last executing test programs:

9.487480409s ago: executing program 3 (id=2588):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000023000000850000002a000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='ext4_journal_start\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x100000, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_journal_start\x00', r1}, 0x10)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4})
readv(r2, &(0x7f0000002140)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
mremap(&(0x7f0000934000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000a6f000/0x4000)=nil)
mlockall(0x3)
mlockall(0x6)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001200)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000011c0)={&(0x7f0000001180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042cbd7000fcdbdf25010000000008000100", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0800050001000000"], 0x34}, 0x1, 0x0, 0x0, 0x84}, 0x4000)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002008007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mm_page_alloc\x00', r4}, 0x10)
creat(&(0x7f0000000080)='./bus\x00', 0x0)

7.179415002s ago: executing program 2 (id=2606):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
pwrite64(r1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000580)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20)

6.874896568s ago: executing program 3 (id=2610):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000000000007111a800000000008510000002000000850000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70)

6.690050827s ago: executing program 3 (id=2613):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'veth1_to_bridge\x00'})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

6.217482066s ago: executing program 3 (id=2618):
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f00000004c0)='./bus\x00', 0xa00a14, &(0x7f0000000500)=ANY=[], 0x1, 0x322, &(0x7f0000000580)="$eJzs3M9LI2cYwPEnP4xJxEwOpaWF4kt7aXsYNO25EIpCaaCiplQLhVEnbcg0kUywpJRqT72W/ge97EE8ehN29x/wsrfdy1725mVhDyuL7CyZH5roJO6OZqPr9wMy78zzPOP7khieCc4c/vjvb7WKrVeMlsTTSmIiIkcieYlLIOZv4+44Jd225fOJZw8/Xlxe+a5YKs0uKDVXXPqyoJTKTd39/c+Mn7Y/Lgf5nw+fFp4cvH/w4eHLpV+rtqraqt5oKUOtNh63jFXLVOtVu6YrNW+Zhm2qat02m1684cUrVmNjo62M+vpkdqNp2rYy6m1VM9uq1VCtZlsZvxjVutJ1XU1mJUwq9OhtVd5ZWDCKEYvXrngyiOqF4zgDwk6saCREJHMuUt4Z6rwAAMC1dKb/T7gtfaT+X3Ju/99JPu3/dz+535r4YS/n9//7qbD+/6tH3rl6+v+0iFxp/58OWf35jujG23qT5Ev1/7geps5f08Z69prNopH1/35df/+0O+0O6P8BAAAAAAAAAAAAAAAAAAAAALgJjhxHcxxHC7b+zxenGd6xUc4Rw9Pn9dfG/Tumgv1RzxPDsbi8Imn3xr1kTsT6Z7O8Wfa2fjxInBZNjt33g68zDu48Uh15uWdt+fVbm+WEGylWpCqWmDIjmuTP1jvO3Lel2Rnl6a0fk2x3fUE0eS+8vhBan5LPPu2q10WTB2vSEEvWO+/rY+ek/q8Zpb75vnSmPuPmAQAAAADwLtDVidDrd13vF/fqT66ve78fEOm6Pp8OvT5Pah8lR7t2AAAAAABuC7v9R82wLLM5YJCRi3OiD5LRyscG5SS6VtgTku2+S075Twge3koHDIJ/pKilukJp+d8/HOXMwfqHM+e4RKmaEmfcm9VlfnvwtVG/HJkf9uuV7BP64L87z6OdOeY/tbc79PVe+oKVDm0w9lofHk7ikp8+AAAAAN6moOnP2O5ubNTzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNhrwGLDkVT1ObNRrBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAK6LVwEAAP//mxn/6g==")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x0)
ftruncate(r0, 0x0)
r1 = open(&(0x7f00000001c0)='./bus\x00', 0x0, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f00000001c0)='./bus\x00', 0x0, 0x19000, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6780820d1cbe78969e3fdcf335263bdbcef549ba197fce47ddfc2553abd9501ce721b6ae9b49600002a00", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00"})
fsync(r1)

5.548949323s ago: executing program 3 (id=2625):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)={0xb8, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x72, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @val={0x2a, 0x1}, @void, @val={0x2d, 0x1a}, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x5, 0x3, '\n'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb8}}, 0x0)

5.273239587s ago: executing program 2 (id=2629):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000850000001300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x10, 0x10, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

4.818949477s ago: executing program 3 (id=2631):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x7d, 0x0, 0x0)

3.876451366s ago: executing program 0 (id=2638):
r0 = epoll_create1(0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)={0xe000001a})
ppoll(&(0x7f0000000780)=[{r0}], 0x1, 0x0, 0x0, 0x0)

3.671631823s ago: executing program 2 (id=2639):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{r1}, &(0x7f00000005c0), &(0x7f0000000600)}, 0x20)

3.668978589s ago: executing program 5 (id=2640):
syz_emit_ethernet(0x84, &(0x7f0000000000)={@broadcast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x4e, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "000810", 0x0, 0x11, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @private2, [@dstopts={0x0, 0x0, '\x00', [@ra={0x5, 0x89}]}], "fb36eeca6fad50b375a22a584d16"}}}}}}}, 0x0)

3.606597689s ago: executing program 4 (id=2642):
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800"], 0x64}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x48, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_MARK_MASK={0x8}, @CTA_MARK={0x8}]}, 0x48}}, 0x0)

3.421740201s ago: executing program 2 (id=2643):
r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
dup3(r1, r0, 0x0)
r2 = syz_io_uring_setup(0x4e5b, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=<r3=>0x0)
syz_io_uring_setup(0x5e2, &(0x7f0000000280), &(0x7f0000000180)=<r4=>0x0, 0x0)
syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r2, 0xb15, 0x0, 0x0, 0x0, 0x0)

3.420817221s ago: executing program 5 (id=2644):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200010, &(0x7f0000000300)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@norecovery}, {@barrier_val={'barrier', 0x3d, 0x4c}}, {@lazytime}, {@init_itable_val={'init_itable', 0x3d, 0x5}}, {@usrquota}, {@errors_continue}]}, 0xfe, 0x55d, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTX/sp66DMdQHKezByVy6tv6Y4MN8FB0O9H2G9q6Mpsto0rHWgduDe9mLDEHEgfgH+O7j8B/wrxjoYMgo+uBL5aY3XbYmbZZlSzSfD9ztnPuj55yce07OyUm4AQytyeyfQsSrEfFNEnGo6dho5AcnN89bf3htLtuS2Nj47M8kknxf4/wk//9AHnklIn79OuJEYXu61dW1xVK5nC7n8ana0uWp6urayYtLpYV0Ib00Mzt7+p3Zmfffe7dnZX3z3N/ff3r3o9O3jq1/9/P9w7eTOBMH82PN5XgG15sjkzGZvyZjceaJE6d7kNggSfqdAboykrfzscj6gEMxkrd64P/vq4jYAIZUov3DkGqMAxpz+x7Ng/8zHny4OQHaXv7Rzc9GYm99brR/PXlsZpTNdyd6kH6Wxi9/3LmdbdG7zyEAdnX9RkScGh3d3v8lef/XvVMdnPNkGvo/eHHuZuOft1qNfwpb459oMf450KLtdmP39l+43+KypFefUmfjvw9ajn+3Fq0mRvLYS/Ux31hy4WI5zfq2lyPieIztyeI7reecXr+30e5Y8/gv27L0G2PBPB/3R/c8fs18qVZ6ljI3e3Aj4rWW499kq/6TFvWfvR7nOkzjaHrn9XbHdi//87XxU8QbLev/0YpWsvP65FT9fphq3BXb/XXz6G/t0u93+bP6379z+SeS5vXa6tOn8ePef9J2x7q9/8eTz+vh8Xzf1VKttjwdMZ58sn3/zKNrG/HG+Vn5jx/buf9rdf/vi4gvOiz/zSM32546CPU//1T1//SBex9/+UO79Dur/7froeP5nk76v04z+CyvHQAAAAAAAAyaQkQcjKRQ3AoXCsXi5vc7jsT+QrlSrZ24UFm5NB/138pOxFihsdJ9qOn7ENP592Eb8Zkn4rMRcTgivh3ZV48X5yrl+X4XHgAAAAAAAAAAAAAAAAAAAAbEgTa//8/8PtLykvEXm0PgufLIbxheu7b/XjzpCRhI3v9heHXV/vf1Ph/Ai+f9H4bUWL8zAPST938YXto/DC/tH4aX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9de7s2WzbWH94bS6Lz19ZXVmsXDk5n1YXi0src8W5yvLl4kKlslBOi3OVpd3+XrlSuTw9EytXp2pptTZVXV07v1RZuVQ7f3GptJCeTz1tCAAAAAAAAAAAAAAAAAAAALarrq4tlsrldFlAoKvA6GBkQ6ApcKsHrbvPHRMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANPk3AAD//0unNek=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1000f4)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
preadv2(r1, &(0x7f0000000400)=[{&(0x7f0000001140)=""/4096, 0x2007ffb}], 0x1, 0x0, 0x0, 0x0)

3.322943125s ago: executing program 4 (id=2646):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000004c0)={[{@quota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0xfe, 0x558, &(0x7f0000000980)="$eJzs3d9rW1UcAPDvTdP96nQdjKE+SGGgk7l0bf0xwYf5KDoc6PsM7V0ZTZfRpGOtA7cH9+KLDEHEgfjkk+8+Dv8B/4qBDoaMog++VG5602Zr0mZdtmbm84HbnnPPTc89Ofd7em5OQgIYWGPZj0LEyxHxTRJxqKWsGHnh2NpxKw+uTWdbEqurn/6VRJLvax6f5L9H8sxLEfHbVxEnCpvrrS0tz5UrlXQhz4/X5y+P15aWT16cL8+ms+mlyamp029PTb737js9a+sb5/75/pM7H57++tjKd7/cO3wriTNxMC9rbccTuN6aGYux/DkZjjOPHDjRg8r6SbLbJ8CODOVxPhzZGHAohvKoB/7/voyIVWBAJeIfBlRzHtC8t+/RffBz4/4HazdAG+3/OS8prr02Evsa90YHVpKH7oyy+93RHtSf1fHrn7dvZVv07nUIgG1dvxERp4rFzeN/ko9/O3eqi2MercP4B8/OnWz+82a7+V9hff4TbeY/I21idye2j//CvR5U01E2/3u/7fx3fdFqdCjPvdCY8w0nFy5W0mxsezEijsfw3iy/1XrO6ZW7q53KWud/2ZbV35wL5udxr7j34cfMlOvlJ2lzq/s3Il4ptmt/st7/SZv+z56Pc13WcTS9/Wqnsu3b/3St/hTxetv+31jRSrZenxxvXA/jzatis79vHv29U/273f6s/w9s3f7RpHW9tvb4dfy479+0U9lOr/89yWeN9J5839Vyvb4wEbEn+Xjz/smNxzbzzeOz9h8/tvX41+763x8Rn3fZ/ptHbnY8tB/6f+ax+v/xE3c/+uKHTvV31/9vNVLH8z3djH/dnuCTPHcAAAAAAADQbwoRcTCSQmk9XSiUSmvv7zgSBwqVaq1+4kJ18dJMND4rOxrDheZK90jL+yEm8vfDNvOTj+SnIuJwRHw7tL+RL01XKzO73XgAAAAAAAAAAAAAAAAAAADoEyMdPv+f+WNot88OeOp85TcMrm3jvxff9AT0Jf//YXCJfxhc4h8Gl/iHwSX+YXCJfxhc4h8Gl/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2ra48uDad5WeuLC3OVa+cnElrc6X5xenSdHXhcmm2Wp2tpKXp6vx2f69SrV6emIzFq+P1tFYfry0tn5+vLl6qn784X55Nz6fDz6RVAAAAAAAAAAAAAAAAAAAA8HypLS3PlSuVdEHiuUi8FhF9cBotiWJ/nIZEjxO7PTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb/AgAA//84SzbQ")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000300)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
statx(r0, 0x0, 0x1000, 0x0, 0x0)

3.107387082s ago: executing program 2 (id=2647):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f00000000c0)='./file0\x00', 0x1000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

2.755397674s ago: executing program 0 (id=2649):
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000180))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
write$FUSE_WRITE(r1, &(0x7f0000000100)={0xfffffeec}, 0xffffffd1)
write$P9_RCREATE(r1, &(0x7f0000000000)={0x18}, 0x18)
close(r1)
prlimit64(0x0, 0x1, &(0x7f00000000c0), 0x0)
memfd_create(&(0x7f00000004c0)='\x00\xac=\x9d\xd2\xdb\x1a\'\xf8\n\xedcJ\x8e\x84\xd4N\x00\x9b\x1f\t\xbd\x11\x86T\x16\xa3\xb3\xae0\x9f9?\xefo\xa4k\x012>\xa1\x9c\x86x\x1c\x9f\x84\x195\xde\x97_\t~\xf3Y\x12\"p^\x00\x02\xb4\xfdHA\xce\x9a\xde\xe4\xb6\xbcK#^\x00}2\xc6:|R\x04\xc2\xb8I\xa3\xb9\xe2\xa2\xebw\xdeI\x0f7i$\xf1\xd4\x9b\xc7\xb2\xbeD`\x8f\xc3\x96\xbc#4\x17\xf5\xb3\xc9\xb2\x94\xa8_f!\xdf\x90}\xba\xa3\x01\xe2\xcf\xb7\"S\a\x04ry\x00#4\x87m\xf7\xe3\xf5\xa7\xda\xb9\xcbU\xbe\x06]\xa9\xb6R~\xc9l}\xb7I\xfeH\xb3\x15\x8c\x06d\xf8c\xc0{\v\xd2\x9d\x8e\\\xae>\xf6quc9\xe0\xbf\xdd\xdc\x99\xf4\\\xd0\x96:\xfb\x8c\x12o\xcc-\x13\x14\xbev\xae\x80Zp\x95c]\x98\x8c\x01\x8fo\xafjN\xcb\x98\xdf\xd3[V\xbd[\xb9\x10v\xee\xdc\xc8G\xd0\xdc9\xccO\xf74\x84o\x99\xe9\x14\x00\x00dU\x00\x00\x00\b\xfb\xb5Z\xb0-\xc8\xdb\x88f\xf4W\xeb\x06\xc2\xd1\xb6\xd1%\xca\x8f\x013|\x8ez\x1eo\x18\xb6#@P&[\xad\xda\nmU\x823\\&P\xdc\xbcS\x80\xc1dJ!LH\xaa\a\x82\xf3\xde\x96\x85\xc5\xdd\xa8\x92\xc7\xcb\x91\xf2[Y\x06\x8a\x9fN\x10\xb9\xf4\xecq\xce\xd2\x17\x88\xae\xcc7r\xd7\xeaz\xcevR\xcau\r\xf1\t\xc2$k\xdf\x8f\xe2\xbe\xfe\x14AN\xf8\xc6\xa8`Fs[6k\x00\x00+\xa5\xdcxUY3<v\xf1\r\xaei\xa0Xam\vN\x7fR\x96*^\xd3\x01VbON\xc3P\xe7\x16\xcc\xca\xd6\xe5\xe8\r\x9b\x8d.\xdd\x1a\xaa\xa6*\xed\xcch\x7f\xfb\x17\xdcMmX\xea\xcf\xc40\x19\b\xe1\xb1\xf4\x7f\xca\xbeg\xb1bEm[\x04\tX8\x15#\x94\xa6M?\xe0\x871\x80\xc5~_\x12J\xeb \x00R\xa7=/\xfd:\xaf\xc3\x18\x10\f\xa1\x1a\xa7Yt\x151\xc7T', 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x989680}}, 0x0)

2.600211633s ago: executing program 4 (id=2650):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x1d, &(0x7f0000000100), 0x4)

2.547482117s ago: executing program 5 (id=2652):
r0 = syz_io_uring_setup(0x7540, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000200)=<r1=>0x0)
r2 = syz_io_uring_setup(0x34ee, &(0x7f0000000300), &(0x7f00000003c0)=<r3=>0x0, &(0x7f0000001480))
syz_io_uring_submit(r3, r1, &(0x7f00000001c0)=@IORING_OP_MSG_RING={0x28, 0x0, 0x0, r2, 0x0, 0x0})
io_uring_enter(r0, 0x2003, 0x0, 0x0, 0x0, 0x0)

2.223336403s ago: executing program 1 (id=2653):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000900)={{r0}, &(0x7f0000000880), &(0x7f00000008c0)='%pS    \x00'}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xff08, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.067067777s ago: executing program 4 (id=2654):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000640)={{}, &(0x7f00000005c0), &(0x7f0000000600)}, 0x20)

1.989410348s ago: executing program 2 (id=2655):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000280)=""/239, 0xef)
syz_usb_disconnect(r0)

1.949849553s ago: executing program 5 (id=2656):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.895514252s ago: executing program 1 (id=2657):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000006100)={&(0x7f0000000a40)=ANY=[], 0x0, 0x2e, 0x0, 0xa}, 0x20)

1.681273715s ago: executing program 4 (id=2658):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)={0xb8, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x72, 0xe, {{{}, {}, @device_b, @device_b}, 0x0, @default, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @val, @val={0x3, 0x1}, @void, @void, @val={0x5, 0x3}, @void, @val={0x2a, 0x1}, @void, @val={0x2d, 0x1a}, @val={0x72, 0x6}, @val={0x71, 0x7}, @val={0x76, 0x6}}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x5, 0x3, '\n'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb8}}, 0x0)

1.659406634s ago: executing program 1 (id=2659):
bind$unix(0xffffffffffffffff, 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000580)=[{&(0x7f0000000000)="b886b4e47f", 0x5}], 0x1)
syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"], 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r0 = socket(0x2, 0x1, 0x0)
connect$unix(r0, &(0x7f0000000000), 0x10)
connect$unix(r0, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0xa)

1.605512026s ago: executing program 5 (id=2660):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xd, &(0x7f0000000700)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

1.491489092s ago: executing program 0 (id=2661):
r0 = socket$inet(0x2, 0x2, 0x0)
r1 = socket(0x2, 0x4001, 0x0)
r2 = dup(r1)
r3 = fcntl$dupfd(r2, 0x0, r0)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r4, 0x0, 0x200000000000c, &(0x7f0000000240)="ea00000100000000", 0xc)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
close(r3)
r5 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_opts(r5, 0x0, 0xc, &(0x7f0000000240)="ea00000100000000", 0xc)
dup2(r2, r3)

1.42960192s ago: executing program 1 (id=2662):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480))
socket$packet(0x11, 0x3, 0x300)
syz_open_procfs(0x0, &(0x7f0000000000)='maps\x00')
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
mount$9p_fd(0x0, &(0x7f0000000540)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r0, @ANYBLOB=',wfdno=', @ANYRESDEC=r1])

1.397307484s ago: executing program 5 (id=2663):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x81044804, &(0x7f0000000400)={0x1})
syz_usb_control_io(r0, &(0x7f00000002c0)={0x18, 0x0, &(0x7f0000000440)={0x0, 0x3, 0x4, @string={0x4, 0x3, "5597"}}, 0x0, 0x0, 0x0}, 0x0)

1.189129239s ago: executing program 0 (id=2664):
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002c40)=ANY=[], 0x10}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
sendmmsg(r0, &(0x7f0000001440), 0x10, 0x0)

1.143018207s ago: executing program 1 (id=2665):
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x851800, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, "ef359f413bb90152f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea00", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b73267090000000000000000ba000000400000000000f0ff74202ef86dfdcc00"})

1.018093893s ago: executing program 1 (id=2666):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_emit_ethernet(0x46, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60a4b4770010210000000000000000000000000000000000ff020000000000000000000000000001000000000401907804"], 0x0)
r1 = socket(0x15, 0x5, 0x0)
socket(0xb, 0xf, 0x0)
ioctl$sock_rose_SIOCADDRT(r1, 0x890b, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000034000020030a01010000000000000000010000000c00048008000140000000000900010073797a300000000008008c400000003b98e46ec85a41c2aa001400000010000100000000"], 0x7c}}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="24920c00", @ANYRES16=r0, @ANYRES64=r4, @ANYRES32=r4, @ANYBLOB="0800050002000000"], 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="58000000000000000000ab2e00000008000300", @ANYRES32=r5, @ANYBLOB="0a00340002020202020200000a0006000802110000000000080026006c090000"], 0x3c}}, 0x0)
r6 = socket$can_j1939(0x1d, 0x2, 0x7)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000600)=ANY=[@ANYBLOB="0800000008021100000108021100000050505050505000001f28d9edc2a157823273f75cba0366b4fe3f9566dee3e8d6c62e93a4fbbd016717c8ad3c85916fcea6ea208bf91f9f54e8c4f581d9b99bebc41c32d7361e8f82c34c08782b2414c429b1ae9a588467dd402d05544ffac55589f80ed4c1f867cf80c3b6563d6a4123f35aa5eb1455672f26565b5ff3c851e3a5b1712c84a4ad261df6af63de63e71633e6574a9e98eccc62198ffcedc12fe7e9cddec8d2cce6f00f72cc41bc0b9e0ca21290dc17e25c63e91a8af4c010872cd58b1f4bf8712173a74a687540a53c6266695a3f52fc547a5fad1cdf1187b61c4558eaacd1e72c1d"], 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000080)={0x1d, r7}, 0x18)
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r9, 0x8914, &(0x7f0000000280)={'vxcan1\x00', 0x2})
bind$can_j1939(r8, &(0x7f0000000100)={0x1d, r7, 0xfffffffffffffffd, {0x2, 0xf0, 0x2}, 0x2}, 0x18)
connect$can_j1939(r8, &(0x7f0000000140)={0x1d, r7, 0x1, {0x0, 0x1}}, 0x18)
sendmsg$can_j1939(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)='data', 0x4}}, 0x0)

943.460887ms ago: executing program 0 (id=2667):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xb}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x0, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)

75.004385ms ago: executing program 4 (id=2668):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000680)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0fff00f004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c0001400c080c00000000009bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)

0s ago: executing program 0 (id=2669):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc0c0583b, &(0x7f0000000000))
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r2, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=';', 0xfffffdef}], 0x1}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000400)="bb", 0x1}], 0x1}}], 0x2, 0x16da)

kernel console output (not intermixed with test programs):

1.140041][T12464] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  861.154310][   T54] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  861.162433][   T54] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  861.163233][T12295] bridge_slave_1: entered promiscuous mode
[  861.243312][T11107] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  861.296261][T12464] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2786: inode #2: comm syz.3.1817: corrupted in-inode xattr: bad e_name length
[  861.437599][T12464] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2856: Unable to expand inode 2. Delete some EAs or run e2fsck.
[  861.504182][T12470] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #2: comm syz.3.1817: corrupted in-inode xattr: bad e_name length
[  861.733727][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  861.842497][T12295] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  862.186744][ T2911] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.333008][T12245] team0: Port device team_slave_0 added
[  862.365775][T12295] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  862.574973][T12245] team0: Port device team_slave_1 added
[  862.666276][ T2911] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.789398][ T2911] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  862.835311][T12494] sit0: entered allmulticast mode
[  862.975259][T12495] sit0: entered promiscuous mode
[  863.261267][T11101] Bluetooth: hci3: command tx timeout
[  863.303115][ T2911] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  863.417384][T12245] batman_adv: batadv0: Adding interface: batadv_slave_0
[  863.440702][T12245] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  863.494333][T12499] loop3: detected capacity change from 0 to 1024
[  863.510329][T12245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  863.542285][T12499] EXT4-fs: Ignoring removed nomblk_io_submit option
[  863.655006][T12295] team0: Port device team_slave_0 added
[  863.671792][T12499] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  863.702271][T12295] team0: Port device team_slave_1 added
[  863.762240][T12245] batman_adv: batadv0: Adding interface: batadv_slave_1
[  863.769219][T12245] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  863.797851][T12245] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  863.822753][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  863.914745][T12497] loop0: detected capacity change from 0 to 32768
[  864.287661][T12497] bcachefs (loop0): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,promote_target=invalid device 127,journal_flush_delay=1311720,journal_reclaim_delay=1000,nocow
[  864.405965][T12497] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  864.477873][T12245] hsr_slave_0: entered promiscuous mode
[  864.496767][T12497] bcachefs (loop0): alloc_read... done
[  864.533121][T12497] bcachefs (loop0): stripes_read... done
[  864.538899][T12497] bcachefs (loop0): snapshots_read... done
[  864.554020][T12245] hsr_slave_1: entered promiscuous mode
[  864.576988][T12497] bcachefs (loop0): journal_replay... done
[  864.583993][T12245] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  864.603104][T12245] Cannot create hsr debugfs directory
[  864.611711][T12497] bcachefs (loop0): resume_logged_ops... done
[  864.617926][T12497] bcachefs (loop0): going read-write
[  864.629829][T12295] batman_adv: batadv0: Adding interface: batadv_slave_0
[  864.640321][T12295] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.685387][T12497] bcachefs (loop0): done starting filesystem
[  864.720503][T12295] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  864.786402][T12295] batman_adv: batadv0: Adding interface: batadv_slave_1
[  864.810350][T12295] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.910489][T12295] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  865.010001][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  865.028617][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  865.040573][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  865.072558][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  865.091129][   T54] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  865.102498][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  865.324862][T11101] bcachefs (loop0): Unable to allocate journal write: EROFS
[  865.324949][T11101] flags:replay_done,running,may_skip_flush
[  865.324965][T11101] dirty journal entries:     1/32768
[  865.324980][T11101] seq:                       11
[  865.324995][T11101] seq_ondisk:                10
[  865.325009][T11101] last_seq:                  11
[  865.325023][T11101] last_seq_ondisk:           11
[  865.325038][T11101] flushed_seq_ondisk:        10
[  865.325051][T11101] watermark:                 stripe
[  865.325066][T11101] each entry reserved:       361
[  865.325081][T11101] nr flush writes:           1
[  865.325095][T11101] nr noflush writes:         0
[  865.325109][T11101] average write size:        4.56 KiB
[  865.325124][T11101] nr direct reclaim:         0
[  865.325138][T11101] nr background reclaim:     0
[  865.325152][T11101] reclaim kicked:            0
[  865.325166][T11101] reclaim runs in:           130 ms
[  865.325181][T11101] blocked:                   0
[  865.325195][T11101] current entry sectors:     0
[  865.325209][T11101] current entry error:       insufficient_devices
[  865.325224][T11101] current entry:             closed
[  865.325239][T11101] unwritten entries:
[  865.325252][T11101] seq:                       11
[  865.325267][T11101]   refcount:                0
[  865.325281][T11101]   size:                    4.56 KiB
[  865.325295][T11101]   expires:                 131136 jiffies
[  865.325311][T11101]   flags:                   must_flush write_started 
[  865.325327][T11101] last buf closed
[  865.325340][T11101] space:
[  865.325352][T11101]   discarded                256:1792
[  865.325367][T11101]   clean ondisk             256:1792
[  865.325382][T11101]   clean                    256:1792
[  865.325397][T11101]   total                    256:2048
[  865.325411][T11101] 
[  865.348309][   T54] Bluetooth: hci3: command tx timeout
[  865.356124][T11101] bcachefs (loop0): fatal error - emergency read only
[  865.450791][T12497] syz.0.1824 (12497) used greatest stack depth: 14488 bytes left
[  865.460500][T11101] bcachefs (loop0): unable to write journal to sufficient devices
[  865.542759][T12295] hsr_slave_0: entered promiscuous mode
[  865.580728][T12295] hsr_slave_1: entered promiscuous mode
[  865.600347][T12295] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  865.607964][T12295] Cannot create hsr debugfs directory
[  865.803502][ T2911] bridge_slave_1: left allmulticast mode
[  865.809196][ T2911] bridge_slave_1: left promiscuous mode
[  865.839403][ T2911] bridge0: port 2(bridge_slave_1) entered disabled state
[  865.874883][ T2911] bridge_slave_0: left allmulticast mode
[  865.903228][ T2911] bridge_slave_0: left promiscuous mode
[  865.909078][ T2911] bridge0: port 1(bridge_slave_0) entered disabled state
[  866.645895][ T2911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  866.681719][ T2911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  866.696897][ T2911] bond0 (unregistering): Released all slaves
[  867.182863][T11101] Bluetooth: hci1: command tx timeout
[  867.430786][T11101] Bluetooth: hci3: command tx timeout
[  867.550111][T12571] loop3: detected capacity change from 0 to 64
[  867.683716][T12465] chnl_net:caif_netlink_parms(): no params data found
[  867.918506][ T2911] hsr_slave_0: left promiscuous mode
[  867.926998][ T2911] hsr_slave_1: left promiscuous mode
[  867.934219][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  867.942111][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_0
[  867.954811][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  867.963538][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_1
[  867.994914][ T2911] veth1_macvtap: left promiscuous mode
[  868.001144][ T2911] veth0_macvtap: left promiscuous mode
[  868.007102][ T2911] veth1_vlan: left promiscuous mode
[  868.013766][ T2911] veth0_vlan: left promiscuous mode
[  868.755045][ T2911] team0 (unregistering): Port device team_slave_1 removed
[  868.833101][ T2911] team0 (unregistering): Port device team_slave_0 removed
[  869.270521][T11101] Bluetooth: hci1: command tx timeout
[  869.501951][T11101] Bluetooth: hci3: command tx timeout
[  869.671413][ T1242] ieee802154 phy0 wpan0: encryption failed: -22
[  869.677755][ T1242] ieee802154 phy1 wpan1: encryption failed: -22
[  869.918016][T12465] bridge0: port 1(bridge_slave_0) entered blocking state
[  869.930401][T12465] bridge0: port 1(bridge_slave_0) entered disabled state
[  869.940717][T12465] bridge_slave_0: entered allmulticast mode
[  869.948063][T12465] bridge_slave_0: entered promiscuous mode
[  869.963522][T12465] bridge0: port 2(bridge_slave_1) entered blocking state
[  869.980687][T12465] bridge0: port 2(bridge_slave_1) entered disabled state
[  869.988604][T12465] bridge_slave_1: entered allmulticast mode
[  869.996464][T12465] bridge_slave_1: entered promiscuous mode
[  870.118900][T12533] chnl_net:caif_netlink_parms(): no params data found
[  870.213225][T12465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  870.242977][T12465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  870.444315][T12587] loop3: detected capacity change from 0 to 1024
[  870.469973][T12587] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  870.499289][T12465] team0: Port device team_slave_0 added
[  870.511463][T12587] JBD2: no valid journal superblock found
[  870.519468][T12587] EXT4-fs (loop3): Could not load journal inode
[  870.575276][T12587] loop3: detected capacity change from 0 to 256
[  870.593969][T12465] team0: Port device team_slave_1 added
[  870.597997][T12587] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d)
[  870.626757][T12587] exFAT-fs (loop3): error, invalid access to FAT bad cluster (entry 0x00000005)
[  870.636005][T12587] exFAT-fs (loop3): failed to initialize root inode
[  870.901189][ T2911] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  870.921598][T12465] batman_adv: batadv0: Adding interface: batadv_slave_0
[  870.928619][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  870.960490][T12465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  870.983228][T12465] batman_adv: batadv0: Adding interface: batadv_slave_1
[  871.000323][T12465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  871.051274][T12465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  871.068532][T12533] bridge0: port 1(bridge_slave_0) entered blocking state
[  871.076054][T12533] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.083477][T12533] bridge_slave_0: entered allmulticast mode
[  871.091005][T12533] bridge_slave_0: entered promiscuous mode
[  871.100826][T12533] bridge0: port 2(bridge_slave_1) entered blocking state
[  871.107977][T12533] bridge0: port 2(bridge_slave_1) entered disabled state
[  871.115299][T12533] bridge_slave_1: entered allmulticast mode
[  871.123107][T12533] bridge_slave_1: entered promiscuous mode
[  871.149932][ T2911] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.268033][ T2911] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.340611][T11101] Bluetooth: hci1: command tx timeout
[  871.346919][T12533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  871.392902][ T2911] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.415777][T12465] hsr_slave_0: entered promiscuous mode
[  871.424347][T12465] hsr_slave_1: entered promiscuous mode
[  871.431610][T12465] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  871.439190][T12465] Cannot create hsr debugfs directory
[  871.468423][T12533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  871.604725][T12533] team0: Port device team_slave_0 added
[  871.626212][T12533] team0: Port device team_slave_1 added
[  871.633299][T12245] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  871.695173][T12245] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  871.715512][T12245] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  871.801362][T12245] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  871.823031][T12533] batman_adv: batadv0: Adding interface: batadv_slave_0
[  871.830063][T12533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  871.872381][T12533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  871.896791][T12533] batman_adv: batadv0: Adding interface: batadv_slave_1
[  871.913856][T12533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  871.950308][T12533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  872.982654][T12295] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  873.004626][T12295] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  873.031214][T12295] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  873.209713][T12533] hsr_slave_0: entered promiscuous mode
[  873.217939][T12533] hsr_slave_1: entered promiscuous mode
[  873.230071][T12533] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  873.239303][T12533] Cannot create hsr debugfs directory
[  873.319025][ T2911] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  873.365665][T12295] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  873.422657][T11101] Bluetooth: hci1: command tx timeout
[  873.593386][ T2911] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  873.626431][   T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  873.636307][   T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  873.646177][   T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  873.696396][   T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  873.706927][   T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  873.715350][   T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  873.804101][ T2911] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  873.992067][ T2911] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  874.198204][T12245] 8021q: adding VLAN 0 to HW filter on device bond0
[  874.370393][T12245] 8021q: adding VLAN 0 to HW filter on device team0
[  874.482182][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  874.489454][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  874.571178][ T5174] bridge0: port 2(bridge_slave_1) entered blocking state
[  874.578377][ T5174] bridge0: port 2(bridge_slave_1) entered forwarding state
[  874.898977][ T2911] bridge_slave_1: left allmulticast mode
[  874.917980][ T2911] bridge_slave_1: left promiscuous mode
[  874.940597][ T2911] bridge0: port 2(bridge_slave_1) entered disabled state
[  874.967031][ T2911] bridge_slave_0: left allmulticast mode
[  874.978612][ T2911] bridge_slave_0: left promiscuous mode
[  874.987067][ T2911] bridge0: port 1(bridge_slave_0) entered disabled state
[  875.057566][ T2911] bridge_slave_1: left allmulticast mode
[  875.077484][ T2911] bridge_slave_1: left promiscuous mode
[  875.092091][ T2911] bridge0: port 2(bridge_slave_1) entered disabled state
[  875.129766][ T2911] bridge_slave_0: left allmulticast mode
[  875.157777][ T2911] bridge_slave_0: left promiscuous mode
[  875.182249][ T2911] bridge0: port 1(bridge_slave_0) entered disabled state
[  875.832544][   T54] Bluetooth: hci6: command tx timeout
[  877.439840][T12695] loop3: detected capacity change from 0 to 128
[  877.503778][ T2911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  877.531356][ T2911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  877.547744][ T2911] bond0 (unregistering): Released all slaves
[  877.919933][ T2911] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  877.945293][ T2911] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  877.960360][   T54] Bluetooth: hci6: command tx timeout
[  877.981310][ T2911] bond0 (unregistering): Released all slaves
[  878.898559][T12245] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  879.016682][T12704] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1868'.
[  879.202598][T12707] team1: Mode changed to "loadbalance"
[  879.234474][T12617] chnl_net:caif_netlink_parms(): no params data found
[  879.385113][T12295] 8021q: adding VLAN 0 to HW filter on device bond0
[  879.858963][T12295] 8021q: adding VLAN 0 to HW filter on device team0
[  879.981268][   T54] Bluetooth: hci6: command tx timeout
[  880.046939][T12245] 8021q: adding VLAN 0 to HW filter on device batadv0
[  880.240461][T12465] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  880.262252][T12465] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  880.297395][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  880.304754][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  880.342611][T12465] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  880.471333][ T2911] hsr_slave_0: left promiscuous mode
[  880.515572][ T2911] hsr_slave_1: left promiscuous mode
[  880.540670][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  880.548193][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_0
[  880.601654][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  880.609136][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_1
[  880.659446][ T2911] hsr_slave_0: left promiscuous mode
[  880.694295][ T2911] hsr_slave_1: left promiscuous mode
[  880.724813][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  880.752462][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_0
[  880.761205][ T2911] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  880.768662][ T2911] batman_adv: batadv0: Removing interface: batadv_slave_1
[  881.352436][ T2911] veth1_macvtap: left promiscuous mode
[  881.368345][ T2911] veth0_macvtap: left promiscuous mode
[  881.398191][ T2911] veth1_vlan: left promiscuous mode
[  881.410696][ T2911] veth0_vlan: left promiscuous mode
[  881.450338][ T2911] veth1_macvtap: left promiscuous mode
[  881.455920][ T2911] veth0_macvtap: left promiscuous mode
[  881.471033][ T2911] veth1_vlan: left promiscuous mode
[  881.478169][ T2911] veth0_vlan: left promiscuous mode
[  881.920323][  T780] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  882.062710][   T54] Bluetooth: hci6: command tx timeout
[  882.127574][  T780] usb 4-1: Using ep0 maxpacket: 32
[  882.163686][  T780] usb 4-1: New USB device found, idVendor=0ace, idProduct=2011, bcdDevice= 1.01
[  882.172981][  T780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  882.193450][  T780] usb 4-1: Product: syz
[  882.197847][  T780] usb 4-1: Manufacturer: syz
[  882.204801][  T780] usb 4-1: SerialNumber: syz
[  882.231109][  T780] usb 4-1: config 0 descriptor??
[  882.243671][  T780] usb-storage 4-1:0.0: USB Mass Storage device detected
[  882.291072][  T780] usb-storage 4-1:0.0: device ignored
[  882.429242][ T2911] team0 (unregistering): Port device team_slave_1 removed
[  882.459960][  T780] usb 4-1: USB disconnect, device number 29
[  882.516201][ T2911] team0 (unregistering): Port device team_slave_0 removed
[  883.697913][T12775] syz.3.1882[12775] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  883.698111][T12775] syz.3.1882[12775] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  884.655636][ T2911] team0 (unregistering): Port device team_slave_1 removed
[  884.769597][ T2911] team0 (unregistering): Port device team_slave_0 removed
[  885.414770][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state
[  885.422014][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state
[  885.437826][T12465] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  885.466290][T12617] bridge0: port 1(bridge_slave_0) entered blocking state
[  885.476033][T12617] bridge0: port 1(bridge_slave_0) entered disabled state
[  885.483752][T12617] bridge_slave_0: entered allmulticast mode
[  885.493116][T12617] bridge_slave_0: entered promiscuous mode
[  885.511248][T12779] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1883'.
[  885.560787][T12617] bridge0: port 2(bridge_slave_1) entered blocking state
[  885.567988][T12617] bridge0: port 2(bridge_slave_1) entered disabled state
[  885.601355][T12617] bridge_slave_1: entered allmulticast mode
[  885.609125][T12617] bridge_slave_1: entered promiscuous mode
[  885.887541][T12617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  885.965728][T12617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  886.130026][T12788] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1887'.
[  886.164954][T12788] netlink: 1528 bytes leftover after parsing attributes in process `syz.3.1887'.
[  886.217081][T12617] team0: Port device team_slave_0 added
[  886.327779][T12245] veth0_vlan: entered promiscuous mode
[  886.369223][T12617] team0: Port device team_slave_1 added
[  886.545650][T12245] veth1_vlan: entered promiscuous mode
[  886.733623][T12617] batman_adv: batadv0: Adding interface: batadv_slave_0
[  886.760329][T12617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  886.823293][T12617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  886.941731][T12796] 9pnet_fd: Insufficient options for proto=fd
[  887.375833][T12617] batman_adv: batadv0: Adding interface: batadv_slave_1
[  887.396777][T12617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  887.429252][T12617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  887.493758][T12465] 8021q: adding VLAN 0 to HW filter on device bond0
[  887.637882][T12465] 8021q: adding VLAN 0 to HW filter on device team0
[  887.655349][T12804] loop3: detected capacity change from 0 to 512
[  887.685861][T12804] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #15: comm syz.3.1891: corrupted in-inode xattr: invalid ea_ino
[  887.689307][T12245] veth0_macvtap: entered promiscuous mode
[  887.709660][T12804] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.1891: couldn't read orphan inode 15 (err -117)
[  887.730880][T12804] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  887.754604][T12295] 8021q: adding VLAN 0 to HW filter on device batadv0
[  887.837572][T12617] hsr_slave_0: entered promiscuous mode
[  887.876007][T12617] hsr_slave_1: entered promiscuous mode
[  887.917222][T12245] veth1_macvtap: entered promiscuous mode
[  887.929585][T12533] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  887.999266][ T5162] bridge0: port 1(bridge_slave_0) entered blocking state
[  888.006524][ T5162] bridge0: port 1(bridge_slave_0) entered forwarding state
[  888.016593][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  888.044965][ T5162] bridge0: port 2(bridge_slave_1) entered blocking state
[  888.052220][ T5162] bridge0: port 2(bridge_slave_1) entered forwarding state
[  888.063305][T12533] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  888.098308][T12533] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  888.213537][T12533] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  888.338204][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  888.376142][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  888.392977][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  888.412193][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  888.442718][T12245] batman_adv: batadv0: Interface activated: batadv_slave_0
[  888.633948][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  888.659636][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  888.674309][T12245] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  888.687129][T12245] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  888.703227][T12245] batman_adv: batadv0: Interface activated: batadv_slave_1
[  888.797866][T12617] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  888.837835][T12245] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  888.849102][T12245] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  888.866689][T12245] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  888.883552][T12245] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  889.017014][T12617] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  889.055695][T12295] veth0_vlan: entered promiscuous mode
[  889.123974][T12827] loop3: detected capacity change from 0 to 2048
[  889.133620][T12617] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  889.176756][T12295] veth1_vlan: entered promiscuous mode
[  889.224048][T12827] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  889.286859][T12617] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  889.396165][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  889.573519][T12295] veth0_macvtap: entered promiscuous mode
[  889.675438][T12295] veth1_macvtap: entered promiscuous mode
[  889.810023][T12533] 8021q: adding VLAN 0 to HW filter on device bond0
[  889.811757][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  889.827666][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  889.875970][T12295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  889.888499][T12295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.899111][T12295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  889.916682][T12295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.926699][T12295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  889.945138][T12295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.959778][T12295] batman_adv: batadv0: Interface activated: batadv_slave_0
[  889.975928][T12295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  889.987704][T12295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  889.998196][T12295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  890.011163][T12295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  890.024519][T12295] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  890.035314][T12295] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  890.047962][T12295] batman_adv: batadv0: Interface activated: batadv_slave_1
[  890.074997][T12617] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  890.115780][T12295] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  890.124926][T12295] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  890.134565][T12295] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  890.144237][T12295] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  890.175738][T12301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  890.180340][T12617] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  890.184433][T12301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  890.205511][T12617] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  890.222712][T12617] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  890.367141][T12533] 8021q: adding VLAN 0 to HW filter on device team0
[  890.395858][T12465] 8021q: adding VLAN 0 to HW filter on device batadv0
[  890.509947][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  890.517244][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  890.613107][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  890.620387][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  890.725583][T12848] loop3: detected capacity change from 0 to 512
[  890.761477][T12848] EXT4-fs: Ignoring removed mblk_io_submit option
[  890.767976][T12848] EXT4-fs: Ignoring removed i_version option
[  890.839761][T12848] EXT4-fs error (device loop3): __ext4_iget:4906: inode #11: block 1: comm syz.3.1902: invalid block
[  890.904831][T12848] EXT4-fs (loop3): Remounting filesystem read-only
[  890.984112][T12848] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  891.132820][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  891.181664][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  892.392176][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  892.931884][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  892.951056][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  893.357141][T12533] 8021q: adding VLAN 0 to HW filter on device batadv0
[  893.460604][T12617] 8021q: adding VLAN 0 to HW filter on device bond0
[  893.632821][    T8] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  893.661437][T12617] 8021q: adding VLAN 0 to HW filter on device team0
[  893.770172][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  893.777514][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  893.823566][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  893.830838][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  893.851155][    T8] usb 4-1: too many configurations: 65, using maximum allowed: 8
[  893.907919][T12880] pim6reg1: entered promiscuous mode
[  893.928360][T12880] pim6reg1: entered allmulticast mode
[  893.935547][    T8] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  893.945742][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  894.047675][T12465] veth0_vlan: entered promiscuous mode
[  894.188021][T12465] veth1_vlan: entered promiscuous mode
[  894.409078][    T8] usb 4-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  894.441098][    T8] usb 4-1: No valid video chain found.
[  894.491286][T12465] veth0_macvtap: entered promiscuous mode
[  894.556017][T12465] veth1_macvtap: entered promiscuous mode
[  894.607925][T12533] veth0_vlan: entered promiscuous mode
[  894.618391][    T8] usb 4-1: USB disconnect, device number 30
[  894.759681][T12533] veth1_vlan: entered promiscuous mode
[  894.792323][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  894.815358][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  894.838592][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  894.850978][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  894.861329][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  894.871937][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  894.882162][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  894.892920][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  894.905409][T12465] batman_adv: batadv0: Interface activated: batadv_slave_0
[  894.977160][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  894.997536][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  895.009468][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  895.023292][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  895.036098][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  895.059301][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  895.090384][T12465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  895.101409][T12465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  895.113834][T12465] batman_adv: batadv0: Interface activated: batadv_slave_1
[  895.126981][T12465] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  895.177540][T12465] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  895.220377][T12465] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  895.278999][T12465] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  895.344461][T12905] syz.3.1916[12905] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  895.346940][T12905] syz.3.1916[12905] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  895.359987][T12617] 8021q: adding VLAN 0 to HW filter on device batadv0
[  896.129011][T12908] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1913'.
[  896.154134][T12909] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1913'.
[  896.468914][T12920] loop1: detected capacity change from 0 to 2048
[  896.497734][T12533] veth0_macvtap: entered promiscuous mode
[  896.579863][T12922] loop2: detected capacity change from 0 to 512
[  896.588028][T12920] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  896.604068][T12533] veth1_macvtap: entered promiscuous mode
[  896.696019][T12617] veth0_vlan: entered promiscuous mode
[  896.751814][T12922] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz.2.1921: corrupted in-inode xattr: invalid ea_ino
[  896.846554][T12922] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz.2.1921: couldn't read orphan inode 15 (err -117)
[  896.866331][T12617] veth1_vlan: entered promiscuous mode
[  899.131867][T12922] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  899.263256][T12295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  899.317856][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.362657][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.400277][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.418591][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.446885][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.470310][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.508598][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.537552][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.575212][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  899.594250][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  899.622526][T12533] batman_adv: batadv0: Interface activated: batadv_slave_0
[  899.645564][T12245] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  899.663918][ T1095] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  899.682349][ T1095] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  899.690843][T12947] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1925'.
[  899.795309][T12950] bond1: (slave wireguard0): The slave device specified does not support setting the MAC address
[  899.877906][T12950] bond1: (slave wireguard0): Error -95 calling set_mac_address
[  899.965121][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  899.994358][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.009790][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.030019][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.053520][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.097269][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.117583][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.137722][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.150844][T12533] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  900.161443][T12533] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  900.173475][T12533] batman_adv: batadv0: Interface activated: batadv_slave_1
[  900.200525][T12533] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  900.209661][T12533] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  900.220960][T12533] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  900.229923][T12533] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  900.767272][ T1095] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  900.848486][T12617] veth0_macvtap: entered promiscuous mode
[  900.854520][ T1095] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  900.904428][T12617] veth1_macvtap: entered promiscuous mode
[  901.090559][ T4631] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  901.146496][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  901.215659][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.250455][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  901.278820][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.337994][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  901.351201][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.370379][ T4631] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  901.391434][ T4631] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  901.413402][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  901.439974][ T4631] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  901.449360][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.467453][ T4631] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  901.478025][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  901.491826][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.504465][ T4631] usb 2-1: config 0 descriptor??
[  901.515800][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  901.529376][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.548462][T12617] batman_adv: batadv0: Interface activated: batadv_slave_0
[  901.649578][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  901.696894][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.729040][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  901.772137][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.793123][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  901.813835][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.830018][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  901.854626][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.878665][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  901.905595][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  901.940457][T12617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  901.955957][ T4631] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  901.994613][ T4631] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  902.003986][T12617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  902.021614][ T4631] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  902.040642][T12617] batman_adv: batadv0: Interface activated: batadv_slave_1
[  902.051004][ T2795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  902.064621][ T4631] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  902.085260][ T2795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  902.112894][ T4631] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  902.158501][T12617] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  902.184472][ T4631] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  902.202799][T12617] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  902.229295][T12617] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  902.251945][ T4631] usb 2-1: USB disconnect, device number 25
[  902.264393][T12617] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  902.280713][T12964] loop5: detected capacity change from 0 to 32768
[  902.294973][T12976] loop3: detected capacity change from 0 to 512
[  902.327380][T12964] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1813 (12964)
[  902.374516][T12976] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #15: comm syz.3.1935: corrupted in-inode xattr: invalid ea_ino
[  902.414615][T12976] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.1935: couldn't read orphan inode 15 (err -117)
[  902.439227][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  902.487966][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  902.510859][T12964] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  902.550098][T12976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  902.571220][T12964] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[  902.590403][T12964] BTRFS info (device loop5): using free-space-tree
[  903.019841][ T2795] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  903.052828][ T2795] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  903.116439][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  903.296396][ T2795] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  903.308830][ T2795] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  903.943863][T11287] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  904.311449][T11287] usb 2-1: Using ep0 maxpacket: 16
[  904.357655][T11287] usb 2-1: config 0 has an invalid interface number: 255 but max is 7
[  904.371364][T11287] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8
[  904.410442][T11287] usb 2-1: config 0 has no interface number 0
[  904.452576][T11287] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  904.483490][T11287] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  904.522167][T11287] usb 2-1: Product: syz
[  904.526391][T11287] usb 2-1: Manufacturer: syz
[  904.562154][T11287] usb 2-1: SerialNumber: syz
[  904.589925][T11287] usb 2-1: config 0 descriptor??
[  904.612181][T11287] ftdi_sio 2-1:0.255: FTDI USB Serial Device converter detected
[  904.634938][T11287] usb 2-1: Detected FT232R
[  904.686988][ T8460] BTRFS info (device loop5): qgroup scan completed (inconsistency flag cleared)
[  904.892070][T13032] netlink: 55631 bytes leftover after parsing attributes in process `syz.4.1944'.
[  905.129594][T12465] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  905.869588][T13005] loop1: detected capacity change from 0 to 512
[  905.941580][T11101] Bluetooth: hci7: sending frame failed (-49)
[  905.952206][   T54] Bluetooth: hci7: Opcode 0x1003 failed: -49
[  906.023450][T13005] EXT4-fs (loop1): can't mount with both data=journal and delalloc
[  906.125363][T11287] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  906.130563][T13045] loop4: detected capacity change from 0 to 512
[  906.155208][T11287] ftdi_sio 2-1:0.255: GPIO initialisation failed: -71
[  906.172229][T11287] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  906.215741][T11287] usb 2-1: USB disconnect, device number 26
[  906.258703][T11287] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  906.272873][T11287] ftdi_sio 2-1:0.255: device disconnected
[  906.278391][T13045] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz.4.1948: corrupted in-inode xattr: invalid ea_ino
[  906.319520][T13045] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.1948: couldn't read orphan inode 15 (err -117)
[  906.402923][T13045] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  907.433553][T12533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  907.536184][T13065] syz.1.1954[13065] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  907.536373][T13065] syz.1.1954[13065] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  908.546554][T13090] loop4: detected capacity change from 0 to 256
[  908.660150][T13099] loop3: detected capacity change from 0 to 512
[  908.713666][T13090] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  908.861340][T11310] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  908.954393][T13103] loop5: detected capacity change from 0 to 128
[  908.971393][T13099] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #15: comm syz.3.1967: corrupted in-inode xattr: invalid ea_ino
[  908.999203][T13099] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.1967: couldn't read orphan inode 15 (err -117)
[  909.031093][T13099] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  909.090672][T11310] usb 1-1: Using ep0 maxpacket: 16
[  909.111647][T11310] usb 1-1: config 0 has an invalid interface number: 255 but max is 7
[  909.141068][T11310] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8
[  909.180812][T11310] usb 1-1: config 0 has no interface number 0
[  909.197372][T13072] loop2: detected capacity change from 0 to 32768
[  909.209492][T11310] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  909.234033][T11310] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  909.242057][T13072] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1957 (13072)
[  909.298442][T11310] usb 1-1: Product: syz
[  909.303617][T11310] usb 1-1: Manufacturer: syz
[  909.308682][T11310] usb 1-1: SerialNumber: syz
[  909.452047][T11310] usb 1-1: config 0 descriptor??
[  909.496015][T11310] ftdi_sio 1-1:0.255: FTDI USB Serial Device converter detected
[  909.554095][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  910.405197][T13114] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1970'.
[  910.416121][T13114] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1970'.
[  910.851876][T13072] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  910.943435][T13072] BTRFS info (device loop2): using sha256 (sha256-ni) checksum algorithm
[  910.988351][T13072] BTRFS info (device loop2): using free-space-tree
[  911.056772][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  911.081137][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  911.161617][T11310] usb 1-1: Detected FT232R
[  911.163759][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  911.220487][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  911.377849][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  911.425029][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  911.596270][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  911.681332][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  911.855259][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  911.880458][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  912.062455][T13072] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  912.343910][T11310] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  912.382024][T11310] ftdi_sio 1-1:0.255: GPIO initialisation failed: -71
[  912.391219][T11310] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  912.402675][T11310] usb 1-1: USB disconnect, device number 44
[  912.417552][T13072] BTRFS error (device loop2): open_ctree failed
[  912.453780][T11310] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  912.505763][T11310] ftdi_sio 1-1:0.255: device disconnected
[  914.194220][T13160] loop3: detected capacity change from 0 to 256
[  914.251531][T13160] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  915.256950][T13168] loop3: detected capacity change from 0 to 1024
[  915.817634][   T12] hfsplus: b-tree write err: -5, ino 4
[  915.881900][ T8460] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  916.386515][ T8460] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  916.580551][    T9] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  916.723237][ T8460] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  916.780681][    T9] usb 3-1: Using ep0 maxpacket: 16
[  916.799878][    T9] usb 3-1: config 0 has an invalid interface number: 255 but max is 7
[  916.838276][T11101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  916.839573][    T9] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8
[  916.863431][T11101] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  916.880022][T11101] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  916.889579][    T9] usb 3-1: config 0 has no interface number 0
[  916.901216][T13192] loop4: detected capacity change from 0 to 256
[  916.917988][T11101] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  916.951809][T11101] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  916.976341][    T9] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  916.976548][T11101] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  917.005459][T13192] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  917.030275][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.086441][    T9] usb 3-1: Product: syz
[  917.092100][    T9] usb 3-1: Manufacturer: syz
[  917.096732][    T9] usb 3-1: SerialNumber: syz
[  917.114695][ T8460] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.148113][    T9] usb 3-1: config 0 descriptor??
[  917.181073][    T9] ftdi_sio 3-1:0.255: FTDI USB Serial Device converter detected
[  917.190160][    T9] usb 3-1: Detected FT232R
[  917.435316][T13179] loop3: detected capacity change from 0 to 32768
[  917.510742][T13179] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1990 (13179)
[  917.617420][T13179] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  917.668938][T13179] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[  917.684734][T13179] BTRFS info (device loop3): using free-space-tree
[  917.943848][T13180] loop2: detected capacity change from 0 to 512
[  917.963209][T13180] EXT4-fs (loop2): can't mount with both data=journal and delalloc
[  918.349538][ T8460] bridge_slave_1: left allmulticast mode
[  918.360320][ T8460] bridge_slave_1: left promiscuous mode
[  918.366240][ T8460] bridge0: port 2(bridge_slave_1) entered disabled state
[  918.483963][ T8460] bridge_slave_0: left allmulticast mode
[  918.504544][ T8460] bridge_slave_0: left promiscuous mode
[  918.514100][    T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  918.524517][ T8460] bridge0: port 1(bridge_slave_0) entered disabled state
[  918.557873][    T9] ftdi_sio 3-1:0.255: GPIO initialisation failed: -71
[  918.613756][    T9] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  918.696227][    T9] usb 3-1: USB disconnect, device number 41
[  918.868872][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  918.981477][    T9] ftdi_sio 3-1:0.255: device disconnected
[  919.020551][T11101] Bluetooth: hci3: command tx timeout
[  919.103641][T12301] BTRFS info (device loop3): qgroup scan completed (inconsistency flag cleared)
[  919.194500][T11106] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  919.465725][T13233] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  919.560394][T11101] Bluetooth: hci4: unexpected subevent 0x0a length: 16 < 30
[  919.855856][   T54] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  919.868485][   T54] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  919.878104][   T54] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  919.886791][   T54] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  919.920936][   T54] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  919.952666][   T54] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  920.093285][T13238] loop2: detected capacity change from 0 to 256
[  920.135719][T13238] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  920.697134][T13229] loop4: detected capacity change from 0 to 40427
[  920.845402][T13229] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  920.881399][T13229] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  920.971373][T13229] F2FS-fs (loop4): invalid crc value
[  921.154231][T13252] loop2: detected capacity change from 0 to 512
[  921.168014][T13252] EXT4-fs: Ignoring removed oldalloc option
[  921.175519][T13252] ext4: Unknown parameter 'nog'
[  921.209713][T11101] Bluetooth: hci3: command tx timeout
[  921.398197][T13229] F2FS-fs (loop4): Found nat_bits in checkpoint
[  921.566878][ T8460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  921.681449][ T8460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  921.741404][ T8460] bond0 (unregistering): Released all slaves
[  921.889015][T13229] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  921.930585][T13229] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  921.962451][T13256] loop2: detected capacity change from 0 to 1024
[  921.984673][T13256] EXT4-fs: Ignoring removed nomblk_io_submit option
[  922.016826][T13243] loop3: detected capacity change from 0 to 32768
[  922.073631][T11101] Bluetooth: hci6: command tx timeout
[  922.109643][T13256] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  922.190558][T13243] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  922.246395][T13268] loop1: detected capacity change from 0 to 2048
[  922.269731][T13268] EXT4-fs: Ignoring removed mblk_io_submit option
[  922.382536][T13268] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  922.437530][T13243] XFS (loop3): Ending clean mount
[  922.454173][T13243] XFS (loop3): Quotacheck needed: Please wait.
[  922.520034][T12245] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  922.638871][T13243] XFS (loop3): Quotacheck: Done.
[  922.892925][T13283] EXT4-fs (loop1): shut down requested (0)
[  922.998166][T13288] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2012: bg 0: block 234: padding at end of block bitmap is not set
[  923.082371][T11106] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  923.110488][T13288] EXT4-fs (loop1): Remounting filesystem read-only
[  923.270372][   T54] Bluetooth: hci3: command tx timeout
[  923.508258][ T8460] hsr_slave_0: left promiscuous mode
[  923.593796][ T8460] hsr_slave_1: left promiscuous mode
[  923.639870][ T8460] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  923.659746][ T8460] batman_adv: batadv0: Removing interface: batadv_slave_0
[  923.722272][ T8460] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  923.730051][ T8460] batman_adv: batadv0: Removing interface: batadv_slave_1
[  923.841382][T12295] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  923.842159][ T8460] veth1_macvtap: left promiscuous mode
[  923.885294][ T8460] veth0_macvtap: left promiscuous mode
[  923.895388][ T8460] veth1_vlan: left promiscuous mode
[  923.913932][ T8460] veth0_vlan: left promiscuous mode
[  923.961393][T13309] loop4: detected capacity change from 0 to 1024
[  924.113814][T13312] loop3: detected capacity change from 0 to 256
[  924.134595][T13312] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  924.147523][ T2795] hfsplus: b-tree write err: -5, ino 4
[  924.147799][   T54] Bluetooth: hci6: command tx timeout
[  924.383757][T13316] loop3: detected capacity change from 0 to 128
[  925.015058][T13314] loop4: detected capacity change from 0 to 32768
[  925.055434][T13314] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2019 (13314)
[  925.166221][T13314] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  925.205381][T13314] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  925.237179][T13314] BTRFS info (device loop4): using free-space-tree
[  925.345557][   T54] Bluetooth: hci3: command tx timeout
[  925.699224][T12533] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  926.087852][ T8460] team0 (unregistering): Port device team_slave_1 removed
[  926.220996][   T54] Bluetooth: hci6: command tx timeout
[  926.285283][ T8460] team0 (unregistering): Port device team_slave_0 removed
[  927.145961][T13341] loop4: detected capacity change from 0 to 40427
[  927.165909][T13341] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  927.179919][T13341] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  927.191916][T13341] F2FS-fs (loop4): invalid crc value
[  927.229286][T13341] F2FS-fs (loop4): Found nat_bits in checkpoint
[  927.388489][T13341] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  927.405304][T13341] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  927.847008][T13190] chnl_net:caif_netlink_parms(): no params data found
[  927.937043][T13347] loop3: detected capacity change from 0 to 32768
[  928.115630][T13347] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  928.302666][   T54] Bluetooth: hci6: command tx timeout
[  928.452152][T13371] loop4: detected capacity change from 0 to 256
[  928.467818][T13347] XFS (loop3): Ending clean mount
[  928.493918][T13371] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  928.518697][T13190] bridge0: port 1(bridge_slave_0) entered blocking state
[  928.524037][T13347] XFS (loop3): Quotacheck needed: Please wait.
[  928.539754][T13190] bridge0: port 1(bridge_slave_0) entered disabled state
[  928.580689][T13190] bridge_slave_0: entered allmulticast mode
[  928.614912][T13190] bridge_slave_0: entered promiscuous mode
[  928.631391][T13235] chnl_net:caif_netlink_parms(): no params data found
[  928.645957][T13347] XFS (loop3): Quotacheck: Done.
[  928.668773][T13190] bridge0: port 2(bridge_slave_1) entered blocking state
[  928.688552][T13190] bridge0: port 2(bridge_slave_1) entered disabled state
[  928.703812][T13190] bridge_slave_1: entered allmulticast mode
[  928.742814][T13190] bridge_slave_1: entered promiscuous mode
[  928.759369][T13374] loop4: detected capacity change from 0 to 256
[  928.789870][T13374] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  928.913601][T13377] loop4: detected capacity change from 0 to 128
[  928.951191][T11106] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  929.117150][T13190] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  929.237988][T13190] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  929.618745][T13190] team0: Port device team_slave_0 added
[  929.641070][T13235] bridge0: port 1(bridge_slave_0) entered blocking state
[  929.662208][T13235] bridge0: port 1(bridge_slave_0) entered disabled state
[  929.677712][T13235] bridge_slave_0: entered allmulticast mode
[  929.695780][T13235] bridge_slave_0: entered promiscuous mode
[  929.727118][T13190] team0: Port device team_slave_1 added
[  929.751243][T13235] bridge0: port 2(bridge_slave_1) entered blocking state
[  929.769239][T13235] bridge0: port 2(bridge_slave_1) entered disabled state
[  929.792239][T13235] bridge_slave_1: entered allmulticast mode
[  929.800674][T13235] bridge_slave_1: entered promiscuous mode
[  930.017110][T13190] batman_adv: batadv0: Adding interface: batadv_slave_0
[  930.035648][T13190] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  930.084432][T13395] loop4: detected capacity change from 0 to 40427
[  930.084991][T13190] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  930.103745][T13395] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  930.114298][T13190] batman_adv: batadv0: Adding interface: batadv_slave_1
[  930.121779][T13190] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  930.142041][T13395] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  930.151558][T13190] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  930.205011][T13395] F2FS-fs (loop4): invalid crc value
[  930.266988][T13395] F2FS-fs (loop4): Found nat_bits in checkpoint
[  930.381848][T13395] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  930.391673][T13395] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  930.435482][ T8460] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.564270][T13235] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  930.732951][ T8460] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  930.773924][T13235] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  931.111308][ T1242] ieee802154 phy0 wpan0: encryption failed: -22
[  931.117822][ T1242] ieee802154 phy1 wpan1: encryption failed: -22
[  931.935934][ T8460] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.057022][T13417] loop3: detected capacity change from 0 to 256
[  932.131426][T13417] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  932.154449][T13235] team0: Port device team_slave_0 added
[  932.208977][T13190] hsr_slave_0: entered promiscuous mode
[  932.277173][T13190] hsr_slave_1: entered promiscuous mode
[  932.301025][T13190] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  932.308648][T13190] Cannot create hsr debugfs directory
[  932.565172][ T8460] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  932.622893][T13235] team0: Port device team_slave_1 added
[  932.832590][T13235] batman_adv: batadv0: Adding interface: batadv_slave_0
[  932.839609][T13235] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  932.857312][T13432] loop2: detected capacity change from 0 to 128
[  932.951162][T13235] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  933.092957][T13235] batman_adv: batadv0: Adding interface: batadv_slave_1
[  933.099961][T13235] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  933.237145][T13235] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  933.596419][T13235] hsr_slave_0: entered promiscuous mode
[  933.642753][T13235] hsr_slave_1: entered promiscuous mode
[  933.663745][T13235] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  933.682342][T13235] Cannot create hsr debugfs directory
[  933.797631][T13427] loop4: detected capacity change from 0 to 32768
[  933.922716][T13427] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  934.192799][T13427] XFS (loop4): Ending clean mount
[  934.255363][T13427] XFS (loop4): Quotacheck needed: Please wait.
[  934.578355][ T8460] bridge_slave_1: left allmulticast mode
[  934.639305][ T8460] bridge_slave_1: left promiscuous mode
[  934.726390][T13465] loop2: detected capacity change from 0 to 512
[  934.743100][T13465] EXT4-fs: Ignoring removed oldalloc option
[  934.750626][T13465] ext4: Unknown parameter 'nog'
[  935.042330][T11101] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  935.206496][T11101] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  935.220990][T11101] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  935.229654][T11101] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  935.244697][T11101] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  935.262259][ T8460] bridge0: port 2(bridge_slave_1) entered disabled state
[  935.279828][T11101] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  935.364620][ T8460] bridge_slave_0: left allmulticast mode
[  935.393281][ T8460] bridge_slave_0: left promiscuous mode
[  935.419720][ T8460] bridge0: port 1(bridge_slave_0) entered disabled state
[  935.441449][T13427] XFS (loop4): Quotacheck: Done.
[  935.539199][T13468] loop2: detected capacity change from 0 to 256
[  935.587386][T13468] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  935.613962][T12533] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  935.742261][T13470] loop2: detected capacity change from 0 to 512
[  935.742781][T13449] loop3: detected capacity change from 0 to 40427
[  935.749638][T13470] EXT4-fs: Ignoring removed mblk_io_submit option
[  935.768907][T13470] EXT4-fs: Ignoring removed i_version option
[  935.801419][T13449] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  935.814586][T13449] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  935.828479][T13449] F2FS-fs (loop3): invalid crc value
[  935.847252][T13470] EXT4-fs error (device loop2): __ext4_iget:4906: inode #11: block 1: comm syz.2.2054: invalid block
[  935.891113][T13470] EXT4-fs (loop2): Remounting filesystem read-only
[  935.899281][T13470] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  935.904120][T13449] F2FS-fs (loop3): Found nat_bits in checkpoint
[  936.118729][T13449] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  936.129830][T13449] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  937.156073][T12245] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  937.358919][T11101] Bluetooth: hci7: command tx timeout
[  937.419223][T13482] loop3: detected capacity change from 0 to 128
[  937.941000][ T8460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  937.984094][ T8460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  938.010790][ T8460] bond0 (unregistering): Released all slaves
[  938.795831][T13508] loop3: detected capacity change from 0 to 256
[  938.815798][T13508] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  939.407204][T13528] loop3: detected capacity change from 0 to 128
[  939.420658][T11101] Bluetooth: hci7: command tx timeout
[  939.614484][ T8460] hsr_slave_0: left promiscuous mode
[  939.636037][ T8460] hsr_slave_1: left promiscuous mode
[  939.709885][T13533] loop2: detected capacity change from 0 to 2048
[  939.725059][ T8460] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  939.755511][ T8460] batman_adv: batadv0: Removing interface: batadv_slave_0
[  939.776159][T13533] EXT4-fs error (device loop2): __ext4_fill_super:5431: inode #2: comm syz.2.2069: casefold flag without casefold feature
[  939.804339][ T8460] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  939.812157][ T8460] batman_adv: batadv0: Removing interface: batadv_slave_1
[  939.834630][T13533] EXT4-fs (loop2): get root inode failed
[  939.851240][T13533] EXT4-fs (loop2): mount failed
[  939.855743][ T8460] veth1_macvtap: left promiscuous mode
[  939.862138][ T8460] veth0_macvtap: left promiscuous mode
[  939.868380][ T8460] veth1_vlan: left promiscuous mode
[  939.877743][ T8460] veth0_vlan: left promiscuous mode
[  939.936222][T13540] loop3: detected capacity change from 0 to 256
[  941.004633][T13548] loop3: detected capacity change from 0 to 1024
[  941.242457][ T2911] hfsplus: b-tree write err: -5, ino 4
[  941.512469][T11101] Bluetooth: hci7: command tx timeout
[  941.983520][ T8460] team0 (unregistering): Port device team_slave_1 removed
[  942.047503][ T8460] team0 (unregistering): Port device team_slave_0 removed
[  943.580526][T11101] Bluetooth: hci7: command tx timeout
[  944.664097][T13464] chnl_net:caif_netlink_parms(): no params data found
[  945.365349][T13190] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  945.432674][T13464] bridge0: port 1(bridge_slave_0) entered blocking state
[  945.439895][T13464] bridge0: port 1(bridge_slave_0) entered disabled state
[  945.462272][T13464] bridge_slave_0: entered allmulticast mode
[  945.484825][T13464] bridge_slave_0: entered promiscuous mode
[  945.517135][T13190] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  945.603849][T13464] bridge0: port 2(bridge_slave_1) entered blocking state
[  945.646709][T13608] loop3: detected capacity change from 0 to 32768
[  945.653590][T13464] bridge0: port 2(bridge_slave_1) entered disabled state
[  945.663521][T13464] bridge_slave_1: entered allmulticast mode
[  945.673486][T13464] bridge_slave_1: entered promiscuous mode
[  945.699453][T13608] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  945.755051][T13190] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  945.805291][T13190] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  945.948998][T13464] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  945.978562][T13608] XFS (loop3): Ending clean mount
[  946.039728][T13608] XFS (loop3): Quotacheck needed: Please wait.
[  946.067647][T13464] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  946.154174][T13608] XFS (loop3): Quotacheck: Done.
[  946.261694][T11106] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  946.278402][T13464] team0: Port device team_slave_0 added
[  946.306482][T13464] team0: Port device team_slave_1 added
[  946.604529][T13464] batman_adv: batadv0: Adding interface: batadv_slave_0
[  946.625439][T13464] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  946.710362][T13464] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  946.752976][T13235] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  946.794324][T13235] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  946.863772][T13464] batman_adv: batadv0: Adding interface: batadv_slave_1
[  946.891848][T13464] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  947.004550][T13464] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  947.094240][T13235] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  947.130076][T13235] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  947.400030][T13464] hsr_slave_0: entered promiscuous mode
[  947.409977][T13464] hsr_slave_1: entered promiscuous mode
[  947.587736][T13692] loop2: detected capacity change from 0 to 1024
[  947.801578][ T2904] hfsplus: b-tree write err: -5, ino 4
[  947.866502][T13699] loop3: detected capacity change from 0 to 512
[  947.932857][T13699] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2234: inode #15: comm syz.3.2123: corrupted in-inode xattr: invalid ea_ino
[  947.970398][T13699] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.2123: couldn't read orphan inode 15 (err -117)
[  948.030119][T13190] 8021q: adding VLAN 0 to HW filter on device bond0
[  948.132002][T13699] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  948.362012][T13464] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  948.625362][T13190] 8021q: adding VLAN 0 to HW filter on device team0
[  948.626210][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  948.752901][T13731] loop2: detected capacity change from 0 to 1024
[  948.848913][T13464] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  948.953234][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state
[  948.960496][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state
[  949.032193][ T2795] hfsplus: b-tree write err: -5, ino 4
[  949.249363][T13464] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.372266][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  949.379495][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  949.619538][T13464] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  949.783117][T13235] 8021q: adding VLAN 0 to HW filter on device bond0
[  949.942570][T13235] 8021q: adding VLAN 0 to HW filter on device team0
[  950.026372][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  950.033717][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  950.139480][  T780] bridge0: port 2(bridge_slave_1) entered blocking state
[  950.146754][  T780] bridge0: port 2(bridge_slave_1) entered forwarding state
[  950.433272][T13785] loop3: detected capacity change from 0 to 2048
[  950.581997][T13785] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  950.640394][T13464] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  950.807030][T13464] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  950.977067][T13464] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  951.339883][T13464] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  951.749569][T13190] 8021q: adding VLAN 0 to HW filter on device batadv0
[  951.763379][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  952.397253][T13464] 8021q: adding VLAN 0 to HW filter on device bond0
[  952.526143][T13464] 8021q: adding VLAN 0 to HW filter on device team0
[  952.701239][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  952.708597][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  952.752604][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  952.759841][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  952.992900][T13235] 8021q: adding VLAN 0 to HW filter on device batadv0
[  953.369791][T13190] veth0_vlan: entered promiscuous mode
[  953.541882][T13190] veth1_vlan: entered promiscuous mode
[  953.573141][T13235] veth0_vlan: entered promiscuous mode
[  953.656659][T13235] veth1_vlan: entered promiscuous mode
[  953.816186][T13190] veth0_macvtap: entered promiscuous mode
[  953.871560][T13190] veth1_macvtap: entered promiscuous mode
[  953.984884][T13235] veth0_macvtap: entered promiscuous mode
[  954.034148][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  954.064338][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.099438][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  954.152230][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.200381][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  954.258882][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.282669][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  954.300637][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.320560][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  954.360562][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.450402][T13190] batman_adv: batadv0: Interface activated: batadv_slave_0
[  954.513989][T13235] veth1_macvtap: entered promiscuous mode
[  954.563913][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  954.590594][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.601025][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  954.663658][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.690740][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  954.716779][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.746069][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  954.779628][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.802024][T13190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  954.824116][T13190] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  954.865677][T13190] batman_adv: batadv0: Interface activated: batadv_slave_1
[  954.932502][T13464] 8021q: adding VLAN 0 to HW filter on device batadv0
[  954.979761][T13190] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  955.009092][T13190] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  955.040294][T13190] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  955.049031][T13190] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  955.133579][T13911] fuse: Invalid rootmode
[  955.186599][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.254559][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.310350][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.350731][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.410114][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.480314][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.502795][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.537370][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.582541][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.613544][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.649725][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  955.673510][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.686566][T13235] batman_adv: batadv0: Interface activated: batadv_slave_0
[  955.809856][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  955.840310][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.862637][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  955.888128][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.912132][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  955.949028][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  955.981722][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  956.008589][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  956.030834][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  956.054790][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  956.086353][T13235] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  956.115028][T13235] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  956.152532][T13235] batman_adv: batadv0: Interface activated: batadv_slave_1
[  956.194807][T13235] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  956.214370][T13235] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  956.233890][T13235] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  956.279715][T13235] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  956.353429][T13928] pim6reg1: entered promiscuous mode
[  956.364054][T13928] pim6reg1: entered allmulticast mode
[  956.373598][T13931] pim6reg1: entered promiscuous mode
[  956.379015][T13931] pim6reg1: entered allmulticast mode
[  956.904897][T13464] veth0_vlan: entered promiscuous mode
[  956.925575][T13947] syzkaller0: entered promiscuous mode
[  956.942270][T13947] syzkaller0: entered allmulticast mode
[  957.170938][T13464] veth1_vlan: entered promiscuous mode
[  957.326741][ T2904] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  957.358068][ T2904] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  957.371166][T13959] fuse: Invalid rootmode
[  957.570419][T12301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  957.578299][T12301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  957.645902][T13464] veth0_macvtap: entered promiscuous mode
[  957.722518][T12301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  957.739795][T13464] veth1_macvtap: entered promiscuous mode
[  957.752818][T12301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  957.878331][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  957.893032][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  957.933888][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  957.985348][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.069073][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.087584][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.097775][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.144899][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.165275][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.218971][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.245197][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.282287][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.309828][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  958.340586][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.369158][T13464] batman_adv: batadv0: Interface activated: batadv_slave_0
[  958.409797][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  958.439736][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.475102][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  958.510398][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.550278][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  958.572287][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.594240][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  958.617894][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.639864][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  958.666043][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.699790][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  958.733990][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.757040][T13464] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  958.783916][T13464] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  958.814927][T13464] batman_adv: batadv0: Interface activated: batadv_slave_1
[  958.849767][ T5969] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  958.865028][ T5969] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  958.973554][T13992] pim6reg1: entered promiscuous mode
[  958.978923][T13992] pim6reg1: entered allmulticast mode
[  959.274450][T13464] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  959.312706][T13464] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  959.358254][T13464] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  959.387917][T13464] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  959.905267][T14025] autofs: Bad value for 'fd'
[  960.007296][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  960.059920][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  960.258540][ T8460] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  960.307245][ T8460] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  960.350609][T14042] fuse: Invalid rootmode
[  960.388474][T14040] loop5: detected capacity change from 0 to 2048
[  960.551342][T14045] syz.2.2215[14045] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  960.551531][T14045] syz.2.2215[14045] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  960.567083][T14040] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  960.882848][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  961.195705][T14080] loop5: detected capacity change from 0 to 256
[  961.349281][T14080] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  962.178477][T11101] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  962.241509][T11101] Bluetooth: hci3: Injecting HCI hardware error event
[  962.323384][T11101] Bluetooth: hci3: hardware error 0x00
[  963.057992][T14126] loop2: detected capacity change from 0 to 1024
[  963.124885][T14126] EXT4-fs: Ignoring removed nomblk_io_submit option
[  963.248375][T14126] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  963.433785][ T4487] Bluetooth: hci3: unexpected event for opcode 0x1004
[  963.484101][T12245] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  963.584988][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  963.585014][   T29] audit: type=1326 audit(1721175172.949:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  963.755037][ T4487] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0
[  963.766719][ T4487] Bluetooth: hci6: Injecting HCI hardware error event
[  963.780471][T11104] Bluetooth: hci6: hardware error 0x00
[  963.906864][ T4487] Bluetooth: hci5: command 0x0406 tx timeout
[  963.999395][   T29] audit: type=1326 audit(1721175172.949:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  964.121249][   T29] audit: type=1326 audit(1721175172.959:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  964.156109][   T29] audit: type=1326 audit(1721175172.969:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  964.510681][   T29] audit: type=1326 audit(1721175172.969:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  964.610365][T14157] loop2: detected capacity change from 0 to 1024
[  964.618045][   T29] audit: type=1326 audit(1721175172.979:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  964.716249][   T29] audit: type=1326 audit(1721175172.979:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  964.743024][T14157] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  964.803964][T11101] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  964.876330][   T29] audit: type=1326 audit(1721175172.979:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  964.902788][T14172] loop4: detected capacity change from 0 to 128
[  964.990428][   T29] audit: type=1326 audit(1721175172.979:358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  965.034496][T12245] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  965.081156][   T29] audit: type=1326 audit(1721175172.979:359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14144 comm="syz.3.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f13de175a19 code=0x7ffc0000
[  965.199005][T14178] loop4: detected capacity change from 0 to 1024
[  965.232908][T14178] EXT4-fs: Ignoring removed nomblk_io_submit option
[  965.343332][T14178] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  965.405958][T11101] Bluetooth: hci6: unexpected event for opcode 0x1004
[  965.639533][T12533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  966.390496][T14205] pim6reg1: entered promiscuous mode
[  966.410535][T14205] pim6reg1: entered allmulticast mode
[  966.460710][T11104] Bluetooth: hci6: Opcode 0x0c03 failed: -110
[  966.740452][ T4631] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  966.982323][ T4631] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  967.019568][ T4631] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  967.051510][ T4631] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  967.084075][ T4631] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  967.134045][ T4631] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  967.174309][ T4631] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  967.194197][ T4631] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  967.242825][ T4631] usb 3-1: Product: syz
[  967.247486][ T4631] usb 3-1: Manufacturer: syz
[  967.287489][ T4631] cdc_wdm 3-1:1.0: skipping garbage
[  967.310421][ T4631] cdc_wdm 3-1:1.0: skipping garbage
[  967.345664][ T4631] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  967.363502][ T4631] cdc_wdm 3-1:1.0: Unknown control protocol
[  967.618383][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.625320][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.631693][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.638312][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.644640][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.651257][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.657641][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.664255][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.670726][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.677340][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.683639][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.690253][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.696645][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.703456][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.709880][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.716511][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.722824][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.729543][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.735921][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  967.742560][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  967.764391][ T4631] usb 3-1: USB disconnect, device number 42
[  967.770380][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  968.543762][    T8] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  968.776342][    T8] usb 3-1: Using ep0 maxpacket: 32
[  968.807407][    T8] usb 3-1: no configurations
[  968.822350][    T8] usb 3-1: can't read configurations, error -22
[  969.021346][    T8] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  969.240438][    T8] usb 3-1: Using ep0 maxpacket: 32
[  969.255190][    T8] usb 3-1: no configurations
[  969.276623][    T8] usb 3-1: can't read configurations, error -22
[  969.314521][    T8] usb usb3-port1: attempt power cycle
[  970.915913][T14286] loop3: detected capacity change from 0 to 32768
[  970.990695][T14286] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  971.022851][T14340] loop2: detected capacity change from 0 to 2048
[  971.148376][T14340] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  971.337103][T14340] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  971.401425][T14286] XFS (loop3): Ending clean mount
[  971.443450][T14340] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  971.467054][T14286] XFS (loop3): Quotacheck needed: Please wait.
[  971.509466][T14340] EXT4-fs (loop2): This should not happen!! Data will be lost
[  971.509466][T14340] 
[  971.553501][T14340] EXT4-fs (loop2): Total free blocks count 0
[  971.559562][T14340] EXT4-fs (loop2): Free/Dirty block details
[  971.586313][T14340] EXT4-fs (loop2): free_blocks=2415919104
[  971.622797][T14340] EXT4-fs (loop2): dirty_blocks=16
[  971.638383][T14340] EXT4-fs (loop2): Block reservation details
[  971.650596][T14286] XFS (loop3): Quotacheck: Done.
[  971.656746][T14340] EXT4-fs (loop2): i_reserved_data_blocks=1
[  971.773171][ T2795] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  971.855772][T11106] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  972.321905][T14396] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2352'.
[  972.831558][T14396] gretap0: entered promiscuous mode
[  972.911264][T14397] netlink: 5 bytes leftover after parsing attributes in process `syz.2.2352'.
[  972.922500][T14397] 0猉功D: renamed from gretap0
[  972.997282][T14397] 0猉功D: left promiscuous mode
[  973.002421][T14397] 0猉功D: entered allmulticast mode
[  973.019374][T14397] A link change request failed with some changes committed already. Interface 
30猉功D may have been left with an inconsistent configuration, please check.
[  974.129613][T14418] loop3: detected capacity change from 0 to 1024
[  974.140373][T11101] Bluetooth: hci4: command 0x0406 tx timeout
[  974.284559][T14418] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  974.372620][   T29] kauditd_printk_skb: 11 callbacks suppressed
[  974.372643][   T29] audit: type=1804 audit(1721175183.749:371): pid=14418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2353" name="/newroot/235/file1/bus" dev="loop3" ino=18 res=1 errno=0
[  974.547726][T11106] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  974.895898][T14439] netlink: 9 bytes leftover after parsing attributes in process `syz.0.2372'.
[  974.961956][T14439] gretap0: entered promiscuous mode
[  974.981791][T14440] netlink: 5 bytes leftover after parsing attributes in process `syz.0.2372'.
[  974.991281][T14440] 0猉功D: renamed from gretap0
[  975.076445][T14440] 0猉功D: left promiscuous mode
[  975.081710][T14440] 0猉功D: entered allmulticast mode
[  975.097700][T14440] A link change request failed with some changes committed already. Interface 
30猉功D may have been left with an inconsistent configuration, please check.
[  976.740092][T14420] loop5: detected capacity change from 0 to 32768
[  978.102156][T14493] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2392'.
[  978.306215][T14488] team1: Mode changed to "loadbalance"
[  978.661285][T14510] pim6reg1: entered promiscuous mode
[  978.688590][T14510] pim6reg1: entered allmulticast mode
[  978.709688][T14513] syz.0.2403[14513] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  978.709875][T14513] syz.0.2403[14513] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  979.250808][T14524] loop5: detected capacity change from 0 to 764
[  979.683171][T14536] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2413'.
[  979.694570][T14532] loop5: detected capacity change from 0 to 2048
[  979.875811][T14532] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  979.942379][T14534] team1: Mode changed to "loadbalance"
[  980.034331][T14532] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  980.090567][T14532] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  980.141727][T14508] loop2: detected capacity change from 0 to 32768
[  980.224846][T14548] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2416'.
[  980.230473][T14532] EXT4-fs (loop5): This should not happen!! Data will be lost
[  980.230473][T14532] 
[  980.245178][T14532] EXT4-fs (loop5): Total free blocks count 0
[  980.251824][T14532] EXT4-fs (loop5): Free/Dirty block details
[  980.257840][T14532] EXT4-fs (loop5): free_blocks=2415919104
[  980.264391][T14532] EXT4-fs (loop5): dirty_blocks=16
[  980.269630][T14532] EXT4-fs (loop5): Block reservation details
[  980.277010][T14532] EXT4-fs (loop5): i_reserved_data_blocks=1
[  980.310338][ T5163] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  980.318728][T14508] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  980.475609][T12301] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  980.552968][ T5163] usb 2-1: config 0 has an invalid interface number: 199 but max is 1
[  980.570558][ T5163] usb 2-1: config 0 has no interface number 1
[  980.594647][ T5163] usb 2-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  980.637507][ T5163] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  980.684256][ T5163] usb 2-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  980.735836][ T5163] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  980.748577][T14508] XFS (loop2): Ending clean mount
[  980.763894][ T5163] usb 2-1: SerialNumber: syz
[  980.783485][ T5163] usb 2-1: config 0 descriptor??
[  980.786390][T14508] XFS (loop2): Quotacheck needed: Please wait.
[  980.802623][ T5163] usb 2-1: Found UVC 0.00 device <unnamed> (0002:0000)
[  980.821595][ T5163] usb 2-1: No valid video chain found.
[  980.976550][T14508] XFS (loop2): Quotacheck: Done.
[  981.219045][ T5163] usb 2-1: USB disconnect, device number 27
[  981.225829][T12245] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  981.302597][T14572] loop4: detected capacity change from 0 to 764
[  982.523556][T14603] 9pnet_fd: Insufficient options for proto=fd
[  982.689502][T14606] batadv_slave_1: entered promiscuous mode
[  982.732317][T14605] batadv_slave_1: left promiscuous mode
[  982.764125][T14609] loop4: detected capacity change from 0 to 764
[  983.002169][T14618] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2443'.
[  984.505639][T14637] 9pnet_fd: Insufficient options for proto=fd
[  984.764646][T14641] loop5: detected capacity change from 0 to 2048
[  984.773262][T14601] loop2: detected capacity change from 0 to 32768
[  984.869315][T14641] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  985.010075][T14601] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open
[  985.058606][T14601] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete
[  990.464448][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  990.684303][T14601] bcachefs: bch2_mount() error: EINVAL
[  991.862844][T14711] 9pnet_fd: Insufficient options for proto=fd
[  992.382544][T11101] Bluetooth: hci1: command 0x0406 tx timeout
[  992.561217][ T1242] ieee802154 phy0 wpan0: encryption failed: -22
[  992.568156][ T1242] ieee802154 phy1 wpan1: encryption failed: -22
[  994.077288][T14749] dccp_v6_rcv: dropped packet with invalid checksum
[  994.151791][T14749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  994.235336][T14719] loop2: detected capacity change from 0 to 32768
[  994.321449][T14765] vxcan0: tx drop: invalid sa for name 0xfffffffffffffffd
[  994.402698][T14719] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): filesystem UUID already open
[  994.419630][T14749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  994.426663][T14719] bcachefs (076a1832-646e-4f3c-b13d-b3e266154efd): shutdown complete
[  994.544856][T14749] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  995.511518][T14719] bcachefs: bch2_mount() error: EINVAL
[  995.885029][T14792] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2505'.
[  996.141260][T14798] loop3: detected capacity change from 0 to 764
[  996.945725][T14819] dccp_v6_rcv: dropped packet with invalid checksum
[  997.005509][T14819] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  997.156318][T14823] vxcan0: tx drop: invalid sa for name 0xfffffffffffffffd
[  997.191412][T14823] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  997.864621][T14819] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  998.521736][T14838] loop4: detected capacity change from 0 to 764
[  998.563417][T14842] Driver unsupported XDP return value 0 on prog  (id 472) dev N/A, expect packet loss!
[ 1001.510858][T14889] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2543'.
[ 1002.689653][T14870] loop5: detected capacity change from 0 to 32768
[ 1002.732160][T14870] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2534 (14870)
[ 1002.819061][T14906] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2550'.
[ 1002.857549][T14870] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1002.933347][T14870] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[ 1002.973981][T14870] BTRFS info (device loop5): using free-space-tree
[ 1003.002429][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[ 1003.053082][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[ 1003.139261][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[ 1003.197987][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[ 1003.338587][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[ 1003.395227][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[ 1003.426954][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[ 1003.492330][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[ 1003.524079][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[ 1003.588490][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[ 1003.621326][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[ 1003.661707][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[ 1003.687638][T14870] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[ 1003.733384][T14870] BTRFS error (device loop5): open_ctree failed
[ 1004.295209][T11104] Bluetooth: hci5: Invalid connection link type handle 0x00c9
[ 1004.682462][T14960] dccp_v6_rcv: dropped packet with invalid checksum
[ 1004.800443][T14960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1004.948553][T14967] vxcan0: tx drop: invalid sa for name 0xfffffffffffffffd
[ 1005.054903][T14967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1005.200703][T14960] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1006.289391][T14972] loop2: detected capacity change from 0 to 32768
[ 1006.334914][T14972] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2572 (14972)
[ 1006.399424][T14972] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1006.457233][T14972] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1006.501776][T14972] BTRFS info (device loop2): using free-space-tree
[ 1007.116874][T14983] loop4: detected capacity change from 0 to 40427
[ 1007.137437][T14983] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1007.141508][T12245] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1007.173524][T14983] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1007.222135][T14983] F2FS-fs (loop4): invalid crc value
[ 1007.285113][T14983] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1007.597874][T14983] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1007.628349][T14983] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1008.129561][T15038] dccp_v6_rcv: dropped packet with invalid checksum
[ 1008.240617][T15038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1008.373812][T15042] vxcan0: tx drop: invalid sa for name 0xfffffffffffffffd
[ 1008.395613][   T29] audit: type=1326 audit(1721175217.759:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.510507][   T29] audit: type=1326 audit(1721175217.769:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.620641][T11104] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[ 1008.630114][T11104] Bluetooth: hci5: Injecting HCI hardware error event
[ 1008.641305][T11104] Bluetooth: hci5: hardware error 0x00
[ 1008.648709][   T29] audit: type=1326 audit(1721175217.799:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.730731][   T29] audit: type=1326 audit(1721175217.799:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.753627][   T29] audit: type=1326 audit(1721175217.799:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.776646][   T29] audit: type=1326 audit(1721175217.809:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.803642][   T29] audit: type=1326 audit(1721175217.809:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.831849][   T29] audit: type=1326 audit(1721175217.809:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1008.880045][   T29] audit: type=1326 audit(1721175217.809:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15047 comm="syz.2.2597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f141a175a19 code=0x7ffc0000
[ 1009.471522][T15062] loop1: detected capacity change from 2048 to 0
[ 1010.277744][T15088] dccp_v6_rcv: dropped packet with invalid checksum
[ 1010.302065][T15088] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1010.722711][T15101] loop3: detected capacity change from 0 to 128
[ 1010.743495][T15071] loop2: detected capacity change from 0 to 40427
[ 1010.747425][T15101] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[ 1010.781602][T11104] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[ 1010.809586][T15071] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[ 1010.819310][T15071] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 1010.852890][T15071] F2FS-fs (loop2): invalid crc value
[ 1010.919043][T15071] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1010.929389][   T29] audit: type=1804 audit(1721175220.279:381): pid=15101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.2618" name="/newroot/279/bus/bus" dev="loop3" ino=1048900 res=1 errno=0
[ 1011.060513][T15101] loop3: detected capacity change from 128 to 0
[ 1011.275171][T15071] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 1011.291534][T15071] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[ 1011.298622][T11106] syz-executor: attempt to access beyond end of device
[ 1011.298622][T11106] loop3: rw=0, sector=40, nr_sectors = 1 limit=0
[ 1011.321518][T11106] FAT-fs (loop3): Directory bread(block 40) failed
[ 1011.328995][T11106] syz-executor: attempt to access beyond end of device
[ 1011.328995][T11106] loop3: rw=2049, sector=33, nr_sectors = 1 limit=0
[ 1011.390820][T11106] Buffer I/O error on dev loop3, logical block 33, lost sync page write
[ 1011.915923][T11106] syz-executor: attempt to access beyond end of device
[ 1011.915923][T11106] loop3: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1011.950293][T11106] FAT-fs (loop3): unable to read boot sector to mark fs as dirty
[ 1012.235748][ T1090] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1012.477911][ T1090] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1012.754175][ T1090] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1013.179915][ T1090] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1013.614765][T15159] loop4: detected capacity change from 0 to 1024
[ 1013.631294][T15158] loop5: detected capacity change from 0 to 1024
[ 1013.710575][T11101] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1013.731497][T11101] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1013.740055][T11101] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1013.753393][T11101] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1013.767197][T11101] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1013.776636][T11101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1013.787704][T15159] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1013.886293][T15158] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1013.920607][ T1090] bridge_slave_1: left allmulticast mode
[ 1013.926301][ T1090] bridge_slave_1: left promiscuous mode
[ 1013.974792][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.012922][T15171] 9pnet_fd: Insufficient options for proto=fd
[ 1014.090319][   T29] audit: type=1804 audit(1721175223.449:382): pid=15158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2644" name="/newroot/60/file1/bus" dev="loop5" ino=18 res=1 errno=0
[ 1014.173560][ T1090] bridge_slave_0: left allmulticast mode
[ 1014.191990][ T1090] bridge_slave_0: left promiscuous mode
[ 1014.208412][ T1090] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.242508][T12533] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1014.305184][T13190] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1015.310555][    T8] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[ 1015.529737][T15212] 9pnet_fd: Insufficient options for proto=fd
[ 1015.552744][    T8] usb 3-1: Using ep0 maxpacket: 8
[ 1015.592682][    T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1015.600562][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1015.621510][    T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1015.679838][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1015.698061][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1015.737732][    T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1015.783492][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1015.817407][   T25] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1015.822589][    T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1015.826399][T11104] Bluetooth: hci2: command tx timeout
[ 1015.860977][T15223] dccp_v6_rcv: dropped packet with invalid checksum
[ 1015.910114][T15223] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1015.940609][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1015.985088][T15226] vxcan0: tx drop: invalid sa for name 0xfffffffffffffffd
[ 1016.002560][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1016.035982][    T8] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[ 1016.046897][   T25] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[ 1016.068022][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1016.085055][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1016.096792][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1016.111030][    T8] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1016.123325][   T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[ 1016.142397][   T25] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[ 1016.149219][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1016.152629][   T25] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[ 1016.177548][   T25] usb 6-1: Manufacturer: syz
[ 1016.184768][    T8] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1016.202035][   T25] usb 6-1: config 0 descriptor??
[ 1016.221470][    T8] usb 3-1: string descriptor 0 read error: -22
[ 1016.229376][    T8] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1016.241351][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1016.278696][    T8] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1016.501401][ T1090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1016.542181][ T1090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1016.559731][ T1090] bond0 (unregistering): Released all slaves
[ 1016.592125][  T780] usb 3-1: USB disconnect, device number 46
[ 1016.595341][ T1090] bond1 (unregistering): Released all slaves
[ 1016.639478][   T25] appleir 0003:05AC:8243.0004: unknown main item tag 0x0
[ 1016.669614][   T25] appleir 0003:05AC:8243.0004: No inputs registered, leaving
[ 1016.734565][   T25] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[ 1016.864678][   T30] INFO: task kworker/0:2:10705 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1016.917619][   T30]       Not tainted 6.10.0-syzkaller-01193-g408323581b72 #0
[ 1016.958950][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1017.030379][   T30] task:kworker/0:2     state:D stack:22512 pid:10705 tgid:10705 ppid:2      flags:0x00004000
[ 1017.115602][   T30] Workqueue: events_long bch2_fs_read_only_work
[ 1017.149696][   T30] Call Trace:
[ 1017.165012][   T30]  <TASK>
[ 1017.168261][   T30]  __schedule+0x1800/0x4a60
[ 1017.193474][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.199196][   T30]  ? __pfx___schedule+0x10/0x10
[ 1017.235853][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1017.246308][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1017.251461][   T30]  ? kick_pool+0x1bd/0x620
[ 1017.255923][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1017.267558][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.279425][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[ 1017.297639][   T30]  ? schedule+0x90/0x320
[ 1017.302091][   T30]  schedule+0x14b/0x320
[ 1017.306289][   T30]  schedule_preempt_disabled+0x13/0x30
[ 1017.312083][   T30]  rwsem_down_write_slowpath+0xeeb/0x13b0
[ 1017.317851][   T30]  ? rwsem_down_write_slowpath+0xa06/0x13b0
[ 1017.323905][   T30]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[ 1017.330139][   T30]  ? __pfx_lock_acquire+0x10/0x10
[ 1017.336557][   T30]  __down_write_common+0x1af/0x200
[ 1017.341981][   T30]  ? __pfx___down_write_common+0x10/0x10
[ 1017.347678][   T30]  ? process_scheduled_works+0x945/0x1830
[ 1017.354145][   T30]  bch2_fs_read_only_work+0x25/0x40
[ 1017.359395][   T30]  process_scheduled_works+0xa2e/0x1830
[ 1017.366260][   T30]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1017.379399][   T30]  ? assign_work+0x364/0x3d0
[ 1017.391783][   T30]  worker_thread+0x86d/0xd40
[ 1017.396451][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1017.404890][   T30]  ? __kthread_parkme+0x169/0x1d0
[ 1017.409967][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1017.415253][   T30]  kthread+0x2f2/0x390
[ 1017.419362][   T30]  ? __pfx_worker_thread+0x10/0x10
[ 1017.425016][   T30]  ? __pfx_kthread+0x10/0x10
[ 1017.429651][   T30]  ret_from_fork+0x4d/0x80
[ 1017.434193][   T30]  ? __pfx_kthread+0x10/0x10
[ 1017.438833][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1017.445323][   T30]  </TASK>
[ 1017.448437][   T30] INFO: task syz.0.1824:12536 blocked for more than 143 seconds.
[ 1017.457095][   T30]       Not tainted 6.10.0-syzkaller-01193-g408323581b72 #0
[ 1017.464723][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1017.473841][   T30] task:syz.0.1824      state:D stack:24248 pid:12536 tgid:12496 ppid:11477  flags:0x00004004
[ 1017.489608][   T30] Call Trace:
[ 1017.496681][   T30]  <TASK>
[ 1017.499652][   T30]  __schedule+0x1800/0x4a60
[ 1017.506925][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.513110][   T30]  ? __pfx___schedule+0x10/0x10
[ 1017.518010][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1017.523520][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.529200][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.535203][   T30]  ? schedule+0x90/0x320
[ 1017.539485][   T30]  schedule+0x14b/0x320
[ 1017.544237][   T30]  __closure_sync+0x259/0x2f0
[ 1017.548951][   T30]  ? __closure_sync+0x149/0x2f0
[ 1017.555546][   T30]  ? __pfx___closure_sync+0x10/0x10
[ 1017.561132][   T30]  bch2_dev_allocator_remove+0x4f3/0x870
[ 1017.566897][   T30]  ? __pfx_bch2_dev_allocator_remove+0x10/0x10
[ 1017.573582][   T30]  ? bch2_dev_state_allowed+0x31a/0x620
[ 1017.579164][   T30]  ? __pfx_closure_sync_fn+0x10/0x10
[ 1017.585809][   T30]  bch2_dev_remove+0x1f9/0x1660
[ 1017.591078][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.598910][   T30]  ? __pfx_bch2_dev_remove+0x10/0x10
[ 1017.606298][   T30]  ? bch2_device_lookup+0x98/0x410
[ 1017.611810][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1017.616887][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.623359][   T30]  ? bch2_device_lookup+0x334/0x410
[ 1017.628601][   T30]  ? bch2_device_lookup+0x98/0x410
[ 1017.636788][   T30]  bch2_ioctl_disk_remove+0x85/0xa0
[ 1017.647588][   T30]  bch2_fs_ioctl+0x1b7c/0x37d0
[ 1017.658010][   T30]  ? mark_lock+0x9a/0x350
[ 1017.664179][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.669860][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.676017][   T30]  ? __lock_acquire+0x1346/0x1fd0
[ 1017.681539][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.687246][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.693529][   T30]  ? __pfx_bch2_fs_ioctl+0x10/0x10
[ 1017.701397][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1017.706666][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1017.714347][   T30]  ? validate_chain+0x11e/0x5900
[ 1017.719339][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.725832][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1017.731394][   T30]  ? __pfx_validate_chain+0x10/0x10
[ 1017.740923][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.746611][   T30]  ? validate_chain+0x11e/0x5900
[ 1017.753047][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.758723][   T30]  ? validate_chain+0x11e/0x5900
[ 1017.763800][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.769473][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.776484][   T30]  ? mark_lock+0x9a/0x350
[ 1017.781015][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.786689][   T30]  ? __lock_acquire+0x1346/0x1fd0
[ 1017.793679][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.801743][   T30]  ? mark_lock+0x9a/0x350
[ 1017.806542][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.812378][   T30]  ? __lock_acquire+0x1346/0x1fd0
[ 1017.817562][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.838037][   T30]  ? __pfx_lock_acquire+0x10/0x10
[ 1017.843386][   T30]  ? is_bpf_text_address+0x26/0x2a0
[ 1017.848636][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1017.862913][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.868620][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.874548][   T30]  ? deref_stack_reg+0x1c7/0x260
[ 1017.879537][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.895694][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.903940][T11104] Bluetooth: hci2: command tx timeout
[ 1017.925073][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.931095][   T30]  ? is_bpf_text_address+0x285/0x2a0
[ 1017.936428][   T30]  ? is_bpf_text_address+0x26/0x2a0
[ 1017.952340][   T30]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[ 1017.958547][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.970329][   T30]  ? kernel_text_address+0xa7/0xe0
[ 1017.975783][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1017.988439][   T30]  ? __kernel_text_address+0xd/0x40
[ 1017.997312][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.007403][   T30]  ? unwind_get_return_address+0x91/0xc0
[ 1018.027468][   T30]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1018.033742][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.039426][   T30]  ? stack_trace_save+0x118/0x1d0
[ 1018.044638][   T30]  ? __pfx_stack_trace_save+0x10/0x10
[ 1018.050042][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.055816][   T30]  ? stack_depot_save_flags+0x29/0x830
[ 1018.063644][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.080340][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.086041][   T30]  ? kasan_save_track+0x51/0x80
[ 1018.091062][   T30]  ? kasan_save_track+0x3f/0x80
[ 1018.095979][   T30]  ? kasan_save_free_info+0x40/0x50
[ 1018.105710][   T30]  ? __kasan_slab_free+0x37/0x60
[ 1018.117444][   T30]  ? kfree+0x149/0x360
[ 1018.121681][   T30]  ? tomoyo_path_number_perm+0x68d/0x880
[ 1018.127362][   T30]  ? security_file_ioctl+0x77/0xb0
[ 1018.132595][   T30]  bch2_fs_file_ioctl+0x870/0x26d0
[ 1018.137847][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.153700][   T30]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1018.158865][   T30]  ? __pfx_bch2_fs_file_ioctl+0x10/0x10
[ 1018.164884][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.172365][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.178049][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[ 1018.185719][  T780] usb 6-1: reset high-speed USB device number 41 using dummy_hcd
[ 1018.194273][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[ 1018.199980][   T30]  ? __pfx_lock_release+0x10/0x10
[ 1018.216564][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.223955][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.229780][   T30]  ? kfree+0x149/0x360
[ 1018.234066][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.239787][   T30]  ? tomoyo_path_number_perm+0x71a/0x880
[ 1018.260321][   T30]  ? tomoyo_path_number_perm+0x208/0x880
[ 1018.266143][   T30]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1018.272385][   T30]  ? __fget_files+0x29/0x470
[ 1018.277086][   T30]  ? __fget_files+0x3f6/0x470
[ 1018.284163][   T30]  ? __fget_files+0x29/0x470
[ 1018.288867][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.294753][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1018.308594][   T30]  ? security_file_ioctl+0x87/0xb0
[ 1018.330443][   T30]  ? __pfx_bch2_fs_file_ioctl+0x10/0x10
[ 1018.336110][   T30]  __se_sys_ioctl+0xfe/0x170
[ 1018.350326][   T30]  do_syscall_64+0xf3/0x230
[ 1018.354931][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1018.370398][   T30] RIP: 0033:0x7f039d575a19
[ 1018.374891][   T30] RSP: 002b:00007f039e2d3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1018.399580][   T30] RAX: ffffffffffffffda RBX: 00007f039d704110 RCX: 00007f039d575a19
[ 1018.407801][   T30] RDX: 0000000020000240 RSI: 000000004010bc05 RDI: 0000000000000004
[ 1018.429313][   T30] RBP: 00007f039d5e4e49 R08: 0000000000000000 R09: 0000000000000000
[ 1018.438849][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1018.447452][   T30] R13: 000000000000006e R14: 00007f039d704110 R15: 00007fff74a02d18
[ 1018.460371][   T30]  </TASK>
[ 1018.550468][   T30] 
[ 1018.550468][   T30] Showing all locks held in the system:
[ 1018.558246][   T30] 3 locks held by kworker/0:0/8:
[ 1018.610471][   T30]  #0: ffff8880b943e798 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[ 1018.664692][   T30]  #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770
[ 1018.714827][   T30]  #2: ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[ 1018.757539][   T30] 4 locks held by kworker/1:0/25:
[ 1018.792997][   T30]  #0: ffff88801b2c8548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1018.860290][   T30]  #1: ffffc900001f7d00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1018.920321][   T30]  #2: ffff8880238ce190 (&dev->mutex){....}-{3:3}, at: hub_event+0x1fe/0x5150
[ 1018.980283][   T30]  #3: ffff888023960518 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x7d2/0x5150
[ 1019.032001][   T30] 1 lock held by khungtaskd/30:
[ 1019.036917][   T30]  #0: ffffffff8e333fe0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[ 1019.100237][   T30] 5 locks held by kworker/1:2/780:
[ 1019.105405][   T30]  #0: ffff888015078948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1019.189605][   T30]  #1: ffffc90003497d00 ((work_completion)(&intf->reset_ws)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1019.239408][   T30]  #2: ffff88807f202190 (&dev->mutex){....}-{3:3}, at: usb_lock_device_for_reset+0x128/0x330
[ 1019.290252][   T30]  #3: ffff888023960518 (&port_dev->status_lock){+.+.}-{3:3}, at: usb_reset_device+0x5c8/0xb60
[ 1019.324862][   T30]  #4: ffff88802302bf68 (hcd->address0_mutex){+.+.}-{3:3}, at: usb_reset_and_verify_device+0x319/0x1440
[ 1019.368039][   T30] 4 locks held by kworker/u8:6/1090:
[ 1019.378151][   T30]  #0: ffff888015ed5948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1019.401396][   T30]  #1: ffffc9000442fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1019.421691][   T30]  #2: ffffffff8f5dfc50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[ 1019.445090][   T30]  #3: ffffffff8f5ec488 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2c0
[ 1019.459914][   T30] 2 locks held by getty/4847:
[ 1019.469342][   T30]  #0: ffff88802b0760a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1019.484516][   T30]  #1: ffffc9000311b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[ 1019.510259][   T30] 5 locks held by kworker/1:6/5163:
[ 1019.516609][   T30] 3 locks held by kworker/0:2/10705:
[ 1019.530292][   T30]  #0: ffff888015079148 ((wq_completion)events_long){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1019.554077][   T30]  #1: ffffc90009cdfd00 ((work_completion)(&c->read_only_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1019.575780][   T30]  #2: ffff888060d80278 (&c->state_lock){+.+.}-{3:3}, at: bch2_fs_read_only_work+0x25/0x40
[ 1019.597144][   T30] 3 locks held by kworker/1:3/11287:
[ 1019.604947][   T30]  #0: ffff888015078948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[ 1019.624962][   T30]  #1: ffffc90009107d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[ 1019.635595][   T30]  #2: ffffffff8e3393b8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[ 1019.649910][   T30] 1 lock held by syz-executor/12295:
[ 1019.655315][   T30]  #0: ffff88806c2d40e0 (&type->s_umount_key#32){++++}-{3:3}, at: deactivate_super+0xb5/0xf0
[ 1019.673838][   T30] 1 lock held by syz.0.1824/12536:
[ 1019.679006][   T30]  #0: ffff888060d80278 (&c->state_lock){+.+.}-{3:3}, at: bch2_dev_remove+0xe4/0x1660
[ 1019.688758][   T30] 1 lock held by kmmpd-loop1/13274:
[ 1019.694086][   T30]  #0: ffff88806c2d4420 (sb_writers#4){++++}-{0:0}, at: kmmpd+0x26d/0xaa0
[ 1019.702804][   T30] 2 locks held by syz-executor/15161:
[ 1019.708207][   T30]  #0: ffffffff8f5dfc50 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x4c6/0x7b0
[ 1019.719916][   T30]  #1: ffffffff8f5ec488 (rtnl_mutex){+.+.}-{3:3}, at: setup_net+0x83d/0xca0
[ 1019.728868][   T30] 1 lock held by syz.2.2655/15194:
[ 1019.734077][   T30]  #0: ffffffff8f5ec488 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1019.743278][   T30] 1 lock held by syz.5.2663/15216:
[ 1019.751313][   T30]  #0: ffffffff8f5ec488 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1019.760489][   T30] 3 locks held by syz.1.2666/15226:
[ 1019.765702][   T30]  #0: ffff888058a90d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[ 1019.776942][   T30]  #1: ffff888058a90078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60
[ 1019.786667][   T30]  #2: ffffffff8f756b88 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[ 1019.796801][   T30] 3 locks held by syz.4.2668/15232:
[ 1019.802071][   T30]  #0: ffff88805e5f8d88 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[ 1019.812112][   T30]  #1: ffff88805e5f8078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x494/0xf60
[ 1019.824766][   T30]  #2: ffffffff8f756b88 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[ 1019.834922][   T30] 1 lock held by syz.0.2669/15236:
[ 1019.840046][   T30]  #0: ffffffff8f5ec488 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3e/0x1b0
[ 1019.852299][   T30] 1 lock held by dhcpcd/15252:
[ 1019.857093][   T30]  #0: ffff88807f716208 (&sb->s_type->i_mutex_key#10){+.+.}-{3:3}, at: sock_close+0x90/0x240
[ 1019.919103][   T30] 
[ 1019.928708][   T30] =============================================
[ 1019.928708][   T30] 
[ 1019.954601][   T30] NMI backtrace for cpu 0
[ 1019.958998][   T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-01193-g408323581b72 #0
[ 1019.968570][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1019.978649][   T30] Call Trace:
[ 1019.981939][   T30]  <TASK>
[ 1019.984876][   T30]  dump_stack_lvl+0x241/0x360
[ 1019.989578][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1019.994797][   T30]  ? __pfx__printk+0x10/0x10
[ 1019.999399][   T30]  ? vprintk_emit+0x631/0x770
[ 1020.004106][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[ 1020.009166][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[ 1020.014139][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1020.019619][   T30]  ? _printk+0xd5/0x120
[ 1020.023786][   T30]  ? __pfx__printk+0x10/0x10
[ 1020.028384][   T30]  ? __wake_up_klogd+0xcc/0x110
[ 1020.033267][   T30]  ? __pfx__printk+0x10/0x10
[ 1020.037874][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1020.043529][   T30]  ? __rcu_read_unlock+0xa1/0x110
[ 1020.048583][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1020.054597][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[ 1020.060614][   T30]  watchdog+0xfde/0x1020
[ 1020.064887][   T30]  ? watchdog+0x1ea/0x1020
[ 1020.069335][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1020.074029][   T30]  kthread+0x2f2/0x390
[ 1020.078121][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1020.082813][   T30]  ? __pfx_kthread+0x10/0x10
[ 1020.087422][   T30]  ret_from_fork+0x4d/0x80
[ 1020.091862][   T30]  ? __pfx_kthread+0x10/0x10
[ 1020.096474][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1020.101279][   T30]  </TASK>
[ 1020.104519][T11104] Bluetooth: hci2: command tx timeout
[ 1020.106330][   T30] Sending NMI from CPU 0 to CPUs 1:
[ 1020.116107][    C1] NMI backtrace for cpu 1 skipped: idling at acpi_safe_halt+0x21/0x30
[ 1020.200328][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 1020.207246][   T30] CPU: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-01193-g408323581b72 #0
[ 1020.216830][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1020.226917][   T30] Call Trace:
[ 1020.230228][   T30]  <TASK>
[ 1020.233178][   T30]  dump_stack_lvl+0x241/0x360
[ 1020.237905][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1020.243148][   T30]  ? __pfx__printk+0x10/0x10
[ 1020.247774][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[ 1020.253792][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1020.259477][   T30]  ? vscnprintf+0x5d/0x90
[ 1020.263854][   T30]  panic+0x349/0x860
[ 1020.267780][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1020.273446][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1020.279639][   T30]  ? __pfx_panic+0x10/0x10
[ 1020.284072][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[ 1020.289490][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1020.295155][   T30]  ? __irq_work_queue_local+0x137/0x410
[ 1020.300742][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1020.306409][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[ 1020.311815][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[ 1020.317994][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[ 1020.324184][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[ 1020.329849][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[ 1020.336043][   T30]  watchdog+0x101d/0x1020
[ 1020.340403][   T30]  ? watchdog+0x1ea/0x1020
[ 1020.344850][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1020.349550][   T30]  kthread+0x2f2/0x390
[ 1020.353648][   T30]  ? __pfx_watchdog+0x10/0x10
[ 1020.358347][   T30]  ? __pfx_kthread+0x10/0x10
[ 1020.363062][   T30]  ret_from_fork+0x4d/0x80
[ 1020.367516][   T30]  ? __pfx_kthread+0x10/0x10
[ 1020.372136][   T30]  ret_from_fork_asm+0x1a/0x30
[ 1020.376947][   T30]  </TASK>
[ 1020.380236][   T30] Kernel Offset: disabled
[ 1020.384567][   T30] Rebooting in 86400 seconds..