last executing test programs:

25.71203486s ago: executing program 2 (id=933):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000002880), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140), r0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_pressure(r2, &(0x7f00000000c0)='cpu.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r3, &(0x7f0000000080)={'full', 0x20, 0x2000000007, 0x20, 0x10000000fffff}, 0x2f)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffff", 0x46}], 0x1)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace$ARCH_GET_GS(0x1e, 0x0, &(0x7f0000000140), 0x1004)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39ddae)
faccessat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x12, 0x300)
connect$inet(r6, &(0x7f0000000240)={0x2, 0x4c20, @loopback}, 0x10)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x40, r1, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_OUT_KEY_ID={0x20, 0x2b, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x14, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}]}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x40}, 0x1, 0x0, 0x0, 0x20008000}, 0x40080)
mount(&(0x7f00000000c0)=@nullb, 0x0, &(0x7f0000000040)='hfsplus\x00', 0x2000010, &(0x7f0000000100)='barrier')

19.584718662s ago: executing program 2 (id=947):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x1562, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0x2de})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4)
ioctl$TIOCL_GETSHIFTSTATE(0xffffffffffffffff, 0x541c, 0x0)
syz_open_dev$amidi(0x0, 0x2, 0x80800)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x20004000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000001c0)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x82080, 0x0)

18.622100073s ago: executing program 2 (id=951):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x2, 0x1, 0x2}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)

16.726481715s ago: executing program 3 (id=954):
socket$alg(0x26, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008", @ANYRES32], 0x4c}}, 0x40000)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}}, 0x24)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[], 0x38}}, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fcffffff000000000000000095de040000000000"], &(0x7f0000000300)='syzkaller\x00', 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
openat$nci(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)

15.462468339s ago: executing program 3 (id=957):
syz_open_dev$loop(0x0, 0x8, 0x40)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000000c0))
setxattr$incfs_id(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000000c0), 0x0, 0x0, 0x1)

14.414822284s ago: executing program 2 (id=962):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/rcu_normal', 0x12ba82, 0x0)
set_mempolicy(0x1, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
kexec_load(0x0, 0x0, 0x0, 0x320000)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
sendmsg$NFT_MSG_GETFLOWTABLE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x90)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000}, 0x94)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000080)={0x73622a85, 0x100})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000100)={0x4c, 0x0, &(0x7f0000000140)=[@transaction_sg={0x40486311, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0})

9.8314079s ago: executing program 1 (id=975):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
writev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000000), 0x0)
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x7fff, &(0x7f0000000240))
ptrace$setregset(0x4205, r4, 0x1, &(0x7f0000000000)={&(0x7f0000000100)="023a3b32a8530d0648444f138d9c176b04f0f91de6b9fe513adb984dcb636b3f33825c376f2b590f", 0x28})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)

9.764217562s ago: executing program 0 (id=976):
sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="240000009656b5f323f03ccef9c9785f92d278fdf1911c6fb65a666fe27b73ab69d3de0f586fe5ddd96487c8237b3b72e2961c56dab184e1d15de38e1ff101150054a316d2f767b2f54800002a5468a0d37bc12fc7bcfd44fdb7b01ff7891c0f8f4ccad24041c24542678a637b176ed0a95ad4fe15699f", @ANYRES16=0x0, @ANYBLOB="31030000000000000000090000000d000300", @ANYRES32=0x0, @ANYBLOB="08000600", @ANYRES32=0x0, @ANYBLOB], 0x24}}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x3}, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0xbc}}, 0x0)
socket$kcm(0x2, 0x3, 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x701000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r3, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x1fee00}], 0x2, 0x0, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="180000003d000107100000"], 0x18}}, 0x880)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000001c0)={@dev={0xfe, 0x80, '\x00', 0x2a}, 0x91ee, 0x1, 0x1, 0x0, 0x2, 0x80}, &(0x7f00000002c0)=0x20)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={<r5=>0x0, 0xddf}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000380)={r5, 0x3}, 0x8)
io_uring_setup(0x4aec, &(0x7f0000000140)={0x0, 0x81fa, 0x1000, 0x1, 0x7a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x6c, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0x80ffffff}}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x6c}}, 0x0)

9.288344883s ago: executing program 3 (id=977):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, &(0x7f0000bbdffc))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000200)={0x40000001})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r3, &(0x7f0000000340), 0x8)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100), 0x24, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="02000000000000000000000004000000006b0000001800000000000000200000000000"], 0x24, 0x0)
creat(0x0, 0x248)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000009", @ANYRES32=0x1, @ANYBLOB='\x00'/17, @ANYBLOB='\x00'/14], 0x50)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000540)={'c6xdigio\x00', [0x109, 0x80008000, 0x86c, 0xa, 0x0, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x8, 0x5, 0x6, 0x1, 0x1138fce9, 0x6, 0xffffffa7, 0x2000001, 0xfffffffd, 0x65c, 0x3ff, 0x10004, 0x800, 0xe2df, 0x9, 0x6, 0x4, 0x3, 0x7, 0x5, 0x5]})
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8, 0x12, r1, 0xfae76000)
socket(0x5, 0x1, 0xf9d5)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

8.814802063s ago: executing program 1 (id=978):
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/102392, 0x18ff8)
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
sendmsg$inet(r1, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0)
recvfrom$rxrpc(r1, 0x0, 0x0, 0xe8ce25b3ffff0000, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$kcm(r0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
pipe(0x0)

8.759504056s ago: executing program 4 (id=979):
socket$alg(0x26, 0x5, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0x3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001800010d00000000000000850a000000000000000500000014000500200100000000000000000100000000001c00090008", @ANYRES32], 0x4c}}, 0x40000)
r4 = socket$rxrpc(0x21, 0x2, 0xa)
connect$rxrpc(r4, &(0x7f0000000000)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x200, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}}, 0x24)
sendmsg$inet(r4, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f00000004c0)=ANY=[], 0x38}}, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000fcffffff000000000000000095de040000000000"], &(0x7f0000000300)='syzkaller\x00', 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
openat$nci(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)

8.551621824s ago: executing program 2 (id=980):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0x1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x10, 0x0, 0xf2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_ro(r4, &(0x7f0000000240)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x414902, 0x80)
mount(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ufs\x00', 0x0, 0x0)

7.681338122s ago: executing program 4 (id=981):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/225, 0xe1)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000009c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@datasec={0x6, 0x0, 0x0, 0xf, 0x1, [], '\t'}, @datasec={0x0, 0x0, 0x0, 0xf, 0x3, [], "e10418"}]}, {0x0, [0x0, 0x0, 0x2e, 0x61, 0x61, 0x30, 0x61]}}, &(0x7f0000000900)=""/179, 0x3d, 0xb3, 0x1}, 0x28)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4000000)
socket$netlink(0x10, 0x3, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

7.619361174s ago: executing program 3 (id=982):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, 0x0, 0x0)
sendmmsg(r4, 0x0, 0x0, 0x1c)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xc, &(0x7f0000000080)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r5, 0x2000300, 0xb, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389", 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.051737484s ago: executing program 3 (id=983):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000005580)=""/102392, 0x18ff8)
write(0xffffffffffffffff, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, 0x0, &(0x7f0000001180))
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)

5.047783405s ago: executing program 4 (id=984):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

5.034281445s ago: executing program 2 (id=985):
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r2)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
userfaultfd(0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_NOTIFY(r5, &(0x7f00000002c0)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x1c}}, 0x10)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r4, &(0x7f00000000c0)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x9}}, 0x10)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x7800, 0x0, 0x3)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000080)={[{@nodioread_nolock}, {@noblock_validity}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.self_freezing\x00', 0x275a, 0x0)
setrlimit(0xc, &(0x7f0000000140)={0x2, 0x8001})
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)

5.024947285s ago: executing program 1 (id=986):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="0400"], 0x24}, 0x1, 0x5502000000000000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioperm(0x400, 0x7, 0x200000005)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r4 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f00000003c0)=@nat={'nat\x00', 0x62, 0x5, 0x1368, 0x1180, 0x1180, 0xffffffff, 0x1180, 0x10c8, 0x12d0, 0x12d0, 0xffffffff, 0x12d0, 0x12d0, 0x5, 0x0, {[{{@ip={@multicast2, @dev={0xac, 0x14, 0x14, 0x29}, 0x0, 0x0, 'veth0_to_bond\x00', 'wg1\x00', {0xff}}, 0x0, 0x10a0, 0x10c8, 0x0, {0x22e}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x1, 0x0, 0x0, './cgroup.net/syz0\x00', 0x9, {0x100000001}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0xe286, 0xc9b0, 0x2}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x7, @ipv6=@loopback, @ipv4=@dev={0xac, 0x14, 0x14, 0x3a}, @icmp_id=0x68, @port=0x4e20}}}, {{@uncond, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x18, @multicast2, @multicast1, @port=0x4e21, @icmp_id=0x68}}}}, {{@ip={@remote, @dev={0xac, 0x14, 0x14, 0x12}, 0x0, 0x0, 'pimreg1\x00', 'netdevsim0\x00', {}, {}, 0x0, 0x1, 0x8}, 0x0, 0x70, 0xa8}, @NETMAP={0x38, 'NETMAP\x00', 0x0, {0x1, {0x0, @remote, @broadcast, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x13c8)
bind$inet6(r5, &(0x7f0000000400)={0xa, 0x2, 0x13, @ipv4={'\x00', '\xff\xff', @loopback}, 0xa}, 0x1c)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000780)={0x3, {{0xa, 0x4e23, 0x9, @mcast1, 0x8}}}, 0x90)

4.747451477s ago: executing program 3 (id=987):
syz_open_dev$loop(0x0, 0x8, 0x40)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000000c0))
setxattr$incfs_id(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000000c0), 0x0, 0x0, 0x1)

3.98194423s ago: executing program 1 (id=988):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
writev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, &(0x7f0000000000), 0x0)
ptrace(0x10, r4)
ptrace$setregs(0xd, r4, 0x7fff, &(0x7f0000000240))
ptrace$setregset(0x4205, r4, 0x1, &(0x7f0000000000)={&(0x7f0000000100)="023a3b32a8530d0648444f138d9c176b04f0f91de6b9fe513adb984dcb636b3f33825c376f2b590f", 0x28})
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x38, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)

2.665211676s ago: executing program 1 (id=989):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$setregs(0xd, r1, 0x2, &(0x7f0000000180))
ptrace$cont(0x21, r1, 0x80000001, 0x4)

2.58742353s ago: executing program 1 (id=990):
r0 = syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1c802, &(0x7f0000000000)=ANY=[], 0x3, 0x5f74, &(0x7f0000002040)="$eJzs3V1vHFf9B/DfPnj90H/TqPqrChEXbgqlpTTPCZSnplxwAUggoVyTyHWrQFpQEhCtLOLKF4gLHl4C3PSGi76RIvEKEC+ASDZXlaAMGvucZLxeex1i76x9Ph/JmfntmfGeydfj2fXM7AkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIL7z7R9e6ETEjV+kB05G/F/0IroR83W9GPXMtbx8PyJOxWZzPBcRvdmIev3Nf56JuBwRH5+IWN9YWaofvrjPflw5f+/Op9/91t9+/fu1Uz9+80cfDrf/4P8vffSb+xEnv//aR5/eP5htBwAAgFJUVVV10tv80+n9fbftTgEAE5GP/1WSH1er1Wr1gda/605Xf9SF1k3VaPebRUSsNtepXzM4HQ8AR8xqfNJ2F2iR/IvWj4in2u4EMNU6bXeAQ7G+sbLUSfl2mseDxa32/HfKbfmvdh7e37HbdJzha0wm9fO1Fr14dpf+zE+oD9Mk598dzv/GVvsgLXfY+U/KbvkPtm59Kk7Ovzec/5Bt+f8hIo5s/t2R+Zcq599/nPxXe0d4/5c/AAAAAADHX/77/8mWz//OPvmm7Mte538XJ9QHAAAAAAAAADhoTzr+30PG/wMAAICpVb9Xr/3xxKPHdvsstvrx652Ip4eWBwqTbpZZaLsfAAAAAAAAAAAAAFCS/tY1vNc7ETMR8fTCQlVV9VfTcP24nnT9o6707YeStf1LHgAAtnx8It3Lnwfg60TMRcT19Fl/MwsLC1U1N79QLVTzs/n17GB2rppvvK/N0/qx2cE+XhD3B1X9zeYa6zWNe788rn34+9XPNah6++jYZLQcOgDF2zoarTsiHTNV9Uy0/SqHo8H+f/zY/9mPtn9OAQAAgMNXVVXVSR/nfTqd8++23SkAYBLm8vF/+LyAWq1Wq9Xq41c3VaPdbxYRsdpcp37NYDh+ADhiVuOTtrtAi+RftH5EnGq7E8BU67TdAQ7F+sbKUifl22keD9L47vlakG35r3Y218vrj5qOM3yNyaR+vtaiF8/u0p/nJtSHaZLz7w7nf2OrfZCWO+z8J2W3/OvtPNlCf9qW8+8N5z/k+OTfHZl/qXL+/cfKvyd/AAAAAACYYvnv/yfLPf/by/1ZnFAfAAAAAAAAAOCgrW+sLOX7XvP5/8+OWK7TnHP/57GR8+/sO3/3/x4nOf/ucP5DF+T0GvMP3niU/z83VpY+vPePz+Tp1Oc/0xvUzz3T6fb66ZqfauatuBW3YznO71i+v639wo72mW3tF8e0X9rRPqjb53P72ViKn8btePNh++yYC6PmxrRXY9pz/j37f5Fy/v3GV53/QmrvDE1rDz7o7tjvm9NRz3Ptz/9+cefeNXlr0Xu4bU319p1poT+b/ydPDeLnd5fvnP3lzXv37lyINNn26MVIkwOW859JXzn/l17Yas+/95v764MPBo+d/7RYi/6u+b/QmK+39+UJ960NOf9B+sr55yPQ6P3/KOe/+/7/Sgv9AQAAAAAAAAAAAAAAgL1UVbV5i+i1iLia7v9p695MAGCifvu9NFMloVar1Wq1+tjWTdVorzeLmNu+ztWI+NWobwYATLP/RMTf2+4ErZF/wfLn/dXTz7XdGWCi7r73/k9u3r69fOdu2z0BAAAAAAAAAP5XefzPxcb4z5vXAQ2NG71t/Nc3YvHIjv/ZHfQ2xzpPG/R87D3+95nYe/zv/pjnmxnTPhjTPjumfW5M+8gbPRpy/s+njHP+p9OGlTT+60st9KdtOf8zaaznnP8XhpZr5l/96Sjn392W/7l77/zs3N333n/11js3315+e/ndC+evXr505fKlK1fOvXXr9vL5rX9b7PHhyvnnsa9dB1qWnH/OXP5lyfl/PtXyL0vO/8VUy78sOf/8ek/+Zcn55/c+8i9Lzv/lVMu/LDn/L6Za/mXJ+b+SavmXJef/pVTLvyw5/1dTLf+y5PzPplr+Zcn5n0u1/MuS889nuORflpx/vrJB/mXJ+V9MtfzLkvO/lGr5lyXnfznV8i9Lzv9KquVflpz/1VTLvyw5/y+nWv5lyfl/JdXyL0vO/7VUy78sOf+vplr+Zcn5fy3V8i9Lzv/rqZZ/WXL+30i1/MuS8/9mquVflpz/66mWf1keff6/mQnP/OsvEVPQDTOlzrz7172Wafs3EwAAAAAAAAAAAAAwbBJXGre9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2UHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi7uxi5zvoM4Ge/7LUTiEtCCMGQteMEQzbeXX8lJhgcIDQNLU0DoaUNdYy9/gB/1buGJIqaTZO2QURqpPYivSgFRBFSWyVCSKVSiiIVqb1rrkC5Qa2UC0tNKhNBJaokW5057/vuzOzszPpj7Tnn/H5R/PfOnJl558yZ2X3WemYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmm34+PSfD2RZlv/f+GNdll2Z/31Ntif/cm7n5V4hAAAAcKHebPz5D1elE/Ys40JN2/zb+/7jB/Pz8/PZF18/89Zfzs+nM8aybGh1ljXOi/79V7+cb94meCIbHRhs+nqwx80P9Th/uMf5Iz3OX9Xj/NU9zh/tcf6iHbDImuL3MY0r29T467pil2bXZCON8zZ1uNQTA6sHB+PvchoGGpeZHzmYHcmOZtPZ5KLLDDT+y7IXNuS3dXcWb2uw6bbWZ1l29ueP7o9rGAj7eFPWcmMNzY/da3dmY6///NH935199d2dZs/dsGilWbZ5Y77OJ7Ns4ddV2UC2Ou2TuM7BpnWu77DOoZZ1DjQul/+9fZ1nl7nOeL9Hwzpf6rLO9eG0h27MsmwuW3Kbdk9kg9natltN+3u0OCLy68gfyndkw+d0nGxYxnGSX+aVG1uPk/ZjMu7/DWGfDC+xhuaH47XHVy3a7+d7nOT3uh+O1fy6781vdHS0+VerLcdqvs2jNy19DHR87DocA+lYbjoGNvY6BgZXDTWOgcGFNW9sOQamFl1mMBto3NaZm7ofAxOzx05OzDz8yK1Hju07NH1o+vjU5M7t23Zs37Zjx8TBI0enJ4s/z22XlsjabDAdgxvDa008Bt/ftm3zITn/rYv3PBjtk+dBft8/e3O+oCsHsyWO8XybJzdf+PMgfd9veh4MNz0POr6mdngeDC/jeZBvc3bz8r5nDjf932kNK/VauK7pGLic3w/z23zgA0u/Fq4P63rqg+f6/XBo0TEQ79ZAeO7lp6Sf90ZvD/tl8XFxfX7GFauy0zPTp7Y8tG929tRUFsYlcXXTY9V+vKxtuk/ZouNl8JyPlz1//8bN13c4fV3YV6O3dH+s8m22j3d/rBqv7q37c1VW7M+WU7dmYVxkl3p/dvpulu/PlCW67M98mydvvfCfBVMuaXr9G+n1+jc0Mly8/g2lvTHS8vq3+KEZaqwsy87eurzXv5Hw/6V+/bumT17/8n31wJbux0C+zVMT53oMDHd9/bsxzIGwng+ExDDalPvfapw/VxymTY9lz+NmeHgkHDfD8RZbj5ttiy6TX1t+25snz++42Xxj62PV8nNLBY+bfF/91WT34ybf5sWpC3/tWBP/2vTasarXMTAytCpf70g6CIrXu/k18RjYku3PTmRHswPpMvmjnN/W+NblHQOrwv+X+rXjuj45BvJ99ezW7sdAvs2Pt13cn502h1PSNk0/O7X/fmGpzH/98ML1te+2i53583V+4iefTqd1yhD5Nq9uP9ec0X0/3RJOuaLDfmp//ix1TB/ILs1+ui6s8+iO7r+byre5Zucyj6c9WZa9PPVy4/dd4fe73z/9kx+0/N630++UX556+Z6J+356LusHAOD8vdX4c25V8bNm079YL+ff/wEAAIBSiLl/MMxE/gcAAIDKiLl/KMxE/gcAAIDKiLl/OMykJvn/8O27nnvzsSy9G+B8EM+Pu+HejxTbxY73XPh6bH5BfvrHvjPy3NceW95tD2ZZ9sY97+m4/eGPxHUVTsZ1fqj19EWuu2FZt//g/QvbNb9/wtldxfXH+7PcwyB2lV+Y2Nq43rGHpxrzxXuyxrxv7qkniusvvo7bn9lWbP834U1L9hwcaLn85rCeTWGOhfeUuXfPwn7IZ7zcc+vf969Xf27h9uLlBja+vXE3n/3j4nrje0Q9c3WxfbzfS63/X77+vefy7R+6qfP6HxvsvP4z4XpfCfNXu4vtm/f515rW/6dh/fH24uW2fPtHHdf//LuK7Z8Px8U3w2xf/51/8d43Oz1e8Xb23FFcLt7+5P9ub1wuXl+8/vb1jz421bI/2q//xdeL69n9lV8MNW8fT4+3Ez14R+vxPRAe35YeeZZl3/uzrGU/Zx8uLvfPbeuP13fyjs7rv6VtnScHbmhcfuH+rGu5X9/4u60d729cz55/XNdyf565K+y/1yd+nF/vmfvC8RjO/7+Xiutrfy/T5+9qfb2J239zXfG8jdc30bb+Z9rWP3dDvu96r//u14v1P//R1S3r3/PJcDzdXcxe6z/0t1e1XP5b3y0ej1NfHT9+Yub0kQNNe7X5ebx6dM3aK65829uvCq+l7V/vPTF7ePrU2OTYZJaNlfAtA1d6/d8O83+KMXfxb6Hw018Ux93Tnyq+b73/l8XXz4TTHwyPZ/z++I2/Hmk5Xtsf97mPFvNC1//BsI7letfX/+uGZW145gsvnP6nP3m1/eeCeH9OvnO0cf+e3XBt47yBF4vz21+vevnPd7Y+r382PNmYPwz7dT68M/PGa4vba7/++N4kT3+meP7Gn+Ti5bO29xNZN9R6Py50/T8LP8f86LrW1794fPzwsbZ3c16XDeRLmAuvD9lccX7cKu7vp89e2/H24vvwZHPvPpdlLmnm4ZmJo0eOn35oYnZ6ZnZi5uFH9h47cfr47N7Ge5fu/VKvyy88v9c2nt8HpnduzxrP9hPFWGGXe/0n799/4LbJmw9MH9x3+uDs/SenTx3aPzOzf/rAzM37Dh6c/mqvyx85sHtq665tt20dP3TkwO7bd+3atmv8yPET+TKKRfWwc/LL48dP7W1cZGb39l1TO3Zsnxw/duLA9O7bJifHT/e6fON703h+6a+Mn5o+um/2yLHp8Zkjj0zvntq1c+fWnu/+eOzkwZmxiVOnj0+cnpk+NVHcl7HZxsn5975el6ceZk6E17s2A+Gn88/fsjO9P27uO48veVXFJq0/nmavhfeCit/fen0dc/9ImElN8j8AAADUQcz94Y3/F86Q/wEAAKAyYu5fHWYi/wMAAEBlxNxfJP/R9PHvdcn/F6v//7j+f4P+v/5/pv+f6P/r/2f6//r/Pej/6/+Xef36//r/9NZv/f+Q+7M1Webf/wEAAKCiYu5fG2Yi/wMAAEBlxNx/RZiJ/A8AAACVEXP/lWEmNcn/Pv9f/1//v1v/P26r/5/p//dD/3/Tf+v/L6L/r/+f6f+ft8vdny/7+vuw/79G/59+02/9/5j73xZmUpP8DwAAAHUQc//bw0zkfwAAAKiMmPuvCjOR/wEAAKAyYu5fF2ZSk/yv/6//r//v8//1/0vT//f5/x3o/+v/Z/r/5+1y9+fLvv4+7P/7/H/6Tr/1/2Pu/7Uwk5rkfwAAAKiDmPvfEWYi/wMAAEBlxNx/dZiJ/A8AAACVEXP/NWEmNcn/9ez/v5Jlmf5/pv+v/9+2Tv1//f+VoP+v/9+N/r/+f5nXr/+v/09v/db/j7n/nWEmNcn/AAAAUAcx918bZiL/AwAAQGXE3P+uMBP5HwAAACoj5v7rwkxqkv/r2f/3+f/6/wX9/9Z16v/r/6+EWvf/3zis/9+D/r/+f5nXr/+v/09v/db/j7n/3WEmNcn/AAAAUAcx918fZiL/AwAAQGXE3P+eMBP5HwAAACoj5v71YSY1yf/6//r/+v/6//r/+v8rqVz9/8Elz/H5/wX9/1YXr/8/t7AA/f/SrF//X/+f3vqt/x9z/3vDTGqS/wEAAKAOYu5/X5iJ/A8AAACVEXP/DWEm8j8AAABURsz9Y2EmNcn/+v/6//r/+v/6//r/K6lc/f+l6f8X9P9b+fx//X/9f/1/uuu3/n/M/RvCTGqS/wEAAKAOYu7fGGYi/wMAAEBlxNx/Y5iJ/A8AAACVEXP/pjCTyuT/t3U9V/9f/1//X/9f/1//fyXp/+v/d6P/r/9f5vXr/+v/01u/9f9j7r8pzKQy+R8AAACIuf/mMBP5HwAAACoj5v73h5nI/wAAAFAZMfdvDjOpSf7X/9f/1/8vcf9/SP8/0//ve/r/+v/d6P/r/5d5/fr/+v/01m/9/5j7PxBmUpP8DwAAAHUQc/8Hw0zkfwAAAKiMmPtvCTOR/wEAAKAyYu4fDzOpSf7X/9f/1/8vcf/f5/+3rF//vz/p/5el/z/S+qX+/7Lo/+v/6//r/9Ndv/X/Y+6/NcykJvkfAAAA6iDm/i1hJvI/AAAAVEbM/RNhJvI/AAAAVEbM/ZNhJjXJ//r/+v/6//r/+v/6/ytJ/78s/f82+v/Lov+v/6//r/9Pd/3W/4+5fyrMpCb5HwAAAOog5v6tYSbyPwAAAFRGzP3bwkzkfwAAAKiMmPu3h5nUJP+XpP+/JRWg9P/1//X/9f/1/0tF/1//vxv9f/3/Mq9f/1//n1aDHU7rt/5/zP07wkxqkv8BAACgDmLu3xlmspD/1136VQEAAAAXU8z9t4WZ+Pd/AAAAqIyY+28PM6lJ/i9J/9/n/+v/6/830f/X/y8T/X/9/270//X/y7x+/X/9f3rrt/5/zP27wkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/x1hJvI/AAAAlEqnzyGMYu7/cJhJTfK//n/V+//zq/X/9f/1/7uvX/9/Zen/6/93o/+v/1/m9ev/6//TW7/1/2Pu3x1mUpP8DwAAAHUQc/9HwkzkfwAAAKiMmPs/GmYi/wMAAEBlxNy/J8ykJvlf/7/q/X+f/6//r//fa/36/ytL/1//vxv9/3L2/8OPLfr/fdT/z48h/X/6Ub/1/2PuvzPMpCb5HwAAAOog5v6PhZnI/wAAAFAZMfd/PMxE/gcAAIDKiLn/E2EmNcn/+v/6//r/+v/l7P+P6P+XhP7/ivX/Gy+F+v8F/f/zc7n782Vffz/1/33+P/2q3/r/MfffFWZSk/wPAAAAdRBz/yfDTOR/AAAAqIyY+389zET+BwAAgMqIuf/uMJOa5H/9f/1//X/9/3L2/33+f1no//v8/270//X/y7x+/X/9f3rrt/5/zP2/EWZSk/wPAAAAdRBz/z1hJvI/AAAAVEbM/Z8KM5H/AQAAoGRWLXlOzP2/GWZSk/xfvv7/WCn7/4Pp+vX/9f/1//X/9f8vJv1//f9M//+8Xe7+fNnXr/+v/09v/db/j7n/t8JMapL/AQAAoA5i7v90mIn8DwAAAJURc/9vh5nI/wAAAFAZMfffG2ZSk/x/sfv/7Zfvxuf/6/9n+v/6//r/+v8XSP9f/z/T/z9vl7s/X+L1xx9F9P/1/+mh3/r/Mff/TphJTfI/AAAA1EHM/feFmcj/AAAA0KcOn/MlYu7/TJiJ/A8AAACVEXP/Z8NMapL/y/f5//r/+v/6//r/+v9lov+v/9+N/r/+f5nX7/P/9f/prd/6/zH33x9mUpP8DwAAAHUQc//nwkzkfwAAAKiMmPt/N8xE/gcAAIDKiLn/98JMapL/9f/1//X/9f/1//X/V5L+/+L+f/4apv9f0P/X/y/z+vX/9f/prd/6/zH3fz7MpCb5HwAAAOog5v7fDzOR/wEAAKAyYu7/gzAT+R8AAAAqI+b+B8JMapL/9f/1//X/9f/1//X/V5L+v8//70b/X/+/zOvX/9f/p7d+6//H3P+FMJOa5H8AAACog5j7/zDMRP4HAACAyoi5f2+YifwPAAAAlRFz/4NhJjXJ//r/+v/6//r/+v/6/ytJ/1//vxv9f/3/Mq9f/1//n976rf8fc/++MJM9rTcDAAAAlFfM/V8MM6nJv/8DAABAHcTcvz/MRP4HAACAyoi5/0CYSU3yv/6//r/+v/6//r/+/0rS/9f/70b/X/+/zOvX/9f/p7d+6//H3D8dZlKT/A8AAAB1EHP/wTAT+R8AAAAqI+b+Q2Em8j8AAABURsz9h8NMapL/9f/1//X/a9v/f+n7bevU/9f/Xwn6//r/3ej/6/+Xef36//r/9NZv/f+Y+4+EmdQk/wMAAEAdxNz/pTAT+R8AAAAqI+b+L4eZyP8AAABQGTH3Hw0zqUn+1//X/9f/r23/f3mf/79m4Xb1//X/z4f+v/5/N/r/+v9lXr/+v/4/vfVb/z/m/mNhJjXJ/wAAAFAHMfcfDzOR/wEAAKAyYu4/EWYi/wMAAEBlxNx/MsykJvlf///c+v8DS3QD9f87r1//vwL9/yb6//r/50P/X/+/G/1//f8yr1//X/+f3vqt/x9z/x+FmdQk/wMAAEAdxNx/KsxE/gcAAIDKiLl/JsxE/gcAAIDKiLl/NsykJvlf/9/n/+v/6//r/+v/ryT9f/3/bvT/9f/LvH79f/1/euu3/n/M/afDTGqS//+fvfte8qys9jjcNGcOQ1HeA+UdeAVegtdgleUlmAOYMSvmnDAnzIo555wxZ1EUc6zSonuthQw9e/cw/et597ue5w8Wp+EULwVW+a3xUxsAAAA6yN3/gLjF/gcAAIBp5O5/YNxi/wMAAMA0cvc/KG5psv/1//p//b/+X/+v/98l/b/+f4n+X/+/5ffr//X/rBut/8/d/+C4pcn+BwAAgA5y9z8kbrH/AQAAYBq5+x8at9j/AAAAMI3c/Q+LW5rsf/2//l//r//X/+v/d0n/r/9fov/X/2/5/fp//T/rRuv/c/c/PG5psv8BAACgg9z9j4hb7H8AAACYRu7+R8Yt9j8AAABMI3f/NXFLk/2v/9f/6/832P//n/5f/78d+n/9/xL9v/5/y+/X/+v/WTda/5+7/9q4pcn+BwAAgA5y9z8qbrH/AQAAYHPuef+jf567/9Fxi/0PAAAA08jd/5i4pcn+1//r//X/G+z/ff9f/78h+n/9/xL9v/5/y+/X/+v/WTda/5+7/7FxS5P9DwAAAB3k7n9c3GL/AwAAwDRy9z8+brH/AQAAYOvO5O/k7n9C3NJk/+v/T6//v0z/r//X/+v/9f8nTv+v/9/T/99tl7qf3/r79f/6f9btvP+/z3UH97j9f+7+6+KWJvsfAAAAOsjd/8S4xf4HAACAaeTuf1LcYv8DAADANHL3PzluabL/9f++/39H//+fy/T/+n/9/x0/1/+fDP2//n+J/l//v+X36//1/6zbef+/0vuf+3/n7n9K3NJk/wMAAEAHufufGrfY/wAAADCN3P1Pi1vsfwAAAJhG7v6nxy1N9r/+X//v+//6f/2//n+X9P/D9v/n/kfvzvT/x6L/1/+fr/+/9zHer/+ng9H6/9z9z4hbmux/AAAA6CB3/zPjFvsfAAAAppG7//q4xf4HAACAaeTuf1bc0mT/6//1//p//f+d+//9lv3/7T/T/++G/n/Y/n+Z/v9Y9P/6f9//1/+zbLT+P3f/s+OWJvsfAAAAOsjd/5y4xf4HAACAaeTuf27cYv8DAADANHL3Py9u2b9ULzpd+n/9v/5f/39R3/+/fI7+3/f/d0f/r/9fov/X/2/5/fp//T/rRuv/c/c/P27x6/8AAAAwh/292v0viFvsfwAAAJhG7v4Xxi32PwAAAEwjd/+L4pYm+1//r//X/+v/L6r/n+T7//r/3dH/6/+XHLf/39P/19+L/n+c9+v/9f+sG63/z93/4rilyf4HAACADnL3vyRusf8BAABgGrn7Xxq32P8AAAAwjdz9L4tbmux//b/+X/+v/9f/6/93Sf+v/1/i+//6/y2/X/+v/2fdaP1/7v6Xxy1N9j8AAAB0kLv/FXGL/Q8AAADTyN3/yrjF/gcAAIBp5O5/Vdxy7v7fP81XnR79v/5f/6//1//r/3dJ/6//X6L/P7r/P3uev57+f6z36//1/6wbrf/P3X9D3OLX/wEAAGAauftfHbfY/wAAADCN3P2viVvsfwAAAJhG7v7Xxi1N9v/5+v/brjr84/r/49H/H/1+/b/+X/+v/9f/6/+X6P99/3/L79f/6/9ZN1r/n7v/dXFLk/0PAAAAHeTuf33cYv8DAADANHL3vyFusf8BAABgGrn73xi3NNn/J//9/6v1//p//X9c/b/+X/+v/9f/L9P/6/+3/H79v/6fdaP1/7n73xS3NNn/AAAA0EHu/jfHLfY/AAAATCN3/1viFvsfAAAAppG7/61xS5P9f/L9v+//6/8vsP/f1/8n/X/8c9X/6/8vwFb7/339/wH9v/5/y+/X/+v/WTda/5+7/8aDqddv/wMAAEAHNx789uze2+IW+x8AAACmkbv/7XGL/Q8AAADTyN3/jrilyf7X/+v/L3n/7/v/Rf8f/1z1//r/C7DV/t/3/w/p//X/W36//l//z7rR+v/c/e+MW5rsfwAAAOggd/+74hb7HwAAAKYRu//wf/xu/wMAAMCU3n3w27N774lbmuz/xv3/1Rfb/1/5P7+v/z/6/fr/E+n/bzz33z39v/5/S/T/+v8l+n/9/5bfP07/Hz+4Rv/PeEbr/3P3vzduabL/AQAAoIPc/e+LW+x/AAAAmEbu/pviFvsfAAAAppG7//1xS5P937j/n+T7//e9NV6g/5+3//f9/7j6f/3/UfT/E/T/t//XL/1//fX1/9t5/zj9v+//M67R+v/c/R+IW5rsfwAAAOggd/8H4xb7HwAAAKaRu/9DcYv9DwAAANPI3f/huKXJ/tf/b73/9/1//b/+X/8/Nv2//n+J7//r/7f8fv2//p91o/X/ufs/Erc02f8AAADQQe7+j8Yt9j8AAABMI3f/x+IW+x8AAACmkbv/43FLk/2v/9f/76r/v/0vov9v0v9fe0X++fp//f9d6P/1/0v0//r/Lb9f/6//Z91o/X/u/k/ELU32PwAAAHSQu/+TcYv9DwAAANPI3f+puMX+BwAAgGnk7v903HCve1y6J52sM+f5eeS6+n/9v+//6/99/1//v0v6f/3/Ev2//n/L79f/6/9ZN1r/n7v/M3GLX/8HAACAaeTu/2zcYv8DAADANHL3fy5usf8BAABgGrn7Px+3NNn/+n/9v/5/s/3/lfr/O79f/z8m/b/+f4n+X/+/5fcfu/+/+ej/f/0/HYzW/+fu/0Lc0mT/AwAAQAe5+78Yt9j/AAAAMI3c/V+KW+x/AAAAmEbu/i/HLU32v/5f/6//32z/7/v/57xf/z8m/b/+/9AtR/5U/6//3/L7ff9f/8+60fr/3P1fiVua7H8AAADoIHf/V+MW+x8AAACmkbv/a3GL/Q8AAADTyN3/9bilyf7X/+v/9f/6f/2//n+X9P/6/yX6f/3/lt+v/9f/s260/j93/zfilib7HwAAADrI3f/NuMX+BwAAgGnk7v9W3GL/AwAAwDRy9387bmmy/2fu/5f+NP3/If2//n9P/6//3zH9v/5/if5f/7/l9+v/9f+sG63/z93/nbilyf4HAACADnL3fzdusf8BAABgGrn7b45b7H8AAACYRu7+78UtTfb/zP3/Ev3/If2//n9P/6//3zH9v/5/if5f/7/l9+v/9f+su0T9/5m98/T/ufu/H7c02f8AAADQQe7+H8Qt9j8AAABMI3f/D+MW+x8AAACmkbv/R3HLPPv/fjct/EH9/4n3/wf/Eun/9f97+n/9v/7/gP5f/79E/6//3/L79f/6f9aN9v3/3P0/jlvm2f8AAADQXu7+n8Qt9j8AAABMI3f/T+MW+x8AAACmkbv/Z3FLk/2v//f9f/1/q/7/8j39v/7/lOn/9f9L9P/6/y2/X/+v/2fdaP1/7v6fxy05/K66O3+XAAAAwEhy9/8ibmny6/8AAADQQe7+X8Yt9j8AAABMI3f/r+KWJvtf/6//1/+36v99/1//f+r0//r/Jfp//f+W35/9f/57p//X/3NXo/X/uft/Hbc02f8AAADQQe7+W+IW+x8AAACmkbv/N3GL/Q8AAADTyN3/27ilyf7X/+v/9f/6f/2//n+X9P/6/yX6f/3/lt/v+//6f9aN1v/n7r81bmmy/wEAAKCD3P2/i1vsfwAAAJhG7v7fxy32PwAAAEwjd/9tcUuT/a//1/9P2f9fof/X/+v/R6H/1/8v0f/r/7f8fv2//p91o/X/ufv/ELc02f8AAADQQe7+P8Yt9j8AAABMI3f/n+IW+x8AAACmkbv/z3FLk/2v/9f/X3j/f6b+voft/33/X/+v/x/GvP3//+v/j+r/z17Y+7v3/9ffcPhj/f8236//1/+zbrT+P3f/X+KWJvsfAAAAOsjd/9e4xf4HAACAaeTu/1vcYv8DAADANHL3/z1uabL/9f/6/ym//6//1//r/4cxb//v+/++/+/7//p//b/+nzWj9f+5+/8RtzTZ/wAAANBB7v5/xi32PwAAAEwjd/+/4hb7HwAAAKaRu//fcUuT/a//1//r//X/+n/9/y7p//X/S/T/+v8tv1//r/9n3Wj9f+7+/wYAAP//lgIt2A==")
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE(r0, 0x5000940c, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x842, 0x0)
syz_open_dev$audion(&(0x7f0000000040), 0x1ff, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x80000000, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x1cf)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x181242, 0x2)

2.528461902s ago: executing program 0 (id=991):
socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
io_uring_setup(0x1b7b, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, 0x0}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x11, 0x4, 0x4, 0xbf22}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
write$binfmt_misc(r3, &(0x7f0000000000), 0xd)

2.245436244s ago: executing program 4 (id=992):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, &(0x7f0000bbdffc))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000200)={0x40000001})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r3, &(0x7f0000000340), 0x8)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100), 0x24, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40)=ANY=[@ANYBLOB="02000000000000000000000004000000006b0000001800000000000000200000000000"], 0x24, 0x0)
creat(0x0, 0x248)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000009", @ANYRES32=0x1, @ANYBLOB='\x00'/17, @ANYBLOB='\x00'/14], 0x50)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000540)={'c6xdigio\x00', [0x109, 0x80008000, 0x86c, 0xa, 0x0, 0x0, 0x1, 0xf, 0x1000, 0x1, 0x8, 0x5, 0x6, 0x1, 0x1138fce9, 0x6, 0xffffffa7, 0x2000001, 0xfffffffd, 0x65c, 0x3ff, 0x10004, 0x800, 0xe2df, 0x9, 0x6, 0x4, 0x3, 0x7, 0x5, 0x5]})
mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x8, 0x12, r1, 0xfae76000)
socket(0x5, 0x1, 0xf9d5)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})

1.291464325s ago: executing program 0 (id=993):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r0=>0x0)
syz_open_dev$radio(0x0, 0x1, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r1, 0x5408, &(0x7f00000000c0)={0xcf50, 0x2924, 0xffff, 0x9dff, 0xf})
write$binfmt_aout(r1, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062ba7d82000000000000000000f7ffffff00"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x17)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x24048084)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
timer_settime(r0, 0x1, &(0x7f0000000280)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)={0x14, 0x0, 0x10, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x0)
listen(r4, 0x80)

1.124656113s ago: executing program 4 (id=994):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/225, 0xe1)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000009c0)={&(0x7f0000000740)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x9, [@datasec={0x6, 0x0, 0x0, 0xf, 0x1, [], '\t'}, @datasec={0x0, 0x0, 0x0, 0xf, 0x3, [], "e10418"}]}, {0x0, [0x0, 0x0, 0x2e, 0x61, 0x61, 0x30, 0x61]}}, &(0x7f0000000900)=""/179, 0x3d, 0xb3, 0x1}, 0x28)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
lsetxattr$security_capability(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000100), 0x0, 0x0, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x4000000)
socket$netlink(0x10, 0x3, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

1.084601574s ago: executing program 0 (id=995):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r2=>0x0})
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f00000000c0)={'rti800\x00', [0xf7, 0x6, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x7, 0xa, 0x100, 0x1002, 0xfffffffc, 0x200008, 0x4, 0x6, 0xffffffff, 0x1, 0x1a449, 0x4, 0x40000003, 0x89, 0x2, 0xf27, 0x6, 0x7, 0x8, 0x5, 0x8, 0x4, 0x10000, 0xfffffff8]})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

995.329358ms ago: executing program 0 (id=996):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0x1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x10, 0x0, 0xf2})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_ro(r4, &(0x7f0000000240)='blkio.throttle.io_serviced_recursive\x00', 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
openat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x414902, 0x80)
mount(&(0x7f0000000240), &(0x7f0000000200)='./file0\x00', &(0x7f0000000140)='ufs\x00', 0x0, 0x0)

562.28µs ago: executing program 0 (id=997):
pselect6(0x40, &(0x7f0000000080)={0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x8000, 0x6, 0x0, 0x817}, &(0x7f00000000c0)={0x1b, 0x0, 0xfffffffffffffffc, 0x5, 0xfffffffffffffff8, 0x0, 0x4000000000, 0x4}, 0x0, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000002c0)={'batadv0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=@newlink={0x24, 0x10, 0x20, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, 0x820, 0x1200}, [@IFLA_IFALIASn={0x4}]}, 0x24}}, 0x4000)
r2 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000600)={'team0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x1], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7ff], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x31]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x10000}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x1}, @TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0xc, 0x3, 0x280000000000000}]}}]}, 0xb0}}, 0x0)
sendmsg$NL80211_CMD_LEAVE_IBSS(r4, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048010)
sendmsg$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="a3d7f3e8a9cf9e3887a6f6eca30e90d85fcfa281378973ab916b0e1d03bd28bca55c552da8cfecb0fbccbfb18ef20fe9541e0e1e8fa214cb6bb0", 0x3a}], 0x1}, 0x0)
syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x27, 0x4c, 0x3, 0x40, 0x5ab, 0x60, 0x1106, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xd, 0x0, 0x0, [{{0x9, 0x4, 0xa8, 0x0, 0x0, 0xf4, 0x7, 0x50}}]}}]}}, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043ef50d"], 0xf8)

0s ago: executing program 4 (id=998):
syz_open_procfs$namespace(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x14, r6, 0x701, 0x0, 0x0, {0x45}}, 0x14}}, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

work
[   56.582736][ T4183] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.593232][ T4184] 8021q: adding VLAN 0 to HW filter on device team0
[   56.602633][ T4234] Bluetooth: hci4: command 0x041b tx timeout
[   56.609588][ T4234] Bluetooth: hci2: command 0x041b tx timeout
[   56.613545][ T4241] Bluetooth: hci3: command 0x041b tx timeout
[   56.623157][ T4241] Bluetooth: hci1: command 0x041b tx timeout
[   56.623194][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.640974][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.649875][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   56.659107][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.668495][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   56.683803][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.692686][ T4262] Bluetooth: hci0: command 0x041b tx timeout
[   56.697199][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.705779][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.717689][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   56.738723][ T4186] device veth0_vlan entered promiscuous mode
[   56.773449][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   56.783334][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   56.795249][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   56.812677][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   56.833071][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   56.846217][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.855736][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.862844][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.870405][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   56.879184][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   56.887838][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   56.896895][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   56.915813][ T4186] device veth1_vlan entered promiscuous mode
[   56.928301][ T4185] device veth0_vlan entered promiscuous mode
[   56.951282][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   56.959433][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   56.971273][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   56.989476][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   56.998264][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   57.007485][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   57.016742][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   57.025860][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   57.035666][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   57.045412][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   57.060480][ T4185] device veth1_vlan entered promiscuous mode
[   57.086886][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   57.096346][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   57.107556][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   57.115491][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   57.133253][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   57.140734][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   57.154249][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.165992][ T4184] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.177937][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   57.207025][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   57.215992][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   57.225671][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   57.234409][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   57.249362][ T4186] device veth0_macvtap entered promiscuous mode
[   57.259342][ T4186] device veth1_macvtap entered promiscuous mode
[   57.273480][ T4185] device veth0_macvtap entered promiscuous mode
[   57.281875][ T4191] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.291769][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   57.300770][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   57.318280][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   57.331833][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   57.345202][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   57.375622][ T4185] device veth1_macvtap entered promiscuous mode
[   57.392801][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   57.400962][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   57.411847][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   57.427539][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.453547][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   57.463658][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   57.481569][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   57.496882][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   57.518157][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.529231][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.541639][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.550702][ T4183] device veth0_vlan entered promiscuous mode
[   57.562728][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   57.570518][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   57.578792][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   57.592916][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   57.603767][ T4186] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.616575][ T4185] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   57.632014][ T4185] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.650784][ T4185] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.667492][ T4183] device veth1_vlan entered promiscuous mode
[   57.681248][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   57.690384][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   57.699865][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   57.709310][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   57.718526][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   57.745350][ T4185] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.754701][ T4185] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.765066][ T4185] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.774346][ T4185] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.785922][ T4186] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.795569][ T4186] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.804810][ T4186] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.814133][ T4186] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.829985][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   57.838449][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   57.847465][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   57.874462][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   57.886211][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   57.921603][ T4191] device veth0_vlan entered promiscuous mode
[   57.934060][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.949736][ T4183] device veth0_macvtap entered promiscuous mode
[   57.963353][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   57.971662][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   57.981861][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   57.990412][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.001159][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.009859][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.017934][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   58.045058][ T4183] device veth1_macvtap entered promiscuous mode
[   58.072628][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   58.086395][ T4191] device veth1_vlan entered promiscuous mode
[   58.121238][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.138111][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.163074][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.176007][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.186905][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.197465][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.219177][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.247439][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   58.257053][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.272933][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.285399][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.296989][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.307475][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.318621][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.340223][ T4183] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.349580][ T4183] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.358671][ T4183] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.369018][ T4183] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.386157][ T4191] device veth0_macvtap entered promiscuous mode
[   58.397060][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.405877][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.414785][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   58.423774][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.432919][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.441309][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.453217][ T4184] device veth0_vlan entered promiscuous mode
[   58.459867][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.468771][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.476894][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   58.496355][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.499281][  T155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.504968][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.525925][  T155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.536298][ T4191] device veth1_macvtap entered promiscuous mode
[   58.560534][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.568866][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   58.577380][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   58.598046][ T4184] device veth1_vlan entered promiscuous mode
[   58.648026][ T4265] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.661836][ T4265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.663126][  T155] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.680679][  T155] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.688701][ T4227] Bluetooth: hci2: command 0x040f tx timeout
[   58.696315][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.709307][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.713964][ T4262] Bluetooth: hci1: command 0x040f tx timeout
[   58.720550][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.725539][ T4262] Bluetooth: hci3: command 0x040f tx timeout
[   58.742915][ T4262] Bluetooth: hci4: command 0x040f tx timeout
[   58.751332][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.761346][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.773856][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.777960][ T4291] Bluetooth: hci0: command 0x040f tx timeout
[   58.785325][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.797689][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   58.806403][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   58.816016][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   58.824000][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   58.831712][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.841164][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.852813][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   58.861325][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.883842][ T4184] device veth0_macvtap entered promiscuous mode
[   58.916847][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.936447][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.948016][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.962764][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.972725][ T4191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.983351][ T4191] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.997715][ T4191] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.023382][ T4265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.031351][ T4265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.039287][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   59.052946][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   59.068737][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   59.080214][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   59.098128][ T4184] device veth1_macvtap entered promiscuous mode
[   59.132652][  T155] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   59.143761][ T4191] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.153242][ T4191] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.164338][ T4191] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.174715][ T4191] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.187796][ T4295] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   59.199481][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.206042][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.219987][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.235329][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.247577][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.260126][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.270536][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.287892][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.304976][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.319196][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.343932][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.518532][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   59.527008][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   59.555098][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!!
[   59.571940][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!!
[   59.581022][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!!
[   59.590158][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!!
[   59.599290][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   59.608242][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   59.617352][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   59.626452][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   59.635552][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   59.644652][    T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!!
[   59.822324][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   59.849846][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.861091][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.889616][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.000711][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.011018][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.021874][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.038144][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.052212][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.120215][ T4306] ufs: You didn't specify the type of your ufs filesystem
[   60.120215][ T4306] 
[   60.120215][ T4306] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[   60.120215][ T4306] 
[   60.120215][ T4306] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[   60.151509][ T4306] ufs: ufstype=old is supported read-only
[   60.161004][ T4306] blk_update_request: I/O error, dev loop5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   60.723219][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.743122][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   60.752727][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.845229][ T4291] Bluetooth: hci4: command 0x0419 tx timeout
[   60.854150][ T4291] Bluetooth: hci3: command 0x0419 tx timeout
[   60.884526][ T4291] Bluetooth: hci1: command 0x0419 tx timeout
[   60.894904][ T4291] Bluetooth: hci2: command 0x0419 tx timeout
[   60.914470][ T4291] Bluetooth: hci0: command 0x0419 tx timeout
[   60.975018][ T4184] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   61.001821][ T4184] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   61.018803][ T4313] process 'syz.1.9' launched './file0' with NULL argv: empty string added
[   61.045721][ T4184] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   61.082708][ T4184] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   61.369551][ T4265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.419437][ T4265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.034827][ T1220] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   62.288872][ T1220] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   62.298725][ T1220] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.425384][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   64.276700][ T4349] sched: RT throttling activated
[   66.754104][ T4321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.796592][ T4321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.804645][ T4327] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.824275][ T4327] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.872407][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   66.898739][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   67.072005][   T13] libceph: connect (1)[c::]:6789 error -101
[   67.084860][   T13] libceph: mon0 (1)[c::]:6789 connect error
[   67.162197][ T4174] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   67.373540][ T1111] libceph: connect (1)[c::]:6789 error -101
[   67.379876][ T1111] libceph: mon0 (1)[c::]:6789 connect error
[   67.457128][ T4174] usb 3-1: Using ep0 maxpacket: 32
[   67.525971][ T4372] netlink: 16 bytes leftover after parsing attributes in process `syz.3.19'.
[   67.540702][ T4369] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   67.623238][ T4357] ceph: No mds server is up or the cluster is laggy
[   67.822307][ T4174] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[   67.855118][ T4174] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.864121][ T4174] usb 3-1: Product: syz
[   67.868309][ T4174] usb 3-1: Manufacturer: syz
[   67.884424][ T4174] usb 3-1: SerialNumber: syz
[   67.911145][ T4174] usb 3-1: config 0 descriptor??
[   68.045859][ T4174] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[   68.307405][ T4174] gspca_topro: reg_w err -71
[   68.352296][ T4174] gspca_topro: Sensor soi763a
[   70.251389][ T4174] usb 3-1: USB disconnect, device number 2
[   71.259762][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[   71.266476][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[   74.081262][ T4425] loop1: detected capacity change from 0 to 2048
[   74.402714][ T4438] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   74.431058][ T4439] ufs: You didn't specify the type of your ufs filesystem
[   74.431058][ T4439] 
[   74.431058][ T4439] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[   74.431058][ T4439] 
[   74.431058][ T4439] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[   74.463945][ T4439] ufs: ufstype=old is supported read-only
[   74.470988][ T4439] blk_update_request: I/O error, dev loop9, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[   75.456352][ T4447] netlink: 96 bytes leftover after parsing attributes in process `syz.1.38'.
[   75.963636][   T13] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   76.222110][   T13] usb 3-1: Using ep0 maxpacket: 32
[   76.263357][    T7] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.811458][   T13] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   77.005259][ T1108] cfg80211: failed to load regulatory.db
[   77.222284][   T13] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   77.232435][   T13] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   77.242714][   T13] usb 3-1: Product: syz
[   77.249341][   T13] usb 3-1: Manufacturer: syz
[   77.259215][   T13] usb 3-1: SerialNumber: syz
[   77.265498][    T7] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[   77.287699][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   77.297622][    T7] usb 5-1: Product: syz
[   77.309841][   T13] usb 3-1: config 0 descriptor??
[   77.318780][    T7] usb 5-1: Manufacturer: syz
[   77.336722][    T7] usb 5-1: SerialNumber: syz
[   77.352178][ T4444] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[   77.373379][   T13] hub 3-1:0.0: bad descriptor, ignoring hub
[   77.379329][   T13] hub: probe of 3-1:0.0 failed with error -5
[   77.401200][    T7] usb 5-1: config 0 descriptor??
[   77.754584][ T1111] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[   77.805917][ T4461] Zero length message leads to an empty skb
[   78.682173][    T7] mos7840 5-1:0.0: required endpoints missing
[   78.732129][    T7] usb 5-1: USB disconnect, device number 2
[   78.852042][ T1111] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[   78.900324][ T1111] usb 2-1: config 0 interface 0 has no altsetting 0
[   79.007182][ T4465] lo speed is unknown, defaulting to 1000
[   79.016132][ T4465] lo speed is unknown, defaulting to 1000
[   79.023810][ T4465] lo speed is unknown, defaulting to 1000
[   79.120907][ T4465] infiniband syz0: set active
[   79.125886][ T4465] infiniband syz0: added lo
[   79.138268][ T4255] lo speed is unknown, defaulting to 1000
[   79.329008][ T4465] RDS/IB: syz0: added
[   79.333766][ T4465] smc: adding ib device syz0 with port count 1
[   79.340330][ T4465] smc:    ib device syz0 port 1 has pnetid 
[   79.355393][ T4465] lo speed is unknown, defaulting to 1000
[   79.442303][ T1111] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   79.452007][ T1111] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[   79.460172][ T4465] lo speed is unknown, defaulting to 1000
[   79.466188][ T1111] usb 2-1: Product: syz
[   79.470511][ T1111] usb 2-1: Manufacturer: syz
[   79.486186][ T1111] usb 2-1: SerialNumber: syz
[   79.497945][ T4255] lo speed is unknown, defaulting to 1000
[   79.637664][ T4465] lo speed is unknown, defaulting to 1000
[   79.764652][ T4465] lo speed is unknown, defaulting to 1000
[   79.891560][ T4465] lo speed is unknown, defaulting to 1000
[   80.273339][ T1111] usb 2-1: config 0 descriptor??
[   80.463755][ T1111] usb 2-1: can't set config #0, error -71
[   80.509515][ T1111] usb 2-1: USB disconnect, device number 2
[   80.633707][ T4174] usb 3-1: USB disconnect, device number 3
[   81.911974][ T1111] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   82.643502][ T4492] loop2: detected capacity change from 0 to 64
[   82.838271][   T26] audit: type=1804 audit(1764328181.062:2): pid=4492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.55" name="/newroot/12/file0/file0" dev="loop2" ino=22 res=1 errno=0
[   83.095093][ T4497] attempt to access beyond end of device
[   83.095093][ T4497] loop2: rw=2049, want=65, limit=64
[   83.106708][ T4497] Buffer I/O error on dev loop2, logical block 64, lost async page write
[   83.116540][ T4497] attempt to access beyond end of device
[   83.116540][ T4497] loop2: rw=2049, want=66, limit=64
[   83.127732][ T4497] Buffer I/O error on dev loop2, logical block 65, lost async page write
[   83.137027][ T4497] attempt to access beyond end of device
[   83.137027][ T4497] loop2: rw=2049, want=67, limit=64
[   83.272519][ T4497] Buffer I/O error on dev loop2, logical block 66, lost async page write
[   83.282790][ T4497] attempt to access beyond end of device
[   83.282790][ T4497] loop2: rw=2049, want=68, limit=64
[   83.302170][ T1111] usb 1-1: config 0 has an invalid interface number: 182 but max is 1
[   83.310378][ T1111] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   83.377614][ T4497] Buffer I/O error on dev loop2, logical block 67, lost async page write
[   83.404424][ T4497] attempt to access beyond end of device
[   83.404424][ T4497] loop2: rw=2049, want=69, limit=64
[   83.574415][ T1111] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[   84.012779][ T4497] Buffer I/O error on dev loop2, logical block 68, lost async page write
[   84.053382][ T4497] attempt to access beyond end of device
[   84.053382][ T4497] loop2: rw=2049, want=73, limit=64
[   84.086545][ T1111] usb 1-1: config 0 has no interface number 0
[   84.135641][ T1111] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[   84.181973][ T1111] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.221360][ T1111] usb 1-1: config 0 descriptor??
[   84.427601][ T4497] Buffer I/O error on dev loop2, logical block 72, lost async page write
[   84.468152][ T4497] attempt to access beyond end of device
[   84.468152][ T4497] loop2: rw=2049, want=74, limit=64
[   84.501367][ T4509] loop3: detected capacity change from 0 to 2048
[   84.518066][ T4497] Buffer I/O error on dev loop2, logical block 73, lost async page write
[   84.556685][ T4497] attempt to access beyond end of device
[   84.556685][ T4497] loop2: rw=2049, want=844, limit=64
[   84.759162][ T4512] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   84.931471][ T4514] rdma_rxe: rxe_register_device failed with error -23
[   85.009355][ T4519] netlink: 96 bytes leftover after parsing attributes in process `syz.3.61'.
[   85.442283][ T4514] rdma_rxe: failed to add lo
[   85.823025][ T4527] loop3: detected capacity change from 0 to 64
[   86.118910][   T26] audit: type=1804 audit(1764328184.352:3): pid=4527 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.65" name="/newroot/11/file0/file0" dev="loop3" ino=22 res=1 errno=0
[   86.140489][ T1111] usb 1-1: can't set config #0, error -71
[   86.160438][ T1111] usb 1-1: USB disconnect, device number 2
[   86.326416][ T4531] attempt to access beyond end of device
[   86.326416][ T4531] loop3: rw=2049, want=65, limit=64
[   86.337762][ T4531] Buffer I/O error on dev loop3, logical block 64, lost async page write
[   86.347063][ T4531] attempt to access beyond end of device
[   86.347063][ T4531] loop3: rw=2049, want=66, limit=64
[   86.358044][ T4531] Buffer I/O error on dev loop3, logical block 65, lost async page write
[   86.367094][ T4531] Buffer I/O error on dev loop3, logical block 66, lost async page write
[   87.799126][ T4543] loop4: detected capacity change from 0 to 512
[   87.863351][ T4543] EXT4-fs (loop4): Ignoring removed bh option
[   87.879666][ T4543] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[   87.892085][ T4291] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   87.958694][ T4543] EXT4-fs (loop4): 1 truncate cleaned up
[   87.979935][ T4543] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   88.136794][ T4554] loop1: detected capacity change from 0 to 64
[   88.162107][ T4291] usb 4-1: Using ep0 maxpacket: 8
[   88.176451][ T4552] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   88.216518][ T4552] device batadv_slave_0 entered promiscuous mode
[   88.243752][   T26] audit: type=1804 audit(1764328186.482:4): pid=4554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.74" name="/newroot/18/file0/file0" dev="loop1" ino=22 res=1 errno=0
[   88.523479][ T4558] handle_bad_sector: 6 callbacks suppressed
[   88.523501][ T4558] attempt to access beyond end of device
[   88.523501][ T4558] loop1: rw=2049, want=65, limit=64
[   88.540416][ T4558] buffer_io_error: 4 callbacks suppressed
[   88.541186][ T4558] Buffer I/O error on dev loop1, logical block 64, lost async page write
[   88.552158][ T4291] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[   88.566371][ T4558] attempt to access beyond end of device
[   88.566371][ T4558] loop1: rw=2049, want=66, limit=64
[   88.577750][ T4558] Buffer I/O error on dev loop1, logical block 65, lost async page write
[   88.586694][ T4558] attempt to access beyond end of device
[   88.586694][ T4558] loop1: rw=2049, want=67, limit=64
[   88.597678][ T4558] Buffer I/O error on dev loop1, logical block 66, lost async page write
[   88.606631][ T4558] attempt to access beyond end of device
[   88.606631][ T4558] loop1: rw=2049, want=68, limit=64
[   88.617601][ T4558] Buffer I/O error on dev loop1, logical block 67, lost async page write
[   88.626464][ T4558] attempt to access beyond end of device
[   88.626464][ T4558] loop1: rw=2049, want=69, limit=64
[   88.637840][ T4558] Buffer I/O error on dev loop1, logical block 68, lost async page write
[   88.646883][ T4558] attempt to access beyond end of device
[   88.646883][ T4558] loop1: rw=2049, want=73, limit=64
[   88.657814][ T4558] Buffer I/O error on dev loop1, logical block 72, lost async page write
[   88.666681][ T4558] attempt to access beyond end of device
[   88.666681][ T4558] loop1: rw=2049, want=74, limit=64
[   88.677694][ T4558] Buffer I/O error on dev loop1, logical block 73, lost async page write
[   88.695030][ T4558] attempt to access beyond end of device
[   88.695030][ T4558] loop1: rw=2049, want=844, limit=64
[   89.015482][ T4291] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.025625][ T4291] usb 4-1: Product: syz
[   89.029840][ T4291] usb 4-1: Manufacturer: syz
[   89.034546][ T4291] usb 4-1: SerialNumber: syz
[   89.041825][ T4291] usb 4-1: config 0 descriptor??
[   89.093947][ T4291] gspca_main: sonixj-2.14.0 probing 0c45:613e
[   89.189958][ T4564] loop2: detected capacity change from 0 to 64
[   89.224812][ T4566] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[   89.504995][   T26] audit: type=1804 audit(1764328187.742:5): pid=4564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.79" name="/newroot/17/file0/file0" dev="loop2" ino=22 res=1 errno=0
[   89.773806][ T4570] attempt to access beyond end of device
[   89.773806][ T4570] loop2: rw=2049, want=65, limit=64
[   89.785211][ T4570] Buffer I/O error on dev loop2, logical block 64, lost async page write
[   89.794381][ T4570] attempt to access beyond end of device
[   89.794381][ T4570] loop2: rw=2049, want=66, limit=64
[   89.810119][ T4570] Buffer I/O error on dev loop2, logical block 65, lost async page write
[   89.819543][ T4570] Buffer I/O error on dev loop2, logical block 66, lost async page write
[   90.384625][ T4580] device ip6erspan0 entered promiscuous mode
[   90.496603][ T4581] sctp: failed to load transform for md5: -2
[   93.362731][ T4291] gspca_sonixj: i2c_w8 err -110
[   93.392144][ T4234] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[   93.492099][ T4291] sonixj: probe of 4-1:0.0 failed with error -110
[   93.569403][ T4291] usb 4-1: USB disconnect, device number 2
[   93.601219][ T4608] loop1: detected capacity change from 0 to 512
[   94.238740][ T4608] EXT4-fs (loop1): Ignoring removed bh option
[   94.252046][ T4234] usb 5-1: device descriptor read/all, error -71
[   94.279414][ T4608] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[   94.301257][ T4608] EXT4-fs (loop1): 1 truncate cleaned up
[   94.327631][ T4608] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[   94.413879][ T4624] loop4: detected capacity change from 0 to 64
[   95.483595][ T4608] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   95.539059][   T26] audit: type=1804 audit(1764328193.772:6): pid=4624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.91" name="/newroot/15/file0/file0" dev="loop4" ino=22 res=1 errno=0
[   95.885859][ T4638] handle_bad_sector: 6 callbacks suppressed
[   95.885919][ T4638] attempt to access beyond end of device
[   95.885919][ T4638] loop4: rw=2049, want=65, limit=64
[   95.902892][ T4638] buffer_io_error: 4 callbacks suppressed
[   95.902946][ T4638] Buffer I/O error on dev loop4, logical block 64, lost async page write
[   95.917549][ T4638] attempt to access beyond end of device
[   95.917549][ T4638] loop4: rw=2049, want=66, limit=64
[   95.928675][ T4638] Buffer I/O error on dev loop4, logical block 65, lost async page write
[   95.937696][ T4638] attempt to access beyond end of device
[   95.937696][ T4638] loop4: rw=2049, want=67, limit=64
[   96.010960][ T4638] Buffer I/O error on dev loop4, logical block 66, lost async page write
[   96.096208][ T4638] attempt to access beyond end of device
[   96.096208][ T4638] loop4: rw=2049, want=68, limit=64
[   96.108027][ T4608] device batadv_slave_0 entered promiscuous mode
[   96.125804][ T4638] Buffer I/O error on dev loop4, logical block 67, lost async page write
[   96.549248][ T4638] attempt to access beyond end of device
[   96.549248][ T4638] loop4: rw=2049, want=69, limit=64
[   96.549290][ T4638] Buffer I/O error on dev loop4, logical block 68, lost async page write
[   96.549322][ T4638] attempt to access beyond end of device
[   96.549322][ T4638] loop4: rw=2049, want=73, limit=64
[   96.549334][ T4638] Buffer I/O error on dev loop4, logical block 72, lost async page write
[   96.549362][ T4638] attempt to access beyond end of device
[   96.549362][ T4638] loop4: rw=2049, want=74, limit=64
[   96.549372][ T4638] Buffer I/O error on dev loop4, logical block 73, lost async page write
[   96.613815][ T4638] attempt to access beyond end of device
[   96.613815][ T4638] loop4: rw=2049, want=844, limit=64
[   97.666538][ T4614] delete_channel: no stack
[   97.887192][ T4174] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   98.822009][ T4174] usb 2-1: Using ep0 maxpacket: 16
[   99.842145][ T4174] usb 2-1: config 0 has an invalid interface number: 49 but max is 0
[   99.880913][ T4174] usb 2-1: config 0 has no interface number 0
[   99.890546][ T4174] usb 2-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16
[   99.920761][ T4174] usb 2-1: config 0 interface 49 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  100.092547][ T4174] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7
[  100.134904][ T4174] usb 2-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3
[  100.152132][ T4174] usb 2-1: Product: syz
[  100.156991][ T4174] usb 2-1: Manufacturer: syz
[  100.161706][ T4174] usb 2-1: SerialNumber: syz
[  100.200801][ T4174] usb 2-1: config 0 descriptor??
[  100.239533][ T4663] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  100.450775][ T4663] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  100.605093][ T4694] rdma_rxe: rxe_register_device failed with error -23
[  100.613246][ T4694] rdma_rxe: failed to add lo
[  100.643513][ T4174] qmi_wwan: probe of 2-1:0.49 failed with error -22
[  100.667606][ T4676] loop0: detected capacity change from 0 to 32768
[  100.684846][ T4174] usb 2-1: USB disconnect, device number 3
[  100.748753][ T4698] loop1: detected capacity change from 0 to 64
[  100.993779][ T4702] misc userio: Invalid payload size
[  101.010286][   T26] audit: type=1804 audit(1764328199.242:7): pid=4698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.110" name="/newroot/22/file0/file0" dev="loop1" ino=22 res=1 errno=0
[  102.094600][ T4716] netlink: set zone limit has 8 unknown bytes
[  102.113422][ T4715] netlink: 128 bytes leftover after parsing attributes in process `syz.1.115'.
[  102.284680][ T4718] netlink: 200 bytes leftover after parsing attributes in process `syz.1.116'.
[  103.862769][ T4731] netlink: 24 bytes leftover after parsing attributes in process `syz.4.121'.
[  103.947315][ T4733] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  105.764874][ T4746] loop0: detected capacity change from 0 to 64
[  105.856786][   T26] audit: type=1804 audit(1764328204.092:8): pid=4746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.125" name="/newroot/24/file0/file0" dev="loop0" ino=22 res=1 errno=0
[  106.060982][ T4748] attempt to access beyond end of device
[  106.060982][ T4748] loop0: rw=2049, want=65, limit=64
[  106.072202][ T4748] Buffer I/O error on dev loop0, logical block 64, lost async page write
[  106.081463][ T4748] attempt to access beyond end of device
[  106.081463][ T4748] loop0: rw=2049, want=66, limit=64
[  106.092505][ T4748] Buffer I/O error on dev loop0, logical block 65, lost async page write
[  106.101418][ T4748] attempt to access beyond end of device
[  106.101418][ T4748] loop0: rw=2049, want=67, limit=64
[  106.112498][ T4748] Buffer I/O error on dev loop0, logical block 66, lost async page write
[  106.121602][ T4748] attempt to access beyond end of device
[  106.121602][ T4748] loop0: rw=2049, want=68, limit=64
[  106.132782][ T4748] Buffer I/O error on dev loop0, logical block 67, lost async page write
[  106.141857][ T4748] attempt to access beyond end of device
[  106.141857][ T4748] loop0: rw=2049, want=69, limit=64
[  106.153481][ T4748] Buffer I/O error on dev loop0, logical block 68, lost async page write
[  106.162484][ T4748] attempt to access beyond end of device
[  106.162484][ T4748] loop0: rw=2049, want=73, limit=64
[  106.173598][ T4748] Buffer I/O error on dev loop0, logical block 72, lost async page write
[  106.182583][ T4748] attempt to access beyond end of device
[  106.182583][ T4748] loop0: rw=2049, want=74, limit=64
[  106.193586][ T4748] Buffer I/O error on dev loop0, logical block 73, lost async page write
[  106.210790][ T4748] attempt to access beyond end of device
[  106.210790][ T4748] loop0: rw=2049, want=844, limit=64
[  107.606374][ T4761] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  107.613226][ T4761] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  107.716214][ T4761] vhci_hcd vhci_hcd.0: Device attached
[  107.862182][ T4291] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  107.982147][ T4604] usb 37-1: new low-speed USB device number 2 using vhci_hcd
[  108.412159][ T4291] usb 3-1: config index 0 descriptor too short (expected 8192, got 18)
[  108.457158][ T4291] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.461293][ T4743] loop4: detected capacity change from 0 to 32768
[  108.487808][ T4291] usb 3-1: config 0 has no interfaces?
[  108.509909][ T4291] usb 3-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice=f0.b2
[  108.546928][ T4291] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.628749][ T4291] usb 3-1: config 0 descriptor??
[  108.889252][ T4762] usb 37-1: recv xbuf, 0
[  108.951035][ T4772] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  109.638414][ T4329] vhci_hcd: stop threads
[  109.642625][ T4291] usb 3-1: string descriptor 0 read error: -71
[  109.644014][ T4329] vhci_hcd: release socket
[  109.661387][ T4291] usb 3-1: USB disconnect, device number 4
[  109.708631][ T4329] vhci_hcd: disconnect device
[  109.783876][ T4779] loop3: detected capacity change from 0 to 64
[  109.857934][   T26] audit: type=1804 audit(1764328208.092:9): pid=4779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.136" name="/newroot/25/file0/file0" dev="loop3" ino=22 res=1 errno=0
[  110.064448][ T4781] attempt to access beyond end of device
[  110.064448][ T4781] loop3: rw=2049, want=65, limit=64
[  110.075407][ T4781] Buffer I/O error on dev loop3, logical block 64, lost async page write
[  110.084272][ T4781] attempt to access beyond end of device
[  110.084272][ T4781] loop3: rw=2049, want=66, limit=64
[  110.095212][ T4781] Buffer I/O error on dev loop3, logical block 65, lost async page write
[  110.104178][ T4781] Buffer I/O error on dev loop3, logical block 66, lost async page write
[  111.338245][ T4796] loop0: detected capacity change from 0 to 64
[  111.705179][   T26] audit: type=1804 audit(1764328209.942:10): pid=4796 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.140" name="/newroot/30/file0/file0" dev="loop0" ino=22 res=1 errno=0
[  111.878404][ T4801] handle_bad_sector: 6 callbacks suppressed
[  111.878505][ T4801] attempt to access beyond end of device
[  111.878505][ T4801] loop0: rw=2049, want=65, limit=64
[  111.895942][ T4801] buffer_io_error: 4 callbacks suppressed
[  111.896008][ T4801] Buffer I/O error on dev loop0, logical block 64, lost async page write
[  111.910555][ T4801] attempt to access beyond end of device
[  111.910555][ T4801] loop0: rw=2049, want=66, limit=64
[  111.921468][ T4801] Buffer I/O error on dev loop0, logical block 65, lost async page write
[  111.930303][ T4801] attempt to access beyond end of device
[  111.930303][ T4801] loop0: rw=2049, want=67, limit=64
[  111.941213][ T4801] Buffer I/O error on dev loop0, logical block 66, lost async page write
[  111.950088][ T4801] attempt to access beyond end of device
[  111.950088][ T4801] loop0: rw=2049, want=68, limit=64
[  111.961106][ T4801] Buffer I/O error on dev loop0, logical block 67, lost async page write
[  111.969998][ T4801] attempt to access beyond end of device
[  111.969998][ T4801] loop0: rw=2049, want=69, limit=64
[  111.980996][ T4801] Buffer I/O error on dev loop0, logical block 68, lost async page write
[  111.989862][ T4801] attempt to access beyond end of device
[  111.989862][ T4801] loop0: rw=2049, want=73, limit=64
[  112.000807][ T4801] Buffer I/O error on dev loop0, logical block 72, lost async page write
[  112.009736][ T4801] attempt to access beyond end of device
[  112.009736][ T4801] loop0: rw=2049, want=74, limit=64
[  112.020648][ T4801] Buffer I/O error on dev loop0, logical block 73, lost async page write
[  112.038265][ T4801] attempt to access beyond end of device
[  112.038265][ T4801] loop0: rw=2049, want=844, limit=64
[  112.197892][   T26] audit: type=1326 audit(1764328209.992:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4798 comm="syz.4.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a9e3f8749 code=0x7ffc0000
[  112.304205][   T26] audit: type=1326 audit(1764328210.402:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4798 comm="syz.4.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f1a9e3f8749 code=0x7ffc0000
[  112.326918][   T26] audit: type=1326 audit(1764328210.402:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4798 comm="syz.4.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a9e3f8749 code=0x7ffc0000
[  112.382527][   T26] audit: type=1326 audit(1764328210.402:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4798 comm="syz.4.141" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a9e3f8749 code=0x7ffc0000
[  112.412335][ T4807] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  112.941965][ T4241] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  113.552183][ T4241] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 18432, setting to 64
[  113.596980][ T4241] usb 4-1: config 0 interface 0 has no altsetting 0
[  113.737059][ T4831] ufs: You didn't specify the type of your ufs filesystem
[  113.737059][ T4831] 
[  113.737059][ T4831] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  113.737059][ T4831] 
[  113.737059][ T4831] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  113.768187][ T4831] ufs: ufstype=old is supported read-only
[  113.774267][ T4831] blk_update_request: I/O error, dev loop5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  114.281187][ T4241] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  114.338744][ T4241] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  114.362039][ T4241] usb 4-1: Product: syz
[  114.366255][ T4241] usb 4-1: Manufacturer: syz
[  114.379251][ T4241] usb 4-1: SerialNumber: syz
[  114.453450][ T4241] usb 4-1: config 0 descriptor??
[  114.516357][ T4241] usb 4-1: selecting invalid altsetting 0
[  114.766733][ T4809] usb 4-1: selecting invalid altsetting 0
[  114.782981][ T4809] usb 4-1: 0:0: usb_set_interface failed (-22)
[  114.789200][ T4809] usb 4-1: selecting invalid altsetting 0
[  114.802865][ T4809] usb 4-1: 0:0: usb_set_interface failed (-22)
[  114.822525][ T4838] usb 4-1: selecting invalid altsetting 0
[  114.828306][ T4838] usb 4-1: 0:0: usb_set_interface failed (-22)
[  114.842059][ T4838] usb 4-1: selecting invalid altsetting 0
[  114.847833][ T4838] usb 4-1: 0:0: usb_set_interface failed (-22)
[  114.889041][ T4838] usb 4-1: selecting invalid altsetting 0
[  114.897486][ T4838] usb 4-1: 0:0: usb_set_interface failed (-22)
[  114.929959][ T4241] usb 4-1: USB disconnect, device number 3
[  115.392381][ T4355] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  115.822140][ T4355] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  115.882807][ T4355] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  115.922002][ T4355] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  115.972481][ T4355] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.336731][ T4853] overlayfs: failed to resolve './file0': -2
[  117.880952][ T1326] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  118.102052][ T4355] usb 3-1: usb_control_msg returned -32
[  118.342745][ T1326] usb 2-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[  119.479906][ T4355] usbtmc 3-1:16.0: can't read capabilities
[  119.921383][ T1326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.168672][ T1326] usb 2-1: config 0 descriptor??
[  120.662446][ T1326] usb 2-1: can't set config #0, error -71
[  120.738811][ T1326] usb 2-1: USB disconnect, device number 4
[  121.355773][ T4876] usb 3-1: USB disconnect, device number 5
[  122.047622][ T4899] overlayfs: failed to resolve './file0': -2
[  122.062358][ T4241] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  122.351958][ T4876] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  122.422002][ T4241] usb 1-1: Using ep0 maxpacket: 32
[  122.523776][ T4910] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  122.705203][ T4876] usb 3-1: Using ep0 maxpacket: 32
[  122.862374][ T4241] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  122.889010][ T4241] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  122.952735][ T4876] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  122.972239][ T4241] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  122.995395][ T4876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.154774][ T4241] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  123.184819][ T4241] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[  123.211488][ T4914] netlink: 12 bytes leftover after parsing attributes in process `syz.4.171'.
[  123.220697][ T4241] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  123.231268][ T4876] gspca_main: nw80x-2.14.0 probing 055f:d001
[  123.342069][ T4241] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.375354][ T4241] usb 1-1: config 0 descriptor??
[  124.132031][ T4876] gspca_nw80x: reg_w err -110
[  124.136885][ T4876] nw80x: probe of 3-1:3.0 failed with error -110
[  124.188728][ T1108] usb 1-1: USB disconnect, device number 3
[  124.249814][ T4200] Bluetooth: Frame is too long (len 10, expected len 8)
[  124.912174][ T1108] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  125.432258][ T1108] usb 1-1: Using ep0 maxpacket: 32
[  125.502111][ T1108] usb 1-1: device descriptor read/all, error -71
[  125.573150][ T4876] usb 4-1: new low-speed USB device number 4 using dummy_hcd
[  125.757394][ T4939] =======================================================
[  125.757394][ T4939] WARNING: The mand mount option has been deprecated and
[  125.757394][ T4939]          and is ignored by this kernel. Remove the mand
[  125.757394][ T4939]          option from the mount to silence this warning.
[  125.757394][ T4939] =======================================================
[  126.100031][ T4939] tmpfs: Bad value for 'mpol'
[  126.332013][ T4255] usb 3-1: USB disconnect, device number 6
[  126.795931][ T4949] overlayfs: failed to resolve './file0': -2
[  127.848770][ T4876] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  127.857839][ T4876] usb 4-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  127.871936][ T4876] usb 4-1: config 168 interface 0 altsetting 188 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  127.885554][ T4876] usb 4-1: config 168 interface 0 altsetting 188 has an invalid endpoint with address 0xFF, skipping
[  127.907070][ T4876] usb 4-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  127.922250][ T4876] usb 4-1: config 168 interface 0 has no altsetting 0
[  128.522995][ T4958] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  128.960041][ T4876] usb 4-1: unable to read config index 1 descriptor/all
[  128.975782][ T4876] usb 4-1: can't read configurations, error -71
[  131.639338][ T4988] loop4: detected capacity change from 0 to 65
[  131.727977][ T4988] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  131.829139][ T4990] loop2: detected capacity change from 0 to 64
[  132.045330][   T26] audit: type=1804 audit(1764328230.282:15): pid=4990 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.190" name="/newroot/38/file0/file0" dev="loop2" ino=22 res=1 errno=0
[  132.270817][ T4992] attempt to access beyond end of device
[  132.270817][ T4992] loop2: rw=2049, want=65, limit=64
[  132.282413][ T4992] Buffer I/O error on dev loop2, logical block 64, lost async page write
[  132.291490][ T4992] attempt to access beyond end of device
[  132.291490][ T4992] loop2: rw=2049, want=66, limit=64
[  132.302603][ T4992] Buffer I/O error on dev loop2, logical block 65, lost async page write
[  132.311745][ T4992] attempt to access beyond end of device
[  132.311745][ T4992] loop2: rw=2049, want=67, limit=64
[  132.322830][ T4992] Buffer I/O error on dev loop2, logical block 66, lost async page write
[  132.332187][ T4992] attempt to access beyond end of device
[  132.332187][ T4992] loop2: rw=2049, want=68, limit=64
[  132.343352][ T4992] Buffer I/O error on dev loop2, logical block 67, lost async page write
[  132.352358][ T4992] attempt to access beyond end of device
[  132.352358][ T4992] loop2: rw=2049, want=69, limit=64
[  132.363996][ T4992] Buffer I/O error on dev loop2, logical block 68, lost async page write
[  132.373083][ T4992] attempt to access beyond end of device
[  132.373083][ T4992] loop2: rw=2049, want=73, limit=64
[  132.384151][ T4992] Buffer I/O error on dev loop2, logical block 72, lost async page write
[  132.393031][ T4992] attempt to access beyond end of device
[  132.393031][ T4992] loop2: rw=2049, want=74, limit=64
[  132.404076][ T4992] Buffer I/O error on dev loop2, logical block 73, lost async page write
[  132.425230][ T4992] attempt to access beyond end of device
[  132.425230][ T4992] loop2: rw=2049, want=844, limit=64
[  132.685706][ T1423] ieee802154 phy0 wpan0: encryption failed: -22
[  132.692240][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  134.264286][ T5006] rdma_rxe: rxe_register_device failed with error -23
[  134.279118][ T5006] rdma_rxe: failed to add lo
[  134.296575][ T5010] device syzkaller0 entered promiscuous mode
[  136.135189][ T5026] loop3: detected capacity change from 0 to 65
[  136.171364][ T5030] loop4: detected capacity change from 0 to 64
[  136.182884][ T5026] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  136.401179][   T26] audit: type=1804 audit(1764328234.632:16): pid=5030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.205" name="/newroot/42/file0/file0" dev="loop4" ino=22 res=1 errno=0
[  137.211754][ T5033] ip6t_rpfilter: unknown options
[  137.753958][ T5030] attempt to access beyond end of device
[  137.753958][ T5030] loop4: rw=2049, want=65, limit=64
[  137.764862][ T5030] Buffer I/O error on dev loop4, logical block 64, lost async page write
[  137.773447][ T5030] attempt to access beyond end of device
[  137.773447][ T5030] loop4: rw=2049, want=66, limit=64
[  137.784273][ T5030] Buffer I/O error on dev loop4, logical block 65, lost async page write
[  137.793092][ T5030] attempt to access beyond end of device
[  137.793092][ T5030] loop4: rw=2049, want=67, limit=64
[  137.803942][ T5030] Buffer I/O error on dev loop4, logical block 66, lost async page write
[  137.812457][ T5030] attempt to access beyond end of device
[  137.812457][ T5030] loop4: rw=2049, want=68, limit=64
[  137.823259][ T5030] Buffer I/O error on dev loop4, logical block 67, lost async page write
[  137.831909][ T5030] attempt to access beyond end of device
[  137.831909][ T5030] loop4: rw=2049, want=69, limit=64
[  137.843043][ T5030] Buffer I/O error on dev loop4, logical block 68, lost async page write
[  137.851567][ T5030] attempt to access beyond end of device
[  137.851567][ T5030] loop4: rw=2049, want=73, limit=64
[  137.862391][ T5030] Buffer I/O error on dev loop4, logical block 72, lost async page write
[  137.870928][ T5030] attempt to access beyond end of device
[  137.870928][ T5030] loop4: rw=2049, want=74, limit=64
[  137.881740][ T5030] Buffer I/O error on dev loop4, logical block 73, lost async page write
[  137.891455][ T5030] attempt to access beyond end of device
[  137.891455][ T5030] loop4: rw=2049, want=844, limit=64
[  138.194420][ T5043] loop0: detected capacity change from 0 to 2048
[  138.371036][ T5047] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  139.958229][ T5055] overlayfs: failed to resolve './file0': -2
[  140.503320][ T5062] ieee802154 phy0 wpan0: encryption failed: -22
[  141.207491][ T5071] syz.4.218 uses obsolete (PF_INET,SOCK_PACKET)
[  143.194110][ T5071] netlink: 8 bytes leftover after parsing attributes in process `syz.4.218'.
[  143.214340][ T5080] loop1: detected capacity change from 0 to 65
[  143.400959][ T5080] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  143.512037][    T7] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  143.678818][ T5088] loop2: detected capacity change from 0 to 512
[  144.207312][ T5088] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  144.221961][ T5088] ext4 filesystem being mounted at /42/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  144.487594][    T7] usb 5-1: unable to read config index 0 descriptor/start: -71
[  144.495021][ T5102] loop1: detected capacity change from 0 to 2048
[  144.511034][    T7] usb 5-1: can't read configurations, error -71
[  144.982667][ T5105] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  145.565353][ T5109] netlink: 556 bytes leftover after parsing attributes in process `syz.1.224'.
[  147.331142][ T5130] ufs: You didn't specify the type of your ufs filesystem
[  147.331142][ T5130] 
[  147.331142][ T5130] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  147.331142][ T5130] 
[  147.331142][ T5130] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  147.362136][ T5130] ufs: ufstype=old is supported read-only
[  147.368086][ T5130] blk_update_request: I/O error, dev loop9, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  148.557900][ T5111] loop0: detected capacity change from 0 to 32768
[  148.628675][ T5137] loop1: detected capacity change from 0 to 65
[  148.712057][ T5137] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  150.857148][ T5145] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem
[  151.828358][ T5154] loop4: detected capacity change from 0 to 2048
[  152.458350][ T5164] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  152.599006][ T5157] sd 0:0:1:0: device reset
[  152.702135][ T5170] netlink: 556 bytes leftover after parsing attributes in process `syz.4.239'.
[  154.238155][ T5173] loop1: detected capacity change from 0 to 32768
[  155.281977][ T1326] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  155.522035][ T1326] usb 4-1: Using ep0 maxpacket: 8
[  155.642316][ T1326] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  155.702036][ T1326] usb 4-1: config 0 interface 0 altsetting 64 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  155.770331][ T1326] usb 4-1: config 0 interface 0 has no altsetting 0
[  155.821551][ T1326] usb 4-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  155.865369][ T5202] ufs: You didn't specify the type of your ufs filesystem
[  155.865369][ T5202] 
[  155.865369][ T5202] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  155.865369][ T5202] 
[  155.865369][ T5202] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  155.884362][ T1326] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.896212][ T5202] ufs: ufstype=old is supported read-only
[  155.910340][ T5202] blk_update_request: I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  156.042927][ T1326] usb 4-1: config 0 descriptor??
[  156.103165][ T1326] qmi_wwan 4-1:0.0: bogus CDC Union: master=222, slave=39
[  156.123093][ T1326] qmi_wwan: probe of 4-1:0.0 failed with error -22
[  156.183040][ T5206] loop1: detected capacity change from 0 to 2048
[  156.282127][ T5209] rdma_rxe: already configured on lo
[  156.407101][ T4876] usb 4-1: USB disconnect, device number 6
[  156.431979][ T5212] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  156.750095][ T5216] netlink: 556 bytes leftover after parsing attributes in process `syz.1.256'.
[  158.134357][ T5232] loop0: detected capacity change from 0 to 64
[  159.247315][   T26] audit: type=1804 audit(1764328257.482:17): pid=5232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.262" name="/newroot/54/file0/file0" dev="loop0" ino=22 res=1 errno=0
[  160.107866][ T5237] attempt to access beyond end of device
[  160.107866][ T5237] loop0: rw=2049, want=65, limit=64
[  160.210221][ T5237] Buffer I/O error on dev loop0, logical block 64, lost async page write
[  160.233176][ T5237] attempt to access beyond end of device
[  160.233176][ T5237] loop0: rw=2049, want=66, limit=64
[  161.086195][ T5237] Buffer I/O error on dev loop0, logical block 65, lost async page write
[  161.121683][ T5237] attempt to access beyond end of device
[  161.121683][ T5237] loop0: rw=2049, want=67, limit=64
[  161.132916][ T5237] Buffer I/O error on dev loop0, logical block 66, lost async page write
[  161.145981][ T5237] attempt to access beyond end of device
[  161.145981][ T5237] loop0: rw=2049, want=68, limit=64
[  161.161083][ T5237] Buffer I/O error on dev loop0, logical block 67, lost async page write
[  161.286478][ T5263] loop4: detected capacity change from 0 to 512
[  161.993505][ T5237] attempt to access beyond end of device
[  161.993505][ T5237] loop0: rw=2049, want=69, limit=64
[  162.180695][ T5237] Buffer I/O error on dev loop0, logical block 68, lost async page write
[  162.261816][ T5267] overlayfs: failed to resolve './file1': -2
[  162.656941][ T5237] attempt to access beyond end of device
[  162.656941][ T5237] loop0: rw=2049, want=73, limit=64
[  162.821422][ T5237] Buffer I/O error on dev loop0, logical block 72, lost async page write
[  162.835287][ T5263] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  162.849380][ T5263] ext4 filesystem being mounted at /55/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.868421][ T5237] attempt to access beyond end of device
[  162.868421][ T5237] loop0: rw=2049, want=74, limit=64
[  162.883891][ T5237] Buffer I/O error on dev loop0, logical block 73, lost async page write
[  162.901148][ T5237] attempt to access beyond end of device
[  162.901148][ T5237] loop0: rw=2049, want=220, limit=64
[  162.961395][ T5275] loop1: detected capacity change from 0 to 2048
[  163.105935][ T5276] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  163.389168][ T5281] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  163.413644][ T5285] netlink: 556 bytes leftover after parsing attributes in process `syz.1.269'.
[  165.101280][ T5272] loop2: detected capacity change from 0 to 32768
[  165.240598][ T5298] rdma_rxe: already configured on lo
[  167.854849][ T5311] lo speed is unknown, defaulting to 1000
[  168.072007][ T1108] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  168.390587][ T5321] loop3: detected capacity change from 0 to 64
[  168.462023][ T1108] usb 3-1: Using ep0 maxpacket: 32
[  168.504089][   T26] audit: type=1804 audit(1764328266.742:18): pid=5321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.282" name="/newroot/61/file0/file0" dev="loop3" ino=22 res=1 errno=0
[  168.612084][ T1108] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  168.762468][ T5323] attempt to access beyond end of device
[  168.762468][ T5323] loop3: rw=2049, want=65, limit=64
[  168.773705][ T5323] Buffer I/O error on dev loop3, logical block 64, lost async page write
[  168.782734][ T5323] attempt to access beyond end of device
[  168.782734][ T5323] loop3: rw=2049, want=66, limit=64
[  168.793727][ T5323] Buffer I/O error on dev loop3, logical block 65, lost async page write
[  168.802937][ T5323] attempt to access beyond end of device
[  168.802937][ T5323] loop3: rw=2049, want=67, limit=64
[  168.814052][ T5323] Buffer I/O error on dev loop3, logical block 66, lost async page write
[  168.824140][ T5323] attempt to access beyond end of device
[  168.824140][ T5323] loop3: rw=2049, want=68, limit=64
[  168.835323][ T5323] Buffer I/O error on dev loop3, logical block 67, lost async page write
[  168.844546][ T5323] attempt to access beyond end of device
[  168.844546][ T5323] loop3: rw=2049, want=69, limit=64
[  168.855809][ T5323] Buffer I/O error on dev loop3, logical block 68, lost async page write
[  168.864772][ T5323] attempt to access beyond end of device
[  168.864772][ T5323] loop3: rw=2049, want=73, limit=64
[  168.875774][ T5323] Buffer I/O error on dev loop3, logical block 72, lost async page write
[  168.884874][ T5323] attempt to access beyond end of device
[  168.884874][ T5323] loop3: rw=2049, want=74, limit=64
[  168.895988][ T5323] Buffer I/O error on dev loop3, logical block 73, lost async page write
[  168.920500][ T5323] attempt to access beyond end of device
[  168.920500][ T5323] loop3: rw=2049, want=844, limit=64
[  169.268538][ T1108] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x2 has invalid wMaxPacketSize 0
[  169.278511][ T1108] usb 3-1: config 0 interface 0 has no altsetting 0
[  169.285198][ T1108] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  169.295608][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.307279][ T1108] usb 3-1: config 0 descriptor??
[  170.621092][ T5337] loop3: detected capacity change from 0 to 2048
[  170.634723][ T1108] corsair-cpro 0003:1B1C:0C10.0001: unknown main item tag 0x0
[  170.652486][ T1108] corsair-cpro 0003:1B1C:0C10.0001: unknown main item tag 0x0
[  170.691563][ T1108] corsair-cpro 0003:1B1C:0C10.0001: unknown main item tag 0x0
[  170.709486][ T1108] corsair-cpro 0003:1B1C:0C10.0001: unknown main item tag 0x0
[  170.721450][ T1108] corsair-cpro 0003:1B1C:0C10.0001: unknown main item tag 0x0
[  170.753372][ T1108] corsair-cpro 0003:1B1C:0C10.0001: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.2-1/input0
[  170.851259][ T5347] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  171.066407][ T5352] netlink: 556 bytes leftover after parsing attributes in process `syz.3.285'.
[  171.133733][ T1108] corsair-cpro: probe of 0003:1B1C:0C10.0001 failed with error -90
[  171.308406][ T1108] usb 3-1: USB disconnect, device number 7
[  172.548386][ T5355] fido_id[5355]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  172.565766][ T5362] loop1: detected capacity change from 0 to 64
[  172.576312][ T5346] loop4: detected capacity change from 0 to 32768
[  172.733479][   T26] audit: type=1804 audit(1764328270.972:19): pid=5362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.293" name="/newroot/57/file0/file0" dev="loop1" ino=22 res=1 errno=0
[  173.003016][ T5368] attempt to access beyond end of device
[  173.003016][ T5368] loop1: rw=2049, want=65, limit=64
[  173.014020][ T5368] Buffer I/O error on dev loop1, logical block 64, lost async page write
[  173.024088][ T5368] attempt to access beyond end of device
[  173.024088][ T5368] loop1: rw=2049, want=66, limit=64
[  173.035222][ T5368] Buffer I/O error on dev loop1, logical block 65, lost async page write
[  173.044982][ T5368] Buffer I/O error on dev loop1, logical block 66, lost async page write
[  174.867247][ T5390] rdma_rxe: rxe_register_device failed with error -23
[  174.874294][ T5390] rdma_rxe: failed to add lo
[  175.188602][ T5396] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  176.663193][ T4263] Bluetooth: hci3: command 0x0406 tx timeout
[  176.686621][ T4263] Bluetooth: hci2: command 0x0406 tx timeout
[  176.715874][ T4263] Bluetooth: hci0: command 0x0406 tx timeout
[  176.743618][ T4263] Bluetooth: hci1: command 0x0406 tx timeout
[  176.865413][ T4263] Bluetooth: hci4: command 0x0406 tx timeout
[  177.034147][ T5407] loop2: detected capacity change from 0 to 2048
[  178.158893][ T5422] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  178.456027][ T5428] netlink: 556 bytes leftover after parsing attributes in process `syz.2.303'.
[  178.788999][ T5426] loop1: detected capacity change from 0 to 64
[  178.890933][ T5431] loop3: detected capacity change from 0 to 64
[  178.906284][   T26] audit: type=1804 audit(1764328277.142:20): pid=5426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.308" name="/newroot/61/file0/file0" dev="loop1" ino=22 res=1 errno=0
[  179.100615][ T5435] handle_bad_sector: 6 callbacks suppressed
[  179.100696][ T5435] attempt to access beyond end of device
[  179.100696][ T5435] loop1: rw=2049, want=65, limit=64
[  179.117756][ T5435] buffer_io_error: 4 callbacks suppressed
[  179.117812][ T5435] Buffer I/O error on dev loop1, logical block 64, lost async page write
[  179.132485][ T5435] attempt to access beyond end of device
[  179.132485][ T5435] loop1: rw=2049, want=66, limit=64
[  179.143668][ T5435] Buffer I/O error on dev loop1, logical block 65, lost async page write
[  179.152712][ T5435] attempt to access beyond end of device
[  179.152712][ T5435] loop1: rw=2049, want=67, limit=64
[  179.164349][ T5435] Buffer I/O error on dev loop1, logical block 66, lost async page write
[  179.231347][ T5435] attempt to access beyond end of device
[  179.231347][ T5435] loop1: rw=2049, want=68, limit=64
[  179.312521][ T5435] Buffer I/O error on dev loop1, logical block 67, lost async page write
[  179.321019][ T5435] attempt to access beyond end of device
[  179.321019][ T5435] loop1: rw=2049, want=69, limit=64
[  179.779740][ T5435] Buffer I/O error on dev loop1, logical block 68, lost async page write
[  179.897624][ T5435] attempt to access beyond end of device
[  179.897624][ T5435] loop1: rw=2049, want=73, limit=64
[  179.942802][   T26] audit: type=1804 audit(1764328278.182:21): pid=5431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.309" name="/newroot/66/file0/file0" dev="loop3" ino=22 res=1 errno=0
[  180.016321][ T5435] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  180.048340][ T5431] attempt to access beyond end of device
[  180.048340][ T5431] loop3: rw=2049, want=65, limit=64
[  180.059223][ T5431] Buffer I/O error on dev loop3, logical block 64, lost async page write
[  180.068315][ T5431] attempt to access beyond end of device
[  180.068315][ T5431] loop3: rw=2049, want=66, limit=64
[  180.079101][ T5431] Buffer I/O error on dev loop3, logical block 65, lost async page write
[  180.088291][ T5431] attempt to access beyond end of device
[  180.088291][ T5431] loop3: rw=2049, want=67, limit=64
[  180.099011][ T5431] Buffer I/O error on dev loop3, logical block 66, lost async page write
[  180.107500][ T5431] attempt to access beyond end of device
[  180.107500][ T5431] loop3: rw=2049, want=68, limit=64
[  180.118253][ T5431] Buffer I/O error on dev loop3, logical block 67, lost async page write
[  183.120517][ T5469] loop3: detected capacity change from 0 to 2048
[  183.200683][ T5474] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  183.609131][ T5479] netlink: 556 bytes leftover after parsing attributes in process `syz.3.320'.
[  186.466937][ T5487] loop4: detected capacity change from 0 to 64
[  187.422568][   T26] audit: type=1804 audit(1764328285.662:22): pid=5487 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.325" name="/newroot/69/file0/file0" dev="loop4" ino=22 res=1 errno=0
[  187.587977][ T5492] handle_bad_sector: 6 callbacks suppressed
[  187.588063][ T5492] attempt to access beyond end of device
[  187.588063][ T5492] loop4: rw=2049, want=65, limit=64
[  187.605323][ T5492] buffer_io_error: 4 callbacks suppressed
[  187.605388][ T5492] Buffer I/O error on dev loop4, logical block 64, lost async page write
[  187.620068][ T5492] attempt to access beyond end of device
[  187.620068][ T5492] loop4: rw=2049, want=66, limit=64
[  187.631086][ T5492] Buffer I/O error on dev loop4, logical block 65, lost async page write
[  187.639993][ T5492] attempt to access beyond end of device
[  187.639993][ T5492] loop4: rw=2049, want=67, limit=64
[  187.650980][ T5492] Buffer I/O error on dev loop4, logical block 66, lost async page write
[  187.660376][ T5492] attempt to access beyond end of device
[  187.660376][ T5492] loop4: rw=2049, want=68, limit=64
[  187.729125][ T5492] Buffer I/O error on dev loop4, logical block 67, lost async page write
[  188.785341][ T5492] attempt to access beyond end of device
[  188.785341][ T5492] loop4: rw=2049, want=69, limit=64
[  188.961958][ T5492] Buffer I/O error on dev loop4, logical block 68, lost async page write
[  189.008070][ T5506] netlink: 64 bytes leftover after parsing attributes in process `syz.2.328'.
[  189.842004][ T5492] attempt to access beyond end of device
[  189.842004][ T5492] loop4: rw=2049, want=73, limit=64
[  189.873110][ T5492] Buffer I/O error on dev loop4, logical block 72, lost async page write
[  189.884704][ T5492] attempt to access beyond end of device
[  189.884704][ T5492] loop4: rw=2049, want=74, limit=64
[  189.899883][ T5492] Buffer I/O error on dev loop4, logical block 73, lost async page write
[  189.915102][ T5492] attempt to access beyond end of device
[  189.915102][ T5492] loop4: rw=2049, want=844, limit=64
[  190.170602][ T5514] netlink: 24 bytes leftover after parsing attributes in process `syz.4.330'.
[  190.198683][ T5516] loop3: detected capacity change from 0 to 512
[  191.063440][ T5516] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  191.082369][ T5516] ext4 filesystem being mounted at /70/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.555036][ T5538] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  191.565280][ T5534] loop3: detected capacity change from 0 to 2048
[  191.745579][ T5542] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  192.472170][ T5549] netlink: 556 bytes leftover after parsing attributes in process `syz.3.334'.
[  193.591753][ T5556] loop3: detected capacity change from 0 to 65
[  193.648233][ T5556] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  193.810761][ T5540] loop4: detected capacity change from 0 to 32768
[  194.201501][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  196.324715][ T5576] loop2: detected capacity change from 0 to 512
[  196.430487][ T5576] EXT4-fs (loop2): Ignoring removed bh option
[  196.471546][ T5580] loop4: detected capacity change from 0 to 512
[  196.492913][ T5576] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  196.579618][ T5576] EXT4-fs (loop2): 1 truncate cleaned up
[  196.604274][ T5580] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  196.618539][ T5580] ext4 filesystem being mounted at /73/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  196.636324][ T5576] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  196.732240][    T7] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  196.859513][ T5585] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.942906][ T5585] device batadv_slave_0 entered promiscuous mode
[  197.202299][    T7] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  197.229104][    T7] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  197.256800][    T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.318282][    T7] usb 1-1: config 0 descriptor??
[  197.342347][ T5579] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  197.712085][ T4174] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  198.102469][ T4174] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x11, skipping
[  198.459420][    T7] elan 0003:04F3:0755.0002: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  198.471193][ T4174] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  198.480788][ T4174] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  198.489815][ T4174] usb 5-1: Product: syz
[  198.494318][ T4174] usb 5-1: Manufacturer: syz
[  198.498948][ T4174] usb 5-1: SerialNumber: syz
[  198.508292][ T4174] usb 5-1: config 0 descriptor??
[  199.004269][ T4174] snd-usb-audio: probe of 5-1:0.0 failed with error -22
[  199.291289][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  199.342817][    T7] usb 1-1: USB disconnect, device number 6
[  200.072396][ T5613] fido_id[5613]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  201.084793][ T5611] loop3: detected capacity change from 0 to 32768
[  201.252181][ T4174] usb 5-1: USB disconnect, device number 7
[  201.477058][ T5630] loop3: detected capacity change from 0 to 512
[  201.561725][ T5635] loop4: detected capacity change from 0 to 65
[  201.639364][ T5630] EXT4-fs (loop3): Ignoring removed bh option
[  201.672732][ T5630] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  201.691204][ T5635] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  201.729674][ T5630] EXT4-fs (loop3): 1 truncate cleaned up
[  201.745781][ T5630] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  202.176045][ T5643] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  202.223383][ T5643] device batadv_slave_0 entered promiscuous mode
[  203.843884][ T5662] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  203.843884][ T5662]    program syz.3.362 not setting count and/or reply_len properly
[  204.623948][ T5668] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  205.829443][ T5682] Illegal XDP return value 51, expect packet loss!
[  206.189760][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  206.231516][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  206.246717][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  206.860802][ T5690] infiniband syz2: set active
[  206.866593][ T5690] infiniband syz2: added ip6_vti0
[  206.875746][ T5690] infiniband syz2: Couldn't open port 1
[  206.891715][ T5690] RDS/IB: syz2: added
[  206.895754][ T5690] smc: adding ib device syz2 with port count 1
[  206.901931][ T5690] smc:    ib device syz2 port 1 has pnetid 
[  206.908252][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  206.965380][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  207.021601][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  207.076988][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  207.132186][ T5690] ip6_vti0 speed is unknown, defaulting to 1000
[  207.235533][ T4262] ip6_vti0 speed is unknown, defaulting to 1000
[  207.260067][    T7] ip6_vti0 speed is unknown, defaulting to 1000
[  207.325762][ T5677] loop1: detected capacity change from 0 to 32768
[  207.696921][ T5712] netlink: 'syz.0.375': attribute type 12 has an invalid length.
[  207.838976][ T5712] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=none,decodes=none:owns=io+mem
[  209.058258][ T5727] loop1: detected capacity change from 0 to 65
[  209.664806][ T5734] rdma_rxe: rxe_register_device failed with error -23
[  209.672117][ T5734] rdma_rxe: failed to add lo
[  209.799504][ T5727] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  210.871661][ T5749] rdma_rxe: already configured on ip6_vti0
[  214.156379][ T5782] rdma_rxe: already configured on lo
[  214.919581][ T5764] loop4: detected capacity change from 0 to 32768
[  216.467762][ T5801] loop1: detected capacity change from 0 to 64
[  216.597806][   T26] audit: type=1804 audit(1764328314.832:23): pid=5801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.397" name="/newroot/73/file0/file0" dev="loop1" ino=22 res=1 errno=0
[  216.823372][ T5810] attempt to access beyond end of device
[  216.823372][ T5810] loop1: rw=2049, want=65, limit=64
[  216.834415][ T5810] Buffer I/O error on dev loop1, logical block 64, lost async page write
[  216.844092][ T5810] attempt to access beyond end of device
[  216.844092][ T5810] loop1: rw=2049, want=66, limit=64
[  216.855345][ T5810] Buffer I/O error on dev loop1, logical block 65, lost async page write
[  216.864611][ T5810] attempt to access beyond end of device
[  216.864611][ T5810] loop1: rw=2049, want=67, limit=64
[  216.864680][ T5810] Buffer I/O error on dev loop1, logical block 66, lost async page write
[  216.864904][ T5810] attempt to access beyond end of device
[  216.864904][ T5810] loop1: rw=2049, want=68, limit=64
[  216.864974][ T5810] Buffer I/O error on dev loop1, logical block 67, lost async page write
[  216.865199][ T5810] attempt to access beyond end of device
[  216.865199][ T5810] loop1: rw=2049, want=69, limit=64
[  216.865273][ T5810] Buffer I/O error on dev loop1, logical block 68, lost async page write
[  216.865605][ T5810] attempt to access beyond end of device
[  216.865605][ T5810] loop1: rw=2049, want=73, limit=64
[  216.865672][ T5810] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  216.865896][ T5810] attempt to access beyond end of device
[  216.865896][ T5810] loop1: rw=2049, want=74, limit=64
[  216.865969][ T5810] Buffer I/O error on dev loop1, logical block 73, lost async page write
[  216.874814][ T5810] attempt to access beyond end of device
[  216.874814][ T5810] loop1: rw=2049, want=844, limit=64
[  217.701701][ T5816] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  217.895009][ T5821] rdma_rxe: rxe_register_device failed with error -23
[  217.895893][ T5821] rdma_rxe: failed to add lo
[  217.952386][ T5818] loop3: detected capacity change from 0 to 2048
[  218.504312][ T5824] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  218.851223][ T5831] netlink: 536 bytes leftover after parsing attributes in process `syz.3.405'.
[  219.252021][ T4263] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  219.531957][ T4263] usb 2-1: Using ep0 maxpacket: 8
[  219.726514][ T5829] loop4: detected capacity change from 0 to 32768
[  219.796947][ T5838] rdma_rxe: rxe_register_device failed with error -23
[  219.806121][ T5838] rdma_rxe: failed to add ip6_vti0
[  220.602558][ T4263] usb 2-1: New USB device found, idVendor=110a, idProduct=1450, bcdDevice=62.cb
[  220.622614][ T4263] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.631477][ T4263] usb 2-1: Product: syz
[  220.654304][ T4263] usb 2-1: Manufacturer: syz
[  220.665368][ T4263] usb 2-1: SerialNumber: syz
[  221.694933][ T4263] mxuport 2-1:254.0: mxuport_recv_ctrl_urb - usb_control_msg failed (-71)
[  221.705275][ T4263] mxuport: probe of 2-1:254.0 failed with error -5
[  221.714197][ T4263] usb 2-1: USB disconnect, device number 5
[  224.129478][ T5877] genirq: Flags mismatch irq 4. 00000000 (pcl818) vs. 00000000 (ttyS0)
[  224.311266][ T5880] ufs: You didn't specify the type of your ufs filesystem
[  224.311266][ T5880] 
[  224.311266][ T5880] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  224.311266][ T5880] 
[  224.311266][ T5880] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  224.344111][ T4174] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  224.392025][ T5880] ufs: ufstype=old is supported read-only
[  224.408852][ T5880] blk_update_request: I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  224.926966][ T5888] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  225.054336][ T5892] rdma_rxe: already configured on ip6_vti0
[  225.592668][ T4174] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  225.675005][ T4174] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  225.691969][ T4174] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.720389][ T4174] usb 5-1: config 0 descriptor??
[  225.743420][ T5875] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  226.297512][ T5891] loop3: detected capacity change from 0 to 32768
[  226.392055][ T4174] usbhid 5-1:0.0: can't add hid device: -71
[  226.420485][ T4174] usbhid: probe of 5-1:0.0 failed with error -71
[  226.444046][ T4174] usb 5-1: USB disconnect, device number 8
[  226.822228][ T4255] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  226.856550][ T5912] loop4: detected capacity change from 0 to 64
[  226.913180][   T26] audit: type=1804 audit(1764328325.152:24): pid=5912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.429" name="/newroot/88/file0/file0" dev="loop4" ino=22 res=1 errno=0
[  226.935065][ T4355] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  227.138392][ T5913] attempt to access beyond end of device
[  227.138392][ T5913] loop4: rw=2049, want=65, limit=64
[  227.149706][ T5913] Buffer I/O error on dev loop4, logical block 64, lost async page write
[  227.158952][ T5913] attempt to access beyond end of device
[  227.158952][ T5913] loop4: rw=2049, want=66, limit=64
[  227.169991][ T5913] Buffer I/O error on dev loop4, logical block 65, lost async page write
[  227.179251][ T5913] attempt to access beyond end of device
[  227.179251][ T5913] loop4: rw=2049, want=67, limit=64
[  227.191047][ T5913] Buffer I/O error on dev loop4, logical block 66, lost async page write
[  227.200364][ T5913] attempt to access beyond end of device
[  227.200364][ T5913] loop4: rw=2049, want=68, limit=64
[  227.211490][ T5913] Buffer I/O error on dev loop4, logical block 67, lost async page write
[  227.220983][ T5913] attempt to access beyond end of device
[  227.220983][ T5913] loop4: rw=2049, want=69, limit=64
[  227.232456][ T5913] Buffer I/O error on dev loop4, logical block 68, lost async page write
[  227.241488][ T5913] attempt to access beyond end of device
[  227.241488][ T5913] loop4: rw=2049, want=73, limit=64
[  227.252716][ T5913] Buffer I/O error on dev loop4, logical block 72, lost async page write
[  227.261740][ T5913] attempt to access beyond end of device
[  227.261740][ T5913] loop4: rw=2049, want=74, limit=64
[  227.272790][ T5913] Buffer I/O error on dev loop4, logical block 73, lost async page write
[  227.304437][ T5913] attempt to access beyond end of device
[  227.304437][ T5913] loop4: rw=2049, want=844, limit=64
[  227.402935][ T4355] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 254, using maximum allowed: 30
[  227.452434][ T4255] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  227.476654][ T4355] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  227.500617][ T4255] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.592564][ T4255] usb 4-1: Product: syz
[  227.612747][ T4355] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 254
[  227.644882][ T4255] usb 4-1: Manufacturer: syz
[  227.678092][ T4255] usb 4-1: SerialNumber: syz
[  227.717883][ T4355] usb 1-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  227.747499][ T4255] usb 4-1: config 0 descriptor??
[  227.772365][ T4355] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.794382][ T4255] gspca_main: sq930x-2.14.0 probing 2770:930c
[  227.820312][ T4355] usb 1-1: config 0 descriptor??
[  227.852435][ T5910] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  228.455011][ T4355] petalynx 0003:18B1:0037.0003: unknown main item tag 0x0
[  228.556336][ T5927] rdma_rxe: already configured on ip6_vti0
[  229.185350][ T4355] petalynx 0003:18B1:0037.0003: unknown main item tag 0x0
[  229.192905][ T4355] petalynx 0003:18B1:0037.0003: unknown main item tag 0x0
[  229.200082][ T4355] petalynx 0003:18B1:0037.0003: unknown main item tag 0x0
[  229.208213][ T4355] petalynx 0003:18B1:0037.0003: unknown main item tag 0x0
[  229.222886][ T4355] petalynx 0003:18B1:0037.0003: hidraw0: USB HID v0.05 Device [HID 18b1:0037] on usb-dummy_hcd.0-1/input0
[  229.280922][ T4355] usb 1-1: USB disconnect, device number 7
[  229.397586][ T5931] fido_id[5931]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  230.052035][ T4255] gspca_sq930x: reg_w 0105 0c00 failed -71
[  230.178227][ T5952] netlink: 21 bytes leftover after parsing attributes in process `syz.0.435'.
[  231.354580][ T4255] gspca_sq930x: Sensor ov9630 not yet treated
[  231.360776][ T4255] sq930x: probe of 4-1:0.0 failed with error -22
[  231.371932][ T4255] usb 4-1: USB disconnect, device number 7
[  232.431307][ T5984] netlink: 12 bytes leftover after parsing attributes in process `syz.0.447'.
[  234.764676][ T5999] loop1: detected capacity change from 0 to 512
[  235.025505][ T5999] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  235.040633][ T5999] ext4 filesystem being mounted at /84/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  236.279195][ T6021] netlink: 4 bytes leftover after parsing attributes in process `syz.3.456'.
[  236.456896][ T6021] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  236.965231][ T4786] block nbd0: Attempted send on invalid socket
[  236.973177][ T4786] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 0
[  236.997403][ T6021] batman_adv: batadv0: Removing interface: batadv_slave_1
[  237.347903][ T6029] rdma_rxe: rxe_register_device failed with error -23
[  237.358332][ T6029] rdma_rxe: failed to add ip6_vti0
[  238.698690][ T6033] loop2: detected capacity change from 0 to 32768
[  239.429775][ T6056] loop1: detected capacity change from 0 to 512
[  239.503141][ T6057] rdma_rxe: rxe_register_device failed with error -23
[  239.525229][ T6057] rdma_rxe: failed to add lo
[  240.017756][ T6056] EXT4-fs (loop1): Ignoring removed bh option
[  240.043392][ T6056] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  240.223413][ T6056] EXT4-fs (loop1): 1 truncate cleaned up
[  240.231365][ T6056] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  240.545976][ T6071] loop2: detected capacity change from 0 to 512
[  241.321207][ T6071] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  241.335587][ T6071] ext4 filesystem being mounted at /92/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  242.789713][ T6094] program syz.4.475 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  242.942115][ T4174] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  243.353735][ T4174] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  243.382242][ T4174] usb 1-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  243.401751][ T4174] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.424298][ T4174] usb 1-1: config 0 descriptor??
[  243.466474][ T4174] smsusb:smsusb_probe: board id=8, interface number 0
[  243.482095][ T4174] smsusb:smsusb_probe: Device initialized with return code -19
[  243.504945][ T6096] netlink: 32 bytes leftover after parsing attributes in process `syz.4.477'.
[  243.667608][ T4174] usb 1-1: USB disconnect, device number 8
[  243.982712][ T4355] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  244.051532][ T6093] loop2: detected capacity change from 0 to 32768
[  244.460721][ T4355] usb 5-1: config 0 has an invalid interface number: 97 but max is 0
[  244.483524][ T4355] usb 5-1: config 0 has no interface number 0
[  244.500160][ T4355] usb 5-1: config 0 interface 97 altsetting 2 endpoint 0xF has invalid maxpacket 512, setting to 64
[  244.516217][ T4355] usb 5-1: config 0 interface 97 altsetting 2 endpoint 0x4 has invalid maxpacket 1015, setting to 64
[  244.529103][ T6108] loop2: detected capacity change from 0 to 512
[  244.541805][ T6110] loop3: detected capacity change from 0 to 512
[  244.566876][ T4355] usb 5-1: config 0 interface 97 has no altsetting 0
[  244.793305][ T6108] EXT4-fs (loop2): Ignoring removed bh option
[  244.874563][ T6110] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  244.889167][ T6110] ext4 filesystem being mounted at /98/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  245.047010][ T4355] usb 5-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=87.2a
[  245.202487][ T4355] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.338899][ T4355] usb 5-1: Product: syz
[  245.343520][ T4355] usb 5-1: Manufacturer: syz
[  245.348157][ T4355] usb 5-1: SerialNumber: syz
[  245.369644][ T4355] usb 5-1: config 0 descriptor??
[  245.380432][ T6108] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  245.402505][ T6101] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  245.424218][ T4355] imon_raw 5-1:0.97: IR endpoint missing
[  245.572326][ T6108] EXT4-fs (loop2): 1 truncate cleaned up
[  245.578069][ T6108] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  245.652420][ T4174] usb 5-1: USB disconnect, device number 9
[  247.532529][ T6134] netlink: 32 bytes leftover after parsing attributes in process `syz.4.489'.
[  247.943541][ T6140] rdma_rxe: rxe_register_device failed with error -23
[  248.038468][ T6140] rdma_rxe: failed to add lo
[  248.897367][ T6139] loop4: detected capacity change from 0 to 32768
[  250.682081][ T4241] Bluetooth: hci4: command 0x0405 tx timeout
[  250.978291][ T6158] loop1: detected capacity change from 0 to 512
[  251.191277][ T6158] EXT4-fs (loop1): Ignoring removed bh option
[  251.339001][ T6158] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  251.523344][ T6158] EXT4-fs (loop1): 1 truncate cleaned up
[  251.529353][ T6168] netlink: 32 bytes leftover after parsing attributes in process `syz.3.500'.
[  251.540092][ T6158] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  251.772327][ T1108] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  252.012096][ T1108] usb 1-1: Using ep0 maxpacket: 32
[  252.162361][ T1108] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  252.182452][ T1108] usb 1-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[  252.192639][ T1108] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.214010][ T1108] usb 1-1: config 0 descriptor??
[  252.288454][ T1108] dw2102: su3000_identify_state
[  252.293777][ T1108] dvb-usb: found a 'TeVii S662' in warm state.
[  252.300273][ T1108] dw2102: su3000_power_ctrl: 1, initialized 0
[  252.313142][ T1108] dvb-usb: bulk message failed: -22 (2/0)
[  252.351331][ T1108] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  252.578311][ T1108] dvbdev: DVB: registering new adapter (TeVii S662)
[  252.586448][ T1108] usb 1-1: media controller created
[  252.592452][ T1108] dvb-usb: bulk message failed: -22 (6/0)
[  252.598433][ T1108] dw2102: i2c transfer failed.
[  252.603633][ T1108] dvb-usb: bulk message failed: -22 (6/0)
[  252.609377][ T1108] dw2102: i2c transfer failed.
[  252.614435][ T1108] dvb-usb: bulk message failed: -22 (6/0)
[  252.620169][ T1108] dw2102: i2c transfer failed.
[  253.787997][ T6184] dvb-usb: bulk message failed: -22 (5/0)
[  253.794178][ T6184] dw2102: i2c transfer failed.
[  253.869746][ T1108] dvb-usb: bulk message failed: -22 (6/0)
[  253.876849][ T1108] dw2102: i2c transfer failed.
[  253.891269][ T1108] dvb-usb: bulk message failed: -22 (6/0)
[  253.902210][ T1108] dw2102: i2c transfer failed.
[  253.911148][ T1108] dvb-usb: bulk message failed: -22 (6/0)
[  254.142595][ T1108] dw2102: i2c transfer failed.
[  254.142627][ T1108] dvb-usb: MAC address: 02:02:02:02:02:02
[  254.161011][ T1108] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  255.007993][ T1108] dvb-usb: bulk message failed: -22 (3/0)
[  255.023734][ T1108] dw2102: command 0x0e transfer failed.
[  255.029691][ T1108] dvb-usb: bulk message failed: -22 (3/0)
[  255.054284][ T1108] dw2102: command 0x0e transfer failed.
[  256.081051][ T1108] dvb-usb: bulk message failed: -22 (3/0)
[  256.087163][ T1108] dw2102: command 0x0e transfer failed.
[  256.093676][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  256.101586][ T1108] dvb-usb: bulk message failed: -22 (3/0)
[  256.117098][ T6201] loop1: detected capacity change from 0 to 512
[  256.132214][ T1108] dw2102: command 0x0e transfer failed.
[  256.170213][ T1108] dvb-usb: bulk message failed: -22 (1/0)
[  256.175578][ T6203] loop2: detected capacity change from 0 to 64
[  256.223059][ T1108] dw2102: command 0x51 transfer failed.
[  256.228659][ T1108] dvb-usb: bulk message failed: -22 (5/0)
[  256.236128][ T6201] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  256.250192][ T6201] ext4 filesystem being mounted at /93/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  256.314144][   T26] audit: type=1804 audit(1764328354.552:25): pid=6203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.509" name="/newroot/99/file0/file0" dev="loop2" ino=22 res=1 errno=0
[  257.049361][ T1108] dw2102: i2c probe for address 0x68 failed.
[  257.056035][ T1108] dvb-usb: bulk message failed: -22 (5/0)
[  257.061787][ T1108] dw2102: i2c probe for address 0x69 failed.
[  257.068624][ T1108] dvb-usb: bulk message failed: -22 (5/0)
[  257.078741][ T1108] dw2102: i2c probe for address 0x6a failed.
[  257.085464][ T1108] dw2102: probing for demodulator failed. Is the external power switched on?
[  257.094896][ T1108] dvb-usb: no frontend was attached by 'TeVii S662'
[  257.511903][ T1108] rc_core: IR keymap rc-tt-1500 not found
[  257.517839][ T1108] Registered IR keymap rc-empty
[  257.552483][ T1108] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[  257.595656][ T1108] input: TeVii S662 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input16
[  257.634541][ T1108] dvb-usb: schedule remote query interval to 250 msecs.
[  257.641748][ T1108] dw2102: su3000_power_ctrl: 0, initialized 1
[  257.648215][ T1108] dvb-usb: TeVii S662 successfully initialized and connected.
[  257.698780][ T1108] usb 1-1: USB disconnect, device number 9
[  258.489739][ T1108] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[  259.025931][ T6227] loop1: detected capacity change from 0 to 512
[  259.109914][ T6227] EXT4-fs (loop1): Ignoring removed bh option
[  259.181074][ T6227] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  259.354271][ T6227] EXT4-fs (loop1): 1 truncate cleaned up
[  259.361644][ T6227] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  262.516875][ T6261] rdma_rxe: ignoring netdev event = 23 for lo
[  262.537370][ T6261] rdma_rxe: lo changed mtu to 1280
[  262.565866][ T6261] infiniband syz0: set active
[  263.247468][ T6266] netlink: 36 bytes leftover after parsing attributes in process `syz.3.525'.
[  263.256851][ T4263] lo speed is unknown, defaulting to 1000
[  264.137646][ T6276] loop1: detected capacity change from 0 to 512
[  264.456292][ T6281] netlink: 28 bytes leftover after parsing attributes in process `syz.2.530'.
[  264.817031][ T6276] EXT4-fs (loop1): Ignoring removed bh option
[  265.111199][ T6276] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  265.188984][ T6276] EXT4-fs (loop1): 1 truncate cleaned up
[  265.200295][ T6276] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  265.988418][ T6309] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.050862][ T6309] bond0: (slave rose0): Enslaving as an active interface with an up link
[  266.173654][ T4327] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  267.268670][ T6328] loop4: detected capacity change from 0 to 512
[  267.471006][ T6328] EXT4-fs (loop4): Ignoring removed bh option
[  267.522267][ T6328] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  267.628372][ T6336] rdma_rxe: rxe_register_device failed with error -23
[  267.635814][ T6336] rdma_rxe: failed to add lo
[  267.706983][ T6328] EXT4-fs (loop4): 1 truncate cleaned up
[  267.812159][ T6328] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  269.524656][ T6372] netlink: 8 bytes leftover after parsing attributes in process `syz.1.553'.
[  270.116900][ T6391] loop4: detected capacity change from 0 to 512
[  270.310515][ T6391] EXT4-fs (loop4): Ignoring removed bh option
[  270.370077][ T6389] rdma_rxe: already configured on ip6_vti0
[  270.397394][ T6391] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  270.506614][ T6400] rdma_rxe: rxe_register_device failed with error -23
[  270.513762][ T6400] rdma_rxe: failed to add lo
[  270.535797][ T6391] EXT4-fs (loop4): 1 truncate cleaned up
[  270.544120][ T6391] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  273.832404][ T6458] rdma_rxe: rxe_register_device failed with error -23
[  273.839427][ T6458] rdma_rxe: failed to add ip6_vti0
[  274.054196][ T6464] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  275.523591][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.577'.
[  276.917831][ T4241] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  277.161928][ T4241] usb 1-1: Using ep0 maxpacket: 32
[  277.412262][ T4241] usb 1-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  277.422914][ T4241] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  277.592139][ T4241] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  277.604593][ T4241] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  277.618101][ T4241] usb 1-1: Product: syz
[  277.662012][ T4241] usb 1-1: Manufacturer: syz
[  277.682101][ T4241] usb 1-1: SerialNumber: syz
[  277.749048][ T4241] usb 1-1: config 0 descriptor??
[  277.923673][ T6507] rdma_rxe: rxe_register_device failed with error -23
[  277.932516][ T6507] rdma_rxe: failed to add ip6_vti0
[  278.655472][ T6503] netlink: 'syz.1.585': attribute type 10 has an invalid length.
[  278.822531][ T6503] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  279.328007][ T6513] netlink: 8 bytes leftover after parsing attributes in process `syz.4.589'.
[  279.330373][ T6501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  279.384332][ T6515] loop2: detected capacity change from 0 to 64
[  279.563492][   T26] audit: type=1804 audit(1764328377.802:26): pid=6515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.588" name="/newroot/113/file0/file0" dev="loop2" ino=22 res=1 errno=0
[  280.303931][   T23] usb 1-1: USB disconnect, device number 10
[  280.588629][ T6526] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  281.278305][ T6535] ufs: You didn't specify the type of your ufs filesystem
[  281.278305][ T6535] 
[  281.278305][ T6535] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  281.278305][ T6535] 
[  281.278305][ T6535] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  281.309716][ T6535] ufs: ufstype=old is supported read-only
[  281.315746][ T6535] blk_update_request: I/O error, dev loop1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  283.173373][ T6551] netlink: 8 bytes leftover after parsing attributes in process `syz.1.600'.
[  283.258552][ T6553] loop2: detected capacity change from 0 to 64
[  283.529875][   T26] audit: type=1804 audit(1764328381.762:27): pid=6553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.601" name="/newroot/117/file0/file0" dev="loop2" ino=22 res=1 errno=0
[  284.448969][ T6565] lo speed is unknown, defaulting to 1000
[  284.760591][ T6565] ip6_vti0 speed is unknown, defaulting to 1000
[  285.378331][ T6569] loop2: detected capacity change from 0 to 32768
[  289.182335][ T6638] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  292.028863][ T6661] loop4: detected capacity change from 0 to 64
[  292.179077][ T6667] ufs: You didn't specify the type of your ufs filesystem
[  292.179077][ T6667] 
[  292.179077][ T6667] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  292.179077][ T6667] 
[  292.179077][ T6667] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  292.210626][ T6667] ufs: ufstype=old is supported read-only
[  292.216837][ T6667] blk_update_request: I/O error, dev loop5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  292.354275][   T26] audit: type=1804 audit(1764328390.522:28): pid=6661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.629" name="/newroot/122/file0/file0" dev="loop4" ino=22 res=1 errno=0
[  294.218062][ T6687] overlayfs: failed to clone upperpath
[  296.023699][ T6708] loop4: detected capacity change from 0 to 65
[  296.169991][ T6708] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  296.274033][ T6716] netlink: 12 bytes leftover after parsing attributes in process `syz.2.645'.
[  297.269133][ T6727] ip6t_rpfilter: unknown options
[  301.502059][ T6764] loop2: detected capacity change from 0 to 64
[  301.615098][   T26] audit: type=1804 audit(1764328399.852:29): pid=6764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.661" name="/newroot/133/file0/file0" dev="loop2" ino=22 res=1 errno=0
[  302.475386][ T6776] loop4: detected capacity change from 0 to 512
[  302.641532][ T6776] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  302.656191][ T6776] ext4 filesystem being mounted at /127/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  306.263783][ T6809] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  306.271308][ T6809] IPv6: NLM_F_CREATE should be set when creating new route
[  306.278585][ T6809] IPv6: NLM_F_CREATE should be set when creating new route
[  306.285826][ T6809] IPv6: NLM_F_CREATE should be set when creating new route
[  311.831757][ T6866] overlayfs: failed to clone upperpath
[  312.199557][ T6876] rdma_rxe: already configured on ip6_vti0
[  314.927858][ T6902] rdma_rxe: rxe_register_device failed with error -23
[  314.973411][ T6902] rdma_rxe: failed to add lo
[  317.022489][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  317.451919][ T4263] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  317.972217][ T4263] usb 5-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  317.999806][ T6935] rdma_rxe: rxe_register_device failed with error -23
[  318.006918][ T6935] rdma_rxe: failed to add ip6_vti0
[  318.018009][ T4263] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.226511][ T4263] usb 5-1: Product: syz
[  319.342530][ T4263] usb 5-1: Manufacturer: syz
[  319.368763][ T4263] usb 5-1: SerialNumber: syz
[  319.413827][ T4263] usb 5-1: config 0 descriptor??
[  319.604515][ T4263] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  319.991195][ T6961] loop1: detected capacity change from 0 to 512
[  320.092411][ T6961] EXT4-fs (loop1): Ignoring removed bh option
[  320.149984][ T6961] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  320.201357][ T6961] EXT4-fs (loop1): 1 truncate cleaned up
[  320.221272][ T6961] EXT4-fs (loop1): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  320.432675][ T6971] rdma_rxe: already configured on lo
[  322.631897][ T4263] gspca_stk1135: reg_w 0xf err -71
[  322.638131][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  322.645808][ T4263] gspca_stk1135: Sensor write failed
[  322.652075][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  323.213622][ T4263] gspca_stk1135: Sensor write failed
[  323.228091][ T6995] affs: No valid root block on device nullb0
[  323.237461][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  323.249913][ T4263] gspca_stk1135: Sensor read failed
[  323.270645][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  323.293577][ T4263] gspca_stk1135: Sensor read failed
[  323.309312][ T4263] gspca_stk1135: Detected sensor type unknown (0x0)
[  323.335133][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  323.370258][ T4263] gspca_stk1135: Sensor read failed
[  323.384945][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  323.405846][ T4263] gspca_stk1135: Sensor read failed
[  323.417306][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  323.465232][ T4263] gspca_stk1135: Sensor write failed
[  323.489147][ T4263] gspca_stk1135: serial bus timeout: status=0x00
[  323.506916][ T4263] gspca_stk1135: Sensor write failed
[  323.524565][ T4263] stk1135: probe of 5-1:0.0 failed with error -71
[  323.558508][ T4263] usb 5-1: USB disconnect, device number 10
[  324.850841][ T7022] rdma_rxe: rxe_register_device failed with error -23
[  324.857793][ T7022] rdma_rxe: failed to add lo
[  324.956587][ T7026] IPv6: NLM_F_CREATE should be specified when creating new route
[  327.141461][ T7047] loop4: detected capacity change from 0 to 512
[  327.208139][ T7047] EXT4-fs (loop4): Ignoring removed bh option
[  327.265885][ T7047] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  327.346618][ T7047] EXT4-fs (loop4): 1 truncate cleaned up
[  327.354577][ T7047] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  327.973954][ T7061] rdma_rxe: rxe_register_device failed with error -23
[  327.981086][ T7061] rdma_rxe: failed to add lo
[  328.653855][ T7082] netlink: 60 bytes leftover after parsing attributes in process `syz.1.747'.
[  328.775422][ T7084] overlayfs: failed to clone upperpath
[  333.681396][ T7112] rdma_rxe: rxe_register_device failed with error -23
[  333.688412][ T7112] rdma_rxe: failed to add lo
[  337.348197][ T7156] rdma_rxe: rxe_register_device failed with error -23
[  337.355240][ T7156] rdma_rxe: failed to add lo
[  337.732935][ T7164] netlink: 176 bytes leftover after parsing attributes in process `syz.2.769'.
[  338.744336][ T7172] ufs: You didn't specify the type of your ufs filesystem
[  338.744336][ T7172] 
[  338.744336][ T7172] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  338.744336][ T7172] 
[  338.744336][ T7172] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  338.775009][    C1] vkms_vblank_simulate: vblank timer overrun
[  338.781397][ T7172] ufs: ufstype=old is supported read-only
[  338.787284][ T7172] blk_update_request: I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  339.505150][ T7176] netlink: 'syz.3.774': attribute type 10 has an invalid length.
[  339.654036][ T7176] 8021q: adding VLAN 0 to HW filter on device team0
[  339.662645][ T7176] bond0: (slave team0): Enslaving as an active interface with an up link
[  339.671622][ T7182] device bridge0 entered promiscuous mode
[  339.773406][ T7175] device bridge0 left promiscuous mode
[  340.854879][ T7193] rdma_rxe: rxe_register_device failed with error -23
[  340.862082][ T7193] rdma_rxe: failed to add ip6_vti0
[  341.102030][ T7199] rdma_rxe: rxe_register_device failed with error -23
[  341.109041][ T7199] rdma_rxe: failed to add lo
[  343.496519][  T144] Bluetooth: hci5: Frame reassembly failed (-84)
[  344.533070][ T7237] rdma_rxe: rxe_register_device failed with error -23
[  344.540875][ T7237] rdma_rxe: failed to add lo
[  345.563428][    T7] Bluetooth: hci5: command 0x1003 tx timeout
[  345.570578][ T4198] Bluetooth: hci5: sending frame failed (-49)
[  347.183770][ T7280] rdma_rxe: rxe_register_device failed with error -23
[  347.190838][ T7280] rdma_rxe: failed to add lo
[  347.642093][ T4291] Bluetooth: hci5: command 0x1001 tx timeout
[  347.649359][ T4198] Bluetooth: hci5: sending frame failed (-49)
[  349.722131][ T4291] Bluetooth: hci5: command 0x1009 tx timeout
[  352.082633][ T7317] rdma_rxe: rxe_register_device failed with error -23
[  352.089615][ T7317] rdma_rxe: failed to add ip6_vti0
[  352.853766][ T7327] overlayfs: failed to clone upperpath
[  353.070443][ T7331] rdma_rxe: rxe_register_device failed with error -23
[  353.077538][ T7331] rdma_rxe: failed to add lo
[  354.749544][ T7350] loop2: detected capacity change from 0 to 512
[  355.518932][ T7350] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  355.587035][ T7369] ufs: You didn't specify the type of your ufs filesystem
[  355.587035][ T7369] 
[  355.587035][ T7369] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  355.587035][ T7369] 
[  355.587035][ T7369] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  355.618569][ T7369] ufs: ufstype=old is supported read-only
[  355.624838][ T7369] blk_update_request: I/O error, dev loop9, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  355.667377][ T7350] ext4 filesystem being mounted at /160/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  356.083398][ T7375] overlayfs: failed to clone upperpath
[  359.429372][ T7411] ODEBUG: Out of memory. ODEBUG disabled
[  360.416999][ T7419] overlayfs: failed to clone upperpath
[  360.530630][ T7420] ufs: You didn't specify the type of your ufs filesystem
[  360.530630][ T7420] 
[  360.530630][ T7420] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  360.530630][ T7420] 
[  360.530630][ T7420] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  360.648023][ T7420] ufs: ufstype=old is supported read-only
[  360.654072][ T7420] blk_update_request: I/O error, dev loop5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  361.251272][   T26] audit: type=1326 audit(1764328459.482:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7426 comm="syz.0.851" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faa3ce62749 code=0x0
[  361.953406][ T7441] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  362.208188][ T7452] tmpfs: Unknown parameter 'usrquota'
[  366.759184][ T7502] loop2: detected capacity change from 0 to 512
[  367.331186][ T7502] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  367.346224][ T7502] ext4 filesystem being mounted at /166/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  367.392997][ T7508] fuse: Bad value for 'fd'
[  370.847054][ T7536] loop2: detected capacity change from 0 to 512
[  370.954302][ T7536] EXT4-fs (loop2): Ignoring removed bh option
[  371.023191][ T7536] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  371.033247][ T7542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.882'.
[  371.081982][ T7536] EXT4-fs (loop2): 1 truncate cleaned up
[  371.090265][ T7542] overlayfs: failed to clone upperpath
[  371.091280][ T7536] EXT4-fs (loop2): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  371.407044][ T7554] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  371.469446][ T7556] loop2: detected capacity change from 0 to 512
[  371.927010][ T7556] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  371.941116][ T7556] ext4 filesystem being mounted at /169/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  372.399375][ T7569] overlayfs: failed to clone upperpath
[  372.810275][ T7579] netlink: 8 bytes leftover after parsing attributes in process `syz.2.888'.
[  375.467372][ T7609] netlink: 252 bytes leftover after parsing attributes in process `syz.2.900'.
[  378.443548][ T1423] ieee802154 phy1 wpan1: encryption failed: -22
[  382.432297][ T7666] loop2: detected capacity change from 0 to 512
[  383.181386][ T7666] EXT4-fs (loop2): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: writeback.
[  383.195744][ T7666] ext4 filesystem being mounted at /176/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  383.309174][ T7681] overlayfs: failed to clone upperpath
[  383.436824][ T7682] netlink: 12 bytes leftover after parsing attributes in process `syz.3.916'.
[  383.955701][ T7682] 8021q: adding VLAN 0 to HW filter on device bond1
[  383.995827][ T7683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.916'.
[  384.029466][ T7683] device bond1 entered promiscuous mode
[  384.131083][ T7685] device dummy0 entered promiscuous mode
[  384.157788][ T7685] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  384.253335][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  385.262529][ T7696] netlink: 'syz.2.920': attribute type 10 has an invalid length.
[  385.319068][ T7696] team0: Port device netdevsim0 added
[  385.335027][ T7698] netlink: 'syz.2.920': attribute type 10 has an invalid length.
[  385.426760][   T26] audit: type=1326 audit(1764328483.662:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.2.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5639cad749 code=0x7ffc0000
[  385.453628][ T7698] team0: Port device netdevsim0 removed
[  385.479123][ T7698] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  385.496642][   T26] audit: type=1326 audit(1764328483.682:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.2.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5639cad749 code=0x7ffc0000
[  385.569671][   T26] audit: type=1326 audit(1764328483.682:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.2.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f5639cad749 code=0x7ffc0000
[  385.620106][   T26] audit: type=1326 audit(1764328483.682:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.2.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5639cad749 code=0x7ffc0000
[  385.670620][   T26] audit: type=1326 audit(1764328483.682:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7694 comm="syz.2.920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5639cad749 code=0x7ffc0000
[  390.779669][ T7750] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability
[  392.571824][ T7784] overlayfs: failed to clone upperpath
[  394.963086][ T7804] loop4: detected capacity change from 0 to 512
[  394.991385][ T7804] EXT4-fs (loop4): Ignoring removed bh option
[  395.064992][ T7804] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  395.257914][ T7804] EXT4-fs (loop4): 1 truncate cleaned up
[  395.274447][ T7804] EXT4-fs (loop4): mounted filesystem without journal. Opts: noload,max_dir_size_kb=0x0000000000000001,bh,noload,data_err=ignore,usrjquota=,,errors=continue. Quota mode: none.
[  399.165651][ T7835] rdma_rxe: rxe_register_device failed with error -23
[  399.172792][ T7835] rdma_rxe: failed to add lo
[  403.181123][ T7878] overlayfs: failed to clone upperpath
[  404.710996][ T7904] rdma_rxe: rxe_register_device failed with error -23
[  404.718219][ T7904] rdma_rxe: failed to add lo
[  406.616257][ T7927] ufs: You didn't specify the type of your ufs filesystem
[  406.616257][ T7927] 
[  406.616257][ T7927] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  406.616257][ T7927] 
[  406.616257][ T7927] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  406.647173][ T7927] ufs: ufstype=old is supported read-only
[  406.653170][ T7927] blk_update_request: I/O error, dev loop5, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  409.296242][ T7937] lo speed is unknown, defaulting to 1000
[  409.470171][ T7944] xt_NFQUEUE: number of queues (51632) out of range (got 109621)
[  411.280264][ T7937] ip6_vti0 speed is unknown, defaulting to 1000
[  411.463811][ T7953] rdma_rxe: rxe_register_device failed with error -23
[  411.470806][ T7953] rdma_rxe: failed to add lo
[  413.209526][ T7980] ufs: You didn't specify the type of your ufs filesystem
[  413.209526][ T7980] 
[  413.209526][ T7980] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  413.209526][ T7980] 
[  413.209526][ T7980] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  413.241070][ T7980] ufs: ufstype=old is supported read-only
[  413.247352][ T7980] blk_update_request: I/O error, dev loop1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  414.257477][ T4200] Bluetooth: hci0: Unknown advertising packet type: 0xffff
[  414.259203][ T4200] Bluetooth: hci0: Unknown advertising packet type: 0x2000
[  414.267121][ T4200] ==================================================================
[  414.282696][ T4200] BUG: KASAN: slab-out-of-bounds in hci_le_meta_evt+0x12c0/0x3b80
[  414.290520][ T4200] Read of size 1 at addr ffff8880747cb401 by task kworker/u5:8/4200
[  414.298503][ T4200] 
[  414.300831][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:8 Not tainted syzkaller #0
[  414.308376][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  414.318430][ T4200] Workqueue: hci0 hci_rx_work
[  414.323124][ T4200] Call Trace:
[  414.326405][ T4200]  <TASK>
[  414.329344][ T4200]  dump_stack_lvl+0x168/0x230
[  414.334148][ T4200]  ? show_regs_print_info+0x20/0x20
[  414.339396][ T4200]  ? load_image+0x3b0/0x3b0
[  414.343906][ T4200]  ? _raw_spin_lock_irqsave+0xb0/0xf0
[  414.349306][ T4200]  print_address_description+0x60/0x2d0
[  414.354873][ T4200]  ? hci_le_meta_evt+0x12c0/0x3b80
[  414.359998][ T4200]  kasan_report+0xdf/0x130
[  414.364426][ T4200]  ? hci_le_meta_evt+0x12c0/0x3b80
[  414.369548][ T4200]  hci_le_meta_evt+0x12c0/0x3b80
[  414.374486][ T4200]  ? hci_event_packet+0x2a0/0x12f0
[  414.379610][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  414.385685][ T4200]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  414.391322][ T4200]  ? mark_lock+0x94/0x320
[  414.395653][ T4200]  ? mutex_unlock+0x10/0x10
[  414.400177][ T4200]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  414.406162][ T4200]  ? lock_chain_count+0x20/0x20
[  414.411018][ T4200]  ? __rwlock_init+0x140/0x140
[  414.415785][ T4200]  hci_event_packet+0xe05/0x12f0
[  414.420723][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  414.425934][ T4200]  ? rcu_lock_release+0x20/0x20
[  414.430794][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  414.436019][ T4200]  hci_rx_work+0x255/0xa10
[  414.440458][ T4200]  process_one_work+0x863/0x1000
[  414.445410][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  414.451039][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  414.456328][ T4200]  ? _raw_spin_lock_irq+0xab/0xe0
[  414.461350][ T4200]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  414.466722][ T4200]  ? wq_worker_running+0x97/0x170
[  414.471839][ T4200]  worker_thread+0xaa8/0x12a0
[  414.476520][ T4200]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  414.482410][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  414.487614][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  414.492815][ T4200]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  414.498729][ T4200]  kthread+0x436/0x520
[  414.502798][ T4200]  ? rcu_lock_release+0x20/0x20
[  414.507649][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  414.512242][ T4200]  ret_from_fork+0x1f/0x30
[  414.516672][ T4200]  </TASK>
[  414.519749][ T4200] 
[  414.522066][ T4200] Allocated by task 7984:
[  414.526386][ T4200]  __kasan_kmalloc+0xb5/0xf0
[  414.530975][ T4200]  __alloc_skb+0x22c/0x750
[  414.535386][ T4200]  vhci_write+0xbc/0x450
[  414.539622][ T4200]  vfs_write+0x712/0xd00
[  414.543864][ T4200]  ksys_write+0x14d/0x250
[  414.548191][ T4200]  do_syscall_64+0x4c/0xa0
[  414.552605][ T4200]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  414.558495][ T4200] 
[  414.560815][ T4200] Last potentially related work creation:
[  414.566525][ T4200]  kasan_save_stack+0x35/0x60
[  414.571200][ T4200]  kasan_record_aux_stack+0xb8/0x100
[  414.576483][ T4200]  kvfree_call_rcu+0x10a/0x7c0
[  414.581245][ T4200]  neigh_periodic_work+0x407/0xc70
[  414.586355][ T4200]  process_one_work+0x863/0x1000
[  414.591289][ T4200]  worker_thread+0xaa8/0x12a0
[  414.595962][ T4200]  kthread+0x436/0x520
[  414.600027][ T4200]  ret_from_fork+0x1f/0x30
[  414.604440][ T4200] 
[  414.606761][ T4200] Second to last potentially related work creation:
[  414.613344][ T4200]  kasan_save_stack+0x35/0x60
[  414.618017][ T4200]  kasan_record_aux_stack+0xb8/0x100
[  414.623304][ T4200]  kvfree_call_rcu+0x10a/0x7c0
[  414.628069][ T4200]  drop_sysctl_table+0x2fa/0x430
[  414.633004][ T4200]  unregister_sysctl_table+0x87/0x130
[  414.638373][ T4200]  neigh_sysctl_unregister+0x74/0x90
[  414.643656][ T4200]  addrconf_ifdown+0x167e/0x1970
[  414.648605][ T4200]  addrconf_notify+0x445/0xf00
[  414.653364][ T4200]  raw_notifier_call_chain+0xcb/0x160
[  414.658743][ T4200]  unregister_netdevice_many+0xf57/0x18f0
[  414.664460][ T4200]  rtnl_dellink+0x3db/0x700
[  414.668964][ T4200]  rtnetlink_rcv_msg+0x7ff/0xe90
[  414.673898][ T4200]  netlink_rcv_skb+0x1e0/0x430
[  414.678659][ T4200]  netlink_unicast+0x774/0x920
[  414.683422][ T4200]  netlink_sendmsg+0x8ab/0xbc0
[  414.688183][ T4200]  ____sys_sendmsg+0x5a2/0x8c0
[  414.693030][ T4200]  ___sys_sendmsg+0x1f0/0x260
[  414.697708][ T4200]  __se_sys_sendmsg+0x190/0x250
[  414.702566][ T4200]  do_syscall_64+0x4c/0xa0
[  414.706979][ T4200]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  414.712870][ T4200] 
[  414.715196][ T4200] The buggy address belongs to the object at ffff8880747cb000
[  414.715196][ T4200]  which belongs to the cache kmalloc-1k of size 1024
[  414.729248][ T4200] The buggy address is located 1 bytes to the right of
[  414.729248][ T4200]  1024-byte region [ffff8880747cb000, ffff8880747cb400)
[  414.742969][ T4200] The buggy address belongs to the page:
[  414.748591][ T4200] page:ffffea0001d1f200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x747c8
[  414.758739][ T4200] head:ffffea0001d1f200 order:3 compound_mapcount:0 compound_pincount:0
[  414.767057][ T4200] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  414.775040][ T4200] raw: 00fff00000010200 ffffea0001d93e00 0000000200000002 ffff888016841dc0
[  414.783619][ T4200] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  414.792191][ T4200] page dumped because: kasan: bad access detected
[  414.798594][ T4200] page_owner tracks the page as allocated
[  414.804297][ T4200] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4186, ts 53780568354, free_ts 53768558894
[  414.823396][ T4200]  get_page_from_freelist+0x1b77/0x1c60
[  414.828947][ T4200]  __alloc_pages+0x1e1/0x470
[  414.833622][ T4200]  new_slab+0xc0/0x4b0
[  414.837694][ T4200]  ___slab_alloc+0x81e/0xdf0
[  414.842291][ T4200]  __kmalloc+0x1cd/0x330
[  414.846528][ T4200]  __register_sysctl_table+0xe0/0x1230
[  414.851983][ T4200]  neigh_sysctl_register+0x9a1/0xa80
[  414.857436][ T4200]  addrconf_sysctl_register+0xac/0x1b0
[  414.862893][ T4200]  ipv6_add_dev+0xbf3/0x1190
[  414.867481][ T4200]  addrconf_notify+0x66f/0xf00
[  414.872239][ T4200]  raw_notifier_call_chain+0xcb/0x160
[  414.877609][ T4200]  register_netdevice+0x1275/0x16b0
[  414.882805][ T4200]  veth_newlink+0x668/0xda0
[  414.887310][ T4200]  rtnl_newlink+0x114c/0x17d0
[  414.891987][ T4200]  rtnetlink_rcv_msg+0x7ff/0xe90
[  414.896924][ T4200]  netlink_rcv_skb+0x1e0/0x430
[  414.901682][ T4200] page last free stack trace:
[  414.906347][ T4200]  free_unref_page_prepare+0x637/0x6c0
[  414.911806][ T4200]  free_unref_page+0x94/0x280
[  414.916487][ T4200]  __unfreeze_partials+0x1a5/0x200
[  414.921596][ T4200]  put_cpu_partial+0x12d/0x190
[  414.926356][ T4200]  qlist_free_all+0x35/0x90
[  414.930879][ T4200]  kasan_quarantine_reduce+0x150/0x160
[  414.936336][ T4200]  __kasan_slab_alloc+0x2f/0xd0
[  414.941186][ T4200]  slab_post_alloc_hook+0x4c/0x380
[  414.946294][ T4200]  __kmalloc_track_caller+0x125/0x330
[  414.951665][ T4200]  kvasprintf+0xd4/0x180
[  414.955927][ T4200]  kobject_set_name_vargs+0x5d/0x110
[  414.961212][ T4200]  kobject_init_and_add+0xda/0x190
[  414.966492][ T4200]  netdev_queue_update_kobjects+0x19c/0x3e0
[  414.972389][ T4200]  netdev_register_kobject+0x265/0x310
[  414.977864][ T4200]  register_netdevice+0x1019/0x16b0
[  414.983083][ T4200]  veth_newlink+0x8ed/0xda0
[  414.987618][ T4200] 
[  414.989948][ T4200] Memory state around the buggy address:
[  414.995582][ T4200]  ffff8880747cb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  415.003644][ T4200]  ffff8880747cb380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  415.011712][ T4200] >ffff8880747cb400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  415.019770][ T4200]                    ^
[  415.023833][ T4200]  ffff8880747cb480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  415.031895][ T4200]  ffff8880747cb500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  415.039954][ T4200] ==================================================================
[  415.048011][ T4200] Disabling lock debugging due to kernel taint
[  415.057043][ T4200] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  415.064267][ T4200] CPU: 1 PID: 4200 Comm: kworker/u5:8 Tainted: G    B             syzkaller #0
[  415.073217][ T4200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  415.083292][ T4200] Workqueue: hci0 hci_rx_work
[  415.088002][ T4200] Call Trace:
[  415.091295][ T4200]  <TASK>
[  415.094244][ T4200]  dump_stack_lvl+0x168/0x230
[  415.098949][ T4200]  ? show_regs_print_info+0x20/0x20
[  415.104175][ T4200]  ? load_image+0x3b0/0x3b0
[  415.108712][ T4200]  panic+0x2c9/0x7f0
[  415.112627][ T4200]  ? bpf_jit_dump+0xd0/0xd0
[  415.117150][ T4200]  ? _raw_spin_unlock_irqrestore+0xf6/0x100
[  415.123066][ T4200]  ? _raw_spin_unlock+0x40/0x40
[  415.127937][ T4200]  ? hci_le_meta_evt+0x12c0/0x3b80
[  415.133067][ T4200]  check_panic_on_warn+0x80/0xa0
[  415.138026][ T4200]  ? hci_le_meta_evt+0x12c0/0x3b80
[  415.143172][ T4200]  end_report+0x6d/0xf0
[  415.147434][ T4200]  kasan_report+0x102/0x130
[  415.151973][ T4200]  ? hci_le_meta_evt+0x12c0/0x3b80
[  415.157103][ T4200]  hci_le_meta_evt+0x12c0/0x3b80
[  415.162054][ T4200]  ? hci_event_packet+0x2a0/0x12f0
[  415.167191][ T4200]  ? hci_remote_host_features_evt+0x280/0x280
[  415.173281][ T4200]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  415.178940][ T4200]  ? mark_lock+0x94/0x320
[  415.183312][ T4200]  ? mutex_unlock+0x10/0x10
[  415.187833][ T4200]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  415.193848][ T4200]  ? lock_chain_count+0x20/0x20
[  415.198743][ T4200]  ? __rwlock_init+0x140/0x140
[  415.203525][ T4200]  hci_event_packet+0xe05/0x12f0
[  415.208494][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  415.213834][ T4200]  ? rcu_lock_release+0x20/0x20
[  415.218733][ T4200]  ? hci_send_to_monitor+0x9c/0x4a0
[  415.223952][ T4200]  hci_rx_work+0x255/0xa10
[  415.228536][ T4200]  process_one_work+0x863/0x1000
[  415.233593][ T4200]  ? worker_detach_from_pool+0x240/0x240
[  415.239254][ T4200]  ? lockdep_hardirqs_off+0x70/0x100
[  415.244563][ T4200]  ? _raw_spin_lock_irq+0xab/0xe0
[  415.249606][ T4200]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  415.255006][ T4200]  ? wq_worker_running+0x97/0x170
[  415.260033][ T4200]  worker_thread+0xaa8/0x12a0
[  415.264734][ T4200]  ? _raw_spin_unlock_irqrestore+0x82/0x100
[  415.270631][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  415.275841][ T4200]  ? lockdep_hardirqs_on+0x94/0x140
[  415.281050][ T4200]  ? _raw_spin_unlock_irqrestore+0xaa/0x100
[  415.286947][ T4200]  kthread+0x436/0x520
[  415.291018][ T4200]  ? rcu_lock_release+0x20/0x20
[  415.295866][ T4200]  ? kthread_blkcg+0xd0/0xd0
[  415.300459][ T4200]  ret_from_fork+0x1f/0x30
[  415.304881][ T4200]  </TASK>
[  415.308089][ T4200] Kernel Offset: disabled
[  415.312561][ T4200] Rebooting in 86400 seconds..