last executing test programs:

15.087358131s ago: executing program 2:
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x5452, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000780)={{0x12, 0x1, 0x0, 0xf6, 0xb3, 0xe0, 0x40, 0xdf6, 0x4b, 0x56d7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x66, 0x87, 0xca}}]}}]}}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect$cdc_ecm(0x0, 0x56, 0x0, 0x0)
ioctl$EVIOCRMFF(r0, 0x40085503, 0x0)
syz_usb_disconnect(0xffffffffffffffff)

12.054534954s ago: executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = eventfd(0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$P9_RSTATFS(r2, &(0x7f0000000200)={0x43, 0x9, 0x0, {0xfffffff7}}, 0x43)
r3 = dup2(r2, r2)
writev(r2, &(0x7f0000001800)=[{&(0x7f0000000340)="4de47e8abad5ca20", 0x8}], 0x1)
r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
dup3(r4, r3, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0xfffffd24, 0x2)

9.097645052s ago: executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
socket$inet_udp(0x2, 0x2, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
rt_sigreturn()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCEXCL(r2, 0x8903)

8.226952258s ago: executing program 3:
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r0}, 0x10)
r1 = memfd_create(&(0x7f00000000c0)='\xfd\x0fm3#/\x00n\xaa\xaa\xe4\x01U\x8b\xc2\f\x03\x19\x9c\x8e\xcb\x90\x00\x00\xaegQ\x0e\x94\\y\x0fU2@\'\x8a\x80\x00$\x12\xfc\xe4.)\x9b\xf2@\xf0\xe0\xdb\x1f\xe6\xb4gc\x13\xda\xf9\xcd7el\xb7\xe6\b\x00\x00\x00\x00\xef\xff\x00vob/~\xc2\x00\b\x00\x00\x00\x00\x00\x00 \xff\xf1\xdem\x9c;%\xb5\"\xe4\xf1x2\x8a\x19p\x04\\\xaa-\x93\xd1\xc4 )\xbfK\xf7E\xf3\x05\xa0\xd0\xe6%\x97\x15\xf0\xab\x86\x90k\x10\xcer\x14\xe0a\xaf\xab\xfe\xd9V\x19\xa5d\x16\x8e]:3\xff\t\xe6\xf7\xb3\xbf\xa3\b[?\xb5\x14t\xd3\x8e\xc0\xe8\xefd\x88\xddz\xa25)\x17\xef\xfb4\xff\xdb\t\x8e\xeb\x1d\\\xf9\x14\xc7\v\xa8\x89\xdb A\xbaBAj\xfe\x18\xc3-+\xd6\xb0K\xee\x1b+\xc7lA\x84\xa6\xfe\x8bU<&\x1a\xe7m\x86\xb7\xa1A\xf9\x02S;C\x99\a.$K\x833\x82\x7f\x1b\'nj\x06\b\xb7\xe8] \x87A[y\xdc\x14\f\xcet\x00\x1f\x0f\xef\xca\xcfz\x7f\an0\xebB\xb8}&\xdd\xc9\xa7\x1dp\t\x9a\xceb \x81\xaaq{H\x88\xdf\xf8\x80\\\x1c8\xfe\xc4\xe3\xb0\x90\xcb\x8b1r\x94\x9f\x00\xce\xc8\xc3\x84\xa0\xc9\b\x00\x81Ks\xba\xbbC6\xd6\x13\xb5\xe086EzD\x18\xd5\x16\x88E\xc6\xf0A9\xf1u\xb3\x85\x02\x12\\Sp\xf4\x9a\xe8\x96^\xe6\xa8K\x12\b}\xff\xcb{\xc6\xf6\xb4\x8b\xb6\xa8Y\xf2\x91\xeeR\v#\xb5)\xb0\x99\x9b-p\xe3\x17\x04\xb0\xdc\x0fk\x11\xe1\x9a\a\x16\xb7\x9b\x88\xfa\x1e`\x84$\xfc\xd7\xf5^X\xd8[}\x032\xd0\x84\xdby\x94Vp\xa5\xcd(\xab\xb6\x95sR\xab\xfc\x8c\'\x9c\x16Q\xad\xbc\xb04%\xb7\xe5\x14\xb1`\x87#X\\W`;\'_4\xc5\xc9\x921<\xd9\xad\x9f\x12@!\xfaI\x88\xab\xef\x86\xe9\a>\xdd7\xb7\x8e\x9c0-o\xc9\xec_|\x02\xc8Ru\x95\xa8#U\xd6J\x87\xf6X\xb6{\x11$\x00\xc8\x14\xcb\xd1nK\xd8\xb9\x0e\x9bA\xed\xbcs\x1fS\r\x12O\x83\x15\xcb(\xdb\xb1S\x1f%\x04\x9a\xa0l\xa3}\xe7r\x02\x00\x00\x00\x8aeh;F[\xe2\x1c<L\xaa\x87A\xcdN#\xfb\xb0\xf2\x1e\x0e#J\xd0hB<\xc0\x82A0)p\xe7&J\x82\x83\x83\xd14\x01\xcf\x1b\xa9\x1d\x1ef\x0f\x86(1\xd6l\xd2\x8f\xb0\xad\t\x15\xdb|\x87\xf1\xc4\xb8\xb2\x9a\xd2A\x80\xbf\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xd6\x80\x00\x00\x00\x00\x00\x00\x00\x88&}\xd1\x00\x00\x00\xe6\xaf\t\x9f\x96\rN\xc9\x90\xbe\xed\x1ad\x14\xe7\x84\t\'\x8b\x00\xdd\xc9\x0f\x14v\xb6\x04\xf2U\xb4\xf6\xbe\xddT\xcb\x00\x00\x00\x00\x00\x00\xe9\x00\x00\x00\x00\x00\x00o:}\xa7jmH\xedn\x11\xfe\xe2\x0fT\x00\x94\xbc\xc6\x7f\x93eE1xp\xa3\xdc\xd7K9J<\xeb\xd2!\xf4\x19\xbd#\xb8\x83\x858\n\xf8\x12Z\x1a\x12\xfa\xcc\x04\r\xf3\xf4;\v\x15b^\xea\xa2\x04 \xe8\x99\xb3\x97\x9e\r\xb0\x05\xbb(f\xd0\x85\xc5\x15\xae#\x12Q\xacF\xfb\xc8\xbd\xcc#\v\x00\x00\x00\x00\x00\x00\x8f\x9b\x00\x03\xc8}\x11\xbc\x01\x8fi\xf5\x7f\xaf\x11\xfb\x16\x95\xdfc\xc9\x8a/&\x81w\xdf]ao\\\x88\xf7\xce\xbd\xb0\xa6J~\x8d\xf1\xe9\x1c\xcfo\xb3\xdc\x04Y\x8e\r\xf5\xa0\xeft\x06G0\xe3D\xd6\xa3L\xedN\x0e\xdc@7\xd8^\xae\xea\x92\xbe\x9c\xf9~c\xc1|\xca\x8d\x93R\xe5\xceU\xa5\x0f\xbf\xd8l\x96`\x0f\x00e\x8aR{\x17Y\x15m>\xe26 \x19k&.\x7f\x1d~\xdaI\xd4\x99\a+\xdf]\xbc\xa6\xc3\x0f\x99W\x9c-t\v\xc7J\xfd\x91\x853\xd1j;\x19W\x96V\x8az+\xf9\x82#\xfaC\xa3YN:\xe8\xda\xbc\xb2h\x8f\xe0\xc6d\x96\xccy\xb3\xc2\x98\x1c\xca\xde\"\xaeW\x89\x83\xc2sB\xe7\b\x9b9~}\xc2\xb3\x1d\xcc?\xd1\x89\xef\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00J[\xc4\x04\xc1\xa6\x10\xc2\x9d\x11\t|\xc0\t\xd9(\x80\xe6s\xaa\x88\x8a\xd6\xa2\x01\x10W]Z\x8d\xf7\xd1P\xf9d\x01|\xa3\x03hSq\x95\x8f\xe1J\xd3#/fcCz\xff\x80\xe2M\xa3-r\xf6\x1a\xd74\xdc\xe1\xe4\xc3\x9dU t}\x02\x9a{C|S\xf4\x98\x05\xb9\x15}\xfa\"\xdc\xc2r\xf9\a\xadnD\xb6\x06\xd3\'\x10\x9f|\x17\xd6\x89O\f\x98@\x85\xa5m\x9d\\&\x17o\x11Z=l\xfb\x93\x8exZ', 0x6)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8010002})

7.481912464s ago: executing program 3:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
pipe2(0x0, 0x0)

7.066562246s ago: executing program 1:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000073797a300000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000006a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000065850000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
r1 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000380)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0}, 0x90)
io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0)
writev(r0, &(0x7f00000002c0)=[{&(0x7f0000000040)="01000000", 0x4}], 0x1)

5.860560094s ago: executing program 0:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/protocols\x00')
syz_open_dev$evdev(&(0x7f0000000480), 0x7, 0x2000)
preadv(r1, &(0x7f0000000080), 0x0, 0xfffffffa, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28)
sendto$inet6(r2, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
r3 = fsopen(&(0x7f0000000240)='romfs\x00', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a300000000005000500020000001400078005001500020000000800124000000000050004000000000012000300686173683a6e6574"], 0x60}, 0x1, 0x0, 0x0, 0x4008820}, 0x1)
sendfile(0xffffffffffffffff, r3, &(0x7f0000000100)=0x800, 0x5)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000000c0)='%(:2', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1)
utime(0x0, 0x0)

5.846486403s ago: executing program 1:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e00000000180002800c0002000d0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x58}}, 0x0)

5.754847562s ago: executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00'}, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20)

5.405754074s ago: executing program 4:
r0 = msgget$private(0x0, 0x0)
msgsnd(r0, &(0x7f0000001280)=ANY=[@ANYBLOB='^'], 0x8, 0x0)
msgrcv(r0, &(0x7f0000001b00)={0x0, ""/101}, 0x6d, 0x0, 0x1800)

4.976173493s ago: executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000000))
fcntl$lock(r1, 0x7, &(0x7f00000006c0)={0x1})
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = dup(r2)
dup3(r3, r1, 0x0)
rt_sigreturn()
poll(0x0, 0x0, 0x64)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
syz_open_procfs(0x0, 0x0)

4.915550757s ago: executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
pipe2$9p(&(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
rt_sigreturn()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$TIOCEXCL(r2, 0x8903)

4.719287407s ago: executing program 1:
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
syz_emit_ethernet(0x1aa, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x174, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2502"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x21, 0x2, "b8a3e100908f61640000000200fe80ffff00000000"}, {}]}}}}}}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x85}}, 0x0}, 0x90)

4.455958658s ago: executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00'}, 0x10)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448dd, &(0x7f0000000240)={0x0, 0x0, "957008"})
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfdef)
syz_emit_ethernet(0x3e, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd60122d9200083a0000000000000000000000ffffac1414aaff02000000000000000000000000b70001"], 0x0)
connect$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r2 = socket$inet6(0xa, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r3 = socket$inet6(0xa, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000fee000)=0x3fa, 0x4)
listen(r3, 0x2)
listen(r2, 0x80)
getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000140)={'broute\x00'}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x4}, 0x6)
ioctl$AUTOFS_IOC_CATATONIC(r1, 0x400443c8, 0x20000002)

4.143356261s ago: executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x3938700}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
accept(r1, 0x0, 0x0)

3.9857659s ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/vmallocinfo\x00', 0x0, 0x0)
read$hiddev(r0, &(0x7f00000000c0)=""/4092, 0xffc)

2.895943213s ago: executing program 1:
socket$netlink(0x10, 0x3, 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000008c0)=@raw={'raw\x00', 0x8, 0x3, 0x4b8, 0xc8, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3e8, 0xffffffff, 0xffffffff, 0x3e8, 0xffffffff, 0x3, 0x0, {[{{@uncond, 0x0, 0xa8, 0xc8, 0x60030000, {0x0, 0xff000000}}, @unspec=@TRACE={0x20}}, {{@ipv6={@rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @remote}, [], [], 'wg2\x00', 'team_slave_1\x00'}, 0x0, 0x300, 0x320, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @fd}, @common=@inet=@set2={{0x28}}]}, @unspec=@TRACE={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/73, 0x49}, {&(0x7f0000000200)=""/83, 0x53}], 0x3a}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000180)=[{0x0, 0x0, &(0x7f00000026c0)=[{&(0x7f0000000300)="0046ba3c405b5da814d7f2ee0c", 0xd}], 0x1}], 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'geneve0\x00', <r3=>0x0})
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000000f140100000000000000000008000100000000000c0045007264a1615f636d006dfc6f8f0739c0b0b52404d3c9670c8cbf5652e990d70c2c38031aa0af5e1b6e165f4b39bcaa270806a6ad97e2290180a965d67527e0f1b163b6d4015806c0beff035001f9085b5ded448081631cbb9923a219ed9a33bf978d"], 0x24}}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r5, &(0x7f0000000200), 0x12)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x1, 0x5, 0x3ff, 0xa04, r0, 0xffffff81, '\x00', r3, r5, 0x0, 0x4, 0x0, 0x8}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000005c0), &(0x7f0000000640), 0x5}, 0x38)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x60ff, 0x0)
r6 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r6, &(0x7f0000e5c000)={0x2, 0x4e20, @remote}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="18000000000000000000000000000000180000000020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000e40000b703000000000000850000009b000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
getsockopt$inet_int(r6, 0x10d, 0xad, &(0x7f0000000000), &(0x7f0000000240)=0x4)

2.674319341s ago: executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'ipvlan0\x00', 0x2})
preadv2(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
close(r1)
rt_sigreturn()
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
socket$inet6(0xa, 0x1, 0x0)
mlock2(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x0)

2.571454862s ago: executing program 0:
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/class/dmi', 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/dmi', 0x0, 0x0)
r1 = socket(0x1, 0x3, 0x0)
recvmsg$inet_nvme(r1, &(0x7f00000014c0)={&(0x7f0000000080)=@pppol2tpin6={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, 0x0}, 0x0)
close(r2)
rt_sigreturn()
ioctl$NS_GET_USERNS(r0, 0x5451, 0x0)
socket$unix(0x1, 0x0, 0x0)

2.365039739s ago: executing program 4:
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/if_inet6\x00')
read$FUSE(r0, &(0x7f0000000f40)={0x2020}, 0x2020)
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/95, 0x5f}], 0x1, 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

1.946035122s ago: executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00'}, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0, r0}, 0x10)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000100)=[@in={0x2, 0x0, @loopback}, @in6={0xa, 0x0, 0x0, @private0}], 0x2c)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000000)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x4, @prog_fd}, 0x20)

1.917045471s ago: executing program 3:
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = dup3(r1, r0, 0x0)
r3 = accept$unix(r2, 0x0, 0x0)
recvmsg(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)

1.712340576s ago: executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x90)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x1, 0x803, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e00000000180002800c0002000d0000001f000000060001000000000008000500", @ANYRES32, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x58}}, 0x0)

1.493766412s ago: executing program 1:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000001a80)=""/102400, 0x19000}, {0x0}], 0x2, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/protocols\x00')
syz_open_dev$evdev(&(0x7f0000000480), 0x7, 0x2000)
preadv(r1, &(0x7f0000000080), 0x0, 0xfffffffa, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28)
sendto$inet6(r2, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
r3 = fsopen(&(0x7f0000000240)='romfs\x00', 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=ANY=[@ANYBLOB="600000000206010100000000000000000000000005000100070000000900020073797a300000000005000500020000001400078005001500020000000800124000000000050004000000000012000300686173683a6e6574"], 0x60}, 0x1, 0x0, 0x0, 0x4008820}, 0x1)
sendfile(0xffffffffffffffff, r3, &(0x7f0000000100)=0x800, 0x5)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000000c0)='%(:2', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0)
mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1)
utime(0x0, 0x0)

1.133674257s ago: executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r1, 0x26, &(0x7f0000000000))
fcntl$lock(r1, 0x7, &(0x7f00000006c0)={0x1})
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = dup(r2)
dup3(r3, r1, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
close(0xffffffffffffffff)
rt_sigreturn()
clock_gettime(0x0, &(0x7f0000000000)={0x0, <r4=>0x0})
timer_settime(0x0, 0x1, &(0x7f0000000080)={{0x77359400}, {0x0, r4+60000000}}, 0x0)
ioctl$BTRFS_IOC_BALANCE_CTL(0xffffffffffffffff, 0x5451, 0x0)

1.099090957s ago: executing program 3:
futex(&(0x7f0000004040)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
rt_sigreturn()
syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=")
getsockname$unix(0xffffffffffffffff, &(0x7f0000002600), &(0x7f0000001380)=0x1fa)
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@abs={0x1}, 0x6e)
listen(0xffffffffffffffff, 0x0)
r1 = dup3(0xffffffffffffffff, r0, 0x0)
accept4$inet(r1, 0x0, 0x0, 0x0)

921.434336ms ago: executing program 4:
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000000500), 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
syz_emit_ethernet(0x1ac, &(0x7f00000003c0)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x176, 0x3a, 0x0, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2502"}, {0x0, 0x1, "000000050000000026000400"}, {}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x21, 0x2, "b8a3e100908f61640000000200fe80ffff00000000"}, {}]}}}}}}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x85}}, 0x0}, 0x90)

316.133023ms ago: executing program 3:
gettid()
poll(0x0, 0x0, 0x401)
rt_sigreturn()
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
rt_sigreturn()
mlockall(0x1)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$TCSBRK(r0, 0x8901, 0x0)

244.60951ms ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000002000000000000000001801000020786c250000000000202020731af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000550000000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000440)='tlb_flush\x00', r0}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
write$cgroup_type(r1, &(0x7f0000000200), 0xf642e7e)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f00000012c0)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x0)
fallocate(r1, 0x0, 0x0, 0x1000)

0s ago: executing program 1:
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
r3 = socket$nl_route(0x10, 0x3, 0x0)
dup2(r0, r2)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x0, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.227' (ED25519) to the list of known hosts.
2024/06/08 01:21:10 fuzzer started
2024/06/08 01:21:11 dialing manager at 10.128.0.169:30024
[  158.669342][ T5046] cgroup: Unknown subsys name 'net'
[  158.917757][ T5046] cgroup: Unknown subsys name 'rlimit'
2024/06/08 01:21:59 starting 5 executor processes
[  204.863437][ T5054] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  207.261357][ T5080] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  207.286559][ T5079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  207.295005][ T5079] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  207.304864][ T5079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  207.313450][ T5079] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  207.322757][ T5079] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  207.325173][ T5081] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  207.333707][ T5079] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  207.347493][ T5082] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  207.365932][ T5079] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  207.366217][ T5082] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  207.376312][ T5079] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  207.390705][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  207.395245][ T5079] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  207.400551][ T5085] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  207.409597][ T5079] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  207.423149][ T5085] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  207.425340][ T5079] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  207.829148][   T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  207.896873][ T5079] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  207.909544][ T5079] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  207.924309][ T5079] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  207.936095][ T5079] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  207.945391][ T5079] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  208.006091][ T5079] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  208.018332][ T5079] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  208.030723][ T5079] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  208.107051][ T5079] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  208.147802][ T5079] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  208.161295][ T5079] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  208.930068][ T5073] chnl_net:caif_netlink_parms(): no params data found
[  209.199859][ T5075] chnl_net:caif_netlink_parms(): no params data found
[  209.312983][ T5077] chnl_net:caif_netlink_parms(): no params data found
[  209.383489][ T5087] chnl_net:caif_netlink_parms(): no params data found
[  209.502423][   T50] Bluetooth: hci2: command tx timeout
[  209.508078][   T50] Bluetooth: hci0: command tx timeout
[  209.582322][   T50] Bluetooth: hci1: command tx timeout
[  209.991419][   T50] Bluetooth: hci3: command tx timeout
[  209.991495][ T5077] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.004817][ T5077] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.012593][ T5077] bridge_slave_0: entered allmulticast mode
[  210.021687][ T5077] bridge_slave_0: entered promiscuous mode
[  210.044771][ T5077] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.053759][ T5077] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.061473][ T5077] bridge_slave_1: entered allmulticast mode
[  210.070758][ T5077] bridge_slave_1: entered promiscuous mode
[  210.223363][   T50] Bluetooth: hci4: command tx timeout
[  210.372176][ T5077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  210.382111][ T5089] chnl_net:caif_netlink_parms(): no params data found
[  210.422340][ T5073] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.430075][ T5073] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.438258][ T5073] bridge_slave_0: entered allmulticast mode
[  210.447450][ T5073] bridge_slave_0: entered promiscuous mode
[  210.470563][ T5077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  210.576013][ T5073] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.583995][ T5073] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.591708][ T5073] bridge_slave_1: entered allmulticast mode
[  210.600623][ T5073] bridge_slave_1: entered promiscuous mode
[  210.768298][ T5075] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.776095][ T5075] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.783934][ T5075] bridge_slave_0: entered allmulticast mode
[  210.792896][ T5075] bridge_slave_0: entered promiscuous mode
[  210.811427][ T5077] team0: Port device team_slave_0 added
[  210.821766][ T5075] bridge0: port 2(bridge_slave_1) entered blocking state
[  210.829658][ T5075] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.839944][ T5075] bridge_slave_1: entered allmulticast mode
[  210.848945][ T5075] bridge_slave_1: entered promiscuous mode
[  210.981480][ T5077] team0: Port device team_slave_1 added
[  210.989747][ T5087] bridge0: port 1(bridge_slave_0) entered blocking state
[  210.997639][ T5087] bridge0: port 1(bridge_slave_0) entered disabled state
[  211.005379][ T5087] bridge_slave_0: entered allmulticast mode
[  211.014134][ T5087] bridge_slave_0: entered promiscuous mode
[  211.072079][ T5073] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.170616][ T5075] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.183200][ T5087] bridge0: port 2(bridge_slave_1) entered blocking state
[  211.190900][ T5087] bridge0: port 2(bridge_slave_1) entered disabled state
[  211.200814][ T5087] bridge_slave_1: entered allmulticast mode
[  211.212784][ T5087] bridge_slave_1: entered promiscuous mode
[  211.229590][ T5073] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.275094][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_0
[  211.282411][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.309214][ T5077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  211.329782][ T5075] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  211.342828][ T5077] batman_adv: batadv0: Adding interface: batadv_slave_1
[  211.350096][ T5077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.376435][ T5077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  211.543452][ T5075] team0: Port device team_slave_0 added
[  211.582323][   T50] Bluetooth: hci0: command tx timeout
[  211.587968][   T50] Bluetooth: hci2: command tx timeout
[  211.633926][ T5073] team0: Port device team_slave_0 added
[  211.650272][ T5087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  211.666566][ T5073] team0: Port device team_slave_1 added
[  211.674281][   T50] Bluetooth: hci1: command tx timeout
[  211.685168][ T5075] team0: Port device team_slave_1 added
[  211.739480][ T5087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  212.041268][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_0
[  212.048671][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.075087][ T5073] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  212.078328][   T50] Bluetooth: hci3: command tx timeout
[  212.130153][ T5087] team0: Port device team_slave_0 added
[  212.139837][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_0
[  212.147224][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.173482][ T5075] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  212.200806][ T5077] hsr_slave_0: entered promiscuous mode
[  212.211496][ T5077] hsr_slave_1: entered promiscuous mode
[  212.222570][ T5089] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.230252][ T5089] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.238473][ T5089] bridge_slave_0: entered allmulticast mode
[  212.247607][ T5089] bridge_slave_0: entered promiscuous mode
[  212.260074][ T5073] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.267538][ T5073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.293877][ T5073] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.302344][   T50] Bluetooth: hci4: command tx timeout
[  212.312685][ T5087] team0: Port device team_slave_1 added
[  212.336536][ T5075] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.343775][ T5075] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.370183][ T5075] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.400953][ T5089] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.408821][ T5089] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.416761][ T5089] bridge_slave_1: entered allmulticast mode
[  212.425843][ T5089] bridge_slave_1: entered promiscuous mode
[  212.510400][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_0
[  212.518251][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.544628][ T5087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  212.639101][ T5087] batman_adv: batadv0: Adding interface: batadv_slave_1
[  212.646401][ T5087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  212.672882][ T5087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  212.839424][ T5089] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  212.908597][ T5075] hsr_slave_0: entered promiscuous mode
[  212.918782][ T5075] hsr_slave_1: entered promiscuous mode
[  212.928416][ T5075] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  212.937035][ T5075] Cannot create hsr debugfs directory
[  213.006544][ T5089] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  213.138559][ T5073] hsr_slave_0: entered promiscuous mode
[  213.147995][ T5073] hsr_slave_1: entered promiscuous mode
[  213.156474][ T5073] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  213.165855][ T5073] Cannot create hsr debugfs directory
[  213.225636][ T5087] hsr_slave_0: entered promiscuous mode
[  213.236697][ T5087] hsr_slave_1: entered promiscuous mode
[  213.245950][ T5087] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  213.254007][ T5087] Cannot create hsr debugfs directory
[  213.269744][ T5089] team0: Port device team_slave_0 added
[  213.297481][ T5089] team0: Port device team_slave_1 added
[  213.524263][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_0
[  213.531632][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.558136][ T5089] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  213.665265][   T50] Bluetooth: hci2: command tx timeout
[  213.670938][ T5079] Bluetooth: hci0: command tx timeout
[  213.674526][ T5089] batman_adv: batadv0: Adding interface: batadv_slave_1
[  213.683803][ T5089] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  213.710585][ T5089] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  213.743477][   T50] Bluetooth: hci1: command tx timeout
[  214.144166][   T50] Bluetooth: hci3: command tx timeout
[  214.164664][ T5089] hsr_slave_0: entered promiscuous mode
[  214.174027][ T5089] hsr_slave_1: entered promiscuous mode
[  214.181781][ T5089] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  214.189652][ T5089] Cannot create hsr debugfs directory
[  214.382593][   T50] Bluetooth: hci4: command tx timeout
[  214.574437][ T5077] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  214.594859][ T5077] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  214.659433][ T5077] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  214.704859][ T5077] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  214.920952][ T5073] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  214.947899][ T5073] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  215.034175][ T5075] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  215.055062][ T5073] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  215.078306][ T5073] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  215.156674][ T5075] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  215.199922][ T5075] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  215.222550][ T5075] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  215.475007][ T5087] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  215.527062][ T5087] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  215.616036][ T5087] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  215.680637][ T5087] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  215.743930][   T50] Bluetooth: hci2: command tx timeout
[  215.749601][ T5079] Bluetooth: hci0: command tx timeout
[  215.779128][ T5089] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  215.822527][ T5079] Bluetooth: hci1: command tx timeout
[  215.967303][ T5089] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  216.005286][ T5089] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  216.025156][ T5089] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  216.250987][ T5079] Bluetooth: hci3: command tx timeout
[  216.284214][ T5077] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.403068][ T5077] 8021q: adding VLAN 0 to HW filter on device team0
[  216.463487][ T5079] Bluetooth: hci4: command tx timeout
[  216.478047][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.485863][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.595787][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.603545][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  216.780821][ T5073] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.827558][ T5075] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.043536][ T5073] 8021q: adding VLAN 0 to HW filter on device team0
[  217.119523][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.127286][ T5123] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.174939][ T5075] 8021q: adding VLAN 0 to HW filter on device team0
[  217.267014][ T5087] 8021q: adding VLAN 0 to HW filter on device bond0
[  217.299079][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.306814][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.328378][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.336124][ T5123] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.466598][ T5087] 8021q: adding VLAN 0 to HW filter on device team0
[  217.533367][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.541067][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.707202][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  217.714983][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  217.848302][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  217.856080][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.969308][ T5089] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.187407][ T5089] 8021q: adding VLAN 0 to HW filter on device team0
[  218.331575][ T5125] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.339414][ T5125] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.503310][ T5125] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.510998][ T5125] bridge0: port 2(bridge_slave_1) entered forwarding state
[  218.751349][ T5089] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  219.118953][ T1218] ieee802154 phy0 wpan0: encryption failed: -22
[  219.126698][ T1218] ieee802154 phy1 wpan1: encryption failed: -22
[  219.467822][ T5077] 8021q: adding VLAN 0 to HW filter on device batadv0
[  219.871643][ T5073] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.215146][ T5077] veth0_vlan: entered promiscuous mode
[  220.402931][ T5077] veth1_vlan: entered promiscuous mode
[  220.485390][ T5087] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.523213][ T5073] veth0_vlan: entered promiscuous mode
[  220.660311][ T5073] veth1_vlan: entered promiscuous mode
[  220.724892][ T5075] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.820121][ T5089] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.900232][ T5077] veth0_macvtap: entered promiscuous mode
[  221.013011][ T5077] veth1_macvtap: entered promiscuous mode
[  221.181549][ T5087] veth0_vlan: entered promiscuous mode
[  221.282754][ T5077] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.329624][ T5073] veth0_macvtap: entered promiscuous mode
[  221.378138][ T5087] veth1_vlan: entered promiscuous mode
[  221.397573][ T5077] batman_adv: batadv0: Interface activated: batadv_slave_1
[  221.466204][ T5077] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  221.475403][ T5077] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  221.484577][ T5077] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  221.493735][ T5077] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  221.513526][ T5073] veth1_macvtap: entered promiscuous mode
[  221.620512][ T5089] veth0_vlan: entered promiscuous mode
[  221.774647][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  221.786896][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  221.804762][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_0
[  221.872213][ T5089] veth1_vlan: entered promiscuous mode
[  221.890370][ T5087] veth0_macvtap: entered promiscuous mode
[  221.981705][ T5073] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.000398][ T5073] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.015506][ T5073] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.057334][ T5087] veth1_macvtap: entered promiscuous mode
[  222.214745][ T5073] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.227622][ T5073] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.238162][ T5073] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.247353][ T5073] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  222.285458][ T5089] veth0_macvtap: entered promiscuous mode
[  222.410224][ T5089] veth1_macvtap: entered promiscuous mode
[  222.457971][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.469053][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.480476][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.491252][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.506821][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.648856][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.661698][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.673459][ T5087] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.686351][ T5087] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.703172][ T5087] batman_adv: batadv0: Interface activated: batadv_slave_1
[  222.810908][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.821816][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.832195][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.843032][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.853183][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.864226][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.879247][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.919524][ T5087] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  222.928739][ T5087] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  222.938022][ T5087] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  222.950249][ T5087] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.129904][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  223.142210][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.153371][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  223.164129][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.174343][ T5089] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  223.185066][ T5089] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  223.201198][ T5089] batman_adv: batadv0: Interface activated: batadv_slave_1
[  223.368864][ T5089] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  223.378057][ T5089] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  223.387319][ T5089] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  223.396548][ T5089] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  223.734621][ T5075] veth0_vlan: entered promiscuous mode
[  223.851472][ T5075] veth1_vlan: entered promiscuous mode
[  224.321698][ T5075] veth0_macvtap: entered promiscuous mode
[  224.439831][ T5075] veth1_macvtap: entered promiscuous mode
[  224.668072][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.680290][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.691200][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.705630][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.716355][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.727223][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.737407][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  224.748182][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.763492][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_0
[  224.910220][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  224.922920][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.933225][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  224.947650][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.961441][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  224.973093][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  224.983265][ T5075] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  224.994057][ T5075] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.009145][ T5075] batman_adv: batadv0: Interface activated: batadv_slave_1
[  225.174876][ T5075] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.187273][ T5075] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.197756][ T5075] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.207125][ T5075] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  228.485055][ T3371] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.493212][ T3371] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.737651][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.746055][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  228.811087][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.819177][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.052781][  T780] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.062253][  T780] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.823669][  T780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  229.832120][  T780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.042671][ T5134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.050741][ T5134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.159026][ T3412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.167397][ T3412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  230.201140][ T4425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  230.209846][ T4425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.754211][ T5268] veth1_macvtap: left promiscuous mode
[  233.227689][ T4303] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  233.235904][ T4303] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  233.616557][ T4365] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  233.624771][ T4365] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.043650][ T5283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  234.111551][ T5284] pim6reg1: entered promiscuous mode
[  234.117591][ T5284] pim6reg1: entered allmulticast mode
[  234.978976][ T5295] loop2: detected capacity change from 0 to 128
[  235.175018][ T5297] loop4: detected capacity change from 0 to 512
[  235.207655][ T5297] =======================================================
[  235.207655][ T5297] WARNING: The mand mount option has been deprecated and
[  235.207655][ T5297]          and is ignored by this kernel. Remove the mand
[  235.207655][ T5297]          option from the mount to silence this warning.
[  235.207655][ T5297] =======================================================
[  235.874211][ T5302] loop1: detected capacity change from 0 to 128
[  236.441322][ T5297] EXT4-fs (loop4): Test dummy encryption mode enabled
[  236.672511][ T5297] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #17: comm syz-executor.4: iget: bogus i_mode (0)
[  236.920961][   T29] audit: type=1800 audit(1717809751.109:2): pid=5309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="loop1" ino=1048595 res=0 errno=0
[  237.072900][ T5297] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 17 (err -117)
[  237.133329][ T5297] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.738977][ T5075] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.903709][ T5317] loop1: detected capacity change from 0 to 256
[  240.802634][ T5320] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  241.828633][ T5325] fuse: Unknown parameter '017777777777777777777770000000000000000000000000000000000000000'
[  242.349586][ T5328] loop3: detected capacity change from 0 to 512
[  242.663295][ T5328] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2842c018, mo2=0002]
[  242.732844][ T5328] System zones: 0-2, 18-18, 34-35
[  242.823782][ T5328] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.837604][ T5328] ext4 filesystem being mounted at /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  244.012244][ T5340] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  244.037683][ T5338] loop0: detected capacity change from 0 to 128
[  244.178753][ T5328] EXT4-fs error (device loop3): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.3: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[  244.468448][ T5328] fuse: Bad value for 'fd'
[  245.245341][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 3: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0
[  245.293276][   T29] audit: type=1800 audit(1717809759.289:3): pid=5345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=1048597 res=0 errno=0
[  245.432286][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 12: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  245.598555][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  245.772991][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 14: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  245.902381][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 15: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  246.034032][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  246.143970][ T5087] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 17: comm syz-executor.3: path /root/syzkaller-testdir4235682268/syzkaller.Rmqdr6/7/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  246.271634][ T5087] EXT4-fs error (device loop3): ext4_map_blocks:580: inode #2: block 18: comm syz-executor.3: lblock 23 mapped to illegal pblock 18 (length 1)
[  246.829032][ T5350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  247.013925][ T5350] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  247.252431][   T29] audit: type=1326 audit(1717809761.369:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5352 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f223587cf69 code=0x0
[  247.344828][ T5087] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.510801][ T4425] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.689701][ T4425] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  247.985413][ T4425] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.104960][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[  248.147109][ T4425] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  248.625124][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  248.923785][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  249.025898][    T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!!
[  249.333797][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  249.342189][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  249.402235][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  249.435530][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  249.742776][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  249.751155][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  250.076334][ T5362] team0: Port device ip6gretap0 added
[  250.632849][ T4425] bridge_slave_1: left allmulticast mode
[  250.638856][ T4425] bridge_slave_1: left promiscuous mode
[  250.645677][ T4425] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.737224][ T4425] bridge_slave_0: left allmulticast mode
[  250.744379][ T4425] bridge_slave_0: left promiscuous mode
[  250.750937][ T4425] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.208671][ T5370] loop0: detected capacity change from 0 to 128
[  251.970911][ T4425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  251.989373][ T4425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  252.007183][ T4425] bond0 (unregistering): Released all slaves
[  252.214477][   T29] audit: type=1800 audit(1717809766.309:5): pid=5377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="loop0" ino=1048598 res=0 errno=0
[  254.673979][ T4425] hsr_slave_0: left promiscuous mode
[  254.736988][ T4425] hsr_slave_1: left promiscuous mode
[  254.781408][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  254.789503][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_0
[  254.875081][ T4425] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  254.883042][ T4425] batman_adv: batadv0: Removing interface: batadv_slave_1
[  254.940967][ T4425] veth1_macvtap: left promiscuous mode
[  254.955772][ T4425] veth0_macvtap: left promiscuous mode
[  254.966109][ T4425] veth1_vlan: left promiscuous mode
[  254.971695][ T4425] veth0_vlan: left promiscuous mode
[  256.265570][   T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  256.313306][   T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  256.327563][   T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  256.341171][   T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  256.353468][ T4425] team0 (unregistering): Port device team_slave_1 removed
[  256.384751][ T4425] team0 (unregistering): Port device team_slave_0 removed
[  256.432824][   T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  256.465776][   T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  258.070522][ T5404] chnl_net:caif_netlink_parms(): no params data found
[  258.706670][ T5079] Bluetooth: hci3: command tx timeout
[  259.198238][ T5429] bond0: entered promiscuous mode
[  259.203759][ T5429] bond_slave_0: entered promiscuous mode
[  259.210419][ T5429] bond_slave_1: entered promiscuous mode
[  259.518050][ T5426] bond0: left promiscuous mode
[  259.524063][ T5426] bond_slave_0: left promiscuous mode
[  259.530581][ T5426] bond_slave_1: left promiscuous mode
[  260.342422][ T5404] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.350135][ T5404] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.359483][ T5404] bridge_slave_0: entered allmulticast mode
[  260.368573][ T5404] bridge_slave_0: entered promiscuous mode
[  260.498685][ T5404] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.507053][ T5404] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.515024][ T5404] bridge_slave_1: entered allmulticast mode
[  260.524380][ T5404] bridge_slave_1: entered promiscuous mode
[  260.785589][ T5079] Bluetooth: hci3: command tx timeout
[  260.882984][ T5404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  261.010197][ T5404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  261.398519][ T5404] team0: Port device team_slave_0 added
[  261.479837][ T5404] team0: Port device team_slave_1 added
[  261.874172][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_0
[  261.881339][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.907729][ T5404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  262.464744][ T5404] batman_adv: batadv0: Adding interface: batadv_slave_1
[  262.472105][ T5404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.498851][ T5404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.874738][ T5079] Bluetooth: hci3: command tx timeout
[  263.223409][ T5404] hsr_slave_0: entered promiscuous mode
[  263.304592][ T5404] hsr_slave_1: entered promiscuous mode
[  263.372298][ T5404] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  263.380197][ T5404] Cannot create hsr debugfs directory
[  263.847879][ T5494] blktrace: Concurrent blktraces are not allowed on sg0
[  263.992705][ T5494] bond0: entered promiscuous mode
[  263.998082][ T5494] bond_slave_0: entered promiscuous mode
[  264.004967][ T5494] bond_slave_1: entered promiscuous mode
[  264.526183][ T5491] bond0: left promiscuous mode
[  264.531340][ T5491] bond_slave_0: left promiscuous mode
[  264.538037][ T5491] bond_slave_1: left promiscuous mode
[  264.844129][ T5505] loop0: detected capacity change from 0 to 256
[  264.956382][ T5079] Bluetooth: hci3: command tx timeout
[  265.170198][   T29] audit: type=1804 audit(1717809779.359:6): pid=5505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir732149281/syzkaller.Lhn5Ai/19/file0" dev="sda1" ino=1962 res=1 errno=0
[  265.195966][ T5505] Process accounting resumed
[  265.950293][ T5404] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  266.043880][ T5404] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  266.127435][ T5404] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  266.136951][ T4702] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  266.209858][ T5404] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  266.393127][ T4702] usb 1-1: Using ep0 maxpacket: 8
[  266.538781][ T4702] usb 1-1: config 0 has an invalid descriptor of length 106, skipping remainder of the config
[  266.549698][ T4702] usb 1-1: New USB device found, idVendor=0bac, idProduct=8501, bcdDevice=20.9d
[  266.559513][ T4702] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.629611][ T4702] usb 1-1: config 0 descriptor??
[  266.932920][ T4702] usb 1-1: string descriptor 0 read error: -71
[  266.955283][ T4702] usb 1-1: Found UVC 0.00 device <unnamed> (0bac:8501)
[  266.963781][ T4702] usb 1-1: No valid video chain found.
[  267.096707][ T4702] usb 1-1: USB disconnect, device number 2
[  267.726437][ T5404] 8021q: adding VLAN 0 to HW filter on device bond0
[  267.949785][ T5404] 8021q: adding VLAN 0 to HW filter on device team0
[  268.022757][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.030528][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  268.151059][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.158884][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  270.496209][ T5404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  270.708173][ T5545] loop1: detected capacity change from 0 to 64
[  271.275097][ T5404] veth0_vlan: entered promiscuous mode
[  271.415827][ T5404] veth1_vlan: entered promiscuous mode
[  271.811579][ T5557] Zero length message leads to an empty skb
[  271.853397][ T5404] veth0_macvtap: entered promiscuous mode
[  271.904973][ T5557] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  272.264272][ T5557] hsr_slave_1 (unregistering): left promiscuous mode
[  272.423074][ T5404] veth1_macvtap: entered promiscuous mode
[  272.743748][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.754563][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.764742][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.775584][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.789714][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.801660][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.811919][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  272.822629][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  272.837715][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_0
[  273.180834][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.195770][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.207433][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.218187][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.228282][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.239102][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.249258][ T5404] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.260123][ T5404] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.277731][ T5404] batman_adv: batadv0: Interface activated: batadv_slave_1
[  273.586929][ T5404] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  273.596403][ T5404] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  273.610035][ T5404] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  273.620448][ T5404] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  274.133039][ T5572] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  274.939122][ T5583] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  275.160006][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.014019][ T5595] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.024819][ T5595] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.033052][ T5595] bridge0: port 2(bridge_slave_1) entered forwarding state
[  276.785006][ T5601] loop1: detected capacity change from 0 to 64
[  277.187114][ T5156] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  277.598210][ T5156] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10
[  277.610007][ T5156] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  277.620395][ T5156] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  277.629860][ T5156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.713832][ T5605] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  277.930076][ T5619] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  278.163466][ T5156] usb 1-1: USB disconnect, device number 3
[  278.430440][ T5416] udevd[5416]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  279.760771][ T5636] loop4: detected capacity change from 0 to 512
[  279.813645][ T5636] EXT4-fs: quotafile must be on filesystem root
[  280.607678][ T1218] ieee802154 phy0 wpan0: encryption failed: -22
[  280.614653][ T1218] ieee802154 phy1 wpan1: encryption failed: -22
[  280.754480][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.544655][ T5664] loop0: detected capacity change from 0 to 256
[  283.694627][ T5156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.702834][ T5156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  283.925872][ T3120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  283.935523][ T3120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  284.317822][ T5669] loop2: detected capacity change from 0 to 64
[  285.110319][ T5681] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  285.447223][ T5681] hsr_slave_1 (unregistering): left promiscuous mode
[  285.950567][ T5684] loop2: detected capacity change from 0 to 2048
[  287.019287][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.523766][ T5710] loop1: detected capacity change from 0 to 256
[  288.621393][ T5714] loop0: detected capacity change from 0 to 64
[  290.118058][ T5717] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  291.274513][ T5728] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  293.407091][ T5748] loop1: detected capacity change from 0 to 64
[  293.580375][ T5750] loop0: detected capacity change from 0 to 256
[  294.908049][ T5752] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[  294.917806][ T5752] netlink: 666 bytes leftover after parsing attributes in process `syz-executor.2'.
[  298.313866][ T5125] bridge0: port 2(bridge_slave_1) entered disabled state
[  298.905363][ T5785] loop1: detected capacity change from 0 to 64
[  300.057324][ T5792] loop2: detected capacity change from 0 to 256
[  307.465425][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802f063e00: rx timeout, send abort
[  307.765990][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.974035][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802f063e00: abort rx timeout. Force session deactivation
[  308.246432][ T5821] loop3: detected capacity change from 0 to 64
[  308.455328][ T5823] syz-executor.2[5823] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  308.455883][ T5823] syz-executor.2[5823] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  308.849437][ T5828] loop1: detected capacity change from 0 to 256
[  309.653182][ T3412] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.107452][ T3412] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.344572][ T3412] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.540597][ T3412] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.958690][ T3412] bridge_slave_1: left allmulticast mode
[  310.965061][ T3412] bridge_slave_1: left promiscuous mode
[  310.971460][ T3412] bridge0: port 2(bridge_slave_1) entered disabled state
[  311.045904][ T3412] bridge_slave_0: left allmulticast mode
[  311.052415][ T3412] bridge_slave_0: left promiscuous mode
[  311.058678][ T3412] bridge0: port 1(bridge_slave_0) entered disabled state
[  311.120631][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  311.129737][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  311.139924][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  311.240255][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  311.286123][   T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  311.304972][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  312.124909][ T3412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  312.207050][ T3412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  312.301117][ T3412] bond0 (unregistering): Released all slaves
[  313.444163][ T5864] loop2: detected capacity change from 0 to 64
[  313.582456][   T50] Bluetooth: hci1: command tx timeout
[  313.645774][ T3412] hsr_slave_0: left promiscuous mode
[  313.697490][ T3412] hsr_slave_1: left promiscuous mode
[  313.760847][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  313.768953][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_0
[  313.826567][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  313.834457][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_1
[  313.977004][ T3412] veth1_macvtap: left promiscuous mode
[  313.983065][ T3412] veth0_macvtap: left promiscuous mode
[  313.988992][ T3412] veth1_vlan: left promiscuous mode
[  313.994769][ T3412] veth0_vlan: left promiscuous mode
[  315.106894][ T3412] team0 (unregistering): Port device team_slave_1 removed
[  315.260894][ T3412] team0 (unregistering): Port device team_slave_0 removed
[  315.700615][   T50] Bluetooth: hci1: command tx timeout
[  316.343912][ T5891] loop1: detected capacity change from 0 to 256
[  317.753253][   T50] Bluetooth: hci1: command tx timeout
[  317.830915][ T5844] chnl_net:caif_netlink_parms(): no params data found
[  317.914630][ T5900] loop3: detected capacity change from 0 to 64
[  319.824378][   T50] Bluetooth: hci1: command tx timeout
[  320.115684][ T5844] bridge0: port 1(bridge_slave_0) entered blocking state
[  320.124029][ T5844] bridge0: port 1(bridge_slave_0) entered disabled state
[  320.131682][ T5844] bridge_slave_0: entered allmulticast mode
[  320.140908][ T5844] bridge_slave_0: entered promiscuous mode
[  320.369648][ T5844] bridge0: port 2(bridge_slave_1) entered blocking state
[  320.378828][ T5844] bridge0: port 2(bridge_slave_1) entered disabled state
[  320.386689][ T5844] bridge_slave_1: entered allmulticast mode
[  320.399196][ T5844] bridge_slave_1: entered promiscuous mode
[  320.798249][ T5844] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  320.953625][ T5844] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  321.027679][ T5939] loop2: detected capacity change from 0 to 256
[  321.356948][ T5945] loop1: detected capacity change from 0 to 64
[  321.406488][ T5844] team0: Port device team_slave_0 added
[  324.259602][ T5945] hfs: unable to open extent tree
[  324.265112][ T5945] hfs: can't find a HFS filesystem on dev loop1
[  324.332879][ T5844] team0: Port device team_slave_1 added
[  324.636730][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_0
[  324.644127][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  324.670544][ T5844] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  324.786616][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1
[  324.793958][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  324.825049][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  325.633307][ T5844] hsr_slave_0: entered promiscuous mode
[  325.695786][ T5844] hsr_slave_1: entered promiscuous mode
[  325.745945][ T5844] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  325.754316][ T5844] Cannot create hsr debugfs directory
[  327.737603][ T5991] loop2: detected capacity change from 0 to 64
[  327.943179][ T5844] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  327.967220][ T5844] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  327.997341][ T5844] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  328.049049][ T5844] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  328.147478][ T5997] loop3: detected capacity change from 0 to 256
[  330.694338][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0
[  331.012580][ T5844] 8021q: adding VLAN 0 to HW filter on device team0
[  331.154326][  T780] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.162246][  T780] bridge0: port 1(bridge_slave_0) entered forwarding state
[  331.314937][  T780] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.322771][  T780] bridge0: port 2(bridge_slave_1) entered forwarding state
[  331.757038][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  333.669739][ T6036] loop1: detected capacity change from 0 to 64
[  333.801978][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0
[  333.832579][ T4431] Bluetooth: hci0: command 0x0406 tx timeout
[  333.839348][ T4431] Bluetooth: hci2: command 0x0406 tx timeout
[  333.848684][ T4431] Bluetooth: hci4: command 0x0406 tx timeout
[  335.708578][ T6058] loop1: detected capacity change from 0 to 256
[  339.275972][ T5844] veth0_vlan: entered promiscuous mode
[  339.453548][ T6067] ptrace attach of "/root/syz-executor.3 exec"[5404] was attempted by "/root/syz-executor.3 exec"[6067]
[  339.454681][ T5844] veth1_vlan: entered promiscuous mode
[  340.152840][ T5844] veth0_macvtap: entered promiscuous mode
[  340.303302][ T5844] veth1_macvtap: entered promiscuous mode
[  340.446154][ T6081] loop2: detected capacity change from 0 to 64
[  340.667436][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  340.683529][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.695152][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  340.705971][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.716068][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  340.726813][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.737038][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  340.747744][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.762912][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0
[  341.013853][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  341.024535][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.034652][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  341.045339][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.055339][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  341.065994][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.076001][ T5844] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  341.089776][ T5844] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.104265][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1
[  341.552236][ T5844] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  341.561312][ T5844] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  341.570782][ T5844] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  341.580012][ T5844] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  342.031116][ T1218] ieee802154 phy0 wpan0: encryption failed: -22
[  342.039489][ T1218] ieee802154 phy1 wpan1: encryption failed: -22
[  342.602156][ T6111] loop3: detected capacity change from 0 to 256
[  346.332969][ T6128] loop0: detected capacity change from 0 to 64
[  346.456341][ T6124] bond0: entered promiscuous mode
[  346.461649][ T6124] bond_slave_0: entered promiscuous mode
[  346.472600][ T6124] bond_slave_1: entered promiscuous mode
[  346.590062][ T6124] team0: entered promiscuous mode
[  346.595554][ T6124] team_slave_0: entered promiscuous mode
[  346.602696][ T6124] team_slave_1: entered promiscuous mode
[  349.901310][ T6176] loop1: detected capacity change from 0 to 256
[  349.913768][ T6175] loop3: detected capacity change from 0 to 64
[  351.623610][ T5079] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  351.648607][ T5079] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  351.669754][ T5079] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  351.733689][ T5079] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  351.782805][ T5079] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  351.793992][ T5079] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  353.218947][ T6183] chnl_net:caif_netlink_parms(): no params data found
[  353.570485][ T3412] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.828763][ T3412] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.845797][ T5079] Bluetooth: hci5: command tx timeout
[  354.027273][ T3412] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.249827][ T3412] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.364120][ T6217] loop3: detected capacity change from 0 to 64
[  354.395973][ T4425] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.404225][ T4425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.852796][ T3412] bridge_slave_1: left allmulticast mode
[  354.858915][ T3412] bridge_slave_1: left promiscuous mode
[  354.866481][ T3412] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.978965][ T3412] bridge_slave_0: left allmulticast mode
[  354.985048][ T3412] bridge_slave_0: left promiscuous mode
[  354.991667][ T3412] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.582086][ T6226] loop1: detected capacity change from 0 to 256
[  355.688173][ T3412] bond0 (unregistering): left promiscuous mode
[  355.694767][ T3412] bond_slave_0: left promiscuous mode
[  355.701239][ T3412] bond_slave_1: left promiscuous mode
[  355.798672][ T3412] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  356.616680][ T5079] Bluetooth: hci5: command tx timeout
[  356.670439][ T3412] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  356.690512][ T3412] bond0 (unregistering): Released all slaves
[  356.912785][ T4425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  356.920844][ T4425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  357.324740][ T6183] bridge0: port 1(bridge_slave_0) entered blocking state
[  357.334830][ T6183] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.360576][ T6183] bridge_slave_0: entered allmulticast mode
[  357.378898][ T6183] bridge_slave_0: entered promiscuous mode
[  357.630500][ T6183] bridge0: port 2(bridge_slave_1) entered blocking state
[  357.638350][ T6183] bridge0: port 2(bridge_slave_1) entered disabled state
[  357.646461][ T6183] bridge_slave_1: entered allmulticast mode
[  357.655636][ T6183] bridge_slave_1: entered promiscuous mode
[  357.750476][ T3412] team0: left promiscuous mode
[  357.755971][ T3412] team_slave_0: left promiscuous mode
[  357.764521][ T3412] team_slave_1: left promiscuous mode
[  358.709901][ T5079] Bluetooth: hci5: command tx timeout
[  358.787377][ T3412] hsr_slave_0: left promiscuous mode
[  358.829764][ T3412] hsr_slave_1: left promiscuous mode
[  358.841320][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  358.849322][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_0
[  358.870876][ T3412] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  358.880171][ T3412] batman_adv: batadv0: Removing interface: batadv_slave_1
[  358.905636][ T3412] veth1_macvtap: left promiscuous mode
[  358.911672][ T3412] veth0_macvtap: left promiscuous mode
[  358.917975][ T3412] veth1_vlan: left promiscuous mode
[  358.924209][ T3412] veth0_vlan: left promiscuous mode
[  359.625676][ T6258] loop3: detected capacity change from 0 to 64
[  359.797097][    C0] vcan0: j1939_tp_rxtimer: 0xffff888048bd2600: rx timeout, send abort
[  359.944256][ T3412] team0 (unregistering): Port device team_slave_1 removed
[  360.013970][ T3412] team0 (unregistering): Port device team_slave_0 removed
[  360.305700][    C0] vcan0: j1939_tp_rxtimer: 0xffff888048bd2600: abort rx timeout. Force session deactivation
[  360.663906][ T6244] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  360.806377][ T5079] Bluetooth: hci5: command tx timeout
[  360.826106][ T6183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  360.983798][ T6183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  361.067787][ T6267] loop0: detected capacity change from 0 to 256
[  362.347003][ T6183] team0: Port device team_slave_0 added
[  362.434670][ T6183] team0: Port device team_slave_1 added
[  362.619186][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_0
[  362.626477][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  362.653799][ T6183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  362.976462][ T6183] batman_adv: batadv0: Adding interface: batadv_slave_1
[  362.985109][ T6183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  363.014409][ T6183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  363.901107][ T6183] hsr_slave_0: entered promiscuous mode
[  363.965820][ T6183] hsr_slave_1: entered promiscuous mode
[  364.334422][ T6296] loop1: detected capacity change from 0 to 164
[  365.142863][ T6304] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  365.434040][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  366.190988][    C0] vcan0: j1939_tp_rxtimer: 0xffff888048bf6800: rx timeout, send abort
[  366.276467][ T6313] loop3: detected capacity change from 0 to 2048
[  366.479862][ T6313] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  366.616043][ T6313] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  366.699614][    C0] vcan0: j1939_tp_rxtimer: 0xffff888048bf6800: abort rx timeout. Force session deactivation
[  366.945494][ T6324] loop4: detected capacity change from 0 to 256
[  366.991441][   T29] audit: type=1804 audit(1717809881.059:7): pid=6313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1341077866/syzkaller.C0TOtR/48/file0/bus" dev="loop3" ino=1367 res=1 errno=0
[  367.017578][   T29] audit: type=1800 audit(1717809881.059:8): pid=6313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1367 res=0 errno=0
[  367.038792][   T29] audit: type=1804 audit(1717809881.119:9): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1341077866/syzkaller.C0TOtR/48/file0/bus" dev="loop3" ino=1367 res=1 errno=0
[  367.065098][   T29] audit: type=1800 audit(1717809881.119:10): pid=6327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="loop3" ino=1367 res=0 errno=0
[  367.256820][ T6183] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  367.379130][ T6183] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  369.840142][ T6183] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  369.919190][ T6183] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  371.755520][ T6346] loop1: detected capacity change from 0 to 512
[  371.814886][ T6183] 8021q: adding VLAN 0 to HW filter on device bond0
[  371.840260][ T6346] EXT4-fs (loop1): blocks per group (255) and clusters per group (8192) inconsistent
[  372.283828][ T6355] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  372.306461][ T6183] 8021q: adding VLAN 0 to HW filter on device team0
[  372.497088][   T43] bridge0: port 1(bridge_slave_0) entered blocking state
[  372.504881][   T43] bridge0: port 1(bridge_slave_0) entered forwarding state
[  372.794124][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  372.802036][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  372.920806][ T5346] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  373.879055][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a096400: rx timeout, send abort
[  373.948615][ T6373] loop3: detected capacity change from 0 to 256
[  373.984950][   T43] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  374.165352][    C1] hrtimer: interrupt took 495394 ns
[  374.387674][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a096400: abort rx timeout. Force session deactivation
[  375.285168][   T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  375.296574][   T43] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  375.307305][   T43] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  375.514285][   T43] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  375.523859][   T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.532415][   T43] usb 5-1: Product: syz
[  375.536817][   T43] usb 5-1: Manufacturer: syz
[  375.541754][   T43] usb 5-1: SerialNumber: syz
[  375.708809][ T6379] loop0: detected capacity change from 0 to 256
[  375.988184][ T6379] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a37, chksum : 0xd675b107, utbl_chksum : 0xe619d30d)
[  376.663447][ T6183] 8021q: adding VLAN 0 to HW filter on device batadv0
[  377.459866][ T6183] veth0_vlan: entered promiscuous mode
[  377.577007][ T6183] veth1_vlan: entered promiscuous mode
[  377.931640][ T6404] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  378.224685][ T6183] veth0_macvtap: entered promiscuous mode
[  378.377104][ T6183] veth1_macvtap: entered promiscuous mode
[  378.451276][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  378.466970][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.478232][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  378.489479][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.499706][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  378.510553][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.520683][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  378.531455][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.546692][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_0
[  378.781231][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  378.792919][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.803115][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  378.814405][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.824848][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  378.835741][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.846166][ T6183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  378.857103][ T6183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  378.877340][ T6183] batman_adv: batadv0: Interface activated: batadv_slave_1
[  379.004503][ T6408] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  379.088178][ T6183] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  379.097405][ T6183] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  379.107653][ T6183] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  379.116813][ T6183] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  379.351018][   T29] audit: type=1800 audit(1717809893.479:11): pid=6413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=1960 res=0 errno=0
[  379.388329][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804a0ad200: rx timeout, send abort
[  379.897512][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804a0ad200: abort rx timeout. Force session deactivation
[  379.907814][ T5085] Bluetooth: hci3: command 0x0406 tx timeout
[  380.035360][   T43] cdc_ncm 5-1:1.0: bind() failure
[  380.101695][ T6414] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  380.165898][   T43] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  380.276641][   T43] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  380.398479][   T43] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  381.636064][   T43] usb 5-1: USB disconnect, device number 2
[  382.536651][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.189476][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  384.707055][ T5134] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  384.832068][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d400: rx timeout, send abort
[  384.972429][ T5134] usb 4-1: Using ep0 maxpacket: 16
[  385.103302][ T5134] usb 4-1: config 0 has no interfaces?
[  385.340526][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d400: abort rx timeout. Force session deactivation
[  385.432758][ T5134] usb 4-1: string descriptor 0 read error: -71
[  385.439732][ T5134] usb 4-1: New USB device found, idVendor=f76d, idProduct=c71d, bcdDevice= 0.40
[  385.450074][ T5134] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.529167][ T5134] usb 4-1: config 0 descriptor??
[  385.576505][ T5134] usb 4-1: can't set config #0, error -71
[  385.644377][ T5134] usb 4-1: USB disconnect, device number 2
[  388.923940][ T6506] loop0: detected capacity change from 0 to 512
[  388.972785][   T25] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  389.124657][ T6506] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  389.138427][ T6506] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  389.224059][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  389.308902][ T5134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  389.320509][ T5134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  389.490936][ T6506] EXT4-fs (loop0): 1 truncate cleaned up
[  389.497906][ T6506] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  389.602156][ T3412] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  389.610609][ T3412] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  389.627384][   T25] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  389.638036][   T25] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  389.813383][   T25] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  389.828341][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  389.838462][   T25] usb 2-1: SerialNumber: syz
[  389.980810][    C0] vcan0: j1939_tp_rxtimer: 0xffff888039b17400: rx timeout, send abort
[  390.169304][ T6520] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  390.272866][ T6520] syz_tun: entered promiscuous mode
[  390.302236][ T6520] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  390.489463][    C0] vcan0: j1939_tp_rxtimer: 0xffff888039b17400: abort rx timeout. Force session deactivation
[  390.765215][ T5073] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.491260][ T6528] syzkaller0: entered promiscuous mode
[  391.497173][ T6528] syzkaller0: entered allmulticast mode
[  391.648801][   T25] usb 2-1: 0:2 : does not exist
[  391.654471][   T25] usb 2-1: unit 5: unexpected type 0x0b
[  392.064386][   T25] usb 2-1: USB disconnect, device number 2
[  392.471218][ T5346] udevd[5346]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  394.249366][ T6547] loop1: detected capacity change from 0 to 512
[  394.271170][ T5123] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  394.290522][ T6547] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  394.299002][ T6547] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  394.308079][ T6547] System zones: 0-1, 15-15, 18-18, 34-34
[  394.316721][ T6547] EXT4-fs (loop1): orphan cleanup on readonly fs
[  394.323637][ T6547] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0
[  394.341180][ T6547] EXT4-fs warning (device loop1): ext4_enable_quotas:7100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  394.356125][ T6547] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  394.365548][ T6547] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz-executor.1: bg 0: block 40: padding at end of block bitmap is not set
[  394.392790][ T6547] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6537: Corrupt filesystem
[  394.407032][ T6547] EXT4-fs (loop1): 1 truncate cleaned up
[  394.413180][ T6547] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  394.812090][    C1] vcan0: j1939_tp_rxtimer: 0xffff888053e0ec00: rx timeout, send abort
[  394.983334][ T6550] loop2: detected capacity change from 0 to 256
[  395.223711][ T3120] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.320694][    C1] vcan0: j1939_tp_rxtimer: 0xffff888053e0ec00: abort rx timeout. Force session deactivation
[  395.436343][ T5123] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  395.447873][ T5123] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.463034][ T5123] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  395.478331][ T5123] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  395.487802][ T5123] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.642619][ T6550] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF
[  395.668758][ T3120] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.697281][ T5123] usb 5-1: config 0 descriptor??
[  396.063051][ T3120] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.165560][   T29] audit: type=1800 audit(1717809910.109:12): pid=6550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file1" dev="loop2" ino=1048610 res=0 errno=0
[  396.210331][ T5123] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x1
[  396.218225][ T5123] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0
[  396.226107][ T5123] plantronics 0003:047F:FFFF.0001: item fetching failed at offset 14/15
[  396.436627][ T3120] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.598445][ T5123] plantronics 0003:047F:FFFF.0001: parse failed
[  396.606168][ T5123] plantronics 0003:047F:FFFF.0001: probe with driver plantronics failed with error -22
[  396.688933][ T6562] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  396.726317][ T5079] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  396.746305][ T5079] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  396.783027][ T5079] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  396.816199][ T5079] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  396.829715][ T5079] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  396.842807][ T5079] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  396.999306][ T5123] usb 5-1: USB disconnect, device number 3
[  397.322313][ T5089] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.489491][ T3120] bridge_slave_1: left allmulticast mode
[  397.495645][ T3120] bridge_slave_1: left promiscuous mode
[  397.508019][ T3120] bridge0: port 2(bridge_slave_1) entered disabled state
[  397.602979][ T3120] bridge_slave_0: left allmulticast mode
[  397.614730][ T3120] bridge_slave_0: left promiscuous mode
[  397.621430][ T3120] bridge0: port 1(bridge_slave_0) entered disabled state
[  398.790442][ T3120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  398.874581][ T3120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  398.977173][ T3120] bond0 (unregistering): Released all slaves
[  399.024202][ T5085] Bluetooth: hci0: command tx timeout
[  399.529124][ T4365] Ignoring NSS change in VHT Operating Mode Notification from 08:02:11:00:00:00 with invalid nss 2
[  400.278785][ T6596] net_ratelimit: 44 callbacks suppressed
[  400.278868][ T6596] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  400.332396][ T6565] chnl_net:caif_netlink_parms(): no params data found
[  400.364452][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  400.371965][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  401.000567][ T3120] hsr_slave_0: left promiscuous mode
[  401.051407][ T3120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  401.059699][ T3120] batman_adv: batadv0: Removing interface: batadv_slave_0
[  401.112325][ T5085] Bluetooth: hci0: command tx timeout
[  401.128684][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880494fde00: rx timeout, send abort
[  401.637266][    C1] vcan0: j1939_tp_rxtimer: 0xffff8880494fde00: abort rx timeout. Force session deactivation
[  401.823912][ T6607] hub 9-0:1.0: USB hub found
[  401.830419][ T6607] hub 9-0:1.0: 8 ports detected
[  402.732669][ T6609] hub 9-0:1.0: USB hub found
[  402.832384][ T6609] hub 9-0:1.0: 8 ports detected
[  404.598261][ T5085] Bluetooth: hci0: command tx timeout
[  404.609408][ T1218] ieee802154 phy0 wpan0: encryption failed: -22
[  404.617481][ T1218] ieee802154 phy1 wpan1: encryption failed: -22
[  404.636754][ T3120] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  404.656227][ T3120] batman_adv: batadv0: Removing interface: batadv_slave_1
[  404.943144][ T3120] veth0_macvtap: left promiscuous mode
[  404.949195][ T3120] veth1_vlan: left promiscuous mode
[  404.955052][ T3120] veth0_vlan: left promiscuous mode
[  406.355384][ T6633] loop4: detected capacity change from 0 to 8
[  406.568171][ T6633] SQUASHFS error: xz decompression failed, data probably corrupt
[  406.577035][ T6633] SQUASHFS error: Failed to read block 0x108: -5
[  406.583758][ T6633] SQUASHFS error: Unable to read metadata cache entry [106]
[  406.591245][ T6633] SQUASHFS error: Unable to read inode 0x11f
[  406.665453][ T5085] Bluetooth: hci0: command tx timeout
[  406.725179][ T3120] team0 (unregistering): Port device team_slave_1 removed
[  406.897946][ T3120] team0 (unregistering): Port device team_slave_0 removed
[  410.924253][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  411.681091][    C0] vcan0: j1939_tp_rxtimer: 0xffff888048826600: rx timeout, send abort
[  411.910562][ T6659] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[  412.040599][ T6659] syz_tun: entered promiscuous mode
[  412.077046][ T6659] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  412.189754][    C0] vcan0: j1939_tp_rxtimer: 0xffff888048826600: abort rx timeout. Force session deactivation
[  412.446410][ T6664] hub 9-0:1.0: USB hub found
[  412.454837][ T6664] hub 9-0:1.0: 8 ports detected
[  414.223396][ T6565] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.231261][ T6565] bridge0: port 1(bridge_slave_0) entered disabled state
[  414.239389][ T6565] bridge_slave_0: entered allmulticast mode
[  414.248758][ T6565] bridge_slave_0: entered promiscuous mode
[  414.595126][ T6565] bridge0: port 2(bridge_slave_1) entered blocking state
[  414.609712][ T6565] bridge0: port 2(bridge_slave_1) entered disabled state
[  414.617775][ T6565] bridge_slave_1: entered allmulticast mode
[  414.627244][ T6565] bridge_slave_1: entered promiscuous mode
[  415.003896][ T6565] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  415.163436][ T6565] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  415.613192][ T6565] team0: Port device team_slave_0 added
[  415.701598][ T6565] team0: Port device team_slave_1 added
[  416.305054][ T6565] batman_adv: batadv0: Adding interface: batadv_slave_0
[  416.312442][ T6565] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  416.338772][ T6565] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  416.474869][ T5133] bridge0: port 2(bridge_slave_1) entered disabled state
[  416.612797][ T6565] batman_adv: batadv0: Adding interface: batadv_slave_1
[  416.619982][ T6565] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  416.647044][ T6565] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  417.736363][ T6704] loop2: detected capacity change from 0 to 1024
[  417.809323][ T6565] hsr_slave_0: entered promiscuous mode
[  417.919839][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  417.936220][ T6565] hsr_slave_1: entered promiscuous mode
[  417.956115][ T6565] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  417.964127][ T6565] Cannot create hsr debugfs directory
[  418.172555][ T6709] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  418.585361][ T6714] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  418.643290][ T6714] syz_tun: entered promiscuous mode
[  418.665330][ T6714] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  418.676694][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a28c600: rx timeout, send abort
[  419.185144][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a28c600: abort rx timeout. Force session deactivation
[  420.626952][ T6565] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  420.802750][ T6731] hub 9-0:1.0: USB hub found
[  420.808630][ T6731] hub 9-0:1.0: 8 ports detected
[  421.098576][ T6565] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  421.214610][ T6565] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  421.458908][ T6565] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  423.850881][ T6565] 8021q: adding VLAN 0 to HW filter on device bond0
[  423.889437][ T6748] loop4: detected capacity change from 0 to 256
[  424.164913][ T6565] 8021q: adding VLAN 0 to HW filter on device team0
[  424.261259][ T6737] loop2: detected capacity change from 0 to 1024
[  424.347754][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  424.355726][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  424.489293][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  424.497255][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  425.683979][ T6762] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  426.241052][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a213e00: rx timeout, send abort
[  426.749614][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a213e00: abort rx timeout. Force session deactivation
[  427.436384][ T6784] capability: warning: `syz-executor.3' uses deprecated v2 capabilities in a way that may be insecure
[  427.835837][ T6565] 8021q: adding VLAN 0 to HW filter on device batadv0
[  428.493692][ T6565] veth0_vlan: entered promiscuous mode
[  428.687520][ T6565] veth1_vlan: entered promiscuous mode
[  429.436978][ T6565] veth0_macvtap: entered promiscuous mode
[  429.521327][ T6565] veth1_macvtap: entered promiscuous mode
[  429.786921][ T6814] loop4: detected capacity change from 0 to 1024
[  430.020999][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.032131][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.048565][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.060079][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.098832][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.110174][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.122108][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  430.133262][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  430.158768][ T6565] batman_adv: batadv0: Interface activated: batadv_slave_0
[  431.921530][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  431.932703][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.942944][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  431.953888][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  431.964675][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  431.975555][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  432.011239][ T6565] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  432.034134][ T6565] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  432.056887][ T6565] batman_adv: batadv0: Interface activated: batadv_slave_1
[  432.127452][   T29] audit: type=1804 audit(1717809945.999:13): pid=6822 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir3004153269/syzkaller.mXHepP/33/file0/bus" dev="loop4" ino=26 res=1 errno=0
[  434.057488][ T6565] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  434.073071][ T6565] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  434.085050][ T6565] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  434.094219][ T6565] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  434.308749][ T5844] hfsplus: bad catalog entry type
[  434.333639][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  434.895926][ T6831] loop2: detected capacity change from 0 to 1024
[  434.950895][ T6831] EXT4-fs: Ignoring removed orlov option
[  434.993588][ T6831] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  435.002712][ T6831] EXT4-fs (loop2): Test dummy encryption mode enabled
[  435.090454][    C0] vcan0: j1939_tp_rxtimer: 0xffff888017076200: rx timeout, send abort
[  435.131414][ T6838] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  435.175449][ T6831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  435.599903][    C0] vcan0: j1939_tp_rxtimer: 0xffff888017076200: abort rx timeout. Force session deactivation
[  435.814421][ T6831] fscrypt (loop2): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  435.935368][ T6844] fscrypt (loop2): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  436.302775][ T4303] hfsplus: b-tree write err: -5, ino 4
[  436.310271][ T5079] Bluetooth: hci1: command 0x0406 tx timeout
[  436.493400][ T6183] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  436.877669][ T2869] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.104616][ T2869] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.318632][ T2869] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.462460][ T2869] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  437.944647][ T2869] bridge_slave_1: left allmulticast mode
[  437.956511][ T2869] bridge_slave_1: left promiscuous mode
[  437.963468][ T2869] bridge0: port 2(bridge_slave_1) entered disabled state
[  438.102580][ T2869] bridge_slave_0: left allmulticast mode
[  438.108574][ T2869] bridge_slave_0: left promiscuous mode
[  438.116484][ T2869] bridge0: port 1(bridge_slave_0) entered disabled state
[  438.810196][ T6867] loop3: detected capacity change from 0 to 1024
[  439.204718][ T2869] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  439.394240][ T2869] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  439.499302][ T2869] bond0 (unregistering): Released all slaves
[  440.140273][ T5085] Bluetooth: hci5: hardware error 0x00
[  440.792081][ T2869] hsr_slave_0: left promiscuous mode
[  441.281944][ T2869] hsr_slave_1: left promiscuous mode
[  441.291381][ T2869] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  441.299393][ T2869] batman_adv: batadv0: Removing interface: batadv_slave_0
[  441.354739][ T2869] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  441.363421][ T2869] batman_adv: batadv0: Removing interface: batadv_slave_1
[  441.408130][ T2869] veth1_macvtap: left promiscuous mode
[  441.414294][ T2869] veth0_macvtap: left promiscuous mode
[  441.420040][ T2869] veth1_vlan: left promiscuous mode
[  441.425757][ T2869] veth0_vlan: left promiscuous mode
[  442.294287][ T5085] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  442.302573][ T5085] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  442.313021][ T5085] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  442.337388][ T5085] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  442.359459][ T5085] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  442.372107][ T5085] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  442.382036][ T5085] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  442.759966][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  443.113726][ T2869] team0 (unregistering): Port device team_slave_1 removed
[  443.204310][ T2869] team0 (unregistering): Port device team_slave_0 removed
[  443.238633][ T6914] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  443.516879][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804a2e4800: rx timeout, send abort
[  443.587367][ T6911] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[  444.025546][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804a2e4800: abort rx timeout. Force session deactivation
[  444.472252][ T5085] Bluetooth: hci1: command tx timeout
[  445.037162][ T6907] chnl_net:caif_netlink_parms(): no params data found
[  446.178181][ T3120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.186415][ T3120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  446.403550][ T3371] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.411570][ T3371] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  446.542247][ T5085] Bluetooth: hci1: command tx timeout
[  447.609139][ T6907] bridge0: port 1(bridge_slave_0) entered blocking state
[  447.617653][ T6907] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.625711][ T6907] bridge_slave_0: entered allmulticast mode
[  447.634067][ T6907] bridge_slave_0: entered promiscuous mode
[  448.004194][ T6907] bridge0: port 2(bridge_slave_1) entered blocking state
[  448.011721][ T6907] bridge0: port 2(bridge_slave_1) entered disabled state
[  448.019531][ T6907] bridge_slave_1: entered allmulticast mode
[  448.027872][ T6907] bridge_slave_1: entered promiscuous mode
[  448.487843][ T6907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  448.625443][ T5085] Bluetooth: hci1: command tx timeout
[  448.665783][ T6907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  448.864958][ T6907] team0: Port device team_slave_0 added
[  448.988445][ T6907] team0: Port device team_slave_1 added
[  449.287080][ T6907] batman_adv: batadv0: Adding interface: batadv_slave_0
[  449.294502][ T6907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.323012][ T6907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  449.603245][ T6907] batman_adv: batadv0: Adding interface: batadv_slave_1
[  449.610591][ T6907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  449.641724][ T6907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  450.702130][ T5085] Bluetooth: hci1: command tx timeout
[  450.724052][ T6907] hsr_slave_0: entered promiscuous mode
[  450.865428][ T6907] hsr_slave_1: entered promiscuous mode
[  450.967045][ T6907] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  450.975107][ T6907] Cannot create hsr debugfs directory
[  453.753487][    C1] vcan0: j1939_tp_rxtimer: 0xffff88812f848800: rx timeout, send abort
[  453.907028][ T6907] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  454.036133][ T6993] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  454.081160][ T6907] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  454.204646][ T6907] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  454.262053][    C1] vcan0: j1939_tp_rxtimer: 0xffff88812f848800: abort rx timeout. Force session deactivation
[  454.341866][ T6907] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  456.135869][ T6907] 8021q: adding VLAN 0 to HW filter on device bond0
[  456.353655][ T6907] 8021q: adding VLAN 0 to HW filter on device team0
[  456.446139][ T4702] bridge0: port 1(bridge_slave_0) entered blocking state
[  456.453733][ T4702] bridge0: port 1(bridge_slave_0) entered forwarding state
[  456.574086][ T4702] bridge0: port 2(bridge_slave_1) entered blocking state
[  456.582054][ T4702] bridge0: port 2(bridge_slave_1) entered forwarding state
[  458.506638][ T6907] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  460.327704][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  460.509489][   T29] audit: type=1804 audit(1717809974.519:14): pid=7025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir1304241216/syzkaller.jKnEft/8/file0" dev="sda1" ino=1961 res=1 errno=0
[  460.543045][   T29] audit: type=1326 audit(1717809974.569:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7023 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5fbf07cf69 code=0x0
[  461.086350][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a257200: rx timeout, send abort
[  461.373762][ T6907] 8021q: adding VLAN 0 to HW filter on device batadv0
[  461.595578][    C0] vcan0: j1939_tp_rxtimer: 0xffff88804a257200: abort rx timeout. Force session deactivation
[  462.766950][ T7047] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  464.105744][ T7055] netlink: 'syz-executor.3': attribute type 12 has an invalid length.
[  464.115107][ T7055] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'.
[  464.255261][ T6907] veth0_vlan: entered promiscuous mode
[  464.374403][ T6907] veth1_vlan: entered promiscuous mode
[  464.736383][ T6907] veth0_macvtap: entered promiscuous mode
[  465.196272][ T1218] ieee802154 phy0 wpan0: encryption failed: -22
[  465.203310][ T1218] ieee802154 phy1 wpan1: encryption failed: -22
[  465.382337][ T6907] veth1_macvtap: entered promiscuous mode
[  465.680268][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  465.691298][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  465.704660][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  465.716251][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  465.726524][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  465.744008][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  465.754651][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  465.765851][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  465.781151][ T6907] batman_adv: batadv0: Interface activated: batadv_slave_0
[  466.141123][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  466.152748][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.163015][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  466.173785][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.183984][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  466.194819][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.205011][ T6907] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  466.218845][ T6907] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.234963][ T6907] batman_adv: batadv0: Interface activated: batadv_slave_1
[  466.892206][ T6907] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  466.901273][ T6907] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  466.910489][ T6907] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  466.919895][ T6907] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  468.099684][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d000: rx timeout, send abort
[  468.608318][    C1] vcan0: j1939_tp_rxtimer: 0xffff88804880d000: abort rx timeout. Force session deactivation
[  468.680109][ T7089] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  470.475250][   T29] audit: type=1326 audit(1717809984.619:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7107 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1105a7cf69 code=0x7ffc0000
[  472.270499][ T7136] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  474.177320][  T780] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.185975][  T780] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  474.241206][ T7154] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  474.249829][ T7154] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.3'.
[  474.309575][ T5134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.318004][ T5134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  474.997960][ T7162] bridge0: port 3(gretap0) entered blocking state
[  475.005646][ T7162] bridge0: port 3(gretap0) entered disabled state
[  475.013160][ T7162] gretap0: entered allmulticast mode
[  475.026918][ T7162] gretap0: entered promiscuous mode
[  475.035059][ T7162] bridge0: port 3(gretap0) entered blocking state
[  475.042303][ T7162] bridge0: port 3(gretap0) entered forwarding state
[  475.107845][ T7162] gretap0: left allmulticast mode
[  475.113589][ T7162] gretap0: left promiscuous mode
[  475.119721][ T7162] bridge0: port 3(gretap0) entered disabled state
[  477.000832][ T7200] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  477.285979][   T25] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.353118][ T7199] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[  477.984345][ T7208] tmpfs: Bad value for 'nr_inodes'
[  478.285760][   T29] audit: type=1326 audit(1717809992.419:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda527cf69 code=0x7ffc0000
[  478.313098][   T29] audit: type=1326 audit(1717809992.439:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fcda527cf69 code=0x7ffc0000
[  478.337464][   T29] audit: type=1326 audit(1717809992.439:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7210 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcda527cf69 code=0x7ffc0000
[  479.481041][ T7229] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  481.068285][ T7263] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  481.094310][ T7263] syz_tun: entered promiscuous mode
[  481.118571][ T7257] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[  481.259386][ T7263] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  482.707514][ T7286] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  482.812491][ T5123] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  483.372429][ T5123] usb 3-1: New USB device found, idVendor=0df6, idProduct=004b, bcdDevice=56.d7
[  483.382013][ T5123] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.390157][ T5123] usb 3-1: Product: syz
[  483.394605][ T5123] usb 3-1: Manufacturer: syz
[  483.399320][ T5123] usb 3-1: SerialNumber: syz
[  483.458215][ T5123] usb 3-1: config 0 descriptor??
[  483.581478][ T5123] r8712u: register rtl8712_netdev_ops to netdev_ops
[  483.593755][ T5123] usb 3-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[  483.734452][ T5134] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.219146][ T5123] usb 3-1: r8712u: Boot from EFUSE: Autoload Failed
[  484.226394][ T5123] usb 3-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[  484.242775][ T5123] usb 3-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[  484.355287][ T5123] usb 3-1: USB disconnect, device number 2
[  484.704078][ T7319] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  485.037461][ T7318] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[  486.524339][ T7338] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  489.115144][ T7368] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  489.343590][ T5085] Bluetooth: hci1: link tx timeout
[  489.349220][ T5085] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  489.630804][ T7373] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[  491.144008][ T5123] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  491.160940][ T5123] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  491.423612][ T5085] Bluetooth: hci1: command 0x0406 tx timeout
[  493.130347][ T7424] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  494.469766][ T7436] Bluetooth: Found 0 CAPI controller(s) on device 10:aa:aa:aa:aa:aa
[  497.073836][ T7479] netlink: 'syz-executor.4': attribute type 10 has an invalid length.
[  497.148888][ T7479] syz_tun: entered promiscuous mode
[  497.174902][ T7479] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  497.773583][ T7488] =====================================================
[  497.780837][ T7488] BUG: KMSAN: uninit-value in strnchr+0x90/0xd0
[  497.787359][ T7488]  strnchr+0x90/0xd0
[  497.791437][ T7488]  bpf_bprintf_prepare+0x1c2/0x23c0
[  497.796848][ T7488]  bpf_trace_printk+0xec/0x3e0
[  497.801799][ T7488]  ___bpf_prog_run+0x13fe/0xe0f0
[  497.806907][ T7488]  __bpf_prog_run32+0xb2/0xe0
[  497.811748][ T7488]  bpf_trace_run2+0x116/0x300
[  497.816582][ T7488]  __bpf_trace_tlb_flush+0x2c/0x40
[  497.821875][ T7488]  switch_mm_irqs_off+0x9d2/0x1010
[  497.827152][ T7488]  __text_poke+0xb4e/0xfb0
[  497.831743][ T7488]  text_poke_bp_batch+0x17f/0x960
[  497.836959][ T7488]  text_poke_finish+0x7d/0xd0
[  497.841823][ T7488]  arch_jump_label_transform_apply+0x23/0x40
[  497.847980][ T7488]  __jump_label_update+0x6af/0x6d0
[  497.853291][ T7488]  jump_label_update+0x6a0/0x7a0
[  497.858416][ T7488]  static_key_enable_cpuslocked+0x229/0x260
[  497.864516][ T7488]  static_key_enable+0x23/0x30
[  497.869469][ T7488]  tracepoint_add_func+0x1084/0x1280
[  497.874967][ T7488]  tracepoint_probe_register_prio_may_exist+0xa8/0xf0
[  497.881962][ T7488]  bpf_probe_register+0x201/0x250
[  497.887171][ T7488]  bpf_raw_tp_link_attach+0x627/0x8a0
[  497.892771][ T7488]  bpf_raw_tracepoint_open+0x485/0x8a0
[  497.898432][ T7488]  __sys_bpf+0x5a6/0xd90
[  497.902838][ T7488]  __x64_sys_bpf+0xa0/0xe0
[  497.907409][ T7488]  x64_sys_call+0x96b/0x3b50
[  497.912191][ T7488]  do_syscall_64+0xcf/0x1e0
[  497.916889][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  497.922979][ T7488] 
[  497.925407][ T7488] Local variable stack created at:
[  497.930602][ T7488]  __bpf_prog_run32+0x43/0xe0
[  497.935445][ T7488]  bpf_trace_run2+0x116/0x300
[  497.940283][ T7488] 
[  497.942703][ T7488] CPU: 0 PID: 7488 Comm: syz-executor.0 Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0
[  497.952846][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  497.963031][ T7488] =====================================================
[  497.970053][ T7488] Disabling lock debugging due to kernel taint
[  497.976389][ T7488] Kernel panic - not syncing: kmsan.panic set ...
[  497.982894][ T7488] CPU: 0 PID: 7488 Comm: syz-executor.0 Tainted: G    B              6.9.0-syzkaller-02707-g614da38e2f7a #0
[  497.994502][ T7488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  498.004682][ T7488] Call Trace:
[  498.008047][ T7488]  <TASK>
[  498.011055][ T7488]  dump_stack_lvl+0x216/0x2d0
[  498.015910][ T7488]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  498.021876][ T7488]  dump_stack+0x1e/0x30
[  498.026177][ T7488]  panic+0x4e2/0xcd0
[  498.030234][ T7488]  ? kmsan_get_metadata+0xf1/0x1d0
[  498.035526][ T7488]  kmsan_report+0x2d5/0x2e0
[  498.040168][ T7488]  ? __msan_warning+0x95/0x120
[  498.045046][ T7488]  ? strnchr+0x90/0xd0
[  498.049277][ T7488]  ? bpf_bprintf_prepare+0x1c2/0x23c0
[  498.054814][ T7488]  ? bpf_trace_printk+0xec/0x3e0
[  498.059901][ T7488]  ? ___bpf_prog_run+0x13fe/0xe0f0
[  498.065153][ T7488]  ? __bpf_prog_run32+0xb2/0xe0
[  498.070134][ T7488]  ? bpf_trace_run2+0x116/0x300
[  498.075130][ T7488]  ? __bpf_trace_tlb_flush+0x2c/0x40
[  498.080564][ T7488]  ? switch_mm_irqs_off+0x9d2/0x1010
[  498.085978][ T7488]  ? __text_poke+0xb4e/0xfb0
[  498.090709][ T7488]  ? text_poke_bp_batch+0x17f/0x960
[  498.096058][ T7488]  ? text_poke_finish+0x7d/0xd0
[  498.101060][ T7488]  ? arch_jump_label_transform_apply+0x23/0x40
[  498.107467][ T7488]  ? __jump_label_update+0x6af/0x6d0
[  498.112942][ T7488]  ? jump_label_update+0x6a0/0x7a0
[  498.118202][ T7488]  ? static_key_enable_cpuslocked+0x229/0x260
[  498.124429][ T7488]  ? static_key_enable+0x23/0x30
[  498.129525][ T7488]  ? tracepoint_add_func+0x1084/0x1280
[  498.135149][ T7488]  ? tracepoint_probe_register_prio_may_exist+0xa8/0xf0
[  498.142265][ T7488]  ? bpf_probe_register+0x201/0x250
[  498.147594][ T7488]  ? bpf_raw_tp_link_attach+0x627/0x8a0
[  498.153300][ T7488]  ? bpf_raw_tracepoint_open+0x485/0x8a0
[  498.159079][ T7488]  ? __sys_bpf+0x5a6/0xd90
[  498.163623][ T7488]  ? __x64_sys_bpf+0xa0/0xe0
[  498.168330][ T7488]  ? x64_sys_call+0x96b/0x3b50
[  498.173256][ T7488]  ? do_syscall_64+0xcf/0x1e0
[  498.178085][ T7488]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.184309][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.189646][ T7488]  ? kmsan_internal_set_shadow_origin+0x66/0xe0
[  498.196060][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.201657][ T7488]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  498.207630][ T7488]  ? _raw_spin_unlock_irqrestore+0x3f/0x60
[  498.213584][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.218913][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.224238][ T7488]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  498.230198][ T7488]  __msan_warning+0x95/0x120
[  498.234923][ T7488]  strnchr+0x90/0xd0
[  498.238965][ T7488]  bpf_bprintf_prepare+0x1c2/0x23c0
[  498.244329][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.249655][ T7488]  ? kmsan_internal_memmove_metadata+0x91/0x230
[  498.256075][ T7488]  ? __msan_memcpy+0x108/0x1c0
[  498.260999][ T7488]  bpf_trace_printk+0xec/0x3e0
[  498.265913][ T7488]  ? __bpf_prog_run32+0x5c/0xe0
[  498.270903][ T7488]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  498.276864][ T7488]  ___bpf_prog_run+0x13fe/0xe0f0
[  498.281940][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.287284][ T7488]  __bpf_prog_run32+0xb2/0xe0
[  498.292102][ T7488]  ? kmsan_get_metadata+0x110/0x1d0
[  498.297442][ T7488]  ? __pfx___bpf_prog_run32+0x10/0x10
[  498.302962][ T7488]  bpf_trace_run2+0x116/0x300
[  498.307765][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.313095][ T7488]  __bpf_trace_tlb_flush+0x2c/0x40
[  498.318354][ T7488]  switch_mm_irqs_off+0x9d2/0x1010
[  498.323620][ T7488]  __text_poke+0xb4e/0xfb0
[  498.328273][ T7488]  ? __pfx_text_poke_memcpy+0x10/0x10
[  498.333806][ T7488]  ? switch_mm_irqs_off+0x920/0x1010
[  498.339232][ T7488]  ? switch_mm_irqs_off+0x920/0x1010
[  498.344655][ T7488]  text_poke_bp_batch+0x17f/0x960
[  498.349836][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.355193][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.360523][ T7488]  ? kmsan_get_shadow_origin_ptr+0x16/0xb0
[  498.366473][ T7488]  text_poke_finish+0x7d/0xd0
[  498.371318][ T7488]  arch_jump_label_transform_apply+0x23/0x40
[  498.377450][ T7488]  __jump_label_update+0x6af/0x6d0
[  498.382826][ T7488]  jump_label_update+0x6a0/0x7a0
[  498.387917][ T7488]  ? kmsan_report+0x2a0/0x2e0
[  498.392721][ T7488]  static_key_enable_cpuslocked+0x229/0x260
[  498.398778][ T7488]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  498.404734][ T7488]  static_key_enable+0x23/0x30
[  498.409678][ T7488]  ? __SCT__tp_func_exit_mmap+0x8/0x8
[  498.415214][ T7488]  tracepoint_add_func+0x1084/0x1280
[  498.420715][ T7488]  ? kmsan_internal_set_shadow_origin+0x66/0xe0
[  498.427146][ T7488]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  498.433112][ T7488]  tracepoint_probe_register_prio_may_exist+0xa8/0xf0
[  498.440066][ T7488]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  498.446035][ T7488]  ? __pfx___bpf_trace_tlb_flush+0x10/0x10
[  498.452002][ T7488]  bpf_probe_register+0x201/0x250
[  498.457187][ T7488]  bpf_raw_tp_link_attach+0x627/0x8a0
[  498.462733][ T7488]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  498.468991][ T7488]  ? kmsan_get_metadata+0x146/0x1d0
[  498.474450][ T7488]  bpf_raw_tracepoint_open+0x485/0x8a0
[  498.480071][ T7488]  __sys_bpf+0x5a6/0xd90
[  498.484478][ T7488]  __x64_sys_bpf+0xa0/0xe0
[  498.489024][ T7488]  x64_sys_call+0x96b/0x3b50
[  498.493789][ T7488]  do_syscall_64+0xcf/0x1e0
[  498.498449][ T7488]  ? clear_bhb_loop+0x25/0x80
[  498.503282][ T7488]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.509338][ T7488] RIP: 0033:0x7f5fbf07cf69
[  498.513853][ T7488] Code: Unable to access opcode bytes at 0x7f5fbf07cf3f.
[  498.520953][ T7488] RSP: 002b:00007f5fbfe870c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  498.529500][ T7488] RAX: ffffffffffffffda RBX: 00007f5fbf1b3f80 RCX: 00007f5fbf07cf69
[  498.537588][ T7488] RDX: 0000000000000010 RSI: 0000000020000080 RDI: 0000000000000011
[  498.545668][ T7488] RBP: 00007f5fbf0da6fe R08: 0000000000000000 R09: 0000000000000000
[  498.553739][ T7488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  498.561808][ T7488] R13: 000000000000000b R14: 00007f5fbf1b3f80 R15: 00007fffc2a1a9d8
[  498.569903][ T7488]  </TASK>
[  499.942003][ T7488] Shutting down cpus with NMI
[  499.946944][ T7488] Kernel Offset: disabled
[  499.951330][ T7488] Rebooting in 86400 seconds..