000001400008008000600080000000800030012f000001400008008000300050000000800010003000000140000800800030009000000080006000300000008009a0000000000380022803400008008000400040000000800070001010000080003000008000008000400eb000000080007007f00000008000300a5070000080001004e0000000500920002000000050092000900000008009a0000000000"], 0x124}}, 0x4000010)

2.994940206s ago: executing program 0 (id=1393):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x4172, &(0x7f0000000780), 0x0, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_open_dev$mouse(&(0x7f0000001680), 0x0, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.637592238s ago: executing program 5 (id=1395):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000140)={0xfffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})

2.586244446s ago: executing program 4 (id=1397):
r0 = io_uring_setup(0x4822, &(0x7f0000000480))
r1 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r1, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "750a65a3c93199cd485a10497ead5ac3e112baf740f0853a3660ea0ca01c5078a94a0bb37a8dbd611d75f7d309540c18a222bcb970c5d34d2369ea9659f976", 0x1}, 0x60)
close_range(r0, 0xffffffffffffffff, 0x0)

1.671171286s ago: executing program 0 (id=1398):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000600)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000005c0)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000640)={0x13, 0x0, 0x7, {0x0, r2, 0x2}}, 0x18)

1.669408972s ago: executing program 2 (id=1399):
unshare(0x20000400)
r0 = socket(0x18, 0x0, 0x0)
getpeername$l2tp(r0, 0x0, &(0x7f0000000080))

1.405669851s ago: executing program 4 (id=1400):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
pwrite64(r0, &(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000080)=0x1)

1.357915771s ago: executing program 2 (id=1401):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='workqueue_queue_work\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x3, &(0x7f0000000580)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.260779257s ago: executing program 0 (id=1402):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r1, 0xc0106407, &(0x7f0000000140))
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000100)=ANY=[@ANYBLOB="020100030a0000000000000000000000030006000000000002000000ac1414aa0000000000000000030005000000000002000000ffffffff0000000000000000020013"], 0x50}, 0x1, 0x7}, 0x0)

1.050029845s ago: executing program 1 (id=1403):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0)
r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x3000003, 0x20010, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x802, 0x0)
ioctl$sock_ifreq(r1, 0x8947, &(0x7f00000000c0)={'bond0\x00', @ifru_mtu})
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x10010, 0xffffffffffffffff, 0x10000000)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
syz_io_uring_submit(r0, r2, &(0x7f00000000c0)=@IORING_OP_SHUTDOWN={0x22, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r3}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xb}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x58}}, 0x0)

1.045334387s ago: executing program 4 (id=1404):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x2500, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x1, 0x2f, 0x0, @empty, @private}}}})

1.000890854s ago: executing program 3 (id=1405):
r0 = fsopen(&(0x7f0000000100)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x0)
capset(&(0x7f0000000200)={0x19980330}, &(0x7f0000000040))
fsconfig$FSCONFIG_SET_STRING(r0, 0x4, &(0x7f0000000080)='debugfs\x00', &(0x7f00000000c0)='\x00', 0x0)

947.903041ms ago: executing program 1 (id=1406):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000080)=0x1a8, 0x4)
sendto$inet6(r0, 0x0, 0x2, 0xfe80, &(0x7f0000000300)={0xa, 0xe20, 0x0, @local}, 0x1c)

885.704553ms ago: executing program 2 (id=1407):
socket$packet(0x11, 0x0, 0x300)
r0 = socket$igmp6(0xa, 0x3, 0x2)
sendmsg$xdp(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x10)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0x3c1, 0x3, 0x450, 0x2b0, 0x150, 0x150, 0x0, 0xf8010000, 0x380, 0x238, 0x238, 0x380, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x248, 0x2b0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'batadv0\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0x1, 0x4}}}, @common=@inet=@sctp={{0x148}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @mcast1, [], [], 'batadv_slave_0\x00', 'gre0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4b0)

883.067674ms ago: executing program 5 (id=1408):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './cgroup'}, 0xc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f000008f000/0x1000)=nil, 0x1000}})

876.253891ms ago: executing program 0 (id=1409):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000800)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x28, 0x2, [@TCA_PIE_BETA={0x8}]}}]}, 0x38}}, 0x0)

744.101292ms ago: executing program 4 (id=1410):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x0, 0x0, 0x2}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000000)='\x00', 0x0}, 0x48)

731.819609ms ago: executing program 1 (id=1411):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.current\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000780), 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x7, 0x0, 0x8, 0xa}}}, &(0x7f0000000200)='syzkaller\x00', 0x4, 0x100b, &(0x7f0000001e40)=""/4107}, 0x90)

675.18597ms ago: executing program 3 (id=1412):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, 0x0, 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f040001bf26fd1d0000000000064000"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080))
openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r2, 0x0, &(0x7f0000000240)=""/21, 0x2}, 0x20)
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180100000000000000000000bb810000850000006d00000085000000d000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='hrtimer_start\x00', r3}, 0x10)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
timerfd_create(0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100", @ANYRES16], 0x0)

577.645192ms ago: executing program 5 (id=1413):
unshare(0x20000400)
r0 = socket(0x18, 0x0, 0x0)
getpeername$l2tp(r0, 0x0, &(0x7f0000000080))

498.571019ms ago: executing program 1 (id=1414):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000600)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000005c0)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r1, &(0x7f0000000640)={0x13, 0x0, 0x7, {0x0, r2, 0x2}}, 0x18)

476.415677ms ago: executing program 2 (id=1415):
memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x300}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="850000004f0000006400000000000000166ba7", @ANYRESHEX=0x0], 0x0, 0x8}, 0x90)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @rand_addr=0x64010101}, 0x20000003, 0x6, 0x0, 0x3}}, 0x2e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001300))
readv(r0, &(0x7f0000001440)=[{&(0x7f0000000040)=""/4096, 0x1000}], 0x1)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc01090589"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="180200000000000000000000000053dc2480000000"], 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000012002505a8a4f0"], 0x0)
syz_usb_control_io(r2, &(0x7f00000000c0)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)

467.685459ms ago: executing program 4 (id=1416):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
pwrite64(r0, &(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_S_OUTPUT(r0, 0xc004562f, &(0x7f0000000080)=0x1)

447.428404ms ago: executing program 0 (id=1417):
open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x810, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0)
fcntl$dupfd(r0, 0x406, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x18680000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp\x00')
bind$unix(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
pread64(r5, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
lseek(r4, 0x100, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
getdents(r4, &(0x7f0000002380)=""/102, 0x66)
getdents64(0xffffffffffffffff, &(0x7f0000000340)=""/250, 0xfa)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x0, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x7a4da151fd134bb, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x1000, 0x20000000}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x1}, 0x10, 0xffffffffffffffff}, 0x90)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r6, 0x6, 0x6, 0x0, &(0x7f0000000180))
socket$inet_udplite(0x2, 0x2, 0x88)
fcntl$notify(r0, 0x402, 0x8000003d)
fcntl$setsig(r0, 0xa, 0x21)

416.964843ms ago: executing program 5 (id=1418):
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020", 0x25}], 0x1)
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="5000a747", @ANYRES16=0x0, @ANYBLOB="000000000000000000000100000008000100", @ANYRES32, @ANYBLOB="3c000280380001"], 0x58}, 0x1, 0xf000}, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)={0x20, 0x140d, 0x0, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x20}}, 0x0)
sendmsg$netlink(r0, &(0x7f0000000180)={0x0, 0xb00, &(0x7f0000000140)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002b00010a000000000000001808"], 0x114}], 0x1}, 0x0)

266.879941ms ago: executing program 1 (id=1419):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='workqueue_queue_work\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x3, &(0x7f0000000580)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

117.583499ms ago: executing program 1 (id=1420):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000140)={0xfffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})

116.928804ms ago: executing program 4 (id=1421):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000004c0)=ANY=[@ANYBLOB="12010000000000202505a8a440000102030109021b0001010000000904000001070101000905"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_io_uring_setup(0x4ea1, &(0x7f00000002c0)={0x0, 0x0, 0x10100}, &(0x7f0000000080), &(0x7f00000000c0)=<r3=>0x0)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
io_uring_enter(r2, 0x1d2d, 0x0, 0x0, 0x0, 0x0)
write$char_usb(r1, &(0x7f0000000140)="83", 0x1)
execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x14, 0x2, 0x2, 0x5}, 0x14}}, 0x0)

0s ago: executing program 5 (id=1422):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x2500, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x1, 0x2f, 0x0, @empty, @private}}}})

kernel console output (not intermixed with test programs):

 mode
[  109.523641][ T5872] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  109.568100][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.658129][ T5872] ntfs3: loop2: Failed to initialize $Extend/$ObjId.
[  110.734559][ T5902] loop2: detected capacity change from 0 to 256
[  110.840860][ T5902] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x0a42a509, utbl_chksum : 0xe619d30d)
[  110.882472][ T5902] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  110.919673][ T5097] Bluetooth: hci2: command tx timeout
[  111.054160][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.150787][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.229011][   T35] bond0 (unregistering): Released all slaves
[  111.392150][ T5097] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  111.401166][ T5097] Bluetooth: hci4: Injecting HCI hardware error event
[  111.411874][ T5097] Bluetooth: hci4: hardware error 0x00
[  111.411941][  T780] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  111.614701][ T5918] loop4: detected capacity change from 0 to 8
[  111.622706][ T5918] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  111.630601][ T5918] cramfs: unsupported filesystem features
[  111.715046][  T780] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  111.738325][  T780] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  111.755438][ T5397] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  111.759522][  T780] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  112.017685][  T780] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  112.040025][  T780] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  112.050532][  T780] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  112.058991][  T780] usb 6-1: Manufacturer: syz
[  112.088300][ T2421] hfsplus: b-tree write err: -5, ino 4
[  112.186010][ T5934] loop4: detected capacity change from 0 to 64
[  112.217753][  T780] usb 6-1: config 0 descriptor??
[  112.423740][ T5934] hfs: invalid catalog max_key_len 7
[  112.431079][ T5934] hfs: unable to open catalog tree
[  112.855269][  T780] appleir 0003:05AC:8243.0001: No inputs registered, leaving
[  112.990919][ T5089] Bluetooth: hci2: command tx timeout
[  113.078654][  T780] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  113.175441][  T780] usb 6-1: USB disconnect, device number 5
[  113.361326][   T35] hsr_slave_0: left promiscuous mode
[  113.464205][   T35] hsr_slave_1: left promiscuous mode
[  113.512632][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  113.520045][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.556068][ T5097] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  113.579569][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  113.640825][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  113.762476][   T35] veth1_macvtap: left promiscuous mode
[  113.769175][   T35] veth0_macvtap: left promiscuous mode
[  113.791227][   T35] veth1_vlan: left promiscuous mode
[  113.807523][   T35] veth0_vlan: left promiscuous mode
[  115.071003][ T5097] Bluetooth: hci2: command tx timeout
[  115.106766][ T6013] sctp: [Deprecated]: syz.2.230 (pid 6013) Use of struct sctp_assoc_value in delayed_ack socket option.
[  115.106766][ T6013] Use struct sctp_sack_info instead
[  115.649777][   T35] team0 (unregistering): Port device team_slave_1 removed
[  115.748153][   T35] team0 (unregistering): Port device team_slave_0 removed
[  116.703212][ T5991] netlink: 8 bytes leftover after parsing attributes in process `syz.5.221'.
[  116.953922][ T5857] chnl_net:caif_netlink_parms(): no params data found
[  117.085903][ T6046] netlink: 'syz.4.233': attribute type 1 has an invalid length.
[  117.161082][ T6046] netlink: 'syz.4.233': attribute type 2 has an invalid length.
[  117.169413][ T6046] netlink: 'syz.4.233': attribute type 1 has an invalid length.
[  117.179900][ T5097] Bluetooth: hci2: command tx timeout
[  118.262125][ T6050] netlink: 'syz.0.236': attribute type 21 has an invalid length.
[  118.321883][ T6050] netlink: 'syz.0.236': attribute type 20 has an invalid length.
[  118.329657][ T6050] IPv6: NLM_F_CREATE should be specified when creating new route
[  118.622458][ T6068] fuse: Bad value for 'fd'
[  118.665894][   T29] audit: type=1804 audit(1719829263.898:8): pid=6068 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.241" name="/root/syzkaller.SjzGjK/61/file0" dev="sda1" ino=1992 res=1 errno=0
[  118.691925][ T6068] syz.4.241 uses obsolete (PF_INET,SOCK_PACKET)
[  118.807631][ T5857] bridge0: port 1(bridge_slave_0) entered blocking state
[  118.842497][ T5857] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.872816][ T6083] loop5: detected capacity change from 0 to 256
[  118.879573][ T5857] bridge_slave_0: entered allmulticast mode
[  118.901953][ T6083] exfat: Deprecated parameter 'namecase'
[  118.913627][ T5857] bridge_slave_0: entered promiscuous mode
[  118.946624][ T6084] Bluetooth: MGMT ver 1.22
[  118.968026][ T5857] bridge0: port 2(bridge_slave_1) entered blocking state
[  118.979238][ T6083] exFAT-fs (loop5): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  119.015521][ T5857] bridge0: port 2(bridge_slave_1) entered disabled state
[  119.044106][ T5857] bridge_slave_1: entered allmulticast mode
[  119.069650][ T5857] bridge_slave_1: entered promiscuous mode
[  119.701268][ T5146] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  119.939141][ T5146] usb 6-1: Using ep0 maxpacket: 32
[  120.118010][ T5857] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  120.314998][ T5146] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 41, changing to 9
[  120.401116][ T5146] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 24651, setting to 1024
[  120.485611][ T5146] usb 6-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=cb.c8
[  120.512182][ T5146] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.514164][   T29] audit: type=1800 audit(1719829265.748:9): pid=6099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.250" name="bus" dev="sda1" ino=1994 res=0 errno=0
[  120.525061][ T5146] usb 6-1: Product: syz
[  120.596412][ T5146] usb 6-1: Manufacturer: syz
[  120.607149][ T5857] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  120.625323][ T5146] usb 6-1: SerialNumber: syz
[  120.649947][ T5146] usb 6-1: config 0 descriptor??
[  120.875818][ T5857] team0: Port device team_slave_0 added
[  120.946306][ T5857] team0: Port device team_slave_1 added
[  121.042678][ T6110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.254'.
[  121.151041][ T5097] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  121.159908][ T5097] Bluetooth: hci3: Injecting HCI hardware error event
[  121.168397][ T5097] Bluetooth: hci3: hardware error 0x00
[  121.230272][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.279613][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.346562][ T5857] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.354653][ T5146] usb 6-1: USB disconnect, device number 6
[  121.403735][ T6116] devpts: called with bogus options
[  121.472434][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.479402][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.608316][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  121.854440][ T5857] hsr_slave_0: entered promiscuous mode
[  121.894302][ T5857] hsr_slave_1: entered promiscuous mode
[  121.926421][ T5857] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  121.947228][ T5857] Cannot create hsr debugfs directory
[  122.461385][ T6158] netlink: 4 bytes leftover after parsing attributes in process `syz.5.268'.
[  122.635038][ T6156] loop0: detected capacity change from 0 to 4096
[  122.699849][ T6156] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512).
[  122.766386][ T6156] ntfs3: loop0: Looks like $AttrDef is corrupted (size=100).
[  123.026789][ T5089] Bluetooth: hci3: unexpected event for opcode 0x0404
[  123.231119][ T5097] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  123.253303][   T29] audit: type=1800 audit(1719829268.488:10): pid=6189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.278" name="bus" dev="sda1" ino=1966 res=0 errno=0
[  124.080380][ T5857] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  124.103783][ T5857] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  124.215557][ T5857] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  124.303720][ T5857] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  124.431303][ T5097] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  124.440139][ T5097] Bluetooth: hci5: Injecting HCI hardware error event
[  124.448784][ T5089] Bluetooth: hci5: hardware error 0x00
[  124.658568][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0
[  124.792852][ T5857] 8021q: adding VLAN 0 to HW filter on device team0
[  124.866450][ T1686] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.873667][ T1686] bridge0: port 1(bridge_slave_0) entered forwarding state
[  124.944044][ T1686] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.951251][ T1686] bridge0: port 2(bridge_slave_1) entered forwarding state
[  125.355928][ T6246] fuse: Bad value for 'fd'
[  125.396626][   T29] audit: type=1804 audit(1719829270.608:11): pid=6246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.296" name="/root/syzkaller.SjzGjK/66/file0" dev="sda1" ino=1992 res=1 errno=0
[  125.551301][ T5148] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  125.783473][ T5148] usb 6-1: config index 0 descriptor too short (expected 106, got 36)
[  125.836665][ T5148] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.900982][ T5148] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.939522][ T5148] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00
[  125.982382][ T5148] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.094509][ T5148] usb 6-1: config 0 descriptor??
[  126.257871][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0
[  126.520877][ T5089] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  127.427514][ T5148] corsair 0003:1B1C:1B3E.0002: unknown main item tag 0x0
[  127.443931][ T5148] corsair 0003:1B1C:1B3E.0002: unknown main item tag 0x0
[  127.452750][ T5148] corsair 0003:1B1C:1B3E.0002: unknown main item tag 0x0
[  127.459802][ T5148] corsair 0003:1B1C:1B3E.0002: unknown main item tag 0x0
[  127.467125][ T5148] corsair 0003:1B1C:1B3E.0002: unknown main item tag 0x0
[  127.476386][ T5148] corsair 0003:1B1C:1B3E.0002: failed to start in urb: -90
[  127.486338][ T5148] corsair 0003:1B1C:1B3E.0002: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.5-1/input0
[  127.552786][ T5148] usb 6-1: USB disconnect, device number 7
[  127.878043][ T5857] veth0_vlan: entered promiscuous mode
[  127.929086][ T5857] veth1_vlan: entered promiscuous mode
[  127.942115][ T6306] loop0: detected capacity change from 0 to 512
[  127.954489][ T6308] loop4: detected capacity change from 0 to 256
[  128.041678][ T6308] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  128.078132][ T6306] EXT4-fs error (device loop0): ext4_orphan_get:1394: inode #15: comm syz.0.312: casefold flag without casefold feature
[  128.095536][ T5857] veth0_macvtap: entered promiscuous mode
[  128.104920][ T6306] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz.0.312: couldn't read orphan inode 15 (err -117)
[  128.112784][ T5857] veth1_macvtap: entered promiscuous mode
[  128.183097][ T6306] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.235632][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.246171][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.261458][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.272331][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.299939][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.324365][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.352270][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.388361][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.409732][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  128.456628][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.524743][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0
[  128.598345][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.630747][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.670986][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.699749][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.744074][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.761399][ T5089] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  128.766891][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.784345][ T5089] Bluetooth: hci0: Injecting HCI hardware error event
[  128.788104][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.795854][ T5097] Bluetooth: hci0: hardware error 0x00
[  128.814588][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.824595][ T5857] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  128.835255][ T5857] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  128.852700][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1
[  128.872750][ T5857] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  128.896635][ T5093] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.905813][ T5857] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  128.933880][ T5857] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  128.981537][ T5857] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  129.078118][ T6343] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  129.210509][   T29] audit: type=1326 audit(1719829274.428:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6340 comm="syz.4.321" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8311775b99 code=0x0
[  129.232113][    C0] vkms_vblank_simulate: vblank timer overrun
[  129.323873][ T6353] warning: `syz.4.321' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  129.343311][   T29] audit: type=1804 audit(1719829274.578:13): pid=6348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.327" name="/root/syzkaller.4N5ePB/54/bus" dev="sda1" ino=1988 res=1 errno=0
[  129.402166][   T29] audit: type=1326 audit(1719829274.628:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6350 comm="syz.0.325" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28fc375b99 code=0x0
[  129.487006][ T2457] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.514100][ T2457] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.677537][ T1031] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.704139][ T1031] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  130.580717][ T6379] loop4: detected capacity change from 0 to 256
[  130.721920][   T29] audit: type=1326 audit(1719829275.628:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6372 comm="syz.4.333" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8311775b99 code=0x0
[  131.160796][ T5097] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  131.295466][ T6373] loop1: detected capacity change from 0 to 4096
[  131.330819][ T6373] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  131.372048][ T6373] ntfs3: loop1: It is recommened to use chkdsk.
[  131.496790][ T6373] ntfs3: loop1: Failed to load $BadClus (-22).
[  131.655858][ T5219] I/O error, dev loop1, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  131.897986][   T29] audit: type=1804 audit(1719829277.118:16): pid=6396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.341" name="/root/syzkaller.SjzGjK/72/bus" dev="sda1" ino=1984 res=1 errno=0
[  132.470469][ T1233] ieee802154 phy0 wpan0: encryption failed: -22
[  132.505256][ T1233] ieee802154 phy1 wpan1: encryption failed: -22
[  132.809126][ T6411] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  133.044619][   T29] audit: type=1326 audit(1719829278.278:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6410 comm="syz.1.346" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed26175b99 code=0x0
[  133.755932][ T6435] loop0: detected capacity change from 0 to 256
[  133.925216][   T29] audit: type=1326 audit(1719829278.808:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6427 comm="syz.0.353" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28fc375b99 code=0x0
[  134.714294][   T29] audit: type=1804 audit(1719829279.948:19): pid=6445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.359" name="/root/syzkaller.sElnyA/41/bus" dev="sda1" ino=1982 res=1 errno=0
[  135.131791][ T6454] fuse: Bad value for 'fd'
[  136.004755][   T29] audit: type=1804 audit(1719829281.228:20): pid=6454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.360" name="/root/syzkaller.SjzGjK/75/file0" dev="sda1" ino=1984 res=1 errno=0
[  136.026370][    C1] vkms_vblank_simulate: vblank timer overrun
[  136.629769][   T29] audit: type=1804 audit(1719829281.848:21): pid=6486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.375" name="/root/syzkaller.sElnyA/45/bus" dev="sda1" ino=1998 res=1 errno=0
[  136.733614][ T5219] udevd[5219]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  137.261788][ T6502] loop1: detected capacity change from 0 to 1024
[  137.320849][ T6502] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  137.330279][ T6507] loop4: detected capacity change from 0 to 256
[  137.396547][ T6507] FAT-fs (loop4): Unrecognized mount option "no��Qail=0" or missing value
[  137.405971][ T6502] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc01c, mo2=0002]
[  137.434475][ T6502] System zones: 0-1, 3-36
[  137.436075][ T6510] loop3: detected capacity change from 0 to 1024
[  137.491637][ T6502] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  137.670322][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  137.722112][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  137.791850][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  137.857428][ T5385] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.882523][ T6520] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  138.038592][ T6520] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  138.344541][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  138.397383][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  138.435073][ T6545] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  138.496629][ T6546] syz.2.402 (pid 6546) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  138.517466][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  138.557926][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  138.560943][   T29] audit: type=1326 audit(1719829283.788:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6543 comm="syz.1.401" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fed26175b99 code=0x0
[  138.569809][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  138.658835][ T6554] fuse: Bad value for 'fd'
[  138.669341][ T6520] virt_wifi0 speed is unknown, defaulting to 1000
[  138.728996][   T29] audit: type=1804 audit(1719829283.958:23): pid=6554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.398" name="/root/syzkaller.KzquOj/64/file0" dev="sda1" ino=1995 res=1 errno=0
[  139.277992][ T6557] loop3: detected capacity change from 0 to 65536
[  139.441397][ T6557] XFS (loop3): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  139.486272][ T5197] kernel write not supported for file /sg0 (pid: 5197 comm: kworker/1:7)
[  139.529301][ T6557] XFS (loop3): Ending clean mount
[  139.594426][ T6557] XFS (loop3): Quotacheck needed: Please wait.
[  139.761348][ T6557] XFS (loop3): Quotacheck: Done.
[  139.800898][   T29] audit: type=1800 audit(1719829285.028:24): pid=6581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.409" name="file1" dev="sda1" ino=1990 res=0 errno=0
[  139.837502][ T6578] loop1: detected capacity change from 0 to 2048
[  139.861151][ T6581] mmap: syz.2.409 (6581) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  140.134409][ T6578] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  141.026055][ T6597] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  141.029045][ T6578] syz.1.408: attempt to access beyond end of device
[  141.029045][ T6578] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  141.088849][ T5857] XFS (loop3): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  141.645812][ T6608] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  141.719752][   T29] audit: type=1326 audit(1719829286.948:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6607 comm="syz.2.421" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x0
[  141.917872][   T29] audit: type=1800 audit(1719829287.118:26): pid=6619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.425" name="file1" dev="sda1" ino=1989 res=0 errno=0
[  142.037938][ T6623] netlink: 16 bytes leftover after parsing attributes in process `syz.1.427'.
[  142.074644][ T6623] netlink: 8 bytes leftover after parsing attributes in process `syz.1.427'.
[  142.335674][ T6635] syz.5.434[6635] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  142.337166][ T6635] syz.5.434[6635] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  142.402833][ T6634] loop4: detected capacity change from 0 to 2048
[  142.421410][ T6637] netlink: 'syz.1.433': attribute type 1 has an invalid length.
[  142.510488][ T6634] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  142.616944][ T6645] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  142.627256][ T6634] syz.4.432: attempt to access beyond end of device
[  142.627256][ T6634] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  142.632331][ T6637] bond1: entered promiscuous mode
[  142.657056][ T6644] binder: 6633:6644 ioctl c0286405 20000300 returned -22
[  142.697536][ T6637] 8021q: adding VLAN 0 to HW filter on device bond1
[  142.742813][ T6654] binder: 6633:6654 ioctl c00c620f 20000340 returned -22
[  142.768432][ T6647] netlink: 16 bytes leftover after parsing attributes in process `syz.5.439'.
[  142.799654][ T6647] netlink: 44 bytes leftover after parsing attributes in process `syz.5.439'.
[  142.914921][ T6652] netlink: 8 bytes leftover after parsing attributes in process `syz.0.437'.
[  142.987814][   T29] audit: type=1800 audit(1719829288.218:27): pid=6659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.440" name="file1" dev="sda1" ino=1973 res=0 errno=0
[  143.127423][ T6653] fuse: Bad value for 'fd'
[  143.206424][   T29] audit: type=1804 audit(1719829288.388:28): pid=6653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.435" name="/root/syzkaller.MsWWWZ/84/file0" dev="sda1" ino=1960 res=1 errno=0
[  143.248147][ T6665] sctp: [Deprecated]: syz.5.443 (pid 6665) Use of struct sctp_assoc_value in delayed_ack socket option.
[  143.248147][ T6665] Use struct sctp_sack_info instead
[  143.689601][ T6678] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  143.814305][   T29] audit: type=1326 audit(1719829289.048:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6676 comm="syz.0.448" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28fc375b99 code=0x0
[  144.811741][ T5197] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  145.008584][ T6705] netlink: 16 bytes leftover after parsing attributes in process `syz.0.455'.
[  145.020796][ T5197] usb 5-1: Using ep0 maxpacket: 16
[  145.038529][ T5197] usb 5-1: config 0 has no interfaces?
[  145.060001][ T6705] netlink: 44 bytes leftover after parsing attributes in process `syz.0.455'.
[  145.084988][ T5197] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  145.102024][ T5197] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  145.132412][ T5197] usb 5-1: Product: syz
[  145.138128][ T5197] usb 5-1: SerialNumber: syz
[  145.265712][ T5197] usb 5-1: config 0 descriptor??
[  145.321451][ T6711] netlink: 20 bytes leftover after parsing attributes in process `syz.3.457'.
[  146.273114][ T1686] usb 5-1: USB disconnect, device number 2
[  147.051642][   T29] audit: type=1326 audit(1719829292.288:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.2.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  147.123207][   T29] audit: type=1326 audit(1719829292.308:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.2.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  147.251374][   T29] audit: type=1326 audit(1719829292.308:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.2.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  147.337346][ T6744] loop2: detected capacity change from 0 to 8
[  147.384323][ T6744] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  147.408665][   T29] audit: type=1326 audit(1719829292.308:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.2.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  147.431035][   T29] audit: type=1326 audit(1719829292.308:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.2.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=197 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  147.507297][   T29] audit: type=1326 audit(1719829292.308:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.2.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  147.749964][ T6753] loop4: detected capacity change from 0 to 128
[  147.766127][ T6753] befs: (loop4): No write support. Marking filesystem read-only
[  147.898893][ T6753] befs: (loop4): invalid magic header
[  148.182133][   T29] audit: type=1326 audit(1719829292.318:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6732 comm="syz.2.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  148.815908][ T6767] loop4: detected capacity change from 0 to 4096
[  148.854265][ T6767] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  148.892958][ T6772] sctp: [Deprecated]: syz.0.479 (pid 6772) Use of struct sctp_assoc_value in delayed_ack socket option.
[  148.892958][ T6772] Use struct sctp_sack_info instead
[  148.968393][ T6767] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  148.996327][ T6767] ntfs3: loop4: Failed to load $Extend (-22).
[  149.019384][ T6767] ntfs3: loop4: Failed to initialize $Extend.
[  149.032839][ T6780] 9pnet: p9_errstr2errno: server reported unknown error ������sŧ����6��
[  150.108761][ T5197] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  150.522392][ T6765] loop1: detected capacity change from 0 to 32768
[  150.804301][ T6765] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  150.998977][ T6765] XFS (loop1): Ending clean mount
[  151.052440][  T780] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  151.110764][ T5197] usb 6-1: Using ep0 maxpacket: 16
[  151.143159][ T5197] usb 6-1: config 0 has no interfaces?
[  151.153412][ T5197] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  151.182426][ T5197] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  151.222133][ T5197] usb 6-1: Product: syz
[  151.240493][ T5197] usb 6-1: SerialNumber: syz
[  151.265720][ T5197] usb 6-1: config 0 descriptor??
[  151.296787][ T5385] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  151.349472][ T6822] Bluetooth: MGMT ver 1.22
[  151.371107][  T780] usb 4-1: New USB device found, idVendor=1bc7, idProduct=1071, bcdDevice=6e.9b
[  151.385801][  T780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.398996][  T780] usb 4-1: Product: syz
[  151.409677][  T780] usb 4-1: Manufacturer: syz
[  151.414877][  T780] usb 4-1: SerialNumber: syz
[  151.429337][  T780] usb 4-1: config 0 descriptor??
[  151.452001][  T780] cdc_mbim 4-1:0.0: CDC Union missing and no IAD found
[  151.458722][ T6822] loop2: detected capacity change from 0 to 1024
[  151.494712][  T780] cdc_mbim 4-1:0.0: bind() failure
[  151.504956][ T6822] hfsplus: unable to parse mount options
[  151.840550][ T5146] usb 4-1: USB disconnect, device number 3
[  152.795016][ T6848] loop1: detected capacity change from 0 to 128
[  152.805432][ T6848] befs: (loop1): No write support. Marking filesystem read-only
[  152.867148][ T6848] befs: (loop1): invalid magic header
[  153.938695][ T5151] usb 6-1: USB disconnect, device number 8
[  153.994574][ T6867] netlink: 4 bytes leftover after parsing attributes in process `syz.4.501'.
[  155.208205][ T6887] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.512'.
[  155.256856][ T6887] openvswitch: netlink: IP tunnel attribute has 3056 unknown bytes.
[  155.544017][ T6901] loop4: detected capacity change from 0 to 2048
[  155.645230][ T6901] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  155.726026][ T6918] netlink: 'syz.3.520': attribute type 4 has an invalid length.
[  155.727120][ T6905] ebtables: ebtables: counters copy to user failed while replacing table
[  155.735196][ T6918] netlink: 116376 bytes leftover after parsing attributes in process `syz.3.520'.
[  155.752641][ T6918] netlink: 18430 bytes leftover after parsing attributes in process `syz.3.520'.
[  155.820921][ T6915] loop5: detected capacity change from 0 to 1024
[  156.220857][ T6927] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  156.238482][ T6927] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  156.251273][ T6927] EXT4-fs (loop4): This should not happen!! Data will be lost
[  156.251273][ T6927] 
[  156.261015][ T6927] EXT4-fs (loop4): Total free blocks count 0
[  156.267084][ T6927] EXT4-fs (loop4): Free/Dirty block details
[  156.273528][ T6927] EXT4-fs (loop4): free_blocks=2415919104
[  156.279447][ T6927] EXT4-fs (loop4): dirty_blocks=16
[  156.284718][ T6927] EXT4-fs (loop4): Block reservation details
[  156.290838][ T6927] EXT4-fs (loop4): i_reserved_data_blocks=1
[  156.346252][ T6928] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 11 with error 28
[  157.612317][ T6935] netlink: 188 bytes leftover after parsing attributes in process `syz.3.526'.
[  157.854481][ T6942] loop3: detected capacity change from 0 to 128
[  157.908352][ T6939] loop4: detected capacity change from 0 to 1024
[  157.967219][ T6939] hfsplus: unable to parse mount options
[  158.076814][ T6949] netlink: 'syz.5.534': attribute type 4 has an invalid length.
[  158.095647][ T6949] netlink: 116376 bytes leftover after parsing attributes in process `syz.5.534'.
[  158.151588][ T6949] netlink: 18430 bytes leftover after parsing attributes in process `syz.5.534'.
[  158.331738][ T6954] loop4: detected capacity change from 0 to 1024
[  158.898782][ T6954] hfsplus: bad catalog entry type
[  159.434421][ T6975] loop3: detected capacity change from 0 to 2048
[  159.454782][ T6975] EXT4-fs: Ignoring removed mblk_io_submit option
[  159.492166][ T6975] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.709908][ T6990] loop5: detected capacity change from 0 to 128
[  159.721492][ T6975] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.543: bg 0: block 234: padding at end of block bitmap is not set
[  159.767785][ T6975] EXT4-fs (loop3): Remounting filesystem read-only
[  159.999289][ T5857] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.015154][ T7000] loop1: detected capacity change from 0 to 64
[  160.054305][ T6997] netlink: 4 bytes leftover after parsing attributes in process `syz.4.548'.
[  161.306517][ T7038] loop1: detected capacity change from 0 to 128
[  162.547098][ T7065] IPv6: NLM_F_CREATE should be specified when creating new route
[  162.826077][ T7061] process 'syz.3.572' launched '/dev/fd/9' with NULL argv: empty string added
[  162.842072][ T7065] netlink: 1 bytes leftover after parsing attributes in process `syz.1.573'.
[  164.655440][ T7061] batadv_slave_0: entered promiscuous mode
[  164.743946][ T7058] batadv_slave_0: left promiscuous mode
[  166.623114][ T7119] loop1: detected capacity change from 0 to 256
[  167.824959][ T5089] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  167.834147][ T5089] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  167.852284][ T5089] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  167.861011][ T5089] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  167.874750][ T5089] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  167.886870][ T5089] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  168.127964][ T2480] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.248475][ T7132] virt_wifi0 speed is unknown, defaulting to 1000
[  168.819914][ T2480] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.146931][ T7115] loop4: detected capacity change from 0 to 40427
[  169.205637][ T7149] loop3: detected capacity change from 0 to 8
[  169.235522][ T7149] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  169.323977][ T7115] F2FS-fs (loop4): Invalid segment/section count (458776 != 24 * 1)
[  169.388795][ T7115] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  169.435860][ T7115] F2FS-fs (loop4): invalid crc value
[  169.447153][ T7115] F2FS-fs (loop4): Failed to initialize F2FS segment manager (-4)
[  169.449406][ T7155] usb usb8: usbfs: process 7155 (syz.1.608) did not claim interface 0 before use
[  169.471911][ T2480] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.766546][   T29] audit: type=1326 audit(1719829314.998:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  169.769011][ T2480] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  169.806662][   T29] audit: type=1326 audit(1719829314.998:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  169.833984][   T29] audit: type=1326 audit(1719829315.068:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  169.871061][ T5095] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  169.938293][   T29] audit: type=1326 audit(1719829315.098:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  169.951054][ T5097] Bluetooth: hci3: command tx timeout
[  169.980333][   T29] audit: type=1326 audit(1719829315.098:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  170.005483][   T29] audit: type=1326 audit(1719829315.098:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  170.028791][   T29] audit: type=1326 audit(1719829315.098:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  170.055755][   T29] audit: type=1326 audit(1719829315.108:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2d9756cbe7 code=0x7ffc0000
[  170.178890][   T29] audit: type=1326 audit(1719829315.108:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f2d975115b9 code=0x7ffc0000
[  170.265452][   T29] audit: type=1326 audit(1719829315.108:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7166 comm="syz.3.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f2d9756cbe7 code=0x7ffc0000
[  170.871036][ T7190] loop4: detected capacity change from 0 to 8
[  171.206937][ T7190] SQUASHFS error: lzo decompression failed, data probably corrupt
[  171.371021][ T7190] SQUASHFS error: Failed to read block 0x91: -5
[  171.377321][ T7190] SQUASHFS error: Unable to read metadata cache entry [8f]
[  171.461458][ T7196] loop1: detected capacity change from 0 to 8
[  171.487817][ T7190] SQUASHFS error: Unable to read inode 0x11f
[  171.563475][ T7196] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  171.720967][ T2480] bridge_slave_1: left allmulticast mode
[  171.726761][ T2480] bridge_slave_1: left promiscuous mode
[  171.793540][ T2480] bridge0: port 2(bridge_slave_1) entered disabled state
[  171.930099][ T2480] bridge_slave_0: left allmulticast mode
[  171.951617][ T2480] bridge_slave_0: left promiscuous mode
[  171.957508][ T2480] bridge0: port 1(bridge_slave_0) entered disabled state
[  172.034266][ T5097] Bluetooth: hci3: command tx timeout
[  173.842392][   T25] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  174.045412][ T7253] loop7: detected capacity change from 0 to 16384
[  174.052364][   T25] usb 2-1: Using ep0 maxpacket: 16
[  174.084431][   T25] usb 2-1: config 0 has no interfaces?
[  174.110844][ T5097] Bluetooth: hci3: command tx timeout
[  174.123871][   T25] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  174.138158][ T2480] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.146270][   T25] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  174.177941][ T2480] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.185811][   T25] usb 2-1: Product: syz
[  174.204376][   T25] usb 2-1: SerialNumber: syz
[  174.207220][ T2480] bond0 (unregistering): Released all slaves
[  174.236959][   T25] usb 2-1: config 0 descriptor??
[  174.273261][ T7206] netlink: 'syz.2.627': attribute type 2 has an invalid length.
[  174.290944][ T7206] netlink: 'syz.2.627': attribute type 8 has an invalid length.
[  174.308962][ T7206] netlink: 132 bytes leftover after parsing attributes in process `syz.2.627'.
[  174.430924][ T7256] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  174.432284][ T7225] team0: Port device syz_tun added
[  174.453013][ T7256] Buffer I/O error on dev loop7, logical block 0, async page read
[  174.498956][ T7256] ldm_validate_partition_table(): Disk read failed.
[  174.506934][ T7256] Dev loop7: unable to read RDB block 0
[  174.524760][ T7256]  loop7: unable to read partition table
[  174.589098][ T7256] loop7: partition table beyond EOD, truncated
[  174.632172][ T7256] loop_reread_partitions: partition scan of loop7 () failed (rc=-5)
[  174.688632][ T7132] chnl_net:caif_netlink_parms(): no params data found
[  175.048066][ T7270] netlink: 'syz.3.644': attribute type 23 has an invalid length.
[  175.073272][ T7273] 9pnet_fd: Insufficient options for proto=fd
[  175.146646][ T7273] 9pnet_fd: Insufficient options for proto=fd
[  175.179106][   T29] kauditd_printk_skb: 25 callbacks suppressed
[  175.179124][   T29] audit: type=1326 audit(1719829320.408:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.246659][   T29] audit: type=1326 audit(1719829320.408:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.284476][   T29] audit: type=1326 audit(1719829320.408:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.286895][ T7270] loop3: detected capacity change from 0 to 1024
[  175.308254][   T29] audit: type=1326 audit(1719829320.408:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.359449][   T29] audit: type=1326 audit(1719829320.408:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.385540][   T29] audit: type=1326 audit(1719829320.408:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f2d9757471f code=0x7ffc0000
[  175.424661][ T7270] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.429222][   T29] audit: type=1326 audit(1719829320.408:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.505063][   T29] audit: type=1326 audit(1719829320.448:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.567010][   T29] audit: type=1326 audit(1719829320.448:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.631683][ T5197] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  175.646862][   T29] audit: type=1326 audit(1719829320.448:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7268 comm="syz.3.644" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2d97575b99 code=0x7ffc0000
[  175.668904][    C1] vkms_vblank_simulate: vblank timer overrun
[  175.693574][ T5857] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.823745][ T5197] usb 1-1: Using ep0 maxpacket: 16
[  175.957696][ T5197] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0
[  176.240950][ T5197] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  176.252671][ T5097] Bluetooth: hci3: command tx timeout
[  176.700793][ T5197] usb 1-1: New USB device found, idVendor=085a, idProduct=0008, bcdDevice=56.88
[  176.729408][ T5148] usb 2-1: USB disconnect, device number 2
[  176.788341][ T5197] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  176.808192][ T7306] netlink: 104 bytes leftover after parsing attributes in process `syz.4.654'.
[  176.858298][ T5197] usb 1-1: Product: syz
[  176.898490][ T5197] usb 1-1: Manufacturer: syz
[  176.911954][ T2480] hsr_slave_0: left promiscuous mode
[  176.940840][ T5197] usb 1-1: SerialNumber: syz
[  176.962518][ T2480] hsr_slave_1: left promiscuous mode
[  176.972818][ T5197] usb 1-1: config 0 descriptor??
[  177.010587][ T2480] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  177.030911][ T2480] batman_adv: batadv0: Removing interface: batadv_slave_0
[  177.055645][ T2480] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  177.075915][ T2480] batman_adv: batadv0: Removing interface: batadv_slave_1
[  177.131456][ T2480] veth1_macvtap: left promiscuous mode
[  177.150993][ T2480] veth0_macvtap: left promiscuous mode
[  177.156786][ T2480] veth1_vlan: left promiscuous mode
[  177.178299][ T2480] veth0_vlan: left promiscuous mode
[  177.270253][ T5197] kaweth 1-1:0.0: Firmware present in device.
[  177.298853][ T5197] kaweth 1-1:0.0: Error reading configuration (-71), no net device created
[  177.341348][ T5197] kaweth 1-1:0.0: probe with driver kaweth failed with error -5
[  177.397912][ T5197] usb 1-1: USB disconnect, device number 4
[  177.851065][ T5148] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  178.030861][ T5148] usb 2-1: Using ep0 maxpacket: 8
[  178.038078][ T5148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  178.049443][ T5148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  178.062804][ T5148] usb 2-1: New USB device found, idVendor=07ff, idProduct=3449, bcdDevice=f7.c2
[  178.077576][ T5148] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.086012][ T5148] usb 2-1: Product: syz
[  178.090247][ T5148] usb 2-1: Manufacturer: syz
[  178.095007][ T5148] usb 2-1: SerialNumber: syz
[  178.104033][ T5148] usb 2-1: config 0 descriptor??
[  178.257324][ T2480] team0 (unregistering): Port device team_slave_1 removed
[  178.295202][ T2480] team0 (unregistering): Port device team_slave_0 removed
[  178.338212][ T5095] usb 2-1: USB disconnect, device number 3
[  178.718407][ T7132] bridge0: port 1(bridge_slave_0) entered blocking state
[  178.725790][ T7132] bridge0: port 1(bridge_slave_0) entered disabled state
[  178.733255][ T7132] bridge_slave_0: entered allmulticast mode
[  178.742412][ T7132] bridge_slave_0: entered promiscuous mode
[  178.750347][ T7303] netlink: 'syz.3.651': attribute type 2 has an invalid length.
[  178.758499][ T7303] netlink: 'syz.3.651': attribute type 8 has an invalid length.
[  178.766704][ T7303] netlink: 132 bytes leftover after parsing attributes in process `syz.3.651'.
[  178.848747][ T7132] bridge0: port 2(bridge_slave_1) entered blocking state
[  178.870111][ T7132] bridge0: port 2(bridge_slave_1) entered disabled state
[  178.910342][ T7132] bridge_slave_1: entered allmulticast mode
[  178.932584][ T7132] bridge_slave_1: entered promiscuous mode
[  179.706779][ T7132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.036257][ T7132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.279522][ T7360] loop3: detected capacity change from 0 to 1024
[  180.425754][ T7132] team0: Port device team_slave_0 added
[  180.545554][ T7132] team0: Port device team_slave_1 added
[  180.910510][ T7132] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.965319][ T7132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.077445][   T11] hfsplus: b-tree write err: -5, ino 4
[  181.125744][ T7132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  181.183298][ T7132] batman_adv: batadv0: Adding interface: batadv_slave_1
[  181.192632][ T7132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.218612][    C1] vkms_vblank_simulate: vblank timer overrun
[  181.266617][ T7132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.772803][ T7404] netlink: 'syz.2.681': attribute type 23 has an invalid length.
[  181.864355][ T7402] loop4: detected capacity change from 0 to 4096
[  181.885229][   T29] kauditd_printk_skb: 26 callbacks suppressed
[  181.885248][   T29] audit: type=1326 audit(1719829327.118:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  181.939489][ T7132] hsr_slave_0: entered promiscuous mode
[  181.951487][ T7402] ntfs3: loop4: ino=3, Correct links count -> 2.
[  181.984004][ T7404] loop2: detected capacity change from 0 to 1024
[  182.028053][ T7132] hsr_slave_1: entered promiscuous mode
[  182.036207][   T29] audit: type=1326 audit(1719829327.158:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.098342][ T7132] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  182.135607][ T7404] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.150707][ T7132] Cannot create hsr debugfs directory
[  182.150782][   T29] audit: type=1326 audit(1719829327.158:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.267531][   T29] audit: type=1326 audit(1719829327.158:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.343935][   T29] audit: type=1326 audit(1719829327.158:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.404815][   T29] audit: type=1326 audit(1719829327.168:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.411472][ T5087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.467082][   T29] audit: type=1326 audit(1719829327.168:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.496235][   T29] audit: type=1326 audit(1719829327.168:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f40df57471f code=0x7ffc0000
[  182.572546][   T29] audit: type=1326 audit(1719829327.168:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.605500][   T29] audit: type=1326 audit(1719829327.168:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40df575b99 code=0x7ffc0000
[  182.825586][ T7432] loop1: detected capacity change from 0 to 1024
[  183.366345][   T11] hfsplus: b-tree write err: -5, ino 4
[  184.547706][ T7490] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  184.554628][ T7490] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  184.666356][ T7490] vhci_hcd vhci_hcd.0: Device attached
[  184.876792][ T7507] netlink: 'syz.2.713': attribute type 1 has an invalid length.
[  184.952040][ T5197] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  184.962407][    T9] usb 18-1: SetAddress Request (2) to port 0
[  184.988209][    T9] usb 18-1: new SuperSpeed USB device number 2 using vhci_hcd
[  185.165518][ T5197] usb 5-1: Using ep0 maxpacket: 16
[  185.173816][ T7132] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  185.191055][ T5197] usb 5-1: config 0 has too many interfaces: 129, using maximum allowed: 32
[  185.210421][ T5197] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 129
[  185.223949][ T7518] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  185.229387][ T7132] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  185.252959][ T5197] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xDF has an invalid bInterval 0, changing to 7
[  185.312160][ T7132] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  185.353236][ T5197] usb 5-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[  185.382021][ T5197] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.390041][ T5197] usb 5-1: Product: syz
[  185.403280][ T7132] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  185.429327][ T5197] usb 5-1: Manufacturer: syz
[  185.444988][ T5197] usb 5-1: SerialNumber: syz
[  185.482483][ T5197] usb 5-1: config 0 descriptor??
[  185.738194][ T5197] powermate: Expected payload of 3--6 bytes, found 512 bytes!
[  185.753884][ T7495] vhci_hcd: connection reset by peer
[  185.797601][ T2457] vhci_hcd: stop threads
[  185.821376][ T2457] vhci_hcd: release socket
[  185.841522][ T5197] input: Griffin PowerMate as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input6
[  185.856591][ T2457] vhci_hcd: disconnect device
[  186.172969][    C1] powermate: config urb returned -71
[  186.178846][    C1] powermate: config urb returned -71
[  186.184387][    C1] powermate: config urb returned -71
[  186.189911][    C1] powermate: config urb returned -71
[  187.144606][ T5197] usb 5-1: USB disconnect, device number 3
[  187.144676][    C1] powermate 5-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  187.247718][ T7132] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.377544][ T7132] 8021q: adding VLAN 0 to HW filter on device team0
[  187.490982][ T5095] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.498129][ T5095] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.534557][ T5095] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.541811][ T5095] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.596544][ T7546] netlink: 'syz.4.727': attribute type 1 has an invalid length.
[  187.884226][ T7132] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  187.933014][ T7542] loop3: detected capacity change from 0 to 8192
[  188.013668][ T7542] REISERFS warning (device loop3): super-6509 reiserfs_parse_options: nolargeio option is no longer supported
[  188.293485][ T7566] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  188.334664][ T7571] loop4: detected capacity change from 0 to 512
[  188.438741][ T7571] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz.4.733: corrupted in-inode xattr: bad e_name length
[  188.591237][ T7571] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.733: couldn't read orphan inode 15 (err -117)
[  188.696331][ T7571] EXT4-fs (loop4): mounted filesystem 00000004-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.717764][ T7132] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.789797][ T7571] EXT4-fs warning (device loop4): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135
[  188.801943][ T7571] EXT4-fs warning (device loop4): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135
[  188.813886][ T7589] netlink: 9 bytes leftover after parsing attributes in process `syz.1.738'.
[  188.832371][ T7582] loop2: detected capacity change from 0 to 4096
[  188.849680][ T7582] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  188.863946][ T7589] 0�X: renamed from hsr0 (while UP)
[  188.869247][ T7571] EXT4-fs warning (device loop4): __ext4fs_dirhash:283: invalid/unsupported hash tree version 135
[  188.908487][ T7589] 0�X: entered allmulticast mode
[  188.922474][ T7589] hsr_slave_0: entered allmulticast mode
[  188.987620][ T7589] hsr_slave_1: entered allmulticast mode
[  189.000214][ T7582] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  189.008112][ T7589] A link change request failed with some changes committed already. Interface 
c0�X may have been left with an inconsistent configuration, please check.
[  189.032076][ T7582] ntfs3: loop2: Failed to load $Extend (-22).
[  189.046883][ T7582] ntfs3: loop2: Failed to initialize $Extend.
[  189.058509][ T5090] EXT4-fs (loop4): unmounting filesystem 00000004-0000-0000-0000-000000000000.
[  189.921720][ T7620] loop4: detected capacity change from 0 to 256
[  189.941707][ T7620] FAT-fs (loop4): Unrecognized mount option "shortname=xixed" or missing value
[  190.019707][ T7132] veth0_vlan: entered promiscuous mode
[  190.074305][ T7132] veth1_vlan: entered promiscuous mode
[  190.114212][    T9] usb 18-1: device descriptor read/8, error -110
[  190.193495][ T7620] trusted_key: encrypted_key: insufficient parameters specified
[  190.283967][ T7132] veth0_macvtap: entered promiscuous mode
[  190.376690][ T7132] veth1_macvtap: entered promiscuous mode
[  190.396972][ T7620] Option 'g���H��' to dns_resolver key: bad/missing value
[  190.495517][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.542785][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.573759][    T9] usb usb18-port1: attempt power cycle
[  190.582206][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.618747][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.647631][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.676429][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.706727][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.753453][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.775104][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.797444][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.834978][ T5089] Bluetooth: hci1: command 0x0406 tx timeout
[  190.859912][ T7132] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.970059][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.030836][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.090756][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.146537][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.190911][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.237271][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.239140][    T9] usb usb18-port1: unable to enumerate USB device
[  191.267614][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.294475][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.330262][ T7132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  191.375084][ T7132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  191.406564][ T7132] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.465795][ T7132] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.547922][ T7132] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.590796][ T7132] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.599515][ T7132] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.919621][ T7678] loop3: detected capacity change from 0 to 256
[  191.966880][ T7678] FAT-fs (loop3): Unrecognized mount option "shortname=xixed" or missing value
[  192.093157][ T7678] trusted_key: encrypted_key: insufficient parameters specified
[  192.135888][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.198522][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.568898][ T7701] xt_l2tp: v2 tid > 0xffff: 262144
[  193.249901][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.453841][ T7678] Option 'g���H��' to dns_resolver key: bad/missing value
[  193.519035][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.588534][ T7705] fuse: Bad value for 'fd'
[  193.851766][ T7714] netlink: 188 bytes leftover after parsing attributes in process `syz.5.587'.
[  193.881356][ T1233] ieee802154 phy0 wpan0: encryption failed: -22
[  193.888448][ T1233] ieee802154 phy1 wpan1: encryption failed: -22
[  194.121359][ T7716] loop3: detected capacity change from 0 to 512
[  194.214986][ T7716] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  194.334380][ T7716] ext4 filesystem being mounted at /root/syzkaller.LLRRE3/78/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.793288][ T7746] fuse: Bad value for 'fd'
[  194.867817][ T7751] netlink: 4 bytes leftover after parsing attributes in process `syz.0.785'.
[  194.925071][ T5857] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.000715][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  195.369950][ T7771] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (4096)
[  195.406319][ T7771] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255
[  195.499487][ T7778] 9pnet_fd: p9_fd_create_tcp (7778): problem binding to privport
[  195.638672][ T7719] loop2: detected capacity change from 0 to 32768
[  195.824681][ T7788] loop3: detected capacity change from 0 to 512
[  195.842901][   T29] kauditd_printk_skb: 30 callbacks suppressed
[  195.842919][   T29] audit: type=1800 audit(1719829341.078:148): pid=7719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.776" name="bus" dev="loop2" ino=7 res=0 errno=0
[  195.991174][ T7788] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  196.079834][   T29] audit: type=1804 audit(1719829341.308:149): pid=7779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.796" name="/root/syzkaller.sElnyA/126/bus" dev="sda1" ino=1971 res=1 errno=0
[  196.130981][ T7788] ext4 filesystem being mounted at /root/syzkaller.LLRRE3/81/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.167447][   T29] audit: type=1326 audit(1719829341.348:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7792 comm="syz.0.801" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f28fc375b99 code=0x0
[  196.211071][ T7779] mac80211_hwsim hwsim14 wlan0: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  196.827712][ T7780] loop4: detected capacity change from 0 to 32768
[  196.972699][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  197.044435][ T7780] ERROR: (device loop4): dbAlloc: the hint is outside the map
[  197.044435][ T7780] 
[  197.149984][ T7780] ialloc: diAlloc returned -5!
[  197.163782][ T5857] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.500372][ T7820] netlink: 4 bytes leftover after parsing attributes in process `syz.2.803'.
[  198.138546][ T7832] 9pnet_fd: p9_fd_create_tcp (7832): problem binding to privport
[  198.514864][   T11] wlan0: Trigger new scan to find an IBSS to join
[  198.589210][ T7853] syz.1.819: attempt to access beyond end of device
[  198.589210][ T7853] loop3: rw=4096, sector=2, nr_sectors = 2 limit=0
[  198.642467][ T7853] EXT4-fs (loop3): unable to read superblock
[  199.042334][   T29] audit: type=1326 audit(1719829344.268:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7854 comm="syz.3.818" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2d97575b99 code=0x0
[  199.225281][ T7866] loop3: detected capacity change from 0 to 256
[  200.407924][ T7829] loop5: detected capacity change from 0 to 32768
[  200.655633][ T7896] loop3: detected capacity change from 0 to 2048
[  200.809506][ T7896]  loop3: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p219 p220 p221 p222 p223 p224 p225 p22
[  200.829630][ T7903] netlink: 9 bytes leftover after parsing attributes in process `syz.4.834'.
[  200.962815][ T7903] 0�X: renamed from hsr0 (while UP)
[  201.098310][ T7908] loop2: detected capacity change from 0 to 16
[  201.115092][ T7903] 0�X: entered allmulticast mode
[  201.132563][ T7903] hsr_slave_0: entered allmulticast mode
[  201.174445][ T7903] hsr_slave_1: entered allmulticast mode
[  201.180637][ T7903] A link change request failed with some changes committed already. Interface 
c0�X may have been left with an inconsistent configuration, please check.
[  201.215373][ T7908] erofs: (device loop2): mounted with root inode @ nid 36.
[  201.886372][ T7929] 9pnet_fd: p9_fd_create_tcp (7929): problem binding to privport
[  202.371858][ T7947] loop5: detected capacity change from 0 to 64
[  202.430865][ T2457] wlan0: Trigger new scan to find an IBSS to join
[  202.599922][ T7955] netlink: 56 bytes leftover after parsing attributes in process `syz.2.856'.
[  202.721394][ T7896]  loop3: p185 could not be added: -ENOMEM
[  203.019326][ T5097] Bluetooth: hci1: unexpected event for opcode 0x000f
[  203.165950][ T5097] Bluetooth: hci1: unexpected event 0x1d length: 4 < 5
[  203.459814][   T11] wlan0: Creating new IBSS network, BSSID e2:18:03:31:24:70
[  203.568542][ T7983] netlink: 'syz.5.869': attribute type 4 has an invalid length.
[  204.785127][ T8010] loop2: detected capacity change from 0 to 64
[  205.597994][ T4542]  loop3: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 p217 p218 p219 p220 p221 p222 p223 p224 p225 p22
[  205.617983][ T8037] netlink: 44 bytes leftover after parsing attributes in process `syz.1.893'.
[  206.538712][ T8055] loop2: detected capacity change from 0 to 64
[  207.001147][ T8060] loop4: detected capacity change from 0 to 256
[  207.071829][ T5089] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  207.081173][ T5089] Bluetooth: hci1: Injecting HCI hardware error event
[  207.090220][ T5097] Bluetooth: hci1: hardware error 0x00
[  207.364054][ T8075] netlink: 44 bytes leftover after parsing attributes in process `syz.1.908'.
[  208.059328][ T8096] loop4: detected capacity change from 0 to 64
[  208.706934][ T8111] netlink: 24 bytes leftover after parsing attributes in process `syz.4.922'.
[  209.183771][ T8123] loop2: detected capacity change from 0 to 1024
[  209.225684][ T8123] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  209.258613][ T5097] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  209.351111][ T8123] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.543495][ T5087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  209.566464][ T8133] netlink: 212424 bytes leftover after parsing attributes in process `syz.5.933'.
[  209.599938][ T8133] netlink: 500 bytes leftover after parsing attributes in process `syz.5.933'.
[  210.093821][ T7208] udevd[7208]: inotify_add_watch(7, /dev/loop3p9, 10) failed: No such file or directory
[  210.094702][ T5322] udevd[5322]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[  210.104498][ T5397] udevd[5397]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  210.118103][ T5144] udevd[5144]: inotify_add_watch(7, /dev/loop3p10, 10) failed: No such file or directory
[  210.134394][ T6205] udevd[6205]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  210.135531][ T5219] udevd[5219]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  210.181282][ T5328] udevd[5328]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  210.203285][ T5145] udevd[5145]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory
[  210.231712][ T5389] udevd[5389]: inotify_add_watch(7, /dev/loop3p8, 10) failed: No such file or directory
[  210.325602][ T8148] udevd[8148]: inotify_add_watch(7, /dev/loop3p11, 10) failed: No such file or directory
[  210.618031][ T8162] binder: BINDER_SET_CONTEXT_MGR already set
[  210.630793][ T8162] binder: 8161:8162 ioctl 4018620d 20000040 returned -16
[  210.909135][ T8171] loop2: detected capacity change from 0 to 1024
[  210.967508][ T8171] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  211.029284][ T8171] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.171601][ T5087] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.270160][ T8180] netlink: 212424 bytes leftover after parsing attributes in process `syz.3.949'.
[  211.314875][ T8180] netlink: 500 bytes leftover after parsing attributes in process `syz.3.949'.
[  212.560794][ T5147] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  212.780801][ T5147] usb 6-1: Using ep0 maxpacket: 16
[  212.816260][ T5147] usb 6-1: New USB device found, idVendor=1943, idProduct=2257, bcdDevice=91.ed
[  212.852956][ T5147] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.894232][ T5147] usb 6-1: Product: syz
[  212.898420][ T5147] usb 6-1: Manufacturer: syz
[  212.941831][ T5147] usb 6-1: SerialNumber: syz
[  212.981948][ T5147] usb 6-1: config 0 descriptor??
[  213.013505][ T5147] s2255 6-1:0.0: Could not find bulk-in endpoint
[  213.019960][ T5147] Sensoray 2255 driver load failed: 0xfffffff4
[  213.085277][ T5147] s2255 6-1:0.0: probe with driver s2255 failed with error -12
[  213.271333][ T5147] usb 6-1: USB disconnect, device number 9
[  213.336022][ T8218] netlink: 212424 bytes leftover after parsing attributes in process `syz.0.967'.
[  213.380260][ T8218] netlink: 500 bytes leftover after parsing attributes in process `syz.0.967'.
[  214.404377][ T8234] netlink: 44 bytes leftover after parsing attributes in process `syz.0.974'.
[  214.520424][ T8235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.975'.
[  214.705819][ T8237] loop5: detected capacity change from 0 to 1024
[  215.029871][ T8247] fuse: Bad value for 'fd'
[  215.350534][ T5145] udevd[5145]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  215.376151][ T5328] udevd[5328]: inotify_add_watch(7, /dev/loop3p9, 10) failed: No such file or directory
[  215.376385][ T8149] udevd[8149]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  215.390325][ T6205] udevd[6205]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  215.452300][ T5322] udevd[5322]: inotify_add_watch(7, /dev/loop3p8, 10) failed: No such file or directory
[  215.474245][ T5397] udevd[5397]: inotify_add_watch(7, /dev/loop3p5, 10) failed: No such file or directory
[  215.494194][ T5219] udevd[5219]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[  215.510277][ T5144] udevd[5144]: inotify_add_watch(7, /dev/loop3p13, 10) failed: No such file or directory
[  215.555361][ T5389] udevd[5389]: inotify_add_watch(7, /dev/loop3p11, 10) failed: No such file or directory
[  215.592579][ T8148] udevd[8148]: inotify_add_watch(7, /dev/loop3p10, 10) failed: No such file or directory
[  215.808978][ T8258] bond0: (slave erspan0): Opening slave failed
[  216.612270][ T8266] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  217.132784][ T8243] loop4: detected capacity change from 0 to 32768
[  217.318315][ T8243] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  217.848575][ T8243] XFS (loop4): Ending clean mount
[  217.967881][ T5090] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  221.073363][ T8335] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  222.407070][ T8353] loop3: detected capacity change from 0 to 128
[  222.492752][ T8150] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  223.101109][ T8360] evm: overlay not supported
[  223.710983][ T5089] Bluetooth: hci6: command 0x1003 tx timeout
[  223.711124][ T5097] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  224.381416][ T5089] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  224.391945][ T5089] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  224.664810][ T5089] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  224.691860][ T5089] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  224.718534][ T5089] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  224.741053][ T5089] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  225.650266][ T8387] netpci0: tun_chr_ioctl cmd 35111
[  225.750163][ T5097] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  225.761957][ T5097] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  225.769755][ T5097] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  225.778712][ T5097] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  225.794164][ T5097] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  225.801733][ T5097] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  225.995655][   T62] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  226.383249][ T8413] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  226.469783][   T35] Bluetooth: hci3: Frame reassembly failed (-84)
[  226.912067][ T5089] Bluetooth: hci6: command tx timeout
[  227.082249][   T62] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.202152][   T62] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.311329][ T5147] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  227.395578][   T62] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  227.511657][ T5147] usb 4-1: Using ep0 maxpacket: 16
[  227.547937][ T5147] usb 4-1: config 8 has an invalid interface number: 19 but max is 0
[  227.579027][ T5147] usb 4-1: config 8 has an invalid interface number: 239 but max is 0
[  227.601835][ T5147] usb 4-1: config 8 has 2 interfaces, different from the descriptor's value: 1
[  227.615649][ T5147] usb 4-1: config 8 has no interface number 0
[  227.621944][ T5147] usb 4-1: config 8 has no interface number 1
[  227.628216][ T5147] usb 4-1: config 8 interface 19 altsetting 129 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  227.646882][ T5147] usb 4-1: config 8 interface 19 altsetting 129 has an invalid descriptor for endpoint zero, skipping
[  227.659265][ T5147] usb 4-1: config 8 interface 19 altsetting 129 has an invalid descriptor for endpoint zero, skipping
[  227.676431][ T5147] usb 4-1: config 8 interface 19 altsetting 129 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  227.691615][ T5147] usb 4-1: config 8 interface 19 altsetting 129 has 7 endpoint descriptors, different from the interface descriptor's value: 12
[  227.706827][ T5147] usb 4-1: too many endpoints for config 8 interface 239 altsetting 35: 141, using maximum allowed: 30
[  227.720502][ T5147] usb 4-1: config 8 interface 239 altsetting 35 has a duplicate endpoint with address 0xE, skipping
[  227.734188][ T5147] usb 4-1: config 8 interface 239 altsetting 35 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  227.746294][ T5147] usb 4-1: config 8 interface 239 altsetting 35 bulk endpoint 0x1 has invalid maxpacket 16
[  227.756681][ T5147] usb 4-1: config 8 interface 239 altsetting 35 has a duplicate endpoint with address 0x1, skipping
[  227.767617][ T5147] usb 4-1: config 8 interface 239 altsetting 35 has 5 endpoint descriptors, different from the interface descriptor's value: 141
[  227.781142][ T5147] usb 4-1: config 8 interface 19 has no altsetting 0
[  227.789439][ T5147] usb 4-1: config 8 interface 239 has no altsetting 0
[  227.799576][ T5147] usb 4-1: New USB device found, idVendor=0b05, idProduct=18f0, bcdDevice=5a.43
[  227.808968][ T5147] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.819577][ T5147] usb 4-1: Product: О
[  227.823798][ T5147] usb 4-1: Manufacturer: Х
[  227.828314][ T5147] usb 4-1: SerialNumber: с
[  227.871748][ T5089] Bluetooth: hci0: command tx timeout
[  228.043299][   T62] bridge_slave_1: left allmulticast mode
[  228.058416][ T8407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  228.060882][   T62] bridge_slave_1: left promiscuous mode
[  228.079577][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[  228.084026][ T8407] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  228.102738][   T62] bridge_slave_0: left allmulticast mode
[  228.108399][   T62] bridge_slave_0: left promiscuous mode
[  228.125037][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[  228.193903][ T5147] usb 4-1: USB disconnect, device number 4
[  228.435460][ T5097] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  228.445376][ T5089] Bluetooth: hci3: command 0x1003 tx timeout
[  228.990827][ T5100] Bluetooth: hci6: command tx timeout
[  229.197627][ T8454] loop3: detected capacity change from 0 to 2048
[  229.258756][ T8454] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.331256][ T8454] ext4 filesystem being mounted at /root/syzkaller.LLRRE3/108/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.481943][ T8454] EXT4-fs error (device loop3): ext4_find_dest_de:2111: inode #2: block 16: comm syz.3.1052: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0
[  229.731750][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  229.797030][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  229.830794][   T62] bond0 (unregistering): Released all slaves
[  229.919910][ T5857] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.961204][ T5089] Bluetooth: hci0: command tx timeout
[  230.014021][ T8475] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  230.022578][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  230.221892][ T8485] futex_wake_op: syz.3.1064 tries to shift op by 35; fix this program
[  230.233323][    T9] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  230.254828][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.285919][    T9] usb 5-1: config 0 descriptor??
[  230.375643][ T8374] chnl_net:caif_netlink_parms(): no params data found
[  230.399264][ T8487] netlink: 'syz.0.1065': attribute type 21 has an invalid length.
[  230.422461][ T8487] netlink: 'syz.0.1065': attribute type 1 has an invalid length.
[  230.485588][ T8394] chnl_net:caif_netlink_parms(): no params data found
[  230.579350][    T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  230.626184][    T9] asix 5-1:0.0: probe with driver asix failed with error -71
[  230.665515][    T9] usb 5-1: USB disconnect, device number 4
[  230.932521][   T62] hsr_slave_0: left promiscuous mode
[  230.982055][   T62] hsr_slave_1: left promiscuous mode
[  231.018057][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  231.026793][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[  231.045122][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.071868][ T5089] Bluetooth: hci6: command tx timeout
[  231.075094][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[  231.079743][ T8508] input: syz0 as /devices/virtual/input/input7
[  231.218061][   T62] veth1_macvtap: left promiscuous mode
[  231.242029][   T62] veth0_macvtap: left promiscuous mode
[  231.247730][   T62] veth1_vlan: left promiscuous mode
[  231.311224][   T62] veth0_vlan: left promiscuous mode
[  231.683848][ T8526] loop4: detected capacity change from 0 to 256
[  231.791143][ T5089] Bluetooth: hci2: command 0x0406 tx timeout
[  232.030855][ T5100] Bluetooth: hci0: command tx timeout
[  232.758968][   T62] team0 (unregistering): Port device team_slave_1 removed
[  232.835293][   T62] team0 (unregistering): Port device team_slave_0 removed
[  233.156618][ T5100] Bluetooth: hci6: command tx timeout
[  233.394551][ T8518] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  233.403295][ T8529] netlink: 'syz.3.1078': attribute type 21 has an invalid length.
[  233.403644][ T8537] netlink: 'syz.4.1081': attribute type 1 has an invalid length.
[  233.418106][ T8529] netlink: 'syz.3.1078': attribute type 1 has an invalid length.
[  233.470057][ T8537] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1081'.
[  234.111167][ T5100] Bluetooth: hci0: command tx timeout
[  234.123425][ T8374] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.127983][ T8568] loop4: detected capacity change from 0 to 4096
[  234.130569][ T8374] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.194837][ T8374] bridge_slave_0: entered allmulticast mode
[  234.203141][ T8374] bridge_slave_0: entered promiscuous mode
[  234.212612][ T8374] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.237582][ T8374] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.291011][ T8374] bridge_slave_1: entered allmulticast mode
[  234.301311][ T8374] bridge_slave_1: entered promiscuous mode
[  234.322796][ T8394] bridge0: port 1(bridge_slave_0) entered blocking state
[  234.340252][ T8394] bridge0: port 1(bridge_slave_0) entered disabled state
[  234.363437][ T8394] bridge_slave_0: entered allmulticast mode
[  234.396238][ T8394] bridge_slave_0: entered promiscuous mode
[  234.591185][ T8575] netlink: 'syz.0.1097': attribute type 21 has an invalid length.
[  234.599091][ T8575] netlink: 'syz.0.1097': attribute type 1 has an invalid length.
[  234.682063][ T8394] bridge0: port 2(bridge_slave_1) entered blocking state
[  234.716270][ T8394] bridge0: port 2(bridge_slave_1) entered disabled state
[  234.742805][ T8394] bridge_slave_1: entered allmulticast mode
[  234.760378][ T8394] bridge_slave_1: entered promiscuous mode
[  234.965691][ T8374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.054343][ T8394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.145025][ T8394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.167680][ T8597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1103'.
[  235.195246][ T8374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.398490][ T8607] loop3: detected capacity change from 0 to 128
[  235.478576][ T2457] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  235.492004][ T8149] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  235.650406][ T8374] team0: Port device team_slave_0 added
[  235.808208][ T8394] team0: Port device team_slave_0 added
[  236.470559][ T8374] team0: Port device team_slave_1 added
[  236.669203][ T8613] netlink: 'syz.0.1110': attribute type 30 has an invalid length.
[  236.681827][ T8613] (unnamed net_device) (uninitialized): option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4)
[  236.738773][ T8622] loop4: detected capacity change from 0 to 64
[  236.751382][ T8622] hfs: uid requires an argument
[  236.756258][ T8622] hfs: unable to parse mount options
[  236.768693][ T8394] team0: Port device team_slave_1 added
[  236.788558][ T8618] netlink: 'syz.1.1111': attribute type 21 has an invalid length.
[  236.829694][ T8618] netlink: 'syz.1.1111': attribute type 1 has an invalid length.
[  236.950278][ T8374] batman_adv: batadv0: Adding interface: batadv_slave_0
[  236.977706][ T8374] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.030143][ T8374] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.063227][ T8632] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1116'.
[  237.315295][ T8374] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.331049][ T8374] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.367695][ T8374] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  237.384471][ T8394] batman_adv: batadv0: Adding interface: batadv_slave_0
[  237.394717][ T8394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.468272][ T8394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  237.741650][ T8394] batman_adv: batadv0: Adding interface: batadv_slave_1
[  237.762697][ T8394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  237.810265][ T8394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.521192][ T8374] hsr_slave_0: entered promiscuous mode
[  238.591564][ T8374] hsr_slave_1: entered promiscuous mode
[  238.655808][ T8648] dvmrp0: entered allmulticast mode
[  238.719260][ T8654] dvmrp8: entered allmulticast mode
[  238.828783][ T8655] dvmrp8: left allmulticast mode
[  239.086194][ T8394] hsr_slave_0: entered promiscuous mode
[  239.105545][ T8394] hsr_slave_1: entered promiscuous mode
[  239.114932][ T8394] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  239.149041][ T8394] Cannot create hsr debugfs directory
[  239.269009][ T8664] netlink: 'syz.3.1125': attribute type 30 has an invalid length.
[  239.281978][ T8664] (unnamed net_device) (uninitialized): option arp_missed_max: mode dependency failed, not supported in mode 802.3ad(4)
[  239.394498][ T8647] loop4: detected capacity change from 0 to 40427
[  239.405427][ T8647] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  239.438958][ T8647] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  239.497596][ T8676] fuse: Bad value for 'fd'
[  239.517395][ T8647] F2FS-fs (loop4): invalid crc value
[  239.530385][   T29] audit: type=1804 audit(1719829384.758:152): pid=8676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1127" name="/root/syzkaller.KzquOj/227/file0" dev="sda1" ino=1996 res=1 errno=0
[  239.552876][ T8647] F2FS-fs (loop4): Found nat_bits in checkpoint
[  239.888712][ T8647] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  239.909623][ T8647] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  239.918008][ T8686] netlink: 'syz.3.1130': attribute type 21 has an invalid length.
[  239.941548][ T8686] netlink: 'syz.3.1130': attribute type 1 has an invalid length.
[  240.058300][ T8692] xt_ipcomp: unknown flags 12
[  240.301068][ T8699] loop3: detected capacity change from 0 to 512
[  240.381977][ T8699] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  240.429825][ T8699] EXT4-fs (loop3): 1 truncate cleaned up
[  240.437388][ T8699] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.517141][ T8374] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  240.963091][ T8716] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1134'.
[  240.977112][ T8716] netlink: zone id is out of range
[  240.982345][ T8716] netlink: zone id is out of range
[  240.987524][ T8716] netlink: zone id is out of range
[  240.992853][ T8716] netlink: zone id is out of range
[  240.998538][ T8716] netlink: zone id is out of range
[  241.003930][ T8716] netlink: zone id is out of range
[  241.009104][ T8716] netlink: zone id is out of range
[  241.015107][ T8716] netlink: zone id is out of range
[  241.020279][ T8716] netlink: zone id is out of range
[  241.025533][ T8716] netlink: zone id is out of range
[  241.360986][ T8703] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters
[  241.488901][ T8374] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.529939][ T8703] EXT4-fs (loop3): Remounting filesystem read-only
[  241.558283][ T5857] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.715634][ T8374] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  241.953100][ T8374] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  243.091578][ T8758] loop3: detected capacity change from 0 to 512
[  243.166658][ T8758] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2
[  243.181306][ T8758] EXT4-fs (loop3): 1 truncate cleaned up
[  243.188416][ T8758] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.732491][ T8768] netlink: 191416 bytes leftover after parsing attributes in process `syz.3.1151'.
[  244.343656][ T5857] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.674260][ T8779] loop3: detected capacity change from 0 to 64
[  244.763029][ T8374] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  244.767507][ T8779] hfs: request for non-existent node 1286 in B*Tree
[  244.792155][ T8374] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  244.815884][ T8374] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  244.824949][ T8779] hfs: request for non-existent node 1286 in B*Tree
[  244.888913][ T8374] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  244.900209][   T12] hfs: request for non-existent node 1286 in B*Tree
[  244.940473][   T12] hfs: request for non-existent node 1286 in B*Tree
[  245.208606][ T8394] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  245.255648][ T8394] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  245.348056][ T8394] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  245.436588][ T8394] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  245.524827][ T8799] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1161'.
[  246.698006][ T8374] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.916028][ T8374] 8021q: adding VLAN 0 to HW filter on device team0
[  246.962316][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.969445][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.096712][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.103944][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.156579][ T8812] fuse: Bad value for 'fd'
[  247.392341][ T8814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1165'.
[  247.567885][ T8394] 8021q: adding VLAN 0 to HW filter on device bond0
[  247.654607][ T8394] 8021q: adding VLAN 0 to HW filter on device team0
[  247.733649][  T780] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.740906][  T780] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.773270][  T780] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.780444][  T780] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.965962][ T8841] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.101474][ T8843] O3�c��: renamed from bridge_slave_0
[  248.269037][ T8374] 8021q: adding VLAN 0 to HW filter on device batadv0
[  249.450925][ T8374] veth0_vlan: entered promiscuous mode
[  249.775443][ T8394] 8021q: adding VLAN 0 to HW filter on device batadv0
[  249.846133][ T8374] veth1_vlan: entered promiscuous mode
[  250.170566][ T8374] veth0_macvtap: entered promiscuous mode
[  250.227802][   T29] audit: type=1800 audit(1719829395.448:153): pid=8883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1184" name="bus" dev="sda1" ino=1996 res=0 errno=0
[  250.268960][ T8374] veth1_macvtap: entered promiscuous mode
[  250.352925][   T29] audit: type=1800 audit(1719829395.458:154): pid=8883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1184" name="bus" dev="sda1" ino=1996 res=0 errno=0
[  250.368432][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.440823][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.490739][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.545478][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.570750][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.602573][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.619304][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.656735][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.688269][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  250.734552][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.777093][ T8374] batman_adv: batadv0: Interface activated: batadv_slave_0
[  250.807012][ T8897] loop3: detected capacity change from 0 to 256
[  250.835271][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.850480][ T8897] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  250.863661][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.892180][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  250.918328][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  250.972419][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.007830][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.033076][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.055267][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.075510][ T8374] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  251.104622][ T8374] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  251.157033][ T8374] batman_adv: batadv0: Interface activated: batadv_slave_1
[  251.273405][ T8374] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  251.324993][ T8374] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  251.355451][ T8374] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  251.431560][ T8374] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  251.856350][ T8394] veth0_vlan: entered promiscuous mode
[  251.992793][ T8394] veth1_vlan: entered promiscuous mode
[  252.206684][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  252.228972][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  252.385508][ T8394] veth0_macvtap: entered promiscuous mode
[  252.465468][ T8394] veth1_macvtap: entered promiscuous mode
[  252.830327][ T2457] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  253.150858][ T2457] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  253.242887][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.319441][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.358121][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.387118][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.399373][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.410034][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.419921][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.439948][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.468496][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.494615][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.512676][ T8940] trusted_key: syz.1.1197 sent an empty control message without MSG_MORE.
[  253.522777][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  253.542698][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.567776][ T8394] batman_adv: batadv0: Interface activated: batadv_slave_0
[  253.643425][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.720743][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.751022][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.779781][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.832041][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.875043][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.917812][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  253.960988][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  253.969785][ T8915] loop3: detected capacity change from 0 to 32768
[  253.997421][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.029919][ T8954] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:0
[  254.041311][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.057511][ T8394] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.083939][ T8954] net_ratelimit: 174 callbacks suppressed
[  254.083959][ T8954] IPVS: nq: SCTP 172.20.20.170:0 - no destination available
[  254.098726][  T780] IPVS: starting estimator thread 0...
[  254.121851][ T8394] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.157729][ T8915] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  254.185663][ T8394] batman_adv: batadv0: Interface activated: batadv_slave_1
[  254.194199][ T8961] IPVS: using max 16 ests per chain, 38400 per kthread
[  254.250837][  T780] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  254.276404][ T8394] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  254.335102][ T8394] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  254.375230][ T8394] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  254.400935][ T8394] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  254.402747][ T8915] XFS (loop3): Ending clean mount
[  254.425212][ T8969] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1202'.
[  254.450790][  T780] usb 3-1: Using ep0 maxpacket: 8
[  254.471931][  T780] usb 3-1: config index 0 descriptor too short (expected 49, got 36)
[  254.506656][  T780] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  254.622901][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  254.635226][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  254.645003][ T8915] XFS (loop3): Quotacheck needed: Please wait.
[  254.647697][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  254.810447][  T780] usb 3-1: config index 1 descriptor too short (expected 49, got 36)
[  254.824926][  T780] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  254.836473][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  254.893652][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  254.905099][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  254.974446][  T780] usb 3-1: config index 2 descriptor too short (expected 49, got 36)
[  254.983851][  T780] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  255.020253][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  255.140768][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  255.165930][  T780] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  255.668935][ T1233] ieee802154 phy0 wpan0: encryption failed: -22
[  255.675377][ T1233] ieee802154 phy1 wpan1: encryption failed: -22
[  255.679849][ T8974] netlink: 'syz.1.1203': attribute type 1 has an invalid length.
[  255.684834][  T780] usb 3-1: string descriptor 0 read error: -22
[  255.690783][ T8974] netlink: 181400 bytes leftover after parsing attributes in process `syz.1.1203'.
[  255.700856][  T780] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  255.718906][  T780] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.788022][  T780] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  255.872257][ T8915] XFS (loop3): Quotacheck: Done.
[  255.975917][ T5857] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  256.013181][ T1031] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  256.031821][ T1031] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  256.243106][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  256.292057][ T5197] usb 3-1: USB disconnect, device number 3
[  256.337564][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  257.833486][ T9003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1211'.
[  257.985475][ T9018] loop4: detected capacity change from 0 to 512
[  258.065270][ T9018] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  258.108339][ T9018] EXT4-fs error (device loop4): ext4_get_journal_inode:5752: comm syz.4.1216: inode #67108864: comm syz.4.1216: iget: illegal inode #
[  258.192345][ T9025] loop5: detected capacity change from 0 to 2048
[  258.280067][ T9018] EXT4-fs (loop4): no journal found
[  258.295329][ T9028] loop3: detected capacity change from 0 to 1024
[  258.323193][ T9025] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  259.069148][ T9052] veth0_vlan: entered allmulticast mode
[  259.453746][ T9060] veth0_vlan: left promiscuous mode
[  259.515626][ T9060] veth0_vlan: entered promiscuous mode
[  259.902693][ T9083] loop4: detected capacity change from 0 to 1024
[  261.192843][ T9109] loop4: detected capacity change from 0 to 8
[  261.488967][ T5149] IPVS: starting estimator thread 0...
[  261.502556][ T5093] syz-executor (5093) used greatest stack depth: 18448 bytes left
[  261.620840][ T9113] IPVS: using max 16 ests per chain, 38400 per kthread
[  262.381676][ T9108] loop5: detected capacity change from 0 to 32768
[  262.570948][ T9108] XFS (loop5): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  262.609769][ T9137] loop2: detected capacity change from 0 to 8192
[  262.830465][ T9108] XFS (loop5): Ending clean mount
[  262.879608][ T5089] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  262.905019][ T5089] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  262.919452][ T5089] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  262.921242][ T9108] XFS (loop5): Quotacheck needed: Please wait.
[  262.957954][ T5089] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  262.967010][ T5089] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  262.975704][ T5089] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  263.218411][ T9108] XFS (loop5): Quotacheck: Done.
[  263.576840][ T8394] XFS (loop5): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  263.651918][ T5148] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  263.659557][ T9145] chnl_net:caif_netlink_parms(): no params data found
[  263.861020][ T5148] usb 3-1: Using ep0 maxpacket: 8
[  263.884105][ T5148] usb 3-1: config index 0 descriptor too short (expected 49, got 36)
[  263.907822][ T5148] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  263.929283][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  263.972704][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  263.984077][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  263.997154][ T5148] usb 3-1: config index 1 descriptor too short (expected 49, got 36)
[  264.005802][ T5148] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  264.013367][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  264.027957][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  264.041462][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  264.055409][ T5148] usb 3-1: config index 2 descriptor too short (expected 49, got 36)
[  264.063817][ T5148] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  264.071393][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  264.083178][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  264.094429][ T5148] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[  264.109987][ T5148] usb 3-1: string descriptor 0 read error: -22
[  264.116905][ T5148] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  264.126103][ T5148] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.156216][ T9145] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.164399][ T5148] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  264.177913][ T9145] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.194836][ T9145] bridge_slave_0: entered allmulticast mode
[  264.206137][ T9145] bridge_slave_0: entered promiscuous mode
[  264.238489][ T9145] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.268794][ T9145] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.293251][ T9145] bridge_slave_1: entered allmulticast mode
[  264.319000][ T9145] bridge_slave_1: entered promiscuous mode
[  264.416287][ T5197] usb 3-1: USB disconnect, device number 4
[  264.570910][ T9190] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  264.588943][ T9189] loop3: detected capacity change from 0 to 128
[  264.629370][ T9145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  264.709898][ T9145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  264.948582][ T9145] team0: Port device team_slave_0 added
[  265.054793][ T9145] team0: Port device team_slave_1 added
[  265.092119][ T5100] Bluetooth: hci3: command tx timeout
[  265.794275][ T9145] batman_adv: batadv0: Adding interface: batadv_slave_0
[  265.840797][ T9145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  265.951136][ T9145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.051993][ T9145] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.081945][ T9145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.153890][ T9212] loop2: detected capacity change from 0 to 512
[  266.203386][ T9145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.338405][ T9212] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.392932][ T9212] ext4 filesystem being mounted at /root/syzkaller.sqI9vd/18/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  266.578403][ T9219] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  267.163212][ T5089] Bluetooth: hci3: command tx timeout
[  267.388009][ T8374] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.434559][ T9145] hsr_slave_0: entered promiscuous mode
[  267.474958][   T51] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  267.477197][ T9145] hsr_slave_1: entered promiscuous mode
[  267.591318][ T9145] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  267.624047][ T9145] Cannot create hsr debugfs directory
[  267.799978][ T9232] loop2: detected capacity change from 0 to 128
[  267.848048][ T9230] loop5: detected capacity change from 0 to 2048
[  267.882396][ T9230] udf: Bad value for 'anchor'
[  267.982594][ T8149] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  268.467763][ T9245] loop4: detected capacity change from 0 to 2048
[  268.483277][ T9145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  268.502741][ T9245] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=18881, location=18881
[  268.628081][ T9247] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1297'.
[  268.669633][ T9247] A link change request failed with some changes committed already. Interface veth1_macvtap may have been left with an inconsistent configuration, please check.
[  268.691315][ T5089] Bluetooth: hci4: command 0x1003 tx timeout
[  268.703780][ T5100] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  269.050042][ T9145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.232451][ T5100] Bluetooth: hci3: command tx timeout
[  269.358176][ T9145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.519147][ T9264] program syz.5.1304 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  269.659262][ T9145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.822242][ T9282] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1311'.
[  269.900950][ T9281] loop4: detected capacity change from 0 to 764
[  270.227571][ T9145] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  270.279824][ T9145] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  270.354660][ T9296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1316'.
[  270.376471][ T9145] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  270.497575][ T9295] loop4: detected capacity change from 0 to 1024
[  270.522393][ T9145] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  271.111103][ T9281] hfsplus: xattr searching failed
[  271.168299][ T9145] 8021q: adding VLAN 0 to HW filter on device bond0
[  271.236728][ T9145] 8021q: adding VLAN 0 to HW filter on device team0
[  271.334255][ T5100] Bluetooth: hci3: command tx timeout
[  271.389164][  T780] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.396384][  T780] bridge0: port 1(bridge_slave_0) entered forwarding state
[  271.493742][ T9281] hfsplus: xattr searching failed
[  271.519290][ T9322] overlayfs: failed to resolve './file0': -2
[  271.522705][  T780] bridge0: port 2(bridge_slave_1) entered blocking state
[  271.532423][  T780] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.875396][ T9338] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1332'.
[  272.888733][ T9145] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  273.092039][   T51] hfsplus: b-tree write err: -5, ino 3
[  273.591149][   T29] audit: type=1800 audit(1719829418.808:155): pid=9355 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1340" name="bus" dev="sda1" ino=1981 res=0 errno=0
[  273.663950][ T9355] loop3: detected capacity change from 0 to 512
[  273.757878][ T9355] FAT-fs (loop3): bogus sectors per cluster 69
[  273.782285][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  273.789312][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  273.796000][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  273.802676][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  273.809319][    C0] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  273.836564][ T9355] FAT-fs (loop3): Can't find a valid FAT filesystem
[  274.124310][ T9145] 8021q: adding VLAN 0 to HW filter on device batadv0
[  274.440383][ T9145] veth0_vlan: entered promiscuous mode
[  274.473464][ T9145] veth1_vlan: entered promiscuous mode
[  274.565948][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888053d5f400: rx timeout, send abort
[  275.076868][    C0] vxcan0: j1939_tp_rxtimer: 0xffff888053d5f400: abort rx timeout. Force session deactivation
[  275.435666][ T9145] veth0_macvtap: entered promiscuous mode
[  275.515296][ T9145] veth1_macvtap: entered promiscuous mode
[  275.690645][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  275.728599][ T9373] loop4: detected capacity change from 0 to 32768
[  275.751997][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.790149][ T9373] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1346 (9373)
[  275.816704][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  275.857422][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.881746][ T9373] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  275.890838][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  275.943220][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  275.963401][ T9373] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm
[  276.019686][ T9373] BTRFS info (device loop4): using free-space-tree
[  276.032105][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.077945][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.149895][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.191764][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.202570][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.214154][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.226594][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  276.237331][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.252563][ T9145] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.281828][ T9385] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1350'.
[  276.485385][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.510805][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.526299][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.570917][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.600081][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.634554][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.681295][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.757476][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.847159][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.929559][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.999394][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  277.062340][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.080787][ T9428] netlink: 'syz.2.1361': attribute type 1 has an invalid length.
[  277.128343][ T9428] netlink: 157116 bytes leftover after parsing attributes in process `syz.2.1361'.
[  277.151169][ T9145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  277.229808][ T9145] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  277.343236][ T9145] batman_adv: batadv0: Interface activated: batadv_slave_1
[  278.089626][ T5090] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  278.116353][ T9145] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  278.165086][ T9145] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  278.201276][ T9145] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  278.227861][ T9145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  278.530878][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88806249fc00: rx timeout, send abort
[  278.676112][ T9443] IPv6: NLM_F_REPLACE set, but no existing node found!
[  278.725905][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  278.770721][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  278.900242][ T9455] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1370'.
[  279.039260][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88806249fc00: abort rx timeout. Force session deactivation
[  279.264471][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  279.299793][   T29] audit: type=1800 audit(1719829424.528:156): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1375" name="bus" dev="sda1" ino=1974 res=0 errno=0
[  279.329867][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  279.349611][ T9470] loop3: detected capacity change from 0 to 512
[  279.466632][ T9470] FAT-fs (loop3): bogus sectors per cluster 69
[  279.549569][ T9470] FAT-fs (loop3): Can't find a valid FAT filesystem
[  279.868321][ T9478] loop4: detected capacity change from 0 to 256
[  280.584904][ T9488] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1380'.
[  281.142190][   T29] audit: type=1800 audit(1719829426.378:157): pid=9516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1390" name="bus" dev="sda1" ino=2002 res=0 errno=0
[  283.348280][ T9559] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1409'.
[  283.459718][ T9554] xt_CT: No such helper "pptp"
[  283.760784][ T9578] netlink: 180 bytes leftover after parsing attributes in process `syz.5.1418'.
[  283.773851][ T9578] netlink: 'syz.5.1418': attribute type 1 has an invalid length.
[  283.880866][    T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  283.935867][  T780] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  284.220216][   T19] BUG: unable to handle page fault for address: fffffbfff2b36b63
[  284.227969][   T19] #PF: supervisor read access in kernel mode
[  284.233942][   T19] #PF: error_code(0x0000) - not-present page
[  284.239908][   T19] PGD 23ffe4067 P4D 23ffe4067 PUD 23ffe3067 PMD 0 
[  284.246440][   T19] Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  284.252673][   T19] CPU: 0 PID: 19 Comm: rcu_exp_gp_kthr Not tainted 6.10.0-rc6-syzkaller #0
[  284.261254][   T19] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  284.271304][   T19] RIP: 0010:kasan_check_range+0x82/0x290
[  284.277031][   T19] Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
[  284.296631][   T19] RSP: 0018:ffffc900001877e0 EFLAGS: 00010086
[  284.302696][   T19] RAX: 0000000000541a01 RBX: 1ffffffff2b36b63 RCX: ffffffff81727a0d
[  284.310672][   T19] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff959b5b18
[  284.318648][   T19] RBP: ffffffffffffffff R08: ffffffff959b5b1f R09: 1ffffffff2b36b63
[  284.326619][   T19] R10: dffffc0000000000 R11: fffffbfff2b36b63 R12: 0000000000000001
[  284.334590][   T19] R13: ffff8880176cbc00 R14: dffffc0000000001 R15: fffffbfff2b36b64
[  284.342557][   T19] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  284.351480][   T19] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  284.358055][   T19] CR2: fffffbfff2b36b63 CR3: 000000005c096000 CR4: 0000000000350ef0
[  284.366021][   T19] Call Trace:
[  284.369292][   T19]  <TASK>
[  284.372235][   T19]  ? __die_body+0x88/0xe0
[  284.376575][   T19]  ? page_fault_oops+0x8e4/0xcc0
[  284.381515][   T19]  ? __pfx_page_fault_oops+0x10/0x10
[  284.386795][   T19]  ? validate_chain+0x11e/0x5900
[  284.391734][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.397374][   T19]  ? is_prefetch+0x4f6/0x780
[  284.401964][   T19]  ? __pfx_is_prefetch+0x10/0x10
[  284.406902][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.412543][   T19]  ? __bad_area_nosemaphore+0x118/0x770
[  284.418104][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.423733][   T19]  ? validate_chain+0x11e/0x5900
[  284.428672][   T19]  ? __pfx___bad_area_nosemaphore+0x10/0x10
[  284.434580][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.440210][   T19]  ? spurious_kernel_fault+0x11e/0x5d0
[  284.445674][   T19]  ? exc_page_fault+0x5c8/0x8c0
[  284.450530][   T19]  ? asm_exc_page_fault+0x26/0x30
[  284.455566][   T19]  ? __lock_acquire+0xc5d/0x1fd0
[  284.460500][   T19]  ? kasan_check_range+0x82/0x290
[  284.465531][   T19]  __lock_acquire+0xc5d/0x1fd0
[  284.470305][   T19]  lock_acquire+0x1ed/0x550
[  284.474803][   T19]  ? raw_spin_rq_lock_nested+0xb0/0x140
[  284.480362][   T19]  ? __pfx_lock_acquire+0x10/0x10
[  284.485409][   T19]  ? select_task_rq_fair+0x3b4/0x3b60
[  284.490815][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.496449][   T19]  ? select_task_rq_fair+0x792/0x3b60
[  284.501831][   T19]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  284.507227][   T19]  ? select_task_rq_fair+0x3b4/0x3b60
[  284.512624][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.518268][   T19]  _raw_spin_lock_nested+0x31/0x40
[  284.523388][   T19]  ? raw_spin_rq_lock_nested+0xb0/0x140
[  284.528951][   T19]  raw_spin_rq_lock_nested+0xb0/0x140
[  284.534340][   T19]  try_to_wake_up+0x7cc/0x1470
[  284.539112][   T19]  ? __pfx_try_to_wake_up+0x10/0x10
[  284.544312][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.549948][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.555579][   T19]  ? _raw_spin_lock_irqsave+0xe1/0x120
[  284.561037][   T19]  ? __pfx__raw_spin_lock_irqsave+0x10/0x10
[  284.566927][   T19]  ? do_raw_spin_lock+0x14f/0x370
[  284.571964][   T19]  autoremove_wake_function+0x16/0x110
[  284.577423][   T19]  __wake_up_common_lock+0x132/0x1e0
[  284.582715][   T19]  rcu_exp_sel_wait_wake+0x18ac/0x1db0
[  284.588188][   T19]  ? srso_alias_return_thunk+0x5/0xfbef5
[  284.593828][   T19]  ? __pfx_rcu_exp_sel_wait_wake+0x10/0x10
[  284.599640][   T19]  ? _raw_spin_lock_irq+0xdf/0x120
[  284.604756][   T19]  kthread_worker_fn+0x502/0xaf0
[  284.609700][   T19]  ? kthread_worker_fn+0xdc/0xaf0
[  284.614728][   T19]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  284.620019][   T19]  ? __pfx_kthread_worker_fn+0x10/0x10
[  284.625485][   T19]  kthread+0x2f2/0x390
[  284.629560][   T19]  ? __pfx_kthread_worker_fn+0x10/0x10
[  284.635024][   T19]  ? __pfx_kthread+0x10/0x10
[  284.639616][   T19]  ret_from_fork+0x4d/0x80
[  284.644039][   T19]  ? __pfx_kthread+0x10/0x10
[  284.648635][   T19]  ret_from_fork_asm+0x1a/0x30
[  284.653416][   T19]  </TASK>
[  284.656426][   T19] Modules linked in:
[  284.660315][   T19] CR2: fffffbfff2b36b63
[  284.664458][   T19] ---[ end trace 0000000000000000 ]---
[  284.669902][   T19] RIP: 0010:kasan_check_range+0x82/0x290
[  284.675546][   T19] Code: 01 00 00 00 00 fc ff df 4f 8d 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd <41> 80 3b 00 0f 85 c9 01 00 00 49 ff c3 48 ff c5 75 ee e9 1e 01 00
[  284.695147][   T19] RSP: 0018:ffffc900001877e0 EFLAGS: 00010086
[  284.701211][   T19] RAX: 0000000000541a01 RBX: 1ffffffff2b36b63 RCX: ffffffff81727a0d
[  284.709177][   T19] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff959b5b18
[  284.717144][   T19] RBP: ffffffffffffffff R08: ffffffff959b5b1f R09: 1ffffffff2b36b63
[  284.725116][   T19] R10: dffffc0000000000 R11: fffffbfff2b36b63 R12: 0000000000000001
[  284.733083][   T19] R13: ffff8880176cbc00 R14: dffffc0000000001 R15: fffffbfff2b36b64
[  284.741052][   T19] FS:  0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  284.749978][   T19] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  284.756556][   T19] CR2: fffffbfff2b36b63 CR3: 000000005c096000 CR4: 0000000000350ef0
[  284.764529][   T19] Kernel panic - not syncing: Fatal exception
[  284.770783][   T19] Kernel Offset: disabled
[  284.775093][   T19] Rebooting in 86400 seconds..