last executing test programs:

3m48.418277773s ago: executing program 1 (id=601):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x6}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x8, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x14, 0x1}, {0x8, 0x9, 0x2}}}]}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400c040}, 0x0)

3m30.044624795s ago: executing program 32 (id=601):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_CREATE(0x0, 0x0, 0x50)
connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket(0x10, 0x803, 0x2)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r7)
getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES32=r8, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x6}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=@newtfilter={0x5c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x8, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x7, 0x14, 0x1}, {0x8, 0x9, 0x2}}}]}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x400c040}, 0x0)

3m9.842703732s ago: executing program 4 (id=649):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
r0 = inotify_init1(0x800)
inotify_add_watch(r0, &(0x7f0000000000)='./bus\x00', 0x610003d1)
mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f00000000c0)={{}, {0x1, 0x1}, [], {0x4, 0x5}, [], {0x10, 0x1}, {0x20, 0x7}}, 0x24, 0x0)
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x101042, 0xffa1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000003c0)=@newqdisc={0x78, 0x24, 0x50b, 0x8, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x8}, {0xffff, 0xffff}, {0x1, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x200, 0x5, 0x0, 0x0, 0xf407}, 0xffffffff, 0x1, 0x0, 0x4, 0x7, 0x4, 0x40, 0xb, 0x0, 0x1ff, {0x0, 0x0, 0x0, 0x4}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

3m6.569196965s ago: executing program 3 (id=656):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x55a8, &(0x7f00000014c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64asumCJWPBPEEisWPIbWMASdogFiB1SkWcm0KQNtI3jqO3zSDNn5vj1mXdGlqUzYzmAZ9ZC+sdvSZyIIxExFxHHk8i3k3KJuBNxsRj7QkScjIjKPUtS5v9OHIyIoxFxYlK8qJmUL31xenzq/K9v//7t94cOHPvymx/29cSBffViRPRXi+3b/SJmnSLeKPONcTeP/XPjMq5uqdHPivzt9kpe4XZjc1wjj2c7xfhs9dZwEq/3Gs1J7HSv5/nVQXHA4bizWWfyhvRGYy3fb7VX8tgdZnnsbBTHXd8ovts2hqOiTqus90lePkajzVjk2+vt4nxWb+axORiV+aJu1mqvT+K4jOXhopn1Wvk8Vh7zIj8B3ukObq2n4/basJsN0vO1+ku1+oVqfS1rtUftc9VGv3XhXLrY6U2GVUftRv9iJ8s6vXatmfWX0sVOs1mt19PFS+2VbmOQ1uu1s7Uz1fNL5dbp9I2rH6S9Vro4ia91B7dG3d4wvZ6tpcU7ltLl2tmXl9JT9fS9K9fSa+9evnzl2vsfXfrw6qtX3nq9HHTftNLF5TPLy9X6mepyfekZOv9Py0k/wvknD07/9OPuLhsUdviAAbCz+/r/2N7/h/4fmLrd9P/9m+X+3vT/8TD9f0yz/5+0VPr//+5/K4/U/56YSv87H/r/PTx/2JXH6/8PTn0eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM3M/zX72ZbywU+8fK/P/K1HPlfhIRlYi4+wBzcXBLzbmyzvwO4+e3zeG7JPIKk2McKpejEXGxXP78/15fBQAAAHh6fX3n5OdFt16sFvZ7QsxScdOmcvzjKdVLImJ+4ZcpVatMVs9PqVj++T4Q61Oqlt/AOjylYsUttwPTqvZQ5raEw/eEpAiVmU4HAACYia2dwGy7EAAAAGbps3999ZWZzYMZS2LzUebms+D8l/f/PBA8Mlnd3fbjfgAAAOBJkuz3BAAAAIA9l/f//v8PAAAAnm7F//8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NzPjdpAFAfgZ4OB/FNQlHtayQ3KSAk55hgoIE1QAmkhDVADkXJICStYYc8ieRek1TLGWvR9ku2d8ernGeDyxtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXfpbree/f375dWnObn+ZPLMBAAAATtlW63n9x7Rpv0v9H1LXp9QuIqKMiFO1+yBGrcxByqnO/H/1aAx/IuqEQ/84HW8j4ms67j52/SkAAADA7dosV7OmWm9OaQngX7+j4kqaRZvy/bdMeUVEVNP/mdLKw+lzprD69z2MH5nS6gWsSaawZsltePreKNdD2gaty8NMFvWXWLfKbp4LAAD0qV0JnKlCAAAAuAHf+x4A1/C0tC+Op+N7xnFzSS8E37RaAAAAwCtU9D0AAAAAoHN1/d/N/n+TF+3/V9j/DwAAALJr9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS9tqPd8sV7Nz9xfPzNntL5NvRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKGxSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsW//vm1UcQDA3/lspylUhIAiEUAFdYCFpm5p6YoQKGLgT0CKUqcEXAptBlpFlCxsKHMXBAsSQkigsOV/6NxIXcrWIUOQmBiC7lf6nJgmpO05TT8f6fl9/Xx5P86Wla/fHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQWX83vNIo4zR7GCviqu32xuJsVq9tqzOry3cms5LFyUjVeuz1+mZ/oL0aPzk+MbyJAAAAcFgc2/WItMrvQwh3WyvTWd0Yy/P/VnVMlvP/UHaVlG3b8/61jcUj5UuTVf7/x+/3XtwaaCzNx8k6nZvvdU/tnEpz38t8wj236xHN/Mznv72k+RvS+HDphfVWfj6T727der+dhyN1zBYA2I+TVV0G1f9DWd0Z5sQAeGo0o8S7yv/TseHOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAO60vhmSpOQgiTzftxZm1jcXZQ/c3yncnVspy7eXM57jProhVCmJvvdU/VuJaDqzqb1z+b6fW6V65eqzs4HkIY8NKNvf15Wk7/P49phxD6Wk68NKCfj/cw1rZ+dgTlxzPUew5Hs/XtenDS15LsOOHvbRaG8QGoK2iU78/jGGK09ve9P6g+e4++5//zXTLyaL6SAAA41FplyTLRu62V6awtGQ9h88f+/P+NKA59ef/mjaKleL4a5f/3Pjl3Ox4rzv87Na3vSTC1cOmLqavXrr81f2nmYvdi9/O3T3fe6Zw5f/bs+an8t5KpudDwiwkAAAAPoV2WOP8fHbD/fzSKwwP2/4st4SL///L7ztfxWKn8f6D7m37DngkAAMDTqL0VPf/a338lA45I2u3w1czCwpVO8bj1/HTxWOt092mkLHH+n44Pe1YAAABAHdaXkr79/wtRHB6w/x9f///szy//GveZFtcWXA4hdE/OXu5dqG85B1r/Tb8/pY/jRuV8oPawVwoAAMCwjJYl3v9vjWf5f2PrkodGCOHNEyH8U97DH/aY/6cffPtLPFZ8/f+ZWld58DQmivOR1xMhNCeGPSMAAAAOsyNlyZL9P1sr05/+dvSjtuv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr2bwAAAP//aR4tAA==")
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x42)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0)
socket(0x2, 0x2, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x8042, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000140)='./file1\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}, {@userxattr}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})

3m2.433633521s ago: executing program 4 (id=660):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x88e, &(0x7f0000000080)={[{@errors_remount}, {@mblk_io_submit}, {@inlinecrypt}, {@test_dummy_encryption_v1}, {@barrier}, {@mblk_io_submit}, {@nogrpid}]}, 0x3, 0x445, &(0x7f0000000800)="$eJzs3M9rHFUcAPDv7CZt06YmlvqjadVoFYM/kiattQcvioIHBUEP9RiTtMRuG2ki2BI0itSjFLyLR8G/wJNeRD0JXvUuhSK5tIqHldmdSXY3u2k2blzNfj4wyXszb3nvuzNv9715mQTQs0bTH0nEYET8EhFD1Wx9gdHqr9uryzN/rC7PJFEuv/57Uil3a3V5Ji+av+5AnumLKHycxNEm9S5euXphulSau5zlJ5YuvjOxeOXq0/MXp8/PnZ+7NHXmzKmTk8+ennqmI3Gmcd0aeX/h2JGX37z+6szZ62/98FWSx98QR4eMbnbwsXK5w9V118GadNLXxYbQlmK1m0Z/pf8PRTHWT95QvPRRVxsH7KhyuVy+t/XhlTKwiyXR7RYA3ZF/0afz33zbfMDQ0eFH1918vjoBSuO+nW3VI31RyMr0N8xvO2k0Is6u/Pl5usXO3IcAAKjzTTr+earZ+K8QtfeF7srWUIYj4u6IOBQRpyPicETcE1Epe19E3N9m/Y2LJBvHP4Ub2wpsi9Lx33PZ2lb9+C8f/cVwMcsdrMTfn5ybL82dyN6Tsejfm+YnN6nj2xd//rTVsdrxX7ql9edjwawdN/r21r9mdnpp+p/EXOvmhxEjfc3iT9ZWApKIOBIRI9usY/6JL4+1Onbn+JurvCUdWGcqfxHxePX8r0RD/Llk8/XJiX1RmjsxkV8VG/3407XXWtW/3fg7JT3/+5te/2vxDye167WL7ddx7ddPWs5ptnv970neqNv33vTS0uXJiD3JK9VG1+6faig3tV4+jX/sePP+fyjW34mjEZFexA9ExIMR8VDW9ocj4pGIOL5J/N+/8OjbdTvGBtuIf2el8c+2df7XE3uicU/zRPHCd1/XVTocbcSfnv9TldRYtmcrn39badf2rmYAAAD4/ylExGAkhfG1dKEwPl79G/7Dsb9QWlhcevLcwruXZqvPCAxHfyG/0zVUcz90MpvW5/mphvzJ7L7xZ8WBSn58ZqE02+3goccdaNH/U78Vu906YMd5Xgt6l/4PvUv/h96l/0PvatL/Bzbu+qvhkUFgN2j2/f9BF9oB/Psa+r9lP+gh5v/Qu/R/6F36P/SkxYG480PyEhIbElH4TzRj5xP7tvhvLnZZotufTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ3xdwAAAP//FX7vJg==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.stat\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
fdatasync(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)

3m2.3069461s ago: executing program 3 (id=661):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write$cgroup_pid(r2, &(0x7f0000000000), 0xffffff98)
write$binfmt_elf64(r2, 0x0, 0x78)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x48042, 0x8c)
fallocate(r4, 0x10, 0x6, 0x10001)
splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0x100000004, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x3fd4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
fadvise64(0xffffffffffffffff, 0x9, 0x0, 0x3)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x1008440, &(0x7f0000000000)={[{@auto_da_alloc}, {@journal_dev={'journal_dev', 0x3d, 0x6}}, {@noquota}, {@resgid}, {@noquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000000}}]}, 0x0, 0x5e0, &(0x7f0000000bc0)="$eJzs3c9vVNUeAPDvmU5LofBayMt74kKaGIVEaWkBQ4wL2JMGf0QXbqy0EKRAQ2u0aGKJuNDEaKIxJq5YiP+FEtmy0pULN64MCVHD0sQxd+beOi3Tlv6cyv18kqHn3HNvz7kdvnPunDnnTgCl1Z/9U4nYGxGTKaI3zc6VVSMv7G/sd++Pd09njxS12ou/pUj5tmL/1PjxSk9+cHdE/PB9ij0d99c7NXPl/OjExPjlPD84fWFycGrmysFzF0bPjp8dvzj8zPCxo0eOHhs6tG7nevLaG2/1fjTy6tdf/ZmGvvl5JMXx2JmXNZ/Hqn36Wa0uz/ZHf+Nvsm3+btnf9diaK9saOvLzaX6KU7WNDWJFiuevMyL+H73REf88eb3xwfNtbRywoWopogaUVBL/UFLFdUDx3n7h++BKW65KgM1w90RjAOD++K82xgajuz420L3guBQR6zEyl9Vx+9bItTO3Rq7Feo3DAQ9k9mpEPNIq/lM9NvvyyN9xrxLNw7rZdcGp/Ge2/YVV1t+/IC/+YfM04r97VfH/WlP8v77K+sU/AAAAAAAArJ+bJyLi6Vaf/1fm5v9E/fO/NO/zv56IOL4O9S//+V/lzjpUA7Rw90TEcy3n/1aK2b99HXlqV30+QGc6c25i/FBE/CciDkTntiw/tEQdBz/e8+ViZcX8v+KR1X87nwuYt+NOdcH62bHR6dG1njcQcfdqxKMt5/+muf4/tej/s9eDyQesY88TN04tVrZ8/AMbpXY9Yn/L/j/N7ZOWvj/HYP16YLC4Kogndy2o47F3Pvl2sfrFP7RP1v/vWDr++1Lz/XqmVl7H4ZlqbbGy1V7/d6WX6rec6cq3vT06PX15KKIrnezIts7bPrzyNsO/0IfL7VDEQxEvWfwfeHzp8b9W1//bI2J2we9Ov89fU1z43189vzTnO5vSreK/qv+HTZHF/9iK+v+VJ4Zv9H23WP0P1v8fqff1B/Itxv+g4YsiTLvmb28RjtVWRZvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4GFQiYmekysBculIZGIjoiYj/xo7KxKWp6afOXHrz4lhWVv/+/0rxTb+9jXwqvv+/ryk/vCB/OCJ2R8TnHdvr+YHTlybG2n3yAAAAAAAAAAAAAAAAAAAAsEX0LLL+P/NrR7tbB2y4arsbALRNi/j/sR3tADaf/h/KS/xDeYl/KC/xD+Ul/qG8xD+Ul/iH8hL/AAAAAADwUNm97+ZPKSJmn91ef2S68rLOtrYM2GiVdjcAaBu3+IHyMvUHyst7fCAtU9696EHLHbmUydNrOBgAAAAAAAAAAAAASmf/Xuv/oays/4fysv4fyqtY/7+vze0ANp/3+EAss5K/5fr/ZY8CAAAAAAAAAAAAANbT1MyV86MTE+OXJV7eGs3YzEStVnsv+1+w+t9zPVZ2VGdEbI1z34BEMRV+q7RnLYlD77f3hQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJjzdwAAAP//Hswrdg==")

3m0.951843192s ago: executing program 3 (id=662):
r0 = getpgid(0x0)
r1 = syz_pidfd_open(r0, 0x0)
r2 = pidfd_getfd(r1, r1, 0x0)
setns(r2, 0x66020000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r3 = open_tree(0xffffffffffffff9c, 0x0, 0x80001)
move_mount(r3, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001c00)=@base={0xb, 0x5, 0x7, 0x9, 0x1, 0xffffffffffffffff, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2000}, 0x94)
umount2(&(0x7f0000000040)='.\x00', 0x2)

2m59.894736232s ago: executing program 4 (id=664):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000001000)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x20)
ioctl$FIBMAP(r1, 0x1, &(0x7f0000000000)=0x4)
writev(r0, &(0x7f0000000100)=[{&(0x7f00000000c0)="120e", 0x2}], 0x1)

2m59.266317798s ago: executing program 3 (id=667):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
unshare(0x2a020400)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="5800000000090101000000000000000000000000100004800800014000000004240002000c0002800500010a0000000014000280080001000000000008000200ac1414000800054000000000090001"], 0x58}}, 0x0)

2m57.470230067s ago: executing program 4 (id=670):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = accept4$unix(r1, 0x0, 0x0, 0x0)
recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x80)
r4 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000000000040f003040040000102030109021b000104000000090400000207010100090501022000000000", @ANYRES16=r0], 0x0)
syz_usb_control_io$printer(r4, 0x0, &(0x7f00000011c0)={0xffffffffffffff42, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x1, 0x1}})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
pwritev(r5, &(0x7f00000004c0)=[{&(0x7f0000000040)="16", 0x1}], 0x1, 0x1, 0x9)

2m56.1966343s ago: executing program 0 (id=672):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x92, 0x5, 0x6, 0x4}, 0x3a, [0x8000, 0x2c95a, 0x11, 0x8, 0x80, 0x1, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x8, 0x5, 0xffff2d37, 0xffffff03, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x5, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0x800, 0x4, 0x4, 0x7, 0x3, 0x8, 0x4c75, 0x80000000, 0x2, 0x6, 0xe, 0x0, 0x80008071, 0x7, 0x40017, 0x0, 0x7, 0x5, 0x3e, 0x3, 0x6, 0xffff, 0x0, 0x6, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0x40c8, 0xf9, 0xe, 0x82c0, 0x6c7, 0x8, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x5, 0xea4, 0x0, 0xb94, 0x7, 0x7fff, 0x1c000, 0x3fe, 0x403, 0x200006, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0x2d, 0x4e2, 0x5, 0x4, 0xb, 0x2000004, 0x9, 0x80000001, 0x9, 0x6, 0x47, 0x81fe, 0x1, 0xfe000000, 0x8, 0xffffffff, 0x4, 0x4, 0x3, 0x50, 0x9, 0x1, 0xfffff9b5, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x8, 0x407, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xa2, 0x8000, 0x0, 0x5, 0x1, 0x5, 0x5, 0x5, 0x4000000, 0x1eb, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0xfffffffe, 0x3, 0x20000008, 0x4, 0x6d01, 0x2, 0x35, 0x800083, 0x200, 0x80, 0x3, 0x8000004, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x4005, 0x6, 0x6, 0xca, 0x1ff, 0x3, 0x7ff, 0xbe, 0x4, 0x7, 0xe, 0x0, 0x5, 0x1c, 0x8, 0x4, 0x8, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x2, 0x5, 0x3, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x9, 0x1, 0x101, 0x10000, 0x2000004, 0x8000, 0xffff, 0xa620, 0x2, 0x4, 0x6, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xffffffd9, 0xfffff000, 0x10010000, 0x0, 0x7e, 0x9, 0x9602, 0x40007, 0xaf, 0x5, 0x6, 0x227, 0x2, 0x5, 0x5, 0x30b1d693, 0xa1f, 0xf3c, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x1, 0xb1e, 0x2000d7, 0x201, 0xffff3441, 0x4]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x0, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, 0x0}}], 0x0, 0x0, 0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425", @ANYRES32=0x0, @ANYBLOB="00000000000080002800"], 0x50}}, 0x4000000)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x100000000000000, &(0x7f0000000580)="b3"})

2m55.367079264s ago: executing program 0 (id=674):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @empty}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000))

2m55.287370805s ago: executing program 3 (id=675):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
futex(0x0, 0x7, 0x2, 0x0, 0x0, 0x2)

2m54.706484191s ago: executing program 0 (id=678):
read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x10000, 0x0, 0x0, 0x0, 0x2, 0x1}})
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})

2m54.267117867s ago: executing program 0 (id=679):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)

2m53.682196627s ago: executing program 0 (id=680):
syz_usb_connect(0x4, 0x24, &(0x7f0000004200)=ANY=[@ANYRES32=0x0], 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f0000000480)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x5761, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000180)={&(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x0}, 0x68)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$TUNSETVNETHDRSZ(r3, 0x400454d8, &(0x7f0000000140)=0x90)
write$tun(r3, &(0x7f0000000080)=ANY=[@ANYRESOCT], 0xfdef)
syz_mount_image$fuse(0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00')
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x89901)
move_mount(r4, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2025, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000d00)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x14, 0x18, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x8}}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_HOOK={0x4}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x180, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_FIB_FLAGS={0x8, 0x3, 0x1, 0x0, 0x3c}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_FIB_RESULT={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_FIB_DREG={0x8, 0x1, 0x1, 0x0, 0x11}]}}}, {0x18, 0x1, 0x0, 0x1, @rt={{0x7}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_RT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_RULE_USERDATA={0xf5, 0x7, 0x1, 0x0, "89c90bed569a1222634139ba9057adc786d1ea43f2022cf5628b5307da8ce5fa718ee55031ee62b6c5954d464977d4ac17d1ba04c74ccc317850f4cf89ce12b757ff2b32fb1f39e4dfda61e32d82fd08f1be0eb2fba036f92980cca0b3541105525bd9337849e0d3acbc569372a87e79ce569edfb0eac1fe94bcc2a9ec0b0c4413ada0a5624f07a6b305d216c0d52a0c9150b7482e4f9485a39b18f554f8d323cb1a8e99c6c50f7f5729b3f77275143d413d5a073598cf280beb3897a2dadd1be996aaaf5e4ce4f4ae8b77c4d29586f95d7a305812ef5a197d5a3044bcf75e0b2dad9191dfb6d2d1eecc247388d3f31146"}, @NFTA_RULE_POSITION_ID={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x1ec}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000000)={'bond0\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x12, 0x1, 0x4, 0x9}})
r6 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
fsmount(r6, 0x0, 0x0)

2m53.436267129s ago: executing program 4 (id=681):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r3)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x1}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x1, 0x8, 0xb}, 0x50)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r6, r5, 0x7}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r6, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r4}, 0x20)
sendmsg$SOCK_DESTROY(r3, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={0x0, 0xc3ec}}, 0x0)

2m51.157812564s ago: executing program 4 (id=682):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00', 0x800, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x70)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000200)={0x87, 0x14, 0x40000}, 0xfffffd35)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x700)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x34808521, 0x401, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xa4001f7e}}, 0x50)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000001040)=@filter={'filter\x00', 0x42, 0x4, 0x3b8, 0xffffffff, 0x238, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0x0, 'wg1\x00', 'ip6tnl0\x00', {}, {}, 0x6c}, 0x287, 0x178, 0x1a0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x2, 0x4, 'bm\x00', "17fe85b2e7794dbf95fa4bbcb6a91c1f280c1999b9e9c91aec32acf40242838b14641ee58ffb2807b1455049d59591426d860cbcf1d58ab1ffbb5187b72db33268933cac58623e417fbdbd0b8753f88cb456e7cd9ef85fd6861f486fb7bab7930c4e57def2f1e72aede0b46c35ed67a0549781a3d3fe2b88393de1719bea5584", 0x7e, 0x2, {0xf}}}, @common=@unspec=@limit={{0x48}, {0x7004, 0x80000, 0x0, 0xb}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x8000, 0x3ff, 0x89f0, 0xfeb9, 0x3f, 0x7f, 0x3}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

2m50.146062944s ago: executing program 3 (id=683):
mmap$IORING_OFF_SQ_RING(&(0x7f0000729000/0x4000)=nil, 0x4000, 0x0, 0x4010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2400000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000400)={0xf0f01f})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x1c})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8008}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x4}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0x1}]}}}]}, 0x44}}, 0x8000)
madvise(&(0x7f000072a000/0x4000)=nil, 0x4000, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @multicast1}}}], 0x20}}], 0x1, 0x0)
r6 = socket$inet(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r6, 0x0, 0x486, &(0x7f00000000c0), &(0x7f0000000140)=0xc)
setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x801, 0xfffffffd, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20421}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}, @AF_INET={0x10, 0x2, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8, 0x1b, 0x0, 0x0, 0x3}]}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x8024)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r8, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r9 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r9, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

2m43.145487151s ago: executing program 0 (id=685):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004", @ANYRES32=0x1, @ANYBLOB="00000000000000000000000000000000000000e7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=""/40, &(0x7f00000001c0), &(0x7f0000000200), 0x1, r3}, 0x38)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010010905"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00'})
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x541b, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)
close(r5)
sendmmsg$inet(r2, &(0x7f0000004d00), 0x0, 0xf00)

2m35.503281567s ago: executing program 33 (id=682):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/custom1\x00', 0x800, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x70)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mount_setattr(0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000200)={0x87, 0x14, 0x40000}, 0xfffffd35)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r2, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x700)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x34808521, 0x401, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xa4001f7e}}, 0x50)
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000001040)=@filter={'filter\x00', 0x42, 0x4, 0x3b8, 0xffffffff, 0x238, 0x98, 0x98, 0xffffffff, 0xffffffff, 0x320, 0x320, 0x320, 0xffffffff, 0x5, 0x0, {[{{@uncond, 0x74000002, 0x70, 0x98, 0x1ba, {0x46010000, 0x2c000000000000}}, @REJECT={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, 0x0, 'wg1\x00', 'ip6tnl0\x00', {}, {}, 0x6c}, 0x287, 0x178, 0x1a0, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x2, 0x4, 'bm\x00', "17fe85b2e7794dbf95fa4bbcb6a91c1f280c1999b9e9c91aec32acf40242838b14641ee58ffb2807b1455049d59591426d860cbcf1d58ab1ffbb5187b72db33268933cac58623e417fbdbd0b8753f88cb456e7cd9ef85fd6861f486fb7bab7930c4e57def2f1e72aede0b46c35ed67a0549781a3d3fe2b88393de1719bea5584", 0x7e, 0x2, {0xf}}}, @common=@unspec=@limit={{0x48}, {0x7004, 0x80000, 0x0, 0xb}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x8000, 0x3ff, 0x89f0, 0xfeb9, 0x3f, 0x7f, 0x3}}]}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x0, 0x0, "81d0042c436dbdac8bebde18b54dd11bf035c1d8b6b0e88ef5aee0eccad7"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x418)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

2m32.213414339s ago: executing program 34 (id=683):
mmap$IORING_OFF_SQ_RING(&(0x7f0000729000/0x4000)=nil, 0x4000, 0x0, 0x4010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2400000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000400)={0xf0f01f})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x1c})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x1})
r4 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8008}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x4}, @IFLA_MACVLAN_BC_QUEUE_LEN={0x8, 0x9, 0x1}]}}}]}, 0x44}}, 0x8000)
madvise(&(0x7f000072a000/0x4000)=nil, 0x4000, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000017c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @multicast1}}}], 0x20}}], 0x1, 0x0)
r6 = socket$inet(0x2, 0x2, 0x0)
getsockopt$IP_VS_SO_GET_TIMEOUT(r6, 0x0, 0x486, &(0x7f00000000c0), &(0x7f0000000140)=0xc)
setsockopt$inet_mreqn(r6, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x801, 0xfffffffd, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20421}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}, @AF_INET={0x10, 0x2, 0x0, 0x1, {0xc, 0x1, 0x0, 0x1, [{0x8, 0x1b, 0x0, 0x0, 0x3}]}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x8024)
r8 = socket$netlink(0x10, 0x3, 0x0)
writev(r8, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r8, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r9 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r9, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)

2m27.227742211s ago: executing program 35 (id=685):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004", @ANYRES32=0x1, @ANYBLOB="00000000000000000000000000000000000000e7", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=""/40, &(0x7f00000001c0), &(0x7f0000000200), 0x1, r3}, 0x38)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010010905"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00'})
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x541b, 0x0)
r5 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)
close(r5)
sendmmsg$inet(r2, &(0x7f0000004d00), 0x0, 0xf00)

2m9.950923603s ago: executing program 5 (id=719):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x20004000, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000240)={0xd, 0xfff9, 0x8004, 0x0, 0x3800, 0x5, 0x0, 0x7}, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x1fd, 0x0, 0xf000, 0x2000, &(0x7f0000f9b000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0x3, 0x7, 0x8c, 0x0, 0x6, 0xd, 0x81, 0xb6, 0xa, 0xfc, 0x8, 0x44, 0x0, 0xee5, 0x0, 0x9a, 0x2, 0x80, 0xa7, '\x00', 0x3, 0x3})
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0xe6, 0x55f, 0x19fffe, 0x4, 0xffffffffffffffff, 0x7, 0x9, 0xb, 0x4, 0x80, 0x300000000006, 0x794, 0xa, 0x40, 0xc976, 0x5], 0x8080000, 0x20200})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m9.309546244s ago: executing program 5 (id=720):
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x10000001})
openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0xa0201, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000011c0)}], 0x1}}], 0x1, 0xc0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
syz_io_uring_setup(0xfb, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2m8.302124402s ago: executing program 5 (id=721):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x58}}, 0x0)

2m7.849391595s ago: executing program 5 (id=722):
r0 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x737, '\x00', 0x0, r0, 0x0, 0x1}, 0x50)

2m7.454297798s ago: executing program 5 (id=723):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
prlimit64(r1, 0xe, &(0x7f0000000040)={0xa, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x58, 0x2, 0x6, 0x401, 0xe4340000, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xf0}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x48}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x800)

2m6.037956491s ago: executing program 5 (id=725):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0)

1m50.832999649s ago: executing program 36 (id=725):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r0, 0x0)
recvmmsg(r0, &(0x7f0000005000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/19, 0x13}, 0x3}], 0x4000169, 0x60, 0x0)

1m11.476422043s ago: executing program 6 (id=802):
r0 = syz_io_uring_setup(0x10f, &(0x7f00000000c0)={0x0, 0x211a, 0x80, 0x4, 0x306}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000040)=0xffefffdc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_ACCEPT={0xd, 0x8, 0x1, 0xffffffffffffffff, 0x0})
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000540)=[0xffffffffffffffff], 0x1)
io_uring_enter(r0, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

1m10.2568253s ago: executing program 6 (id=804):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x7fff, 0xff7f0000)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x4b)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000006540)={0x7, 0x21, 0x0, 0x17, 0x4, 0xc0, 0x5, 0x14c, 0x1})
syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r1, &(0x7f00000067c0), 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
epoll_create1(0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
syz_open_procfs(0x0, &(0x7f0000001d40)='coredump_filter\x00')
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

1m8.496912924s ago: executing program 6 (id=808):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = io_uring_setup(0x5fe5, &(0x7f0000000bc0)={0x0, 0xcb44, 0x3040, 0x0, 0x26c})
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r2, 0xd, &(0x7f0000000140)={0x7, 0x0, 0x0, 0x0}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r2, 0x6, &(0x7f0000000e80)={0x7f, 0x0, &(0x7f0000000e40)}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0)
r3 = syz_open_dev$media(&(0x7f0000000180), 0xffffffffffffff73, 0xa0040)
preadv(r3, &(0x7f0000000280)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/55, 0x37}, {&(0x7f0000000200)=""/13, 0xd}], 0x4, 0x7, 0x27)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000000240)=0x3)
syz_open_procfs(0x0, &(0x7f0000000180)='projid_map\x00')
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000000))
pselect6(0x40, &(0x7f00000000c0)={0x3, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xa}, 0x0, &(0x7f0000000680)={0x7ff, 0xffffffff, 0x5, 0x400000007, 0xffffffffffffff24, 0x2, 0x5, 0x8}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$netlink(0x10, 0x3, 0x6)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x24008080}, 0x0)

58.317843347s ago: executing program 6 (id=836):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0xfffffffc, 0x10, {{@in=@broadcast, @in=@remote, 0x0, 0x0, 0xffff, 0x7, 0xa, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0x9, 0x8}, {0x1, 0x9, 0x80}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}}, 0xb8}}, 0x80)

57.671050219s ago: executing program 6 (id=840):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400})
close(0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_int(r0, &(0x7f0000000240)=0x2, 0x12)

56.804774659s ago: executing program 6 (id=843):
socket$nl_generic(0x10, 0x3, 0x10)
mq_notify(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x58, 0x5)

41.42899264s ago: executing program 37 (id=843):
socket$nl_generic(0x10, 0x3, 0x10)
mq_notify(0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
sendfile(r3, r2, &(0x7f00000000c0)=0x58, 0x5)

12.890499843s ago: executing program 9 (id=950):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000200000408000000000000000300000000000000000000000300000000000000000000000000000200"/78], 0x0, 0x56}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x737, '\x00', 0x0, r0, 0x0, 0x1}, 0x50)

12.409006202s ago: executing program 9 (id=952):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x8, 0x6, 0x7, 0x2, 0x1, 0xc1, 0x80, 0x36, 0x4, 0xf, 0x3, 0xd2, 0x53, 0xf}, 0xe)
recvmmsg(r0, &(0x7f0000000580)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=""/4096, 0x1000}, 0xffffff7f}], 0x1, 0x43, 0x0)

11.830160943s ago: executing program 9 (id=954):
socket$packet(0x11, 0xa, 0x300)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x3c)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x5000, 0x80000001, @remote, 0x7}, 0x1c)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)

8.318674969s ago: executing program 7 (id=965):
listen(0xffffffffffffffff, 0x2)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x1223}})
io_uring_enter(r0, 0x47f6, 0x0, 0x700000000000000, 0x0, 0x0)

8.282336031s ago: executing program 1 (id=891):
r0 = gettid()
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000))
read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f)

7.489181099s ago: executing program 8 (id=968):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x980, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000340), 0x206, 0x8401)
ioctl$USBDEVFS_BULK(r1, 0xc0185502, &(0x7f0000000040)={{{0x1, 0x1}}, 0xfffffffffffffde2, 0x14b4a8d8, 0x0})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r2, 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)

7.13662829s ago: executing program 7 (id=969):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8f"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x4, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x8024)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)

6.841262756s ago: executing program 1 (id=970):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000006c0)={0x84, &(0x7f00000002c0)={0x20, 0x7, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

6.07095987s ago: executing program 2 (id=972):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000200000408000000000000000300000000000000000000000300000000000000000000000000000200"/79], 0x0, 0x56}, 0x28)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000080)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x737, '\x00', 0x0, r0, 0x0, 0x1}, 0x50)

5.434012871s ago: executing program 2 (id=973):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'dummy0\x00'})
sendmsg$nl_route_sched(r0, 0x0, 0x8000)

5.012428579s ago: executing program 8 (id=974):
unshare(0x22020600)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000100}, 0x20000005)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2e, &(0x7f0000000180)=0x1ff, 0x4)

4.780731128s ago: executing program 2 (id=975):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xa6e4, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}})
io_uring_enter(r0, 0x2b93, 0xf9d0, 0x22, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_POLL_REMOVE={0x7, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x4e14, 0x912a, 0x41, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x24000000)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

4.422326691s ago: executing program 8 (id=976):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback, 0x7ff}], 0x2c)
sendto$inet6(r0, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
recvmmsg(r0, &(0x7f0000000580)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001300)=""/4096, 0x1000}, 0xffffff7f}], 0x1, 0x43, 0x0)

4.303484934s ago: executing program 7 (id=977):
read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020}, 0x2020)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x10000, 0x0, 0x0, 0x0, 0x2, 0x1}})
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}})

3.536221328s ago: executing program 2 (id=978):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x4000246, r1})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x3c}, 0x1, 0x11}, 0x0)

3.489487667s ago: executing program 7 (id=979):
listen(0xffffffffffffffff, 0x2)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x3c00, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f00000000c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x1223}})
io_uring_enter(r0, 0x47f6, 0x0, 0x700000000000000, 0x0, 0x0)

3.418668608s ago: executing program 8 (id=980):
r0 = gettid()
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f)
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000))
read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f)

3.26539088s ago: executing program 1 (id=981):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000240)=0x10)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f0000000040)={r1, 0x8, 0x914}, 0x8)

2.808602589s ago: executing program 2 (id=982):
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x3}}, 0x0, 0x0, 0x3c}})
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0}})

2.457329548s ago: executing program 9 (id=983):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = dup(r5)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.319317935s ago: executing program 1 (id=984):
openat$nvram(0xffffffffffffff9c, &(0x7f0000000100), 0x40080, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f0000000200), 0x8083, 0x0)
r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x102)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r0, 0xc01064c2, &(0x7f0000000240))
mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x1000004, 0x31, 0xffffffffffffffff, 0x1000)
capset(&(0x7f0000002ffa)={0x20080522, 0xffffffffffffffff}, 0x0)
r1 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000040)={r1})
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@name={0x1e, 0x2, 0x47b8f505e53035ec, {{0x43, 0x2}, 0x3}}, 0x10)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000100))
r3 = socket$packet(0x11, 0x3, 0x300)
bind$netlink(0xffffffffffffffff, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0)
r4 = syz_io_uring_setup(0x4b07, &(0x7f0000010400)={0x0, 0xad84, 0x1, 0x1, 0x8338}, &(0x7f0000000600), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_EVENTFD(r4, 0x4, 0x0, 0x7ffffffe)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x4, {0x6, 0x0, 0x8100, 0x0, {0xc3, 0xc}, {}, {0xe, 0xd}}, [@TCA_RATE={0x6}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x11, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r1, 0x89e0, &(0x7f0000000180))
r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000240), 0x140, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000100)={0x400, 0xa, 0x0, 0x0, 0x0, 0x180, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x8c6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80, 0x0, 0x0, 0x2, 0x0, 0x1})

2.275972153s ago: executing program 8 (id=985):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000001c00)={0x2, 0x4e23, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0)
sendto(r0, &(0x7f0000000740)="50fbdf12a30d7a48b2c5c84948f3426077a9f0ca1475183db3bf52a6b2cdb77ef9af2a603a3e78adff59fbb22bae1b2443011fd801251bcef8f165533aac58c7556d", 0x42, 0x0, 0x0, 0x0)
write$binfmt_misc(r0, &(0x7f0000000380)="c7", 0x1)
sendto$inet(r0, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398ea66b93a74fd4147e826abed1b5d1de578682288c19ac23c1ccc1cdd936d2571c3510b0000000000000000000000000000000000f32bb3874c926a8944caa4677d2eae3bc831e748000000", 0xfffffffffffffe88, 0x52, 0x0, 0x0)

2.133314922s ago: executing program 7 (id=986):
unshare(0x22020600)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000100}, 0x20000005)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2e, &(0x7f0000000180)=0x1ff, 0x4)

1.999721215s ago: executing program 2 (id=987):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="8fcf"], 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0x4, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x8024)
ioctl$EVIOCGKEYCODE_V2(r0, 0x80284504, &(0x7f0000000040)=""/185)

1.598229603s ago: executing program 7 (id=988):
r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f0000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000100b0000850000000800000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0, 0xa3d8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/sync_on_suspend', 0x1e9a21, 0x20)
r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000001180)={{0x3, 0x2, 0x80000002, 0x100, 'syz1\x00', 0xffffffff}, 0x0, [0x6ba74c59, 0x85, 0xf, 0x1, 0x9, 0x6, 0x5, 0xdb, 0x0, 0xf0, 0x3, 0x5, 0x8001, 0xfffffffffffffffb, 0x4, 0x2938, 0x100, 0xfffffffffffffff8, 0xfffffffffffffff9, 0xfffffffffffffffb, 0x6, 0x9025, 0x5, 0x5, 0x7, 0x100000001, 0x40, 0x9, 0x9, 0x2, 0x100, 0xa, 0xb, 0x1a7427c9, 0x7, 0x8, 0x7, 0x1ff, 0x5, 0x10001, 0xffffffff, 0xffffffffffffff3f, 0x800, 0x9, 0xe4e, 0xffffffffffffffff, 0x6, 0xff, 0x659, 0x5, 0xfff, 0x2, 0xffff, 0xffffffffffffff53, 0x0, 0x101, 0x7f, 0x4, 0x9, 0x10, 0x2, 0xd1c, 0x80000001, 0x9, 0x8001, 0x0, 0x1, 0xfffffffffffff3a0, 0x4, 0x4, 0x4, 0x1, 0x9, 0xe5, 0xfa0, 0x9, 0x1, 0x401, 0x8, 0x7fffffffffffffff, 0x101, 0xffffffffffffff2f, 0xe, 0x4, 0x4040000, 0xffffffff, 0x5, 0x7, 0x5, 0x1ff, 0x9, 0x4, 0x100, 0x5, 0x7, 0x5, 0x7, 0xfffffffffffffff9, 0x6, 0x5, 0x3, 0x4, 0x9, 0x27ee, 0x0, 0x0, 0x0, 0x4, 0x6, 0x8, 0x6, 0x8000000000000001, 0x90, 0xd27, 0x0, 0x4, 0x3ff, 0x3, 0x9, 0x87, 0x80, 0x3, 0x2, 0x2c, 0xa, 0x1, 0x1, 0x8]})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r2, 0xc4c85513, &(0x7f0000000c80)={{0x1, 0x1, 0x1, 0x3557, 'syz1\x00', 0x5}, 0x1, [0x2, 0x84, 0x1c00000000000000, 0x7fffffffffffffff, 0x3, 0x3896, 0x5, 0x1, 0x8, 0xffffffff, 0xfffffffffffffff7, 0x9, 0x7ff, 0x80, 0x2fc2f8ae, 0x2, 0x101, 0xa71, 0x7fffffffffffffff, 0xa1, 0xfffffffffffffff8, 0x40, 0x2, 0x2, 0x10, 0xd, 0x8, 0x2, 0x6, 0x6, 0x6, 0x5, 0x2, 0x8, 0xffff, 0x144be44d, 0xc3b, 0x400000000003, 0x0, 0x12, 0x2, 0x8, 0xbb9, 0x2, 0x6, 0x9, 0xb1e, 0x8, 0xf, 0x651, 0x342, 0x8000, 0xc, 0xffffffffffffffff, 0x4, 0x0, 0x400, 0x1, 0x5, 0x80000000, 0x5, 0xb9b, 0x5, 0x1, 0x6, 0x80, 0x4, 0xc4, 0x8001, 0x5, 0xffff, 0x8, 0x1, 0x100000001, 0x81, 0x3, 0x1, 0x800, 0xf5, 0x7, 0x1, 0x401, 0xf, 0x4, 0x2c, 0x4, 0x8, 0x2, 0x3, 0x5, 0x80000000, 0xed, 0x9, 0x7, 0x3, 0x7, 0x500000000000000, 0x100, 0xfffffffffffffffb, 0xd05, 0xf, 0xf95, 0x4, 0x4, 0x8, 0x61, 0x1, 0xe, 0x8, 0x1, 0x2, 0x0, 0x400000000, 0x13ff, 0xa, 0xd3, 0x80, 0x6, 0x1000, 0x7b, 0xe51b, 0x9, 0x7, 0x7, 0x9, 0x5, 0x9, 0x1ff]})
syz_usb_connect$uac1(0x3, 0xa4, &(0x7f0000000040)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2405000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8, @ANYBLOB="05"], 0x0)

1.302212858s ago: executing program 8 (id=989):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="201109"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000140)={0x1, 0xfd, 0x4, &(0x7f0000000400)={0x1e, "810556c721393f4084cc9efcdbe76f42b91f7abe35df2a1f63ef8df4079e040b00"}})

766.334558ms ago: executing program 9 (id=990):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000019c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x408c5}, 0x40084)
setsockopt(0xffffffffffffffff, 0xfff, 0x5, &(0x7f0000000300)="ef018ccbb85e70b1b4371b181e2991c0bad6c18e65ab2614442abeafc6b3cb0586b52f28bff39703004f7294a3f93089fc22eda1fc850b92541d0c3ecbdcb196108677e07cac6215f1dc4de0abed58fd09890330b3f3ff20648d22c965abd9296a39f494251ad2a6c6367e51c15db9dd264cdb80d2bdcda32f67619664d66e0e7019d5599a2fdf02a94fc60ecb20bc720cf74c5471a519d3153d7494f70981659882827ee3b832f329e28c505f0412c51fd394c038e13fae03b84a3911e3446b3731529fc74c6cae1a1fa7850a", 0xcd)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r0, 0x0, 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"})
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
r1 = syz_open_pts(r0, 0x80)
r2 = dup3(r1, r0, 0x80000)
read(r2, &(0x7f00000000c0)=""/226, 0xe2)
read$watch_queue(r2, &(0x7f0000001d40)=""/4095, 0xfff)

409.079784ms ago: executing program 1 (id=991):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x40100, 0x3a)
r3 = syz_io_uring_setup(0xbdf, &(0x7f0000000000)={0x0, 0x6d0a, 0x80, 0xfffffffd, 0x40000331, 0x0, r2}, &(0x7f0000000080)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r3, 0x847ba, 0x2000, 0xe, 0x0, 0x0)

0s ago: executing program 9 (id=992):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000cc0)={'batadv_slave_1\x00', <r1=>0x0})
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000540)={@rand_addr=' \x01\x00', @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x4000246, r1})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x3c}, 0x1, 0x11}, 0x0)

kernel console output (not intermixed with test programs):

has an invalid bInterval 0, changing to 7
[  256.043488][ T5520] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  256.053805][ T5520] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  256.064152][ T5520] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.030020][ T6584] loop0: detected capacity change from 0 to 512
[  257.041457][ T5520] usb 3-1: config 0 descriptor??
[  257.084299][ T6584] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  257.307141][ T6584] EXT4-fs (loop0): 1 truncate cleaned up
[  257.314961][ T6584] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  258.002750][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.658550][ T5520] usbhid 3-1:0.0: can't add hid device: -71
[  258.670150][ T5520] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  258.684190][ T5520] usb 3-1: USB disconnect, device number 3
[  259.663423][ T6599] loop2: detected capacity change from 0 to 2048
[  260.035137][ T6599] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  261.956593][ T5880] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  262.230622][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  262.241846][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  262.255096][ T5880] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  262.265405][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.566940][ T5880] usb 5-1: config 0 descriptor??
[  263.044577][ T5880] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  263.052590][ T5880] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  263.060229][ T5880] cm6533_jd 0003:0D8C:0022.0002: unknown main item tag 0x0
[  263.179327][ T5880] cm6533_jd 0003:0D8C:0022.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  263.277364][ T5880] usb 5-1: USB disconnect, device number 3
[  264.085370][ T6631] loop2: detected capacity change from 0 to 256
[  264.731939][ T6630] fido_id[6630]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  265.120310][ T6631] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  265.134009][ T6631] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  265.172153][ T6631] exFAT-fs (loop2): failed to load alloc-bitmap
[  265.178942][ T6631] exFAT-fs (loop2): failed to recognize exfat type
[  266.593199][ T6650] loop4: detected capacity change from 0 to 512
[  266.694437][ T6654] No such timeout policy "syz1"
[  266.773054][ T6650] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.791496][ T6650] ext4 filesystem being mounted at /49/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  266.930088][ T6650] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.266: corrupted inode contents
[  266.968647][   T11] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  267.008642][ T6650] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #2: comm syz.4.266: mark_inode_dirty error
[  267.087328][ T6650] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.266: corrupted inode contents
[  267.196774][   T11] usb 3-1: Using ep0 maxpacket: 16
[  267.227936][ T6650] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.266: mark_inode_dirty error
[  267.239225][   T11] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  267.297106][   T11] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  267.306607][   T11] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.314787][   T11] usb 3-1: Product: syz
[  267.319631][   T11] usb 3-1: Manufacturer: syz
[  267.324432][   T11] usb 3-1: SerialNumber: syz
[  267.442958][   T11] usb 3-1: config 0 descriptor??
[  267.502138][   T11] hub 3-1:0.0: bad descriptor, ignoring hub
[  267.508522][   T11] hub 3-1:0.0: probe with driver hub failed with error -5
[  267.524718][   T11] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input8
[  267.670206][ T5880] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  267.799114][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  267.851079][   T11] usb 3-1: USB disconnect, device number 4
[  267.939477][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  267.950748][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  267.961097][ T5880] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  267.970480][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.159575][ T5880] usb 1-1: config 0 descriptor??
[  268.473280][ T6672] loop4: detected capacity change from 0 to 1024
[  268.540060][ T6672] hfsplus: Bad value for 'gid'
[  268.655438][ T5880] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  268.663103][ T5880] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  268.670756][ T5880] cm6533_jd 0003:0D8C:0022.0003: unknown main item tag 0x0
[  268.730027][ T5880] cm6533_jd 0003:0D8C:0022.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  268.789334][ T6674] loop3: detected capacity change from 0 to 164
[  268.820851][ T6674] Unable to read rock-ridge attributes
[  268.874986][ T6674] Unable to read rock-ridge attributes
[  268.911010][ T6674] syz.3.275: attempt to access beyond end of device
[  268.911010][ T6674] loop3: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  268.925459][ T6674] syz.3.275: attempt to access beyond end of device
[  268.925459][ T6674] loop3: rw=0, sector=263328, nr_sectors = 4 limit=164
[  268.948937][   T30] audit: type=1800 audit(1764002350.826:8): pid=6674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.275" name="file0" dev="loop3" ino=1862 res=0 errno=0
[  270.990509][ T5880] usb 1-1: USB disconnect, device number 8
[  274.746677][   T30] audit: type=1326 audit(1764002356.496:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6701 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  274.769130][   T30] audit: type=1326 audit(1764002356.546:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6701 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  274.791705][   T30] audit: type=1326 audit(1764002356.546:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6701 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  274.814434][   T30] audit: type=1326 audit(1764002356.546:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6701 comm="syz.0.284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  277.717071][ T6730] IPv6: NLM_F_CREATE should be specified when creating new route
[  277.876580][ T5880] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  278.088470][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  278.100204][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  278.110551][ T5880] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  278.119875][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.274811][ T5880] usb 4-1: config 0 descriptor??
[  278.925628][ T6737] xt_socket: unknown flags 0x50
[  279.755716][ T6744] loop0: detected capacity change from 0 to 1024
[  279.810617][ T5880] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  279.818268][ T5880] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  279.825733][ T5880] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0
[  279.854174][ T6744] hfsplus: bad catalog entry used to create inode
[  279.864966][ T6744] hfsplus: failed to load root directory
[  280.841499][ T5880] cm6533_jd 0003:0D8C:0022.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  280.861948][ T5880] usb 4-1: USB disconnect, device number 3
[  281.392951][ T6756] loop3: detected capacity change from 0 to 512
[  281.521775][ T6756] EXT4-fs: Ignoring removed i_version option
[  281.528257][ T6756] EXT4-fs: Ignoring removed bh option
[  281.769278][ T6756] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  281.855015][ T6756] ext4 filesystem being mounted at /58/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  282.010971][   T30] audit: type=1326 audit(1764002363.826:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.036762][   T30] audit: type=1326 audit(1764002363.826:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.060391][   T30] audit: type=1326 audit(1764002363.836:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.082936][   T30] audit: type=1326 audit(1764002363.836:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.105420][   T30] audit: type=1326 audit(1764002363.836:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.130624][   T30] audit: type=1326 audit(1764002363.836:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.153976][   T30] audit: type=1326 audit(1764002363.836:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.176489][   T30] audit: type=1326 audit(1764002363.836:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.198942][   T30] audit: type=1326 audit(1764002363.836:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  282.224064][   T30] audit: type=1326 audit(1764002363.846:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6761 comm="syz.4.305" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  284.223349][ T6778] fido_id[6778]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  284.313435][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.831475][ T6809] loop2: detected capacity change from 0 to 1024
[  286.001517][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  286.010514][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  286.908660][ T6825] capability: warning: `syz.0.326' uses 32-bit capabilities (legacy support in use)
[  287.394718][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  287.394789][   T30] audit: type=1326 audit(1764002369.276:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.0.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  287.520633][   T30] audit: type=1326 audit(1764002369.336:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.0.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  287.545926][   T30] audit: type=1326 audit(1764002369.336:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6832 comm="syz.0.330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  288.050158][ T6840] loop0: detected capacity change from 0 to 512
[  288.153702][ T6840] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.333: inode has both inline data and extents flags
[  288.221552][ T6840] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.333: couldn't read orphan inode 15 (err -117)
[  288.285440][ T6840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  288.704383][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.906677][ T5880] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  291.198793][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  291.211016][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.221496][ T5880] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  291.233595][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.667124][ T5880] usb 2-1: config 0 descriptor??
[  292.249511][ T5880] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0
[  292.261978][ T5880] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0
[  292.446868][ T5880] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0005/input/input9
[  292.718766][ T5880] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  292.921229][ T5880] usb 2-1: USB disconnect, device number 3
[  292.960387][ T6887] IPv4: Oversized IP packet from 127.0.0.1
[  292.968365][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  293.269771][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  293.279152][ T5801] Bluetooth: hci2: command 0x0406 tx timeout
[  293.285322][ T5801] Bluetooth: hci3: command 0x0406 tx timeout
[  293.294877][ T5810] Bluetooth: hci0: command 0x0406 tx timeout
[  293.589142][ T6891] Illegal XDP return value 1505223348 on prog  (id 29) dev syz_tun, expect packet loss!
[  295.057984][ T6898] fido_id[6898]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  295.842835][ T6907] loop1: detected capacity change from 0 to 1024
[  296.735737][   T11] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  297.038371][ T6912] trusted_key: encrypted_key: key user:syz not found
[  297.936682][   T11] usb 1-1: Using ep0 maxpacket: 8
[  298.256666][ T5880] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  298.518397][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.529737][ T5880] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  298.539921][ T5880] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  298.549223][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.847096][ T5880] usb 5-1: config 0 descriptor??
[  298.944619][   T11] usb 1-1: unable to get BOS descriptor or descriptor too short
[  299.139147][   T11] usb 1-1: unable to read config index 0 descriptor/start: -71
[  299.147320][   T11] usb 1-1: can't read configurations, error -71
[  299.481838][ T5880] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0
[  299.492200][ T5880] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0
[  299.585449][ T5880] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0D8C:0022.0006/input/input10
[  299.631366][ T6926] loop2: detected capacity change from 0 to 512
[  299.717749][ T6932] netlink: 8 bytes leftover after parsing attributes in process `syz.0.372'.
[  299.735691][ T5880] cm6533_jd 0003:0D8C:0022.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.4-1/input0
[  299.778713][ T6926] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.371: bad orphan inode 13
[  299.881863][ T6926] ext4_test_bit(bit=12, block=4) = 1
[  299.887614][ T6926] is_bad_inode(inode)=0
[  299.892070][ T6926] NEXT_ORPHAN(inode)=0
[  299.896503][ T6926] max_ino=32
[  299.899836][ T6926] i_nlink=1
[  299.992168][ T6926] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  300.048323][ T5880] usb 5-1: USB disconnect, device number 4
[  300.101015][ T6926] EXT4-fs warning (device loop2): dx_probe:801: inode #2: comm syz.2.371: Unrecognised inode hash code 20
[  300.112765][ T6926] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.371: Corrupt directory, running e2fsck is recommended
[  300.269263][ T6926] EXT4-fs warning (device loop2): dx_probe:801: inode #2: comm syz.2.371: Unrecognised inode hash code 20
[  300.281135][ T6926] EXT4-fs warning (device loop2): dx_probe:934: inode #2: comm syz.2.371: Corrupt directory, running e2fsck is recommended
[  300.294599][ T6926] EXT4-fs error (device loop2): ext4_find_dest_de:2052: inode #2: block 13: comm syz.2.371: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[  300.425553][ T6926] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.2.371: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[  300.711838][ T6936] fido_id[6936]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  300.787257][ T5802] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.415587][ T6951] loop2: detected capacity change from 0 to 512
[  301.463815][ T6951] EXT4-fs: Ignoring removed i_version option
[  301.505742][ T6953] loop4: detected capacity change from 0 to 1024
[  301.601501][ T6951] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  301.614674][ T6951] ext4 filesystem being mounted at /70/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  302.458496][ T6963] trusted_key: encrypted_key: key user:syz not found
[  302.905159][ T5802] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.186694][ T5880] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  305.452537][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.467089][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.478202][ T5880] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  305.487631][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.680552][ T5880] usb 4-1: config 0 descriptor??
[  306.247718][ T5880] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0
[  306.255313][ T5880] cm6533_jd 0003:0D8C:0022.0007: unknown main item tag 0x0
[  306.350836][ T5880] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0007/input/input11
[  306.759912][ T5880] cm6533_jd 0003:0D8C:0022.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0
[  306.931479][ T5880] usb 4-1: USB disconnect, device number 4
[  307.393496][ T6992] fido_id[6992]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  307.547583][ T6993] syzkaller0: entered promiscuous mode
[  307.553354][ T6993] syzkaller0: entered allmulticast mode
[  307.623528][ T6993] tipc: Enabling of bearer <eth:syzk> rejected, failed to enable media
[  307.727569][ T7001] trusted_key: encrypted_key: insufficient parameters specified
[  313.092555][   T30] audit: type=1326 audit(1764002394.916:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7022 comm="syz.0.404" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9e618f749 code=0x0
[  314.379583][   T30] audit: type=1326 audit(1764002396.256:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7031 comm="syz.4.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f4238f749 code=0x7ffc0000
[  314.905718][ T7044] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  315.173529][ T7050] trusted_key: encrypted_key: insufficient parameters specified
[  315.452190][ T7053] syzkaller0: entered promiscuous mode
[  315.459951][ T7053] syzkaller0: entered allmulticast mode
[  315.520209][ T7053] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  318.199692][ T7089] syzkaller0: entered promiscuous mode
[  318.205387][ T7089] syzkaller0: entered allmulticast mode
[  318.435095][ T7089] tipc: Enabling of bearer <eth:syzkall> rejected, failed to enable media
[  319.795487][ T7104] loop1: detected capacity change from 0 to 1024
[  319.867846][ T7104] EXT4-fs: Ignoring removed nomblk_io_submit option
[  319.920510][ T7104] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  319.964208][ T7104] System zones: 0-1, 3-36
[  320.048263][ T7104] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  320.362017][   T30] audit: type=1326 audit(1764002402.236:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.3.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ad0b8f749 code=0x7ffc0000
[  320.475058][   T30] audit: type=1326 audit(1764002402.286:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.3.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4ad0b8e1ff code=0x7ffc0000
[  320.497867][   T30] audit: type=1326 audit(1764002402.286:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.3.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ad0b8f749 code=0x7ffc0000
[  320.525219][   T30] audit: type=1326 audit(1764002402.286:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.3.437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ad0b8f749 code=0x7ffc0000
[  320.623488][ T5880] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  320.651031][ T5806] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.835485][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.847391][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.857566][ T5880] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  320.866954][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.968966][ T5880] usb 1-1: config 0 descriptor??
[  321.061221][ T7123] syzkaller0: entered promiscuous mode
[  321.067622][ T7123] syzkaller0: entered allmulticast mode
[  321.423704][ T5880] cm6533_jd 0003:0D8C:0022.0008: unknown main item tag 0x0
[  321.431788][ T5880] cm6533_jd 0003:0D8C:0022.0008: unknown main item tag 0x0
[  321.495634][ T5880] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.0008/input/input12
[  321.587486][ T5880] cm6533_jd 0003:0D8C:0022.0008: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  321.686907][ T5880] usb 1-1: USB disconnect, device number 11
[  322.293639][ T7139] fido_id[7139]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  322.618911][ T7147] loop2: detected capacity change from 0 to 512
[  322.650982][ T7147] EXT4-fs: Ignoring removed oldalloc option
[  322.657855][ T7147] EXT4-fs: inline encryption not supported
[  322.671174][ T5520] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  322.720048][ T7147] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  322.890133][ T5520] usb 4-1: unable to get BOS descriptor or descriptor too short
[  322.932210][ T7147] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.451: bg 0: block 64: padding at end of block bitmap is not set
[  322.965176][ T5520] usb 4-1: not running at top speed; connect to a high speed hub
[  323.019067][ T5520] usb 4-1: config index 0 descriptor too short (expected 2560, got 155)
[  323.028152][ T5520] usb 4-1: config 1 has too many interfaces: 36, using maximum allowed: 32
[  323.037405][ T5520] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  323.046570][ T5520] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  323.057324][ T5520] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 36
[  323.087642][ T7147] Quota error (device loop2): write_blk: dquota write failed
[  323.094733][ T5520] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  323.095760][ T7147] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  323.105759][ T5520] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.105883][ T5520] usb 4-1: Product: syz
[  323.105978][ T5520] usb 4-1: Manufacturer: syz
[  323.106074][ T5520] usb 4-1: SerialNumber: syz
[  323.141203][ T7147] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.451: Failed to acquire dquot type 0
[  323.207611][ T7147] EXT4-fs (loop2): 1 truncate cleaned up
[  323.216762][ T7147] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  323.416528][ T5520] usb 4-1: USB disconnect, device number 5
[  323.668839][ T7147] syz.2.451 (7147) used greatest stack depth: 3000 bytes left
[  323.722257][ T5802] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.056947][ T5520] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  324.185980][ T7173] loop1: detected capacity change from 0 to 8
[  324.280382][ T7173] Can't find a SQUASHFS superblock on loop1
[  324.292389][ T5520] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.307369][ T5520] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  324.317996][ T5520] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.410991][ T5520] usb 1-1: config 0 descriptor??
[  324.658890][ T5520] usbhid 1-1:0.0: can't add hid device: -71
[  324.665495][ T5520] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  324.737470][ T5520] usb 1-1: USB disconnect, device number 12
[  325.568362][ T5520] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  325.850572][ T5520] usb 2-1: Using ep0 maxpacket: 8
[  325.947973][ T5520] usb 2-1: unable to get BOS descriptor or descriptor too short
[  326.021600][ T5520] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8
[  326.032062][ T5520] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  326.246075][ T5520] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  326.266508][ T5520] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.274947][ T5520] usb 2-1: Product: syz
[  326.279772][ T5520] usb 2-1: Manufacturer: syz
[  326.284612][ T5520] usb 2-1: SerialNumber: syz
[  326.782841][ T5520] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  326.793548][ T5520] cdc_ncm 2-1:1.0: bind() failure
[  326.817072][ T5520] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  326.824385][ T5520] cdc_ncm 2-1:1.1: bind() failure
[  327.241726][ T5520] usb 2-1: USB disconnect, device number 4
[  329.970042][ T7223] netlink: 'syz.1.478': attribute type 1 has an invalid length.
[  329.977960][ T7223] netlink: 'syz.1.478': attribute type 2 has an invalid length.
[  329.985773][ T7223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.478'.
[  331.448922][ T7234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  331.773584][ T7237] loop4: detected capacity change from 0 to 2048
[  331.831831][ T7237] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  332.138969][ T5520] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  332.184050][ T7240] syz.1.488 (7240) used greatest stack depth: 2440 bytes left
[  332.309070][ T5520] usb 4-1: Using ep0 maxpacket: 32
[  332.340752][ T5520] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  332.380556][ T5520] usb 4-1: config index 0 descriptor too short (expected 258, got 36)
[  332.389155][ T5520] usb 4-1: config 0 has no interfaces?
[  332.431414][ T5520] usb 4-1: config index 1 descriptor too short (expected 258, got 36)
[  332.440014][ T5520] usb 4-1: config 0 has no interfaces?
[  332.470009][ T5520] usb 4-1: config index 2 descriptor too short (expected 258, got 36)
[  332.478655][ T5520] usb 4-1: config 0 has no interfaces?
[  332.574372][ T7250] loop4: detected capacity change from 0 to 512
[  332.587955][ T5520] usb 4-1: config index 3 descriptor too short (expected 258, got 36)
[  332.596862][ T5520] usb 4-1: config 0 has no interfaces?
[  332.684976][ T7250] EXT4-fs: Ignoring removed oldalloc option
[  332.699107][ T5520] usb 4-1: config index 4 descriptor too short (expected 258, got 36)
[  332.714832][ T5520] usb 4-1: config 0 has no interfaces?
[  332.797604][ T5520] usb 4-1: config index 5 descriptor too short (expected 258, got 36)
[  332.809077][ T5520] usb 4-1: config 0 has no interfaces?
[  332.852252][ T7250] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.492: Parent and EA inode have the same ino 15
[  332.903139][ T5520] usb 4-1: config index 6 descriptor too short (expected 258, got 36)
[  332.914769][ T5520] usb 4-1: config 0 has no interfaces?
[  332.946539][ T7250] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  332.960295][ T7250] EXT4-fs error (device loop4): ext4_xattr_inode_iget:437: comm syz.4.492: Parent and EA inode have the same ino 15
[  333.000131][ T5520] usb 4-1: config index 7 descriptor too short (expected 258, got 36)
[  333.011786][ T5520] usb 4-1: config 0 has no interfaces?
[  333.083773][ T5520] usb 4-1: New USB device found, idVendor=046d, idProduct=08c6, bcdDevice= b.5d
[  333.093402][ T5520] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.101839][ T5520] usb 4-1: Product: syz
[  333.106586][ T5520] usb 4-1: Manufacturer: syz
[  333.113392][ T5520] usb 4-1: SerialNumber: syz
[  333.117962][ T7250] EXT4-fs (loop4): 1 orphan inode deleted
[  333.125768][ T7250] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.152884][ T7249] netlink: 'syz.1.493': attribute type 1 has an invalid length.
[  333.161008][ T7249] netlink: 'syz.1.493': attribute type 2 has an invalid length.
[  333.169163][ T7249] netlink: 4 bytes leftover after parsing attributes in process `syz.1.493'.
[  333.294067][ T7250] EXT4-fs error (device loop4): ext4_lookup:1791: inode #2: comm syz.4.492: deleted inode referenced: 15
[  333.551457][ T5520] usb 4-1: config 0 descriptor??
[  333.768707][ T7263] veth1_to_bond: entered allmulticast mode
[  333.777724][ T5520] usb 4-1: USB disconnect, device number 6
[  333.792609][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.797059][ T7263] netlink: 4 bytes leftover after parsing attributes in process `syz.2.497'.
[  333.895210][ T7263] veth1_to_bond (unregistering): left allmulticast mode
[  336.003146][ T7293] loop4: detected capacity change from 0 to 128
[  336.133034][ T7293] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  336.244617][ T7293] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  336.616887][ T7294] netlink: 'syz.0.508': attribute type 1 has an invalid length.
[  336.624717][ T7294] netlink: 'syz.0.508': attribute type 2 has an invalid length.
[  336.632741][ T7294] netlink: 4 bytes leftover after parsing attributes in process `syz.0.508'.
[  337.431398][ T7311] loop4: detected capacity change from 0 to 512
[  337.560194][ T7313] loop2: detected capacity change from 0 to 2048
[  337.584477][ T7311] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  337.603515][ T7311] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  337.636819][ T7317] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 360: padding at end of block bitmap is not set
[  337.744270][ T7313]  loop2: p1 < >
[  338.058568][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  338.094226][ T7321] netlink: 12 bytes leftover after parsing attributes in process `syz.0.520'.
[  338.370130][ T7325] trusted_key: encrypted_key: keylen parameter is missing
[  339.243490][ T7337] loop4: detected capacity change from 0 to 512
[  339.324969][ T7343] loop3: detected capacity change from 0 to 512
[  339.334858][ T7337] EXT4-fs: Ignoring removed nomblk_io_submit option
[  339.341931][ T7337] EXT4-fs: Ignoring removed bh option
[  339.524968][ T7335] netlink: 'syz.1.527': attribute type 1 has an invalid length.
[  339.525056][ T7337] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, 
[  339.532897][ T7335] netlink: 'syz.1.527': attribute type 2 has an invalid length.
[  339.533005][ T7335] netlink: 4 bytes leftover after parsing attributes in process `syz.1.527'.
[  339.557806][ T7337] inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  339.570697][ T7337] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #11: comm syz.4.528: corrupted inode contents
[  339.623295][ T7343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  339.637131][ T7343] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  339.781500][ T7337] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #11: comm syz.4.528: mark_inode_dirty error
[  339.855971][ T7337] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.528: invalid indirect mapped block 1 (level 1)
[  340.003807][ T7337] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #11: comm syz.4.528: corrupted inode contents
[  340.092969][ T7337] EXT4-fs error (device loop4) in ext4_orphan_del:301: Corrupt filesystem
[  340.170587][ T7337] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #11: comm syz.4.528: corrupted inode contents
[  340.287541][ T7337] EXT4-fs error (device loop4): ext4_truncate:4637: inode #11: comm syz.4.528: mark_inode_dirty error
[  340.396778][ T7337] EXT4-fs error (device loop4) in ext4_process_orphan:343: Corrupt filesystem
[  340.691607][ T7337] EXT4-fs (loop4): 1 truncate cleaned up
[  340.699564][ T7337] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.183796][ T7358] xt_CT: You must specify a L4 protocol and not use inversions on it
[  341.328886][ T7337] EXT4-fs error (device loop4): ext4_find_dest_de:2052: inode #2: block 13: comm syz.4.528: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0
[  342.883234][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.400051][ T7366] loop2: detected capacity change from 0 to 512
[  343.542540][ T7366] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  343.586991][ T7366] EXT4-fs (loop2): orphan cleanup on readonly fs
[  343.606694][ T7366] Quota error (device loop2): find_block_dqentry: Quota for id 0 referenced but not present
[  343.617522][ T7366] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0
[  343.627441][ T7366] EXT4-fs error (device loop2): ext4_acquire_dquot:6945: comm syz.2.538: Failed to acquire dquot type 1
[  343.808723][ T7366] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.538: bg 0: block 40: padding at end of block bitmap is not set
[  343.947388][ T7366] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  343.988862][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.050511][ T7366] EXT4-fs (loop2): 1 truncate cleaned up
[  344.059409][ T7366] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  344.351366][ T5802] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.693970][ T7382] netlink: 'syz.3.543': attribute type 1 has an invalid length.
[  344.701957][ T7382] netlink: 'syz.3.543': attribute type 2 has an invalid length.
[  344.709976][ T7382] netlink: 4 bytes leftover after parsing attributes in process `syz.3.543'.
[  344.997597][ T5520] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  345.180373][ T5520] usb 2-1: Using ep0 maxpacket: 16
[  345.204115][ T5520] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  345.215796][ T5520] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  345.226025][ T5520] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  345.239406][ T5520] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  345.248939][ T5520] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.487488][ T5520] usb 2-1: config 0 descriptor??
[  346.009803][ T7393] bridge0: entered promiscuous mode
[  346.019122][ T7393] macsec1: entered allmulticast mode
[  346.024742][ T7393] bridge0: entered allmulticast mode
[  346.179656][ T5520] HID 045e:07da: Invalid code 65791 type 1
[  346.189853][ T5520] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0009/input/input13
[  346.275379][ T5520] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  346.465426][ T5880] usb 2-1: USB disconnect, device number 5
[  347.631762][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  347.638699][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  348.051500][ T7405] fido_id[7405]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  349.153483][ T7422] netlink: 'syz.4.558': attribute type 1 has an invalid length.
[  349.161537][ T7422] netlink: 'syz.4.558': attribute type 2 has an invalid length.
[  349.169601][ T7422] netlink: 4 bytes leftover after parsing attributes in process `syz.4.558'.
[  349.671049][ T7428] loop0: detected capacity change from 0 to 512
[  349.864671][ T7428] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  349.941452][ T7428] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  349.967550][ T7428] System zones: 1-12
[  350.003034][ T7428] EXT4-fs error (device loop0): ext4_iget_extra_inode:5075: inode #15: comm syz.0.560: corrupted in-inode xattr: e_value size too large
[  350.057109][ T7428] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.560: couldn't read orphan inode 15 (err -117)
[  350.158677][ T7428] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  352.364216][ T7445] loop2: detected capacity change from 0 to 4096
[  352.540347][ T7445] EXT4-fs (loop2): Test dummy encryption mode enabled
[  352.655542][ T7445] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  352.665099][ T7445] System zones: 0-5
[  352.722488][ T7445] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  353.093780][ T7445] fscrypt (loop2): Missing crypto API support for AES-256-CBC-CTS (API name: "cts(cbc(aes))")
[  353.106605][ T7447] overlayfs: failed to resolve './bus': -2
[  354.234059][ T7455] loop3: detected capacity change from 0 to 512
[  354.392960][ T7455] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  354.406422][ T7455] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  354.495060][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.593866][ T7455] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.567: corrupted inode contents
[  354.653478][ T7455] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.567: mark_inode_dirty error
[  354.681634][ T7455] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.567: corrupted inode contents
[  354.736079][ T7458] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.567: corrupted inode contents
[  354.776958][ T7458] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.567: mark_inode_dirty error
[  354.806919][ T7458] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.567: corrupted inode contents
[  354.853640][ T7458] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.567: mark_inode_dirty error
[  354.911652][ T7458] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #2: comm syz.3.567: corrupted inode contents
[  355.006688][ T7458] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #2: comm syz.3.567: mark_inode_dirty error
[  355.369309][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.726520][ T5810] Bluetooth: hci5: command 0x1003 tx timeout
[  355.733133][ T5811] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  357.984946][ T5880] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  358.221696][ T5880] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[  358.232273][ T5880] usb 1-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[  358.242567][ T5880] usb 1-1: config 1 interface 0 has no altsetting 0
[  358.342603][ T5880] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  358.352163][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.360559][ T5880] usb 1-1: Product: syz
[  358.364994][ T5880] usb 1-1: Manufacturer: syz
[  358.370002][ T5880] usb 1-1: SerialNumber: syz
[  358.494864][ T7468] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  358.514196][ T7468] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  359.480805][ T5802] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.946349][ T5880] (unnamed net_device) (uninitialized): Assigned a random MAC address: ea:43:0a:90:12:6b
[  359.971354][ T5880] rtl8150 1-1:1.0: eth1: rtl8150 is detected
[  360.013891][ T5880] usb 1-1: USB disconnect, device number 13
[  360.875868][ T7477] netlink: 'syz.2.573': attribute type 1 has an invalid length.
[  360.883969][ T7477] netlink: 'syz.2.573': attribute type 2 has an invalid length.
[  360.892046][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.2.573'.
[  362.561143][ T7486] loop4: detected capacity change from 0 to 1024
[  362.658974][ T7486] EXT4-fs: Ignoring removed nomblk_io_submit option
[  362.827139][ T7486] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6042c018, mo2=0102]
[  363.464308][ T7495] netlink: 112 bytes leftover after parsing attributes in process `syz.3.579'.
[  363.542127][ T7486] System zones: 0-1, 3-12
[  363.617486][ T5811] Bluetooth: Wrong link type (-71)
[  363.852865][ T7486] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  365.725677][ T7486] EXT4-fs error (device loop4): __ext4_remount:6748: comm syz.4.577: Abort forced by user
[  365.847040][ T7486] EXT4-fs (loop4): Remounting filesystem read-only
[  365.853905][ T7486] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000.
[  366.314913][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.109955][ T7505] netlink: 28 bytes leftover after parsing attributes in process `syz.4.582'.
[  367.597926][ T7509] netlink: 'syz.3.584': attribute type 12 has an invalid length.
[  367.710321][ T7512] block device autoloading is deprecated and will be removed.
[  368.443518][ T7516] netlink: 'syz.4.586': attribute type 1 has an invalid length.
[  368.451629][ T7516] netlink: 'syz.4.586': attribute type 2 has an invalid length.
[  368.459982][ T7516] netlink: 4 bytes leftover after parsing attributes in process `syz.4.586'.
[  369.927993][ T7524] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  370.122864][ T7519] loop0: detected capacity change from 0 to 512
[  370.139591][ T7519] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  370.176640][ T7519] EXT4-fs (loop0): 1 truncate cleaned up
[  370.188361][ T7519] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  370.214024][ T7519] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.754557][ T7572] netlink: 'syz.0.606': attribute type 1 has an invalid length.
[  375.762889][ T7572] netlink: 'syz.0.606': attribute type 2 has an invalid length.
[  375.770947][ T7572] netlink: 4 bytes leftover after parsing attributes in process `syz.0.606'.
[  379.545522][ T7591] loop0: detected capacity change from 0 to 128
[  390.817662][ T7605] xt_CT: You must specify a L4 protocol and not use inversions on it
[  392.798704][ T7623] netlink: 'syz.4.620': attribute type 1 has an invalid length.
[  392.806736][ T7623] netlink: 'syz.4.620': attribute type 2 has an invalid length.
[  392.817805][ T7623] netlink: 4 bytes leftover after parsing attributes in process `syz.4.620'.
[  393.361622][ T5810] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  393.370775][ T5810] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  393.381672][ T5810] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  393.404024][ T5810] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  393.415470][ T5810] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  394.211589][ T7630] loop2: detected capacity change from 0 to 256
[  394.480887][ T7630] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  395.469505][ T7626] chnl_net:caif_netlink_parms(): no params data found
[  395.498948][ T5810] Bluetooth: hci5: command tx timeout
[  395.755453][ T7638] ip6gre1: entered allmulticast mode
[  396.224954][ T4120] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.431116][ T7641] loop0: detected capacity change from 0 to 4096
[  396.485697][ T4120] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.534850][ T7641] EXT4-fs: Ignoring removed nomblk_io_submit option
[  396.586359][ T7641] EXT4-fs (loop0): Test dummy encryption mode enabled
[  396.618141][ T7641] EXT4-fs (loop0): stripe (97) is not aligned with cluster size (16), stripe is disabled
[  396.717553][ T7641] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002]
[  396.732620][ T4120] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.742587][ T7641] System zones: 0-5
[  397.071563][ T7641] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  397.698376][ T5810] Bluetooth: hci5: command tx timeout
[  398.710395][ T4120] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  399.047825][ T7641] fscrypt (loop0): Missing crypto API support for AES-256-CBC-CTS (API name: "cts(cbc(aes))")
[  399.722437][ T3701] Bluetooth: hci3: Frame reassembly failed (-84)
[  399.736991][ T5811] Bluetooth: hci5: command tx timeout
[  399.757111][ T7658] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4
[  399.766946][ T7658] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4
[  399.780684][ T7658] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  399.888925][ T5803] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.288434][ T7626] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.296537][ T7626] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.304276][ T7626] bridge_slave_0: entered allmulticast mode
[  400.313690][ T7626] bridge_slave_0: entered promiscuous mode
[  400.447137][ T7665] loop4: detected capacity change from 0 to 16
[  400.571807][ T7665] erofs (device loop4): mounted with root inode @ nid 36.
[  400.595157][ T7626] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.603073][ T7626] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.611049][ T7626] bridge_slave_1: entered allmulticast mode
[  400.620431][ T7626] bridge_slave_1: entered promiscuous mode
[  400.743915][ T4120] bridge_slave_1: left allmulticast mode
[  400.750296][ T4120] bridge_slave_1: left promiscuous mode
[  400.757142][ T4120] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.777517][ T4120] bridge_slave_0: left allmulticast mode
[  400.783365][ T4120] bridge_slave_0: left promiscuous mode
[  400.790559][ T4120] bridge0: port 1(bridge_slave_0) entered disabled state
[  401.737045][ T5811] Bluetooth: hci3: command 0x1003 tx timeout
[  401.744208][ T5810] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  401.806864][ T5810] Bluetooth: hci5: command tx timeout
[  401.829162][ T4120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  401.977748][ T4120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  402.034423][ T4120] bond0 (unregistering): Released all slaves
[  402.219301][ T7676] loop4: detected capacity change from 0 to 512
[  402.620537][ T7626] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  402.759268][ T7676] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  402.773260][ T7676] ext4 filesystem being mounted at /125/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  402.839695][ T7626] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  402.856511][ T5520] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  403.135841][ T5520] usb 1-1: Using ep0 maxpacket: 16
[  403.185163][ T5520] usb 1-1: config 0 has no interfaces?
[  403.284738][ T5520] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  403.294194][ T5520] usb 1-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3
[  403.302707][ T5520] usb 1-1: Product: syz
[  403.307118][ T5520] usb 1-1: Manufacturer: syz
[  403.311866][ T5520] usb 1-1: SerialNumber: syz
[  403.572858][ T5520] r8152-cfgselector 1-1: Unknown version 0x0000
[  403.580589][ T5520] r8152-cfgselector 1-1: config 0 descriptor??
[  403.862683][ T7626] team0: Port device team_slave_0 added
[  404.604155][ T4120] hsr_slave_0: left promiscuous mode
[  404.628464][ T4120] hsr_slave_1: left promiscuous mode
[  404.636819][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  404.644375][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_0
[  404.717431][ T7699] netlink: 'syz.3.637': attribute type 1 has an invalid length.
[  404.725511][ T7699] netlink: 'syz.3.637': attribute type 2 has an invalid length.
[  404.735563][ T7699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.637'.
[  404.739010][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  404.752090][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_1
[  404.793302][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  404.804055][ T4120] veth1_macvtap: left promiscuous mode
[  404.810528][ T4120] veth0_macvtap: left promiscuous mode
[  404.816673][ T4120] veth1_vlan: left promiscuous mode
[  404.822186][ T4120] veth0_vlan: left promiscuous mode
[  405.691048][ T7708] loop2: detected capacity change from 0 to 256
[  405.793840][ T7708] exFAT-fs (loop2): Invalid boot checksum (boot checksum : 0x1100abd0, checksum : 0x1119abd0)
[  405.804695][ T7708] exFAT-fs (loop2): invalid boot region
[  405.813561][ T7708] exFAT-fs (loop2): failed to recognize exfat type
[  405.840612][ T4120] team0 (unregistering): Port device team_slave_1 removed
[  405.854769][ T5520] r8152-cfgselector 1-1: USB disconnect, device number 14
[  406.012289][ T4120] team0 (unregistering): Port device team_slave_0 removed
[  407.002931][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.011027][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.018909][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.026968][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.034632][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.045548][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.054187][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.063044][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.070893][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.078661][ T5520] hid-generic 0003:0004:0000.000A: unknown main item tag 0x0
[  407.571041][ T7626] team0: Port device team_slave_1 added
[  407.607004][ T7720] loop3: detected capacity change from 0 to 512
[  407.642052][ T5520] hid-generic 0003:0004:0000.000A: hidraw0: USB HID v0.00 Device [syz0] on syz1
[  408.108122][ T7626] batman_adv: batadv0: Adding interface: batadv_slave_0
[  408.115554][ T7626] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  408.141916][ T7626] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  408.260664][ T7720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  408.276799][ T7720] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  408.410427][ T7626] batman_adv: batadv0: Adding interface: batadv_slave_1
[  408.417914][ T7626] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  408.444208][ T7626] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  408.553351][ T7722] fido_id[7722]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  409.128708][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  409.135385][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  410.677926][ T7626] hsr_slave_0: entered promiscuous mode
[  410.687964][ T7626] hsr_slave_1: entered promiscuous mode
[  410.696441][ T7626] debugfs: 'hsr0' already exists in 'hsr'
[  410.702309][ T7626] Cannot create hsr debugfs directory
[  412.112927][ T7626] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  412.147862][ T7626] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  412.247627][ T7626] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  412.343662][ T7626] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  412.473302][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.932135][ T7756] netlink: 'syz.3.651': attribute type 15 has an invalid length.
[  413.723494][ T7626] 8021q: adding VLAN 0 to HW filter on device bond0
[  413.750557][ T7764] netlink: 'syz.0.652': attribute type 1 has an invalid length.
[  413.758620][ T7764] netlink: 'syz.0.652': attribute type 2 has an invalid length.
[  413.766741][ T7764] netlink: 4 bytes leftover after parsing attributes in process `syz.0.652'.
[  413.799822][ T7763] loop2: detected capacity change from 0 to 4096
[  414.041600][ T7626] 8021q: adding VLAN 0 to HW filter on device team0
[  414.084059][ T7763] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  414.165261][  T148] bridge0: port 1(bridge_slave_0) entered blocking state
[  414.173068][  T148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  414.258647][  T148] bridge0: port 2(bridge_slave_1) entered blocking state
[  414.266453][  T148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  414.550240][ T5802] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.026472][ T7794] netlink: 'syz.0.658': attribute type 4 has an invalid length.
[  419.152034][ T7802] loop4: detected capacity change from 0 to 512
[  419.257594][ T7802] EXT4-fs: Ignoring removed mblk_io_submit option
[  419.264547][ T7802] EXT4-fs: inline encryption not supported
[  419.271045][ T7802] EXT4-fs: Ignoring removed mblk_io_submit option
[  419.271493][ T7626] 8021q: adding VLAN 0 to HW filter on device batadv0
[  419.340580][ T7805] loop3: detected capacity change from 0 to 1024
[  419.350383][ T7805] EXT4-fs: Ignoring removed nomblk_io_submit option
[  419.446955][ T7805] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  419.925676][ T7802] EXT4-fs (loop4): Test dummy encryption mode enabled
[  419.932946][ T7802] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  420.315235][ T7802] EXT4-fs (loop4): 1 truncate cleaned up
[  420.323351][ T7802] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  420.899709][ T7802] fscrypt (loop4): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  420.954818][ T5817] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.232663][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.845544][ T7831] loop4: detected capacity change from 0 to 2048
[  421.929859][ T7831] EXT4-fs: Ignoring removed bh option
[  422.117706][ T7831] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  422.268297][ T7831] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  422.810421][ T7831] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28
[  422.826421][ T7831] EXT4-fs (loop4): This should not happen!! Data will be lost
[  422.826421][ T7831] 
[  422.837175][ T7831] EXT4-fs (loop4): Total free blocks count 0
[  422.843334][ T7831] EXT4-fs (loop4): Free/Dirty block details
[  422.850224][ T7831] EXT4-fs (loop4): free_blocks=2415919104
[  422.856114][ T7831] EXT4-fs (loop4): dirty_blocks=64
[  422.861667][ T7831] EXT4-fs (loop4): Block reservation details
[  422.867943][ T7831] EXT4-fs (loop4): i_reserved_data_blocks=4
[  422.927075][ T7843] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  423.090189][ T7849] netlink: 'syz.3.667': attribute type 1 has an invalid length.
[  423.098254][ T7849] netlink: 'syz.3.667': attribute type 2 has an invalid length.
[  423.106063][ T7849] netlink: 4 bytes leftover after parsing attributes in process `syz.3.667'.
[  424.989133][ T7626] veth0_vlan: entered promiscuous mode
[  425.020629][ T7626] veth1_vlan: entered promiscuous mode
[  425.311788][ T7626] veth0_macvtap: entered promiscuous mode
[  425.400564][ T7626] veth1_macvtap: entered promiscuous mode
[  425.404103][ T7859] netlink: 48 bytes leftover after parsing attributes in process `syz.0.672'.
[  425.469518][ T7862] binder: 7858:7862 ioctl c0306201 200000000180 returned -14
[  425.579092][ T7626] batman_adv: batadv0: Interface activated: batadv_slave_0
[  425.590958][ T7863] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  425.598623][ T7863] IPv6: NLM_F_CREATE should be set when creating new route
[  425.669525][ T7626] batman_adv: batadv0: Interface activated: batadv_slave_1
[  425.782919][ T4305] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  425.822339][ T4305] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  425.882362][ T4305] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  425.930287][ T4305] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  427.167562][   T30] audit: type=1326 audit(1764002509.046:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.0.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  427.190340][   T30] audit: type=1326 audit(1764002509.046:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.0.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=267 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  427.214047][   T30] audit: type=1326 audit(1764002509.056:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7887 comm="syz.0.679" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9e618f749 code=0x7ffc0000
[  431.660863][ T7923] netlink: 'syz.3.683': attribute type 4 has an invalid length.
[  431.998468][ T7924] netlink: 'syz.3.683': attribute type 4 has an invalid length.
[  432.268426][ T7922] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.277235][ T7922] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.672350][ T7922] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  432.692747][ T7922] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  433.548403][ T3483] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  433.647742][  T148] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  433.679930][  T148] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  433.725484][  T148] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  437.725019][  T148] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  437.733324][  T148] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  437.972886][  T148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  437.980979][  T148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  438.766822][ T5880] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  439.367073][ T7959] loop5: detected capacity change from 0 to 128
[  441.227306][ T5880] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  441.238648][ T5880] usb 1-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  441.251469][ T5880] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  441.261622][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.084362][ T7969] x_tables: ip_tables: tcp match: only valid for protocol 6
[  448.867162][ T5880] usb 1-1: can't set config #27, error -110
[  450.026742][ T5811] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  450.116662][ T5811] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  450.147828][ T5811] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  450.209700][ T5811] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  450.230343][ T5811] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  452.368571][ T5811] Bluetooth: hci3: command tx timeout
[  452.509274][   T30] audit: type=1800 audit(1764002534.376:37): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.692" name="bus" dev="tmpfs" ino=34 res=0 errno=0
[  452.907724][ T5810] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  452.928138][ T5810] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  452.937974][ T5810] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  452.957880][ T5810] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  452.967997][ T5810] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  454.672569][ T5810] Bluetooth: hci3: command tx timeout
[  454.679947][ T5811] Bluetooth: Wrong link type (-71)
[  455.029246][ T5811] Bluetooth: hci6: command tx timeout
[  455.380096][ T7977] chnl_net:caif_netlink_parms(): no params data found
[  455.606624][ T8016] mmap: syz.2.697 (8016) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  456.248115][ T7990] chnl_net:caif_netlink_parms(): no params data found
[  456.351119][ T4120] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  456.569957][ T5810] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  456.582194][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  456.592668][ T5810] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  456.609098][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  456.620202][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  456.688126][ T5810] Bluetooth: hci3: command tx timeout
[  456.869737][ T4120] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.045685][ T4120] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  457.106876][ T5810] Bluetooth: hci6: command tx timeout
[  457.727968][ T4120] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  458.688062][ T5810] Bluetooth: hci0: command tx timeout
[  458.769162][ T5810] Bluetooth: hci3: command tx timeout
[  458.915065][ T7977] bridge0: port 1(bridge_slave_0) entered blocking state
[  458.922543][ T7977] bridge0: port 1(bridge_slave_0) entered disabled state
[  458.930407][ T7977] bridge_slave_0: entered allmulticast mode
[  458.938818][ T7977] bridge_slave_0: entered promiscuous mode
[  459.029257][ T8023] chnl_net:caif_netlink_parms(): no params data found
[  459.159140][ T7977] bridge0: port 2(bridge_slave_1) entered blocking state
[  459.168555][ T7977] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.176565][ T7977] bridge_slave_1: entered allmulticast mode
[  459.185183][ T7977] bridge_slave_1: entered promiscuous mode
[  459.212314][ T5810] Bluetooth: hci6: command tx timeout
[  459.254127][ T4120] bridge_slave_1: left allmulticast mode
[  459.260261][ T4120] bridge_slave_1: left promiscuous mode
[  459.270656][ T4120] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.310443][ T4120] bridge_slave_0: left allmulticast mode
[  459.319403][ T4120] bridge_slave_0: left promiscuous mode
[  459.325766][ T4120] bridge0: port 1(bridge_slave_0) entered disabled state
[  459.671911][ T4120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  459.788844][ T4120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  459.814122][ T4120] bond0 (unregistering): Released all slaves
[  460.386529][ T7977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  460.629758][ T7977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  460.674539][ T7990] bridge0: port 1(bridge_slave_0) entered blocking state
[  460.682297][ T7990] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.690057][ T7990] bridge_slave_0: entered allmulticast mode
[  460.699253][ T7990] bridge_slave_0: entered promiscuous mode
[  460.776584][ T5810] Bluetooth: hci0: command tx timeout
[  460.810747][ T7990] bridge0: port 2(bridge_slave_1) entered blocking state
[  460.818379][ T7990] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.826002][ T7990] bridge_slave_1: entered allmulticast mode
[  460.835583][ T7990] bridge_slave_1: entered promiscuous mode
[  461.044231][ T4120] hsr_slave_0: left promiscuous mode
[  461.096436][ T4120] hsr_slave_1: left promiscuous mode
[  461.104272][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  461.112680][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_0
[  461.169175][ T4120] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  461.177108][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_1
[  461.247833][ T5810] Bluetooth: hci6: command tx timeout
[  461.257146][ T4120] veth1_macvtap: left promiscuous mode
[  461.262860][ T4120] veth0_macvtap: left promiscuous mode
[  461.924308][ T4120] team0 (unregistering): Port device team_slave_1 removed
[  461.971475][ T4120] team0 (unregistering): Port device team_slave_0 removed
[  462.451924][ T5810] Bluetooth: Wrong link type (-71)
[  462.856645][ T5810] Bluetooth: hci0: command tx timeout
[  463.458546][ T7977] team0: Port device team_slave_0 added
[  463.485594][ T7977] team0: Port device team_slave_1 added
[  463.565418][ T8023] bridge0: port 1(bridge_slave_0) entered blocking state
[  463.573726][ T8023] bridge0: port 1(bridge_slave_0) entered disabled state
[  463.582307][ T8023] bridge_slave_0: entered allmulticast mode
[  463.591583][ T8023] bridge_slave_0: entered promiscuous mode
[  463.683194][ T7990] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  463.781422][ T7990] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  465.008244][ T5810] Bluetooth: hci0: command tx timeout
[  465.358599][ T8023] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.366057][ T8023] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.373924][ T8023] bridge_slave_1: entered allmulticast mode
[  465.382965][ T8023] bridge_slave_1: entered promiscuous mode
[  466.064085][ T8079] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  466.142411][ T7990] team0: Port device team_slave_0 added
[  466.156963][ T7977] batman_adv: batadv0: Adding interface: batadv_slave_0
[  466.164073][ T7977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  466.190438][ T7977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  466.415809][ T7990] team0: Port device team_slave_1 added
[  466.516890][ T8023] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  466.559028][ T7977] batman_adv: batadv0: Adding interface: batadv_slave_1
[  466.566303][ T7977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  466.592649][ T7977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  466.690873][ T8084] Zero length message leads to an empty skb
[  466.748042][ T8023] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  467.196771][ T5880] usb 1-1: USB disconnect, device number 15
[  467.443809][ T4120] bridge_slave_1: left allmulticast mode
[  467.443907][ T4120] bridge_slave_1: left promiscuous mode
[  467.444831][ T4120] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.529005][ T4120] bridge_slave_0: left allmulticast mode
[  467.529111][ T4120] bridge_slave_0: left promiscuous mode
[  467.529947][ T4120] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.901551][ T4120] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  467.933112][ T4120] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  467.963839][ T4120] bond0 (unregistering): Released all slaves
[  468.001997][ T8023] team0: Port device team_slave_0 added
[  468.024324][ T8023] team0: Port device team_slave_1 added
[  468.037311][ T7990] batman_adv: batadv0: Adding interface: batadv_slave_0
[  468.044416][ T7990] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  468.070572][    C1] vkms_vblank_simulate: vblank timer overrun
[  468.079394][ T7990] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  468.158789][ T7990] batman_adv: batadv0: Adding interface: batadv_slave_1
[  468.165909][ T7990] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  468.193050][ T7990] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  468.494579][ T7977] hsr_slave_0: entered promiscuous mode
[  468.504489][ T7977] hsr_slave_1: entered promiscuous mode
[  468.741326][ T8023] batman_adv: batadv0: Adding interface: batadv_slave_0
[  468.748887][ T8023] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  468.774986][    C1] vkms_vblank_simulate: vblank timer overrun
[  468.781873][ T8023] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  469.066724][ T8023] batman_adv: batadv0: Adding interface: batadv_slave_1
[  469.073935][ T8023] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  469.102605][ T8023] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  469.218428][ T4120] hsr_slave_0: left promiscuous mode
[  469.252069][ T4120] hsr_slave_1: left promiscuous mode
[  469.260233][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_0
[  469.275682][ T4120] batman_adv: batadv0: Removing interface: batadv_slave_1
[  469.577061][ T4120] team0 (unregistering): Port device team_slave_1 removed
[  470.059806][ T4120] team0 (unregistering): Port device team_slave_0 removed
[  470.309867][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  470.316743][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  470.441923][ T7990] hsr_slave_0: entered promiscuous mode
[  470.462123][ T7990] hsr_slave_1: entered promiscuous mode
[  470.475163][ T7990] debugfs: 'hsr0' already exists in 'hsr'
[  470.482337][ T7990] Cannot create hsr debugfs directory
[  470.927465][ T8023] hsr_slave_0: entered promiscuous mode
[  470.937506][ T8023] hsr_slave_1: entered promiscuous mode
[  470.949144][ T8023] debugfs: 'hsr0' already exists in 'hsr'
[  470.955104][ T8023] Cannot create hsr debugfs directory
[  471.513472][ T8132] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  471.515699][ T3537] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.692602][ T3537] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.774278][ T3537] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.994461][ T3537] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.035567][ T7977] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  472.080707][ T7977] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  472.249481][ T7977] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  472.365572][ T7977] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  472.486784][ T7990] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  472.586477][ T7990] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  472.621735][ T3537] bridge_slave_1: left allmulticast mode
[  472.627783][ T3537] bridge_slave_1: left promiscuous mode
[  472.634282][ T3537] bridge0: port 2(bridge_slave_1) entered disabled state
[  472.688804][ T3537] bridge_slave_0: left allmulticast mode
[  472.694650][ T3537] bridge_slave_0: left promiscuous mode
[  472.701743][ T3537] bridge0: port 1(bridge_slave_0) entered disabled state
[  473.134025][ T3537] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  473.167191][ T3537] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  473.188740][ T3537] bond0 (unregistering): Released all slaves
[  473.224819][ T7990] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  473.365546][ T7990] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  473.676438][ T8023] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  473.725475][ T8023] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  473.858776][ T3537] hsr_slave_0: left promiscuous mode
[  473.871537][ T3537] hsr_slave_1: left promiscuous mode
[  473.879395][ T3537] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  473.887100][ T3537] batman_adv: batadv0: Removing interface: batadv_slave_0
[  473.923731][ T3537] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  473.932509][ T3537] batman_adv: batadv0: Removing interface: batadv_slave_1
[  474.087538][ T3537] veth1_macvtap: left promiscuous mode
[  474.093266][ T3537] veth0_macvtap: left promiscuous mode
[  474.099914][ T3537] veth1_vlan: left promiscuous mode
[  474.105429][ T3537] veth0_vlan: left promiscuous mode
[  475.067307][ T3537] team0 (unregistering): Port device team_slave_1 removed
[  475.166097][ T3537] team0 (unregistering): Port device team_slave_0 removed
[  475.458229][ T8023] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  475.534301][ T8023] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  476.287178][ T7977] 8021q: adding VLAN 0 to HW filter on device bond0
[  476.485017][ T7977] 8021q: adding VLAN 0 to HW filter on device team0
[  476.513985][ T7990] 8021q: adding VLAN 0 to HW filter on device bond0
[  476.563017][ T4243] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.570638][ T4243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  476.695431][ T4243] bridge0: port 2(bridge_slave_1) entered blocking state
[  476.703046][ T4243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  476.803637][ T7990] 8021q: adding VLAN 0 to HW filter on device team0
[  476.843806][ T8023] 8021q: adding VLAN 0 to HW filter on device bond0
[  476.923744][ T4243] bridge0: port 1(bridge_slave_0) entered blocking state
[  476.931288][ T4243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  477.093582][ T4243] bridge0: port 2(bridge_slave_1) entered blocking state
[  477.101142][ T4243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  477.178089][ T8023] 8021q: adding VLAN 0 to HW filter on device team0
[  477.342621][ T4243] bridge0: port 1(bridge_slave_0) entered blocking state
[  477.350251][ T4243] bridge0: port 1(bridge_slave_0) entered forwarding state
[  477.468510][ T7990] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  477.586867][ T4243] bridge0: port 2(bridge_slave_1) entered blocking state
[  477.594333][ T4243] bridge0: port 2(bridge_slave_1) entered forwarding state
[  477.835934][ T8023] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  477.850395][ T8023] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  478.999161][ T7977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  479.411779][ T7990] 8021q: adding VLAN 0 to HW filter on device batadv0
[  479.526415][ T8023] 8021q: adding VLAN 0 to HW filter on device batadv0
[  481.171373][ T8225] netlink: 32 bytes leftover after parsing attributes in process `syz.2.732'.
[  481.659732][ T8023] veth0_vlan: entered promiscuous mode
[  481.752804][ T8023] veth1_vlan: entered promiscuous mode
[  481.853204][ T7977] veth0_vlan: entered promiscuous mode
[  481.894921][ T7977] veth1_vlan: entered promiscuous mode
[  482.094331][ T8023] veth0_macvtap: entered promiscuous mode
[  482.163377][ T7977] veth0_macvtap: entered promiscuous mode
[  482.183969][ T8023] veth1_macvtap: entered promiscuous mode
[  482.223362][ T7977] veth1_macvtap: entered promiscuous mode
[  482.321757][ T8023] batman_adv: batadv0: Interface activated: batadv_slave_0
[  482.490552][ T8023] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.569070][ T7977] batman_adv: batadv0: Interface activated: batadv_slave_0
[  482.650314][ T7977] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.660286][ T4186] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  482.787005][ T4186] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  482.858753][ T7990] veth0_vlan: entered promiscuous mode
[  482.865701][ T4186] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  482.919819][ T4186] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  482.963653][ T7990] veth1_vlan: entered promiscuous mode
[  483.004768][ T4186] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  483.063402][ T4186] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  483.136861][ T4186] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  483.187859][ T4186] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  483.434337][ T7990] veth0_macvtap: entered promiscuous mode
[  483.512403][ T7990] veth1_macvtap: entered promiscuous mode
[  483.671249][ T7990] batman_adv: batadv0: Interface activated: batadv_slave_0
[  483.775553][ T7990] batman_adv: batadv0: Interface activated: batadv_slave_1
[  483.880100][   T63] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  483.934826][   T63] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  483.968031][ T4120] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  484.039724][ T4305] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  488.915276][ T3701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  488.923431][ T3701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  489.048490][ T4186] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  489.056645][ T4186] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  489.057309][ T3701] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  489.075346][ T3701] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  489.580095][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  489.588526][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.344415][ T8341] syz.8.694 uses obsolete (PF_INET,SOCK_PACKET)
[  490.543633][ T3483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.552084][ T3483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.810836][ T3701] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.819069][ T3701] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.153584][ T5811] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  492.167741][ T5811] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  492.187325][ T5811] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  492.200374][ T5811] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  492.210245][ T5811] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  494.067628][ T8357] chnl_net:caif_netlink_parms(): no params data found
[  494.306377][ T5811] Bluetooth: hci2: command tx timeout
[  496.182284][ T8357] bridge0: port 1(bridge_slave_0) entered blocking state
[  496.189935][ T8357] bridge0: port 1(bridge_slave_0) entered disabled state
[  496.197555][ T8357] bridge_slave_0: entered allmulticast mode
[  496.205706][ T8357] bridge_slave_0: entered promiscuous mode
[  496.376620][ T5811] Bluetooth: hci2: command tx timeout
[  496.427775][ T8357] bridge0: port 2(bridge_slave_1) entered blocking state
[  496.435257][ T8357] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.447166][ T8357] bridge_slave_1: entered allmulticast mode
[  496.455309][ T8357] bridge_slave_1: entered promiscuous mode
[  496.781887][ T8357] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  496.919368][ T8357] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  497.355693][ T8357] team0: Port device team_slave_0 added
[  497.491400][ T8357] team0: Port device team_slave_1 added
[  497.829022][ T8357] batman_adv: batadv0: Adding interface: batadv_slave_0
[  497.837660][ T8357] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  497.864279][ T8357] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  498.237248][ T8357] batman_adv: batadv0: Adding interface: batadv_slave_1
[  498.244477][ T8357] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  498.271156][ T8357] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  498.489625][ T5811] Bluetooth: hci2: command tx timeout
[  498.951928][ T8357] hsr_slave_0: entered promiscuous mode
[  498.960687][ T8357] hsr_slave_1: entered promiscuous mode
[  498.968568][ T8357] debugfs: 'hsr0' already exists in 'hsr'
[  498.974383][ T8357] Cannot create hsr debugfs directory
[  499.414796][ T8418] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  500.557984][ T5811] Bluetooth: hci2: command tx timeout
[  500.585094][ T8357] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  500.606981][ T8357] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  500.632166][ T8357] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  500.669863][ T8357] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  502.551740][ T8357] 8021q: adding VLAN 0 to HW filter on device bond0
[  502.877722][ T8357] 8021q: adding VLAN 0 to HW filter on device team0
[  503.025472][ T4186] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.032932][ T4186] bridge0: port 1(bridge_slave_0) entered forwarding state
[  503.154216][ T4186] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.161666][ T4186] bridge0: port 2(bridge_slave_1) entered forwarding state
[  505.903096][ T8470] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  506.245530][ T8357] 8021q: adding VLAN 0 to HW filter on device batadv0
[  509.743233][ T8357] veth0_vlan: entered promiscuous mode
[  509.942744][ T8357] veth1_vlan: entered promiscuous mode
[  510.355172][ T8357] veth0_macvtap: entered promiscuous mode
[  510.507550][ T8357] veth1_macvtap: entered promiscuous mode
[  511.068637][ T8357] batman_adv: batadv0: Interface activated: batadv_slave_0
[  511.120268][ T4186] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.209722][ T8357] batman_adv: batadv0: Interface activated: batadv_slave_1
[  511.350298][ T4186] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.547169][   T63] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  511.576688][ T4120] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  511.651041][ T4186] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.692393][ T3537] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  511.841385][ T4186] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  511.988078][ T3537] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  512.450520][ T4186] bridge_slave_1: left allmulticast mode
[  512.456604][ T4186] bridge_slave_1: left promiscuous mode
[  512.463062][ T4186] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.551455][ T4186] bridge_slave_0: left allmulticast mode
[  512.558421][ T4186] bridge_slave_0: left promiscuous mode
[  512.565120][ T4186] bridge0: port 1(bridge_slave_0) entered disabled state
[  513.362264][ T4186] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  513.387365][ T4186] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  513.415373][ T4186] bond0 (unregistering): Released all slaves
[  516.257197][ T4186] hsr_slave_0: left promiscuous mode
[  516.309006][ T4186] hsr_slave_1: left promiscuous mode
[  516.319655][ T4186] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  516.327368][ T4186] batman_adv: batadv0: Removing interface: batadv_slave_0
[  516.413992][ T4186] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  516.422003][ T4186] batman_adv: batadv0: Removing interface: batadv_slave_1
[  516.587805][ T4186] veth1_macvtap: left promiscuous mode
[  516.593535][ T4186] veth0_macvtap: left promiscuous mode
[  516.599828][ T4186] veth1_vlan: left promiscuous mode
[  516.605307][ T4186] veth0_vlan: left promiscuous mode
[  517.467502][    T9] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  517.680130][    T9] usb 7-1: Using ep0 maxpacket: 16
[  517.721873][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  517.921818][    T9] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  517.931513][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  517.939909][    T9] usb 7-1: Product: syz
[  517.946910][    T9] usb 7-1: Manufacturer: syz
[  517.951620][    T9] usb 7-1: SerialNumber: syz
[  517.978486][ T4186] team0 (unregistering): Port device team_slave_1 removed
[  518.024789][    T9] usb 7-1: config 0 descriptor??
[  518.053574][ T4186] team0 (unregistering): Port device team_slave_0 removed
[  518.124907][    T9] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  518.134725][    T9] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  518.877375][ T8362] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  518.960893][    T9] em28xx 7-1:0.0: chip ID is em2765
[  519.256580][ T8362] usb 8-1: config 24 has an invalid interface number: 217 but max is 0
[  519.265392][ T8362] usb 8-1: config 24 has no interface number 0
[  519.384287][ T8362] usb 8-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  519.395539][ T8362] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.404028][ T8362] usb 8-1: Product: syz
[  519.408675][ T8362] usb 8-1: Manufacturer: syz
[  519.413462][ T8362] usb 8-1: SerialNumber: syz
[  519.611838][ T8362] hub 8-1:24.217: bad descriptor, ignoring hub
[  519.622682][ T8362] hub 8-1:24.217: probe with driver hub failed with error -5
[  519.715646][    T9] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  519.724271][    T9] em28xx 7-1:0.0: board has no eeprom
[  519.936735][ T8362] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  519.980874][ T8362] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  520.048366][ T8362] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  520.057654][ T8362] usb 8-1: media controller created
[  520.127191][    T9] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  520.135562][    T9] em28xx 7-1:0.0: dvb set to bulk mode.
[  520.144662][ T8254] em28xx 7-1:0.0: Binding DVB extension
[  520.245028][ T8362] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  521.279002][ T8362] DVB: Unable to find symbol dib7000p_attach()
[  521.285505][ T8362] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  521.576647][ T8562] em28xx 7-1:0.0: reading from i2c device at 0x0 failed (error=-5)
[  521.601291][ T8361] usb 7-1: USB disconnect, device number 2
[  521.608511][ T8361] em28xx 7-1:0.0: Disconnecting em28xx
[  522.076462][ T8362] rc_core: IR keymap rc-dib0700-rc5 not found
[  522.084904][ T8362] Registered IR keymap rc-empty
[  522.091378][ T8362] dvb-usb: could not initialize remote control.
[  522.097859][ T8362] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  522.204055][ T8254] em28xx 7-1:0.0: Registering input extension
[  522.280779][ T8361] em28xx 7-1:0.0: Closing input extension
[  522.298709][ T8582] x_tables: unsorted underflow at hook 4
[  522.301462][ T8362] usb 8-1: USB disconnect, device number 2
[  522.481353][ T8361] em28xx 7-1:0.0: Freeing device
[  523.168438][ T8362] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  524.606550][ T4120] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  524.614644][ T4120] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  524.926758][ T4120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  524.934770][ T4120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  525.096978][ T8362] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  525.446514][ T8362] usb 8-1: Using ep0 maxpacket: 32
[  525.470524][ T8362] usb 8-1: config 0 has an invalid interface number: 196 but max is 0
[  525.478953][ T8362] usb 8-1: config 0 has no interface number 0
[  525.485148][ T8362] usb 8-1: config 0 interface 196 has no altsetting 0
[  525.658112][ T8362] usb 8-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  525.667452][ T8362] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  525.675555][ T8362] usb 8-1: Product: syz
[  525.679973][ T8362] usb 8-1: Manufacturer: syz
[  525.684664][ T8362] usb 8-1: SerialNumber: syz
[  525.813093][ T8362] usb 8-1: config 0 descriptor??
[  526.061424][ T8362] ipheth 8-1:0.196: Unable to find endpoints
[  526.510539][ T8362] usb 8-1: USB disconnect, device number 3
[  526.563836][ T8626] netlink: 32 bytes leftover after parsing attributes in process `syz.9.740'.
[  530.176488][ T8654] [U] 
[  530.179417][ T8654] [U] K{�
[  530.182716][ T8654] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[  530.190480][ T8654] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[  530.208129][ T8654] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[  530.219763][ T8654] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[  530.260890][ T8654] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[  530.286333][ T8654] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[  530.297777][ T8654] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[  530.309652][ T8654] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[  530.487428][ T8654] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[  530.507927][ T8654] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_��
�%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"�
��G�d���2@T8��������t8.Rc+�@�ꦇp�u�
p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���
_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[  530.556384][ T8654] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[  530.565118][ T8654] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�
[K@����2�Ǭ���p"^`���	��
[  530.579514][ T8654] [U] 22��Ʃ���x?0;3u�
[  530.583919][ T8654] [U] ޜ�
��sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_
�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�F
P��Ș|$��)�
KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[  530.609304][ T8654] [U] [�['xn�'�����,mr��/����1D=!D�x91B�
w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[  530.618972][ T8654] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[  530.627964][ T8654] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[  530.634353][ T8654] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[  530.647857][ T8654] [U] �ec�
[  530.651125][ T8654] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[  530.719744][ T8651] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUd
ǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[  531.760837][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  531.770969][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  531.798472][   T97] null_blk: rq ffff888106c58000 timed out
[  531.804378][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.815249][   T97] null_blk: rq ffff888106c58180 timed out
[  531.822021][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.832774][   T97] null_blk: rq ffff888106c58300 timed out
[  531.838636][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.849360][   T97] null_blk: rq ffff888106c58480 timed out
[  531.855167][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.865795][   T97] null_blk: rq ffff888106c58600 timed out
[  531.872449][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.883347][   T97] null_blk: rq ffff888106c58780 timed out
[  531.889261][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.899877][   T97] null_blk: rq ffff888106c58900 timed out
[  531.905669][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.916399][   T97] null_blk: rq ffff888106c58a80 timed out
[  531.922224][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.932993][   T97] null_blk: rq ffff888106c58c00 timed out
[  531.938955][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.949592][   T97] null_blk: rq ffff888106c58d80 timed out
[  531.955389][   T97] timeout error, dev nullb0, sector 393216 op 0x0:(READ) flags 0xe00000 phys_seg 2 prio class 2
[  531.966047][   T97] null_blk: rq ffff888106c58f00 timed out
[  531.972796][   T97] null_blk: rq ffff888106c59080 timed out
[  531.979016][   T97] null_blk: rq ffff888106c59200 timed out
[  531.984848][   T97] null_blk: rq ffff888106c59380 timed out
[  531.990755][   T97] null_blk: rq ffff888106c59500 timed out
[  531.996646][   T97] null_blk: rq ffff888106c59680 timed out
[  532.002477][   T97] null_blk: rq ffff888106c59800 timed out
[  532.008379][   T97] null_blk: rq ffff888106c59980 timed out
[  532.014198][   T97] null_blk: rq ffff888106c59b00 timed out
[  532.020079][   T97] null_blk: rq ffff888106c59c80 timed out
[  532.025885][   T97] null_blk: rq ffff888106c59e00 timed out
[  532.031763][   T97] null_blk: rq ffff888106c59f80 timed out
[  532.037681][   T97] null_blk: rq ffff888106c5a100 timed out
[  532.043498][   T97] null_blk: rq ffff888106c5a280 timed out
[  532.049384][   T97] null_blk: rq ffff888106c5a400 timed out
[  532.055201][   T97] null_blk: rq ffff888106c5a580 timed out
[  532.061081][   T97] null_blk: rq ffff888106c5a700 timed out
[  532.067127][   T97] null_blk: rq ffff888106c5a880 timed out
[  532.073732][   T97] null_blk: rq ffff888106c5aa00 timed out
[  532.079818][   T97] null_blk: rq ffff888106c5ab80 timed out
[  532.085632][   T97] null_blk: rq ffff888106c5ad00 timed out
[  532.091523][   T97] null_blk: rq ffff888106c5ae80 timed out
[  532.097543][   T97] null_blk: rq ffff888106c5b000 timed out
[  532.103354][   T97] null_blk: rq ffff888106c5b180 timed out
[  532.109237][   T97] null_blk: rq ffff888106c5b300 timed out
[  532.115046][   T97] null_blk: rq ffff888106c5b480 timed out
[  532.120946][   T97] null_blk: rq ffff888106c5b600 timed out
[  532.126849][   T97] null_blk: rq ffff888106c5b780 timed out
[  532.132669][   T97] null_blk: rq ffff888106c5b900 timed out
[  532.138625][   T97] null_blk: rq ffff888106c5ba80 timed out
[  532.144434][   T97] null_blk: rq ffff888106c5bc00 timed out
[  532.150300][   T97] null_blk: rq ffff888106c5bd80 timed out
[  532.156115][   T97] null_blk: rq ffff888106c5bf00 timed out
[  532.162275][   T97] null_blk: rq ffff888106c5c080 timed out
[  532.168616][   T97] null_blk: rq ffff888106c5c200 timed out
[  532.175643][   T97] null_blk: rq ffff888106c5c380 timed out
[  532.181766][   T97] null_blk: rq ffff888106c5c500 timed out
[  532.187661][   T97] null_blk: rq ffff888106c5c680 timed out
[  532.193477][   T97] null_blk: rq ffff888106c5c800 timed out
[  532.199497][   T97] null_blk: rq ffff888106c5c980 timed out
[  532.205337][   T97] null_blk: rq ffff888106c5cb00 timed out
[  532.211274][   T97] null_blk: rq ffff888106c5cc80 timed out
[  532.217215][   T97] null_blk: rq ffff888106c5ce00 timed out
[  532.223051][   T97] null_blk: rq ffff888106c5cf80 timed out
[  532.228985][   T97] null_blk: rq ffff888106c5d100 timed out
[  532.234808][   T97] null_blk: rq ffff888106c5d280 timed out
[  532.240685][   T97] null_blk: rq ffff888106c5d400 timed out
[  532.246552][   T97] null_blk: rq ffff888106c5d580 timed out
[  532.252394][   T97] null_blk: rq ffff888106c5d700 timed out
[  532.258273][   T97] null_blk: rq ffff888106c5d880 timed out
[  532.264093][   T97] null_blk: rq ffff888106c5da00 timed out
[  532.269979][   T97] null_blk: rq ffff888106c5db80 timed out
[  532.275788][   T97] null_blk: rq ffff888106c5dd00 timed out
[  532.282517][   T97] null_blk: rq ffff888106c5de80 timed out
[  535.996444][ T8362] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  536.054332][ T8701] loop2: detected capacity change from 0 to 7
[  536.078122][ T8701] Dev loop2: unable to read RDB block 7
[  536.084065][ T8701]  loop2: AHDI p1 p2 p3
[  536.089074][ T8701] loop2: partition table partially beyond EOD, truncated
[  536.097096][ T8701] loop2: p1 start 1601398130 is beyond EOD, truncated
[  536.103988][ T8701] loop2: p2 start 1702059890 is beyond EOD, truncated
[  536.186765][ T8362] usb 9-1: Using ep0 maxpacket: 32
[  536.230270][ T8362] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  536.242900][ T8362] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  536.253311][ T8362] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  536.262700][ T8362] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.411540][ T8254] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[  536.499484][ T8362] usb 9-1: config 0 descriptor??
[  536.676823][ T8254] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  536.695320][ T8254] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  536.710450][ T8254] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  536.719952][ T8254] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.112378][ T8362] savu 0003:1E7D:2D5A.000B: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[  537.296952][ T8362] usb 9-1: USB disconnect, device number 2
[  537.318835][ T8254] usb 8-1: usb_control_msg returned -32
[  537.324693][ T8254] usbtmc 8-1:16.0: can't read capabilities
[  538.061608][ T8710] fido_id[8710]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  538.392039][ T8719] syz_tun: entered allmulticast mode
[  538.718315][ T8718] syz_tun: left allmulticast mode
[  539.349813][ T8362] usb 8-1: USB disconnect, device number 4
[  540.938663][ T8752] loop2: detected capacity change from 0 to 7
[  540.985596][ T8752] Dev loop2: unable to read RDB block 7
[  540.991566][ T8752]  loop2: AHDI p1 p2 p3
[  540.996034][ T8752] loop2: partition table partially beyond EOD, truncated
[  541.004366][ T8752] loop2: p1 start 1601398130 is beyond EOD, truncated
[  541.011704][ T8752] loop2: p2 start 1702059890 is beyond EOD, truncated
[  544.406445][ T8800] syz_tun: entered allmulticast mode
[  544.639492][ T8799] syz_tun: left allmulticast mode
[  546.807157][    T9] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  547.017077][    T9] usb 10-1: Using ep0 maxpacket: 32
[  547.064051][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  547.075530][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  547.085922][    T9] usb 10-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  547.097013][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.358951][    T9] usb 10-1: config 0 descriptor??
[  547.928641][    T9] savu 0003:1E7D:2D5A.000C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.9-1/input0
[  548.014482][ T8849] syz_tun: entered allmulticast mode
[  548.147936][   T11] usb 10-1: USB disconnect, device number 2
[  548.497985][ T8848] syz_tun: left allmulticast mode
[  549.000196][ T8851] fido_id[8851]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[  550.819584][ T8876] program syz.9.866 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  560.056639][   T11] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  560.239708][   T11] usb 9-1: device descriptor read/64, error -71
[  560.506506][   T11] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  560.727272][   T11] usb 9-1: device descriptor read/64, error -71
[  560.899773][   T11] usb usb9-port1: attempt power cycle
[  561.267090][   T11] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  561.333711][ T5810] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  561.352017][   T11] usb 9-1: device descriptor read/8, error -71
[  561.372251][ T5810] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  561.398259][ T5810] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  561.422350][ T5810] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  561.439076][ T5810] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  561.608370][   T11] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  561.800720][   T11] usb 9-1: device descriptor read/8, error -71
[  561.928725][ T8983] syz_tun: entered allmulticast mode
[  561.933532][   T11] usb usb9-port1: unable to enumerate USB device
[  562.257372][ T8982] syz_tun: left allmulticast mode
[  563.121670][ T8975] chnl_net:caif_netlink_parms(): no params data found
[  563.405457][ T8998] netlink: 'syz.9.899': attribute type 1 has an invalid length.
[  563.414008][ T8998] netlink: 'syz.9.899': attribute type 2 has an invalid length.
[  563.560694][ T5811] Bluetooth: hci4: command tx timeout
[  565.649342][ T5811] Bluetooth: hci4: command tx timeout
[  565.723076][ T8975] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.730671][ T8975] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.738428][ T8975] bridge_slave_0: entered allmulticast mode
[  565.747515][ T8975] bridge_slave_0: entered promiscuous mode
[  565.871562][ T8975] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.879180][ T8975] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.886778][ T8975] bridge_slave_1: entered allmulticast mode
[  565.894841][ T8975] bridge_slave_1: entered promiscuous mode
[  566.049334][ T8975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  566.326978][ T8975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  566.852755][ T8975] team0: Port device team_slave_0 added
[  566.951514][ T8975] team0: Port device team_slave_1 added
[  566.959492][ T8362] usb 10-1: new full-speed USB device number 3 using dummy_hcd
[  567.225841][ T8362] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  567.236725][ T8362] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2
[  567.245947][ T8362] usb 10-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  567.255762][ T8362] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  567.268054][ T8975] batman_adv: batadv0: Adding interface: batadv_slave_0
[  567.275150][ T8975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  567.305237][ T8975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  567.561006][ T8362] usb 10-1: config 0 descriptor??
[  567.621828][ T8975] batman_adv: batadv0: Adding interface: batadv_slave_1
[  567.629112][ T8975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  567.656685][ T8975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  567.688411][ T8362] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  567.695435][ T8362] dvb-usb: bulk message failed: -22 (3/0)
[  567.768246][ T5811] Bluetooth: hci4: command tx timeout
[  567.990353][ T8362] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  568.106323][ T8362] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  568.113574][ T8362] usb 10-1: media controller created
[  568.151117][ T8975] hsr_slave_0: entered promiscuous mode
[  568.159660][ T8975] hsr_slave_1: entered promiscuous mode
[  568.167289][ T8975] debugfs: 'hsr0' already exists in 'hsr'
[  568.173092][ T8975] Cannot create hsr debugfs directory
[  568.235683][ T9034] syz_tun: entered allmulticast mode
[  568.238530][ T8362] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  568.432671][ T8362] dvb-usb: bulk message failed: -22 (6/0)
[  568.439048][ T8362] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  568.534141][ T8362] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.9/usb10/10-1/input/input22
[  568.574051][ T9033] syz_tun: left allmulticast mode
[  568.749810][ T8362] dvb-usb: schedule remote query interval to 150 msecs.
[  568.757365][ T8362] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  568.934208][ T8362] dvb-usb: bulk message failed: -22 (1/0)
[  568.941295][ T8362] dvb-usb: error while querying for an remote control event.
[  569.119250][ T8362] dvb-usb: bulk message failed: -22 (1/0)
[  569.125218][ T8362] dvb-usb: error while querying for an remote control event.
[  569.294902][ T8362] dvb-usb: bulk message failed: -22 (1/0)
[  569.301015][ T8362] dvb-usb: error while querying for an remote control event.
[  569.476720][ T8362] dvb-usb: bulk message failed: -22 (1/0)
[  569.482666][ T8362] dvb-usb: error while querying for an remote control event.
[  569.656657][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  569.662604][ T8361] dvb-usb: error while querying for an remote control event.
[  569.809101][ T5811] Bluetooth: hci4: command tx timeout
[  569.826904][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  569.832936][ T8361] dvb-usb: error while querying for an remote control event.
[  569.927191][ T8362] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  570.000656][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  570.006604][ T8361] dvb-usb: error while querying for an remote control event.
[  570.153749][ T8362] usb 8-1: device descriptor read/64, error -71
[  570.166942][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  570.172965][ T8361] dvb-usb: error while querying for an remote control event.
[  570.336864][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  570.342737][ T8361] dvb-usb: error while querying for an remote control event.
[  570.456434][ T8362] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  570.519257][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  570.525147][ T8361] dvb-usb: error while querying for an remote control event.
[  570.686581][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  570.692540][ T8361] dvb-usb: error while querying for an remote control event.
[  570.700624][ T8362] usb 8-1: device descriptor read/64, error -71
[  570.857636][ T8362] usb usb8-port1: attempt power cycle
[  570.864278][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  570.870375][ T8361] dvb-usb: error while querying for an remote control event.
[  571.046971][ T8361] dvb-usb: bulk message failed: -22 (1/0)
[  571.052881][ T8361] dvb-usb: error while querying for an remote control event.
[  571.220064][ T8361] usb 10-1: USB disconnect, device number 3
[  571.247171][ T8362] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  571.402825][ T8362] usb 8-1: device descriptor read/8, error -71
[  571.495869][ T8975] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  571.560648][ T8361] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  571.604491][ T8975] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  571.667458][ T8362] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  571.698628][ T8975] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  571.725262][ T8362] usb 8-1: device descriptor read/8, error -71
[  571.857817][ T8975] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  571.877656][ T8362] usb usb8-port1: unable to enumerate USB device
[  572.435662][ T8813] syz.6.843 (8813): drop_caches: 1
[  574.051145][ T8975] 8021q: adding VLAN 0 to HW filter on device bond0
[  574.425686][ T8975] 8021q: adding VLAN 0 to HW filter on device team0
[  574.627138][  T148] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.634540][  T148] bridge0: port 1(bridge_slave_0) entered forwarding state
[  574.767201][ T5810] Bluetooth: hci3: command 0x0406 tx timeout
[  574.836982][  T148] bridge0: port 2(bridge_slave_1) entered blocking state
[  574.844429][  T148] bridge0: port 2(bridge_slave_1) entered forwarding state
[  574.847388][ T9065] IPVS: set_ctl: invalid protocol: 46 10.1.1.1:20011
[  576.239355][ T9077] syz_tun: entered allmulticast mode
[  576.522175][ T8362] hid_parser_main: 8 callbacks suppressed
[  576.522268][ T8362] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[  576.743373][ T9075] syz_tun: left allmulticast mode
[  576.760229][ T8362] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  577.317782][ T3701] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.552910][ T3701] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.933380][ T3701] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.960483][   T11] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  578.032659][ T8975] 8021q: adding VLAN 0 to HW filter on device batadv0
[  578.101925][ T3701] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  578.149286][   T11] usb 8-1: device descriptor read/64, error -71
[  578.458383][   T11] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  578.677256][   T11] usb 8-1: device descriptor read/64, error -71
[  578.808587][   T11] usb usb8-port1: attempt power cycle
[  578.832253][ T9103] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  578.878441][ T3701] bridge_slave_1: left allmulticast mode
[  578.884818][ T3701] bridge_slave_1: left promiscuous mode
[  578.891209][ T3701] bridge0: port 2(bridge_slave_1) entered disabled state
[  579.098280][ T3701] bridge_slave_0: left allmulticast mode
[  579.104325][ T3701] bridge_slave_0: left promiscuous mode
[  579.111032][ T3701] bridge0: port 1(bridge_slave_0) entered disabled state
[  579.362398][   T11] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  579.430614][   T11] usb 8-1: device descriptor read/8, error -71
[  579.775620][ T3701] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  579.846575][   T11] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  579.985115][   T11] usb 8-1: device descriptor read/8, error -71
[  580.002515][   T51] Bluetooth: hci6: command 0x0406 tx timeout
[  580.009190][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  580.088772][ T3701] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  580.116430][ T3701] bond0 (unregistering): Released all slaves
[  580.139108][   T11] usb usb8-port1: unable to enumerate USB device
[  580.369630][ T8975] veth0_vlan: entered promiscuous mode
[  580.893563][ T8975] veth1_vlan: entered promiscuous mode
[  581.018867][ T3701] hsr_slave_0: left promiscuous mode
[  581.059437][ T3701] hsr_slave_1: left promiscuous mode
[  581.067263][ T3701] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  581.074744][ T3701] batman_adv: batadv0: Removing interface: batadv_slave_0
[  581.198354][ T3701] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  581.206447][ T3701] batman_adv: batadv0: Removing interface: batadv_slave_1
[  581.407456][ T3701] veth1_macvtap: left promiscuous mode
[  581.413181][ T3701] veth0_macvtap: left promiscuous mode
[  581.420122][ T3701] veth1_vlan: left promiscuous mode
[  581.425657][ T3701] veth0_vlan: left promiscuous mode
[  582.442491][ T3701] team0 (unregistering): Port device team_slave_1 removed
[  582.533529][ T3701] team0 (unregistering): Port device team_slave_0 removed
[  582.861384][ T9122] syzkaller1: entered promiscuous mode
[  582.868615][ T9122] syzkaller1: entered allmulticast mode
[  583.402676][ T8975] veth0_macvtap: entered promiscuous mode
[  583.475466][ T8975] veth1_macvtap: entered promiscuous mode
[  583.691530][ T8975] batman_adv: batadv0: Interface activated: batadv_slave_0
[  583.817332][ T8975] batman_adv: batadv0: Interface activated: batadv_slave_1
[  584.065962][ T9144] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  584.157504][   T63] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  584.188333][   T63] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  584.292282][   T63] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  584.345194][   T63] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  584.381935][ T9148] syz_tun: entered allmulticast mode
[  584.744520][ T9146] syz_tun: left allmulticast mode
[  585.705012][ T9164] loop7: detected capacity change from 0 to 512
[  586.009176][ T9164] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  586.022431][ T9164] ext4 filesystem being mounted at /72/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  586.153863][ T9164] fuse: Bad value for 'fd'
[  586.667417][ T7990] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  587.723500][ T9198] syz_tun: entered allmulticast mode
[  587.894591][ T9193] syz_tun: left allmulticast mode
[  588.066498][ T8361] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  588.298305][ T8361] usb 8-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  588.308233][ T8361] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.316750][ T8361] usb 8-1: Product: syz
[  588.321093][ T8361] usb 8-1: Manufacturer: syz
[  588.325871][ T8361] usb 8-1: SerialNumber: syz
[  588.429108][ T8361] usb 8-1: config 0 descriptor??
[  588.668439][ T8361] hso 8-1:0.0: Failed to find BULK IN ep
[  588.717470][ T8361] usb-storage 8-1:0.0: USB Mass Storage device detected
[  588.943990][ T8361] usb 8-1: USB disconnect, device number 13
[  591.429925][ T9255] syz_tun: entered allmulticast mode
[  591.660478][ T9253] syz_tun: left allmulticast mode
[  592.026255][ T4243] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.034225][ T4243] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  592.403500][ T4120] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.411750][ T4120] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  593.258864][ T1285] ieee802154 phy0 wpan0: encryption failed: -22
[  593.265469][ T1285] ieee802154 phy1 wpan1: encryption failed: -22
[  594.767034][ T9298] syz_tun: entered allmulticast mode
[  594.834364][ T9296] syz_tun: left allmulticast mode
[  594.886566][ T8361] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  594.907688][ T8362] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  595.117119][ T8362] usb 2-1: Using ep0 maxpacket: 16
[  595.123637][ T8361] usb 8-1: Using ep0 maxpacket: 16
[  595.165806][ T8361] usb 8-1: config 0 has an invalid interface number: 8 but max is 0
[  595.174313][ T8361] usb 8-1: config 0 has no interface number 0
[  595.183087][ T8361] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  595.194636][ T8362] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  595.270028][ T8362] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  595.279425][ T8362] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.287849][ T8362] usb 2-1: Product: syz
[  595.292188][ T8362] usb 2-1: Manufacturer: syz
[  595.297177][ T8362] usb 2-1: SerialNumber: syz
[  595.324171][ T8361] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  595.334071][ T8361] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  595.342588][ T8361] usb 8-1: Product: syz
[  595.347178][ T8361] usb 8-1: SerialNumber: syz
[  595.418987][ T8362] usb 2-1: config 0 descriptor??
[  595.482082][ T8361] usb 8-1: config 0 descriptor??
[  595.505045][ T8362] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  595.514640][ T8362] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  595.559263][ T8361] usbhid 8-1:0.8: couldn't find an input interrupt endpoint
[  595.763162][ T8361] usb 8-1: USB disconnect, device number 14
[  596.119439][ T8362] em28xx 2-1:0.0: chip ID is em2765
[  596.826116][ T8362] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  596.834566][ T8362] em28xx 2-1:0.0: board has no eeprom
[  596.957298][ T8362] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  596.965526][ T8362] em28xx 2-1:0.0: dvb set to bulk mode.
[  596.972428][ T8361] em28xx 2-1:0.0: Binding DVB extension
[  597.141159][ T8362] usb 2-1: USB disconnect, device number 6
[  597.221239][ T8362] em28xx 2-1:0.0: Disconnecting em28xx
[  597.440525][ T8361] em28xx 2-1:0.0: Registering input extension
[  597.496781][ T8362] em28xx 2-1:0.0: Closing input extension
[  597.640226][ T8362] em28xx 2-1:0.0: Freeing device
[  598.535785][ T9333] syz_tun: entered allmulticast mode
[  598.713923][ T9332] syz_tun: left allmulticast mode
[  599.479855][ T9349] netlink: 'syz.1.984': attribute type 13 has an invalid length.
[  599.488235][ T9349] netlink: 'syz.1.984': attribute type 17 has an invalid length.
[  600.146604][   T11] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  600.188366][ T9349] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  600.337109][ T8361] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  600.397274][   T11] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  600.407825][   T11] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  600.488228][   T11] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  600.497859][   T11] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  600.506061][   T11] usb 8-1: SerialNumber: syz
[  600.567255][ T8361] usb 9-1: Using ep0 maxpacket: 32
[  600.594193][ T8361] usb 9-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  600.603925][ T8361] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.678106][ T8361] usb 9-1: config 0 descriptor??
[  600.810373][   T11] usb 8-1: 0:2 : does not exist
[  600.815514][   T11] usb 8-1: unit 5 not found!
[  600.946763][   T11] usb 8-1: USB disconnect, device number 15
[  600.960209][ T8361] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  601.037407][ T8361] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  601.109209][ T8361] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  601.116859][ T8361] usb 9-1: media controller created
[  601.160046][ T9358] =====================================================
[  601.168553][ T9358] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xcc/0x120
[  601.175858][ T9358]  _copy_to_user+0xcc/0x120
[  601.180796][ T9358]  i2cdev_ioctl_smbus+0x586/0x660
[  601.186317][ T9358]  i2cdev_ioctl+0xa14/0xf40
[  601.190973][ T9358]  __se_sys_ioctl+0x23c/0x400
[  601.200056][ T9358]  __x64_sys_ioctl+0x97/0xe0
[  601.204836][ T9358]  x64_sys_call+0x1cbc/0x3e30
[  601.211677][ T9358]  do_syscall_64+0xd9/0xfa0
[  601.216653][ T9358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.222707][ T9358] 
[  601.225087][ T9358] Uninit was stored to memory at:
[  601.228941][ T8361] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  601.230545][ T9358]  __i2c_smbus_xfer+0x254d/0x2f60
[  601.244443][ T9358]  i2c_smbus_xfer+0x31d/0x4d0
[  601.249814][ T9358]  i2cdev_ioctl_smbus+0x4a1/0x660
[  601.254989][ T9358]  i2cdev_ioctl+0xa14/0xf40
[  601.259738][ T9358]  __se_sys_ioctl+0x23c/0x400
[  601.264589][ T9358]  __x64_sys_ioctl+0x97/0xe0
[  601.269579][ T9358]  x64_sys_call+0x1cbc/0x3e30
[  601.274426][ T9358]  do_syscall_64+0xd9/0xfa0
[  601.279210][ T9358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.285259][ T9358] 
[  601.287813][ T9358] Local variable msgbuf1.i created at:
[  601.293353][ T9358]  __i2c_smbus_xfer+0x86a/0x2f60
[  601.302362][ T9358]  i2c_smbus_xfer+0x31d/0x4d0
[  601.308657][ T9358] 
[  601.311058][ T9358] Bytes 0-1 of 2 are uninitialized
[  601.316353][ T9358] Memory access of size 2 starts at ffff888133dafcf6
[  601.323120][ T9358] Data copied to user address 0000200000000400
[  601.329612][ T9358] 
[  601.332209][ T9358] CPU: 0 UID: 0 PID: 9358 Comm: syz.8.989 Tainted: G        W           syzkaller #0 PREEMPT(none) 
[  601.343409][ T9358] Tainted: [W]=WARN
[  601.347439][ T9358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  601.357748][ T9358] =====================================================
[  601.364777][ T9358] Disabling lock debugging due to kernel taint
[  601.371188][ T9358] Kernel panic - not syncing: kmsan.panic set ...
[  601.377732][ T9358] CPU: 0 UID: 0 PID: 9358 Comm: syz.8.989 Tainted: G    B   W           syzkaller #0 PREEMPT(none) 
[  601.388689][ T9358] Tainted: [B]=BAD_PAGE, [W]=WARN
[  601.393795][ T9358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  601.403990][ T9358] Call Trace:
[  601.407365][ T9358]  <TASK>
[  601.410370][ T9358]  __dump_stack+0x26/0x30
[  601.414854][ T9358]  dump_stack_lvl+0x53/0x270
[  601.419585][ T9358]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  601.425547][ T9358]  dump_stack+0x1e/0x25
[  601.429836][ T9358]  vpanic+0x435/0xd30
[  601.433984][ T9358]  panic+0x15d/0x160
[  601.438073][ T9358]  kmsan_report+0x31c/0x320
[  601.442803][ T9358]  ? kmsan_internal_check_memory+0x1e1/0x230
[  601.448949][ T9358]  ? kmsan_copy_to_user+0xf1/0x190
[  601.454179][ T9358]  ? _copy_to_user+0xcc/0x120
[  601.459001][ T9358]  ? i2cdev_ioctl_smbus+0x586/0x660
[  601.464324][ T9358]  ? i2cdev_ioctl+0xa14/0xf40
[  601.469111][ T9358]  ? __se_sys_ioctl+0x23c/0x400
[  601.474118][ T9358]  ? __x64_sys_ioctl+0x97/0xe0
[  601.479027][ T9358]  ? x64_sys_call+0x1cbc/0x3e30
[  601.484034][ T9358]  ? do_syscall_64+0xd9/0xfa0
[  601.488860][ T9358]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.495071][ T9358]  ? __pfx_az6027_i2c_xfer+0x10/0x10
[  601.500580][ T9358]  ? __i2c_transfer+0x11cd/0x3110
[  601.505872][ T9358]  ? kmsan_get_metadata+0xfb/0x160
[  601.511168][ T9358]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  601.517713][ T9358]  ? kmsan_get_metadata+0xfb/0x160
[  601.522990][ T9358]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  601.528943][ T9358]  ? __i2c_smbus_xfer+0x1e93/0x2f60
[  601.534315][ T9358]  ? kmsan_get_metadata+0xfb/0x160
[  601.539566][ T9358]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  601.545546][ T9358]  kmsan_internal_check_memory+0x1e1/0x230
[  601.551565][ T9358]  kmsan_copy_to_user+0xf1/0x190
[  601.556663][ T9358]  _copy_to_user+0xcc/0x120
[  601.561345][ T9358]  i2cdev_ioctl_smbus+0x586/0x660
[  601.566523][ T9358]  i2cdev_ioctl+0xa14/0xf40
[  601.571150][ T9358]  ? kmsan_get_metadata+0x4d/0x160
[  601.576409][ T9358]  ? __pfx_i2cdev_ioctl+0x10/0x10
[  601.581551][ T9358]  __se_sys_ioctl+0x23c/0x400
[  601.586391][ T9358]  __x64_sys_ioctl+0x97/0xe0
[  601.591142][ T9358]  x64_sys_call+0x1cbc/0x3e30
[  601.595981][ T9358]  do_syscall_64+0xd9/0xfa0
[  601.600644][ T9358]  ? irqentry_exit+0x16/0x60
[  601.605452][ T9358]  ? clear_bhb_loop+0x40/0x90
[  601.610275][ T9358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  601.616315][ T9358] RIP: 0033:0x7fc27a38f749
[  601.620819][ T9358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  601.640564][ T9358] RSP: 002b:00007fc27b266038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  601.649122][ T9358] RAX: ffffffffffffffda RBX: 00007fc27a5e5fa0 RCX: 00007fc27a38f749
[  601.657206][ T9358] RDX: 0000200000000140 RSI: 0000000000000720 RDI: 0000000000000004
[  601.665278][ T9358] RBP: 00007fc27a413f91 R08: 0000000000000000 R09: 0000000000000000
[  601.673344][ T9358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  601.681663][ T9358] R13: 00007fc27a5e6038 R14: 00007fc27a5e5fa0 R15: 00007ffdaf5e0d68
[  601.689771][ T9358]  </TASK>
[  601.693389][ T9358] Kernel Offset: disabled
[  601.697791][ T9358] Rebooting in 86400 seconds..