last executing test programs:

17.092708667s ago: executing program 2 (id=705):
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000a00)='./binderfs/binder-control\x00', 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0)
ioctl$BINDER_CTL_ADD(r0, 0xc1086201, 0x0)

16.93124893s ago: executing program 2 (id=706):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x0, 0x0, 0x0, 0x1}, 0x20)
r1 = syz_open_procfs(0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
preadv(r1, 0x0, 0x0, 0xa1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x380000, @dev}, 0x1c)
sendmmsg$alg(r0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
ppoll(&(0x7f0000000140)=[{r2, 0x3208}, {r3, 0x8000}], 0x2, 0x0, 0x0, 0x0)
umount2(&(0x7f0000000100)='./file0\x00', 0x0)

16.859648496s ago: executing program 2 (id=709):
syz_genetlink_get_family_id$batadv(&(0x7f0000000900), 0xffffffffffffffff)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c)
writev(r0, &(0x7f0000000680)=[{&(0x7f0000000180)="8ab89dcf71f83648e1f51036e93a1d631db950f2556e0e78bb48f3961efdf91ca6f0b4ac8cda36daa6581960646fd15cf075bf110ac3701863beae2f", 0x3c}, {&(0x7f0000000700)="a97c076da7ec5ea6606876deb49076a9865e9aceab237bee6b8a10915a1d71cf2bdb43b70bf927729acc08ac9f6c86540f4daf41992e536b0550c372cc542783a3f911c9ef56fe8c0f1bc4dfb136", 0x4e}, {&(0x7f0000000940)="8c9955cd26264ce3acdbe44a89d7de97c00ef210a50d61610e4f720a71c1699eb425005f98606c714f04896c1f7bcbe887ad72991cbee6ad784fb50b5329093cd46c1a94e58e48ce5f12a0ce44654519cd10e6524eb334ccda8a169cdaba825622d20145aa4110b86525e7136269851b92de72e43461646b00008ba45cd7d931c5b247a98afa9e597de41f00"/156, 0x9c}, {&(0x7f0000000780)="68d0e6cb45e4b9794a1c3656df9e77f52552dbcbb6d4e05fa5398c06abbd3797adeba687cffffcc6a101a2e44800d8bf935c31c1e0ad13858c0692343981a53866cff3cb3e895fe1da972b41fae2f7a02121f0b7eebdf8fa9e6aa8f7ffdd5e006317d77d008bddbd6f5a6e2f130f60dccfdb97da09076568a3189930c002cc192b473a6747e581de3d6953b14581d2394e098abf58872f535f7660b698778691dd2618c0db4a137a48baf259c90ee9c4d30689f8909c04a2eb4409b13254d3017d886aeb008ffe621f29e7f3f7c038a3e32e52de108f092b246ac5e46a254d7db7b353cacf", 0xe5}, {&(0x7f00000004c0)="d2aa234b5c3705687771add0a23f03c9b1d2c518717672d50c4fde433c6cd06355f6110c53872a011566a262ab939b2ce786fa8dc19d0db2e402796ac8f2404a6b695ead83a57789c9b8a4246b05f25827eef340f08c87fdb391d8b7a6449d774a7ba9cafce602fc66a7c1d69472b479a8985ba88268cea887ca584b946b3170f1da426868bb976233872853ee81526670c5542d1c12b8156abcef0858c37040ff9b8be96a1c857d7366feb1022a264ea4", 0xb1}, {&(0x7f0000000580)="264292afc0647c42e80d160a64e9e53051954c55abcb7fad9dcf680bf1ce17d3211e5aa369ac0e40fa67c35f0988f760e648b25244d99bf1719a0ef7e49042fe9c9e06461b753824e15d6e08c9de22a71b6a8bb6db8b24461a6d41ec5aa61f0036aa42ea5cdd59e31efba41c17ff88b78481345d9e3b4f24bf097336492f1ebdfb33fd690513b7788541cfbaa6bc1fdeca37229fb75d68ec148097d62f62985a94c66315cf7fee3db3a8b4d4645af7063ea2d198ef5b4e70c5e6c6df89a9f2e4cca8ccdb33cf117cf9cf401865dcd9eba9b1557aa8", 0xd5}], 0x6)
write(0xffffffffffffffff, &(0x7f0000000200)="d44a05c9067c7da9cc1840b5027cb889850acb474f3442d608cf9eb0dfda4216f946fa49642d1a8275651b624fb8dc8987b99f18f160a6e2b4b03f279265f0bafb70e070b82e5e5e65d4eeb25c3de3949bb3dd8afb0d3c3f159e88465c412216dfd69e54b8bb7a7a1db6d0d7ac316f7594d86d83138e9a99040ceb31795f44372c34b2a8f4c7558d48f8191b10401abf0e22aac4dbc12a0150596310cf9b3892b76dc05e4796135a896beb7cdfc5b9e734a6", 0xb2)
ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000100)={0xf0f046})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000880)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$rds(0x15, 0x5, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x46, 0x0, "2431d0edd9b36cb74d7df7671eacf04be3b08353efa3641776f56c7556fd3713097bd0072577bc6fefb4cdc9e94e420b0ea4fbc5b07a32056eff5e6c42784b46ddab72b1b8fc87f208ad6db80d8dfe25"}, 0xd8)
listen(0xffffffffffffffff, 0xffffffff)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x0, 0x0, "aeb81d8ee3a82d67eea9e5bdf2247481041a5b9cddbc936efc471c56ae3d5f6945d296a285858a891a3b4e7bff572ef69992da867f406182d70f47773434b8349435f2ad628d62a3b45bb98872fb1900"}, 0xd8)
r3 = socket$netlink(0x10, 0x3, 0x4)
writev(r3, &(0x7f0000000040), 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r4, 0x40045612, &(0x7f0000000000)=0x2)
socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
write$FUSE_NOTIFY_STORE(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB='/'], 0x2)
mount$fuse(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0xa6d214, 0x0)
syz_open_procfs(0x0, 0x0)

15.887754636s ago: executing program 2 (id=718):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd\x00')
r2 = memfd_create(&(0x7f00000003c0)='D\xa3\xd5Wj\x00\x00\x8b\x14\xc2\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x9b\x12\x0eW\xcf^y\xa9 +H/\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\xb1\x1f|\x99PL\x92\x8f\xc2yM\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xde\xf5\xcd\xb1\xe3\xb0\xc7.)0rA\xfa,EC\xado5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4\x86\xd4\xc9\xe3\x8f\xd9\x9f+\xfc\xb3\xdd\xddhg(\x03\xa7\x92\xe5\x00+h\xb7@#K\x9cMY\xd3\xbe\r\xf1W\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xf8A\xaf\\\xaa\xf5u\xde\xfa\xa1\xc0\xf9&gR\x81.\xff\x83k\xe6\rDa\x16\xbd\x1a\xb2w\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa5?\x82X\xe2\xd5\xe7\x90m; Jm#\xad{\x8a\x9aY\x90\xbf\x1c\x7fqr\x90$L\xbb\x0f\xd6\x16/\xf3\xa9\xff\x99\xfc!\xcf\xf7\x0535\xc4+\xc5\xb3M%\xabcg\xce|%\x05\xa7\xf6\xaa\x1f\t\xb6#\xfe\x1bOC\xd7C{\xd8\v\x8b\xa9\x01\xf53\xeaksL\xbc\x86\x80/\x95\xd4\x9c\xc3H\'h\xa2\x80\b\xbe\xb7\xb6*\x0ef\xd1\x03<\xb5\x05O\x89%\xd5I\xf5=\x9e5`\xc5%`\xfc\x88^\xd6\x95k\x80:\x94FW5\x87*\xc8k\xb8S\x8e\xd2jCZ\x1c\xe0\x9dc\xeb\xd3\xf2y\a\xad\x9a\xcaS5\xb4*\x8d\xe6\xb4v(lRi>\x9c5\x83\xf4\xf4D\b\x8b\xb2\xa8\xa0\xef0\x19\xf6\x86B\xb3\x1e\xfc\r\xa7\x9e0\xdd\xfc', 0x0)
write(r2, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54", 0x3f)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x0)
r3 = dup3(r1, r2, 0x0)
fchdir(r3)
r4 = inotify_init1(0x0)
inotify_add_watch(r4, &(0x7f0000000040)='.\x00', 0x80000200)
readv(r0, 0x0, 0x0)

15.423174874s ago: executing program 2 (id=720):
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_open_dev$dmmidi(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
socket$netlink(0x10, 0x3, 0x9)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000))
setresgid(0xee01, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200))
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000a4d000/0x2000)=nil, 0x2000, 0xf, 0x10, r0, 0x556ad000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000180)})
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
ioperm(0x0, 0x0, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x2, @mcast2, 0x7}, 0x1c)
sendmmsg$inet6(r2, &(0x7f0000007e40), 0x4000000000000aa, 0x0)

7.573699728s ago: executing program 3 (id=747):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000240), 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x20008})
syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x73, 0x0, @empty, @empty}, {0x0, 0x0, 0x9c, 0x0, @wg}}}}}, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000008ffffffffff00"])

5.535448946s ago: executing program 3 (id=752):
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153}, 0x90)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000001200)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x10, 0x0, 0x0, @local, @local, {[@dstopts={0x89, 0x0, '\x00', [@padn, @ra={0x5, 0x2, 0xfffd}]}]}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x37)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
socket$unix(0x1, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
write$evdev(r0, &(0x7f0000000000), 0x100000008)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x8000451b, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

5.267156458s ago: executing program 0 (id=754):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1a003})
r1 = socket(0xa, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0)
sendmsg$key(r3, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='source', &(0x7f0000002280)='//\xf2b\x06\b\xba\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b//\\\x00\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x97\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8DD\x9bp\x01\xcc:\xa6\xc5n\x9f\xfb\x81 \x10\x0fQ\x90}Zd\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3V\x9c\x8c\xf8\xf7\xe2\xd5\x8bE\xee5\x00\xaa\xd5\xfc\x1b$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\xec\xac\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xec\x9es\xee\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\x00\x00\x00\x00\x00\x00\x00\x00_\tN\xfd\xa2\xc2SPu\xe7\xc0+SL\xa1', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="7800000039000900000f0f000000000001000000040000000c000180cafc080005470000080002"], 0x78}}, 0x0)

4.979990851s ago: executing program 1 (id=756):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@cgroup=r2, r0, 0x12, 0x6}, 0x10)

4.841669183s ago: executing program 3 (id=757):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

4.675238407s ago: executing program 1 (id=758):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af0bfcb00807f0223d93947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9"], 0x0}, 0x90)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="200000000a1403090000000000000000080001000000000008000300"], 0x20}}, 0x0)

4.613600321s ago: executing program 1 (id=759):
unshare(0x20000400)
setsockopt$inet_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0)

4.487648452s ago: executing program 1 (id=760):
r0 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x0, 0x0, 0x0, 0x1}, 0x20)
r1 = syz_open_procfs(0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
preadv(r1, 0x0, 0x0, 0xa1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x380000, @dev}, 0x1c)
sendmmsg$alg(r0, &(0x7f0000000400), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000400)='./file0/../file0\x00', &(0x7f00000001c0), 0x0, 0x0)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
ppoll(&(0x7f0000000140)=[{r2, 0x3208}, {r3, 0x8000}], 0x2, 0x0, 0x0, 0x0)
umount2(&(0x7f0000000100)='./file0\x00', 0x0)

4.283289679s ago: executing program 4 (id=761):
r0 = socket$inet6(0xa, 0x6, 0x7fd)
setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000000)=0x48000, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x5}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000002c0)={0x0, 0xa4}}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x18, &(0x7f0000000840)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000008000000850000001c00000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r5, 0xfffff000, 0xa, 0x0, &(0x7f0000000300)="61df712bc884fed57227", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = socket(0xa, 0x801, 0x0)
getsockopt$bt_BT_SECURITY(r6, 0x6, 0x25, 0x0, 0x20000000)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000240)={0x3ffd}, 0x10)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB="0000000000000000300012800c0001006d6163766c616e00200002801c0005800a000400aaaaaaaaaabb00000a0004000000000000000000"], 0x50}}, 0x0)
syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
syz_emit_ethernet(0x9c, &(0x7f00000005c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x28}, @empty, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@ipv4={0x800, @tipc={{0x17, 0x4, 0x3, 0x37, 0x8a, 0x66, 0x0, 0x0, 0x6, 0x0, @private=0xa010102, @remote, {[@ssrr={0x89, 0x1f, 0x6d, [@private=0xa010102, @broadcast, @loopback, @loopback, @dev={0xac, 0x14, 0x14, 0x3e}, @broadcast, @dev={0xac, 0x14, 0x14, 0x11}]}, @rr={0x7, 0x1f, 0xf6, [@multicast2, @local, @private=0xa010102, @rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102]}, @rr={0x7, 0x3, 0x1f}, @ra={0x94, 0x4, 0x1}]}}, @payload_named={{{{{0x2e, 0x0, 0x1, 0x0, 0x1, 0xa, 0x3, 0x2, 0x0, 0x0, 0x0, 0xa, 0x5, 0x2, 0x2, 0x8, 0x0, 0x4e23, 0x4e21}, 0x1, 0x1}, 0x3, 0x4}}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}}}}}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wpan1\x00'})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wpan3\x00'})
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000100), 0xffffffffffffffff)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000800)={'wpan0\x00', <r10=>0x0})
sendmsg$NL802154_CMD_GET_SEC_DEVKEY(r9, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x1c, r8, 0x329, 0x0, 0x0, {0x16}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}]}, 0x1c}}, 0x0)

4.253178491s ago: executing program 1 (id=762):
r0 = fanotify_init(0x0, 0x0)
r1 = open$dir(&(0x7f0000000000)='.\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20001000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="2c0000002100b8ad2abd7000fbdbdf2502801409ea0000030000010008000200ac1414bb08000b0000000000e3233d2648c7b526a23b5f33ca36948848cc12b35fedd516477f1d9db5cdd8967f088d12741d73f834e615c595bcc15af52c49fdb875e6213a13ee3314df0dd18c91ce75fe2b65d42f6d4fe1b5fe23e93d64afc6b0c19b53af93707dbb3005453e20e3594336f6e5f890b12810472caa020602828ab393de6773c2bad3372580d768b98e1bc1a216c78abc9cdcca70e9084a733f9202527ffd8041f69bccf0ddd18462a3497e8c83c4a2d552e86d248249e8f318108c862d39d6079f6d699185ad51bb1697cf07ed5b6906c639fc83a213a7775a5c45909e472ba99c855c767bacef48fad5757639e1aeea80f01c158a753920096398415e989685df2ca0f5098615c946465b8a2ec762fbd0ced5f9c1892ebd6e588175e078b21f017735a3c4fd17603c74a18b4f3b7e03ce4b74a4e6d61a49128ecd7be480a033e2c59c9f7d1970bacdfe29575a9a7bd5815fd302c174fe7c593b3d065da890e42ba542d748c478d0b2907d4d8e568ac7ea"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
timer_create(0x0, 0x0, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x0, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
r7 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r7, 0x4c09, 0x1000000000007)
waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0)
fanotify_mark(r0, 0x641, 0x1038, r1, 0x0)
clock_gettime(0x5, &(0x7f0000000040))
bpf$ENABLE_STATS(0x20, &(0x7f0000000080), 0x4)

3.964795144s ago: executing program 0 (id=763):
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x0)
r0 = syz_open_dev$usbfs(0x0, 0x77, 0x101301)
ioctl$USBDEVFS_CONNECTINFO(r0, 0x80045520, &(0x7f0000002a40))

2.003211726s ago: executing program 0 (id=764):
fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
mkdir(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20003, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x5, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00')
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000a00)={@cgroup, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='cpuset\x00')
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket$packet(0x11, 0x0, 0x300)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890b, &(0x7f0000000600)={@local, @mcast1, @empty, 0x8})
socket$inet6(0xa, 0x3, 0x6)
socket$packet(0x11, 0x2, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="0600000000000000711151000000000085104c0002000000850000000500000095000000000000009500a50500"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x90)

1.886038386s ago: executing program 1 (id=765):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010100000000105801000100000000000109022400010000002009040000010300000009210000000122dc0109058903"], 0x0)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000000)='./file0\x00', 0xa00a14, &(0x7f0000000080)=ANY=[], 0xff, 0x328, &(0x7f00000000c0)="$eJzs3M9r22YYwPHHP+LYDrF8GBsbjLxsl20HkXg7D8xIYMywkMRjyWCgJPJmrNnBMhkeY8ku7bX0P+ilh5BjboG295JLb+2ll95yKfTQUEJVLEuJnchOq8R10nw/EPRKz/so74ts87zG0v6vt/6qlGy9ZDQkmlRy46GIHIhkJSq+iLeNuu2EdNqUr8dePP58fnHpp3yhMD2n1Ex+4ducUiozce/vf1Net91R2cv+vv8892zv471P918v/Fm2VdlW1VpDGWq59rRhLFumWi3bFV2pWcs0bFOVq7ZZb8dr7XjJqq2tNZVRXR1Pr9VN21ZGtakqZlM1aqpRbyrjD6NcVbquq/G0BEkEHr2uiltzc0Y+ZPLKBQ8GYb1yHKdP2InkjZiIpE5FilsDHRcAALiUTtT/MbekD1X/S8at/1udj+v/7S8eNMZ+2cl49f9uIqj+/+5J+1xd9X9SRC60/k8GzP50RXTlbbxL53PV/7gcJk6vaSNde/V63kh771/X/79tT7oN6n8AAAAAAAAAAAAAAAAAAAAAAK6CA8fRHMfR/K33981xj/axwOSgW2pwpfS4/tqod3n9/WGPE4Mxv7gkSffGvXhGxLq5Xlwvtrde3O84KZocuq8HT6vt33mkWrJy39rw8jfWizE3ki9JWSwxZUo0yZ7Md5yZHwvTU6qtO39E0p35OdHko+D8XGB+Qr76siNfF00erUhNLFltva4PnaP8/6aU+uHnwon8lNsPAAAAAIAPga6OBK7fdb1XvJ1/tL7u/n5ApGN9Phm4Po9rn8WHO3cAAAAAAK4Lu/lPxbAss96nkZKz+4RvxMOlj/TrE+uYYVdINntOOeH9nGlwM+3T8H9IUUl0hJJyxzsc5sz+/Acz5qiEyZoQZ/T46bRh/7v/tVGvPjI76OsV7xH65Pbdl+HOHPGe2tsZ+n4necZMB9YYeasPDyd2vg8fAAAAAO+VX/SnbHc3MuzxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwHfV5DFj8oh4nNuw5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJfFmwAAAP//26H/kQ==")
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x0)
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12011003000000002505a8"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)

1.307295163s ago: executing program 3 (id=766):
setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153}, 0x90)
creat(&(0x7f0000000300)='./bus\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000001200)={@local, @broadcast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "b81923", 0x10, 0x0, 0x0, @local, @local, {[@dstopts={0x89, 0x0, '\x00', [@padn, @ra={0x5, 0x2, 0xfffd}]}]}}}}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x37)
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802)
socket$unix(0x1, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
syz_open_dev$usbfs(0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r1 = accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
connect$unix(r1, &(0x7f0000000380)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
write$evdev(r0, &(0x7f0000000000), 0x100000008)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x8000451b, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)

1.172585904s ago: executing program 4 (id=767):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800"/13], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000000c0)={@cgroup=r2, r0, 0x12, 0x6}, 0x10)

1.009572557s ago: executing program 0 (id=768):
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
write$sndseq(0xffffffffffffffff, &(0x7f0000001380)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0x54)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='cpuacct.usage_user\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0xd7})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x1100, 0x0)
landlock_create_ruleset(0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
io_submit(0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x6a040000)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)

907.343616ms ago: executing program 4 (id=769):
r0 = socket(0x0, 0x4, 0x0)
unshare(0x20000400)
setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, 0x0, 0x0)

788.368275ms ago: executing program 3 (id=770):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
ioctl$sock_inet_SIOCDARP(r0, 0x8954, &(0x7f0000000380)={{0x2, 0x0, @broadcast}, {0x0, @link_local}, 0x0, {0x2, 0x0, @broadcast}})

530.661987ms ago: executing program 4 (id=771):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000f3ffffff850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x0, 0x17e0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

459.207322ms ago: executing program 3 (id=772):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES8=r2], 0x13, 0xa10, &(0x7f00000001c0)="$eJzs3c1vXGe9B/Dv8UviulWStrm9vVGbTNKb1G19Hdu5TW7UxSWxJ4mLX5DtSI1YNKVxUBRDoQWprZBIJWBFBRKIBewqVqwqdUM3qDvYwYoFEuq/UCEWYWV0zoyTsT1jO2lsp+nnY83Mefmd5/mdOS+PZ3x8nrCzLj+y3twba6Ys7V0xtrRUPe5y/OLvPk/qfPGdHf/0gw/fLx/v3ciudOfF4vdJX5Ja0pPkyaR3bHx2ZmqDgq4nl5N8khRJdqfxuimXU/wsLYfBJyl+U9bb0a7NlsxGlvhS2+n9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7kfF2Pjw8EixKxPTF1+pNSS1NcbGZ2eKLC2tnbO8TMPHVa/fxccb1psU5SN9fctdfT+5//bsJ5LUjuSpxthTVYfk6cu7Dz+x76XHe7qWl++Uzeeye/PFvvXOu9dfW1xceHNLErn/na9PT8zNTEydOV+vTczN1E6fPDl8/MK5udq5icn63KW5+fpUbWy2fmZ+ZrY2MPZcbeT06RO1+tClmYvT58eHJuvLE0/9z+jw8Mnay0Nfq5+ZnZuZPv7y0NzYhYnJyYnp81VMObuMOVXuiF+dmK/N189M1WpXry0unFiVU3dW7b9l0MhGa1IGjW4UNDo8OjoyMjo68l6z9+xbE06+ePrFU8PDPcOrZE3EFu203F8e6ryZ7/1JHO5SV6P9TyYzkelczCuptf0Zy3hmM5OpDvObltv/o8fr69bb2v43W/meltkHyqcjOdic2Neh/e+Qy/b9vJV38m6u57UsZjELeXPHM9ren/OpZzoTmctMJjKVM9WUWnNKLadzMicznFdzIYcyl1rOZSKTqWculzKX+dSrPWoss6nnTOYzk9nUMpCxPJdaRnI6p3MitdQzlEuZycVM53zGc6Yq5WquVe/7iXVyvBU0spmg0XWC1jTmd9z+11f/csKXzlacxuGuLDXb/10bhw6MbUdCAAAAwD33X3/Knv2P/fHvSZGnq+/lz01M1od3Oi0AAADgHqou13uqfOkth55O4fM/AAAAPGiKHGx+C9CfQ42h5f+E8iUAAAAAPCCqv/8fTHHo9gSf/wEAAOAB89DyQMd77G94F/5icPn2v7UrjdcrzYjGWNF/bmKyPjQ2M/nSSI5Vdxmo/tNgTWndSdFb/fvB8znciDrc33jtv11iWWdfGTUy9NJIns+RRsSRgWfKl2cG2kSONiKfbUQ+2xrZnRWRJ8pIAHjQHWnfHhebbP97VxQ2eKBq8nsOtGmDh7WsAHC/OFJd/5/kX80uzdp8/m9GHOz0+f9/V33+77mysv1/LFcPNS4pGMrreSOLuZLBNK84ONSu1OXeCBqXIQxu8G1Af/OShb+c6srgmu8D+m6ta2vsQkYz2PYbgZZyi+UcTjTiurdoIwDANjuybju8ufZ/MIONiA6f//tdUggA95VbPdhv4cBOryMAsJJWGgAAAAAAAAAAAAAAAAAAAAAAAAAAAO69Td3A/8/HksXFhWQbOgu4NdB3JxmuP9CVbcp5xwe6k+xU7f+fO16q3Mb3y1v34A38+J+NI+juFt/JsxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbpUi6203vSnYnGU5yfPuz2jo3djqBe6W27tz3Os0obuZm3s6erUgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODLrHn//640Xh9uTEpPV3I0yeUkX9/pHO+lmzudwI75VvXccv//rqQ3S7nR0+wAougdG5+dmSo3f7G7nP/pBx++Xz42LnttrwplAWUNKzqXaNbQMqV35VKPVkv1jy+8df17b3ynNn622jHPzp+bHJ86P/uV24FPFB81ukBo7QZhOd8fHP3Dz1sm72pW/lF6OuW/ut5zVb3ja+v9z3ZLd6h3E64tLoyWNc3XX5n//revvd0y67EcTp4ZSAZW1vTN8tGhpsOr38+Vis+KnxR78qtcrrZ/+W4US0W5ifZW6//Q1WuLC0Ovv7F45VZOP1yR074cSnIl6VuZ0/Jou5wOVeeTth6uau0tax2ugsqn/Rus47paShzp8L4+Wu0y/WvWYb06a53XobLB+97M6ETbjH7x3cdz7I639LENamyr+Kz4W3Ehf82PWvr/6Cq3/9G0PTrbFFFFtuwprfNWHF5djchqzUdbZ7y6usyORyVb4Kf5Rv7v1vbvWirK97/luNmm81FLje2Pi+TOj4vf7l3TotxWtUj7V7VIzbNPp2Waee5vRHXI8z/yQtJz4I7OKC9scEbZquP/18VA/pEb+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuf0XS3W56V3I0yb4ke8vxWrK0OubGXdTX1V/cTZr3zN3k/MVTdFzR4mZu5u3s2e6MAAAAAAAAANgaZ8c//eDD98tH9ff47vx3V3NOLelJsq/4Ze/Y+OzM1AYF9SaXl/+k33dnOVwunx65Pf5JOfbkBgvt7OUDAPCF9u8AAAD//yjzadA=")
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c00)='./file1/file0\x00', 0x0, &(0x7f0000000a40), 0x1, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==")
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_RUN(r3, 0xae80, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000280)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r4, 0xffffffffffffffff, 0x0)
getsockopt$SO_TIMESTAMP(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000380), 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

405.857667ms ago: executing program 0 (id=773):
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'})
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x2}, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x8)

292.309166ms ago: executing program 4 (id=774):
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x3, &(0x7f00000004c0)='\xeda\xfc\xba\xab\x17n\x83e\xe4\x8e\xe0\b\x00\r\x00\x00\x00\x00\xff\xffP\xf9\x17(E^qt\xbc\x7f\xf1\xdf\x1e\xb0RW\xde\x14\xc8\xb5~E%\x9d\x9fG\x80i\xa0\x11%\xcd\xcd\xcb/Cm\xa3K\xb7\xab\x03\x13\x05\xaf\xab\xe9\xd9\x03\x1b}\xa1=\x86E\xf4|]\x92\xc7*\xe9\xa8\a\x00\x00\x00@[\xf9\x15\xc5\xe5\xde}\xf89\xa3E\x05u\x89\x8f\x9e\xa2\xf2\x02\x00\xef1\x0eV\x88\x04\xe2\xd10\xb0\x00`\xb5\xe5\xe6\x14\x8eC\x01\xfd6!\xd1(,\xd7y\xdb\xe1\x008\x98\xf2\xafQ?\xd2\x06\x1ar=\xeeI\xb8\xf7\x00\x00\xa0\x84\xf5$\x86L\x91C\x0e}\xe7?9D\x9e\x83\xf4\xc8Y\xd0K\xb5\xb6\x13\x81a;a+\xd5\xce\"\x0e0)\xa3\xa3\n\x84\x0fN\x87\xdco\xcfL\xfcg\xac y\xcd\xec\x8b\xb9A\x84\x8f\xf2^\xe0\xd7h\xedE\x9f#\xf9\xb2\xa9c\xe1\xca\xcf\x8es\xcf2\xf0\xa8\xcd\x90[]i_\xe3\x81\x9d\x02\f\x1c\xc5\xba\x00\x00\x00\v\xd5\xa9(\x14~=\xd4\x15\xe3^\xb3\xa3n)\x1a\x06\'pEX\xb5\xfb\xabS\x98\x9a\xe3\x03\xb3\x86w,kW3\xdf\xfc`\xbf\b\xafn\x18P#\xe3j\x17r\x8c\xaf\xbaR\xb8C)$\xa1\xd0SL\xd1\v\xfd\xb9\xf2\r\x1b\x9ab\x99z\x83\x0f{y\x91~\x06/E\xe6{\xc1\x9c\xe9?[\xcf/\x85Zn\xa0J]ob\xc3\x11\v\x00\x00\x00\xb7l5\x9d\x87\xff\r\xcc\x16\'\"f%\xaa\xa6l\xf5\ba\x8b\xe2\xaal\xc3\xd0\xa5\xc6\xf5c26\xf1c\xa1\xfa^\x97<\xb3\xe4:\xb3\x04\xa7C\x83\xff\xd7\xff\x82\xd3\xbd\xbd\xd4\xcd~S\n\xa7M.\xac\x13\xea\x00\xe5\x03\xfbm\xb9\xf8ku\xd0\xb07\xd5C\x18\xbc\x86}\xb2\xe8^;R\x84a\xb3gA=\xddkS\xc1#\xb0U\xa0\xbe\xf4\xf2\xa5\x1d\x8c\xe1=\x88\xd7\a\xbe\xe5\xbf', &(0x7f0000000140)='\xc3\xe8&\xc56>\x9dw\xd7I{\x84\xc9\xcc<y\xcbG\xf2\x7f\x1d\xd9\x8f0\x19X-\xd9OG\x17\t\x17\xa3\r\xead\xae]\xed[5D\xf3\xc0RY\x12\r<\x10\xb3b%=\x99n\xb7\xba\x13\x03\x8c\afd6\xb9\nt\xa0\xe6\xd8\xef\x03\xe6\x81\xb4[\xb5_\xb6\xfe^\\\xc3J{\xeb#qlq\xfa,\x9eF\xf3\xa2\f\x06\x82\xfc&\xfa@.N\xf881%\x0f\x8f\xb9\x16\xaa\x12\v.q\xe7\x02N\x9d\xb5\x04\xd4\xc5\t\x89\xce\xcb\xc6\xac\xc2j \x9df\x1b\xb3\xf9(5\xc3%\xac\xdfiQ4=\xe5d\xde\xfbM\xa9\xed\x1d\xd9_\x9cI\xa3V*\"=\x04\xc4}\x8c\xd1V\t\x85\xeb\xc3\x14\x81\x80\xa3_\'\x00\x02\xab\"\x1c\x8e\x11:\xbc\xde\xcc\xe4\xe7[\x02\x94\xdc\x90eM\xed{\x8d\xf19\xf3}\xb1<\xdfG}\xed\x81\xa7T\x11\xa6\nm\xe7b-\xd9\fe\x11\xb1;\xffuGX\xf8\xdfux57\xf3\x8dlX\x15;\xa4\x8f0\x81+6<\xb6gm\xb3r<\xd34\x80\x1b9\xf1\xff\xa9C\xb7\xa2Q\xd0\xde\xd4S1\x1cm\xa7\x8b\x91Y\xc9\x87F\x90D;iF}-d.\x95\x84\xed\xd3\x99\xe9\xca\x93\xf4L\x92(\x86\x0e\x8c\xa2\x94\x03\x04\xb0y\a\xe5\xcdV5\xa7l\x96-\x1fu\b\xea\x14\xf5\xf1\nz\x9cFz\xb5\xc9sGjhl\xf4\xb8ey\xdar\xec\xcawv\xf6\x872\x13,\x164\xafIR\x1a5\x1a\xb4\xa1\xd0Y\xb7\xac\xd1\xabK5%yj\xbc\x8a\xbe', 0x0)

91.260493ms ago: executing program 0 (id=775):
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180200002343ffff0000000000000000850000004100000095"], &(0x7f00000000c0)='GPL\x00'}, 0x4e)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r0, 0x0, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000880)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "010448", 0x20, 0x3a, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], @ndisc_na={0x88, 0x0, 0x0, 0x0, '\x00', @remote, [{0x2, 0x1, "36dad83aea8d"}]}}}}}}, 0x0)

46.685787ms ago: executing program 4 (id=776):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0})
socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

0s ago: executing program 2 (id=721):
unshare(0x20000400)
r0 = socket$caif_seqpacket(0x25, 0x5, 0x0)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 attribute type 1 has an invalid length.
[   86.180680][ T4060] ext4 filesystem being mounted at /18/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[   86.466982][ T4068] loop0: detected capacity change from 0 to 2048
[   87.082494][ T4071] tty tty29: ldisc open failed (-12), clearing slot 28
[   87.195889][ T3552] EXT4-fs (loop4): unmounting filesystem.
[   87.360771][ T4074] loop4: detected capacity change from 0 to 512
[   87.449452][ T4074] EXT4-fs (loop4): orphan cleanup on readonly fs
[   87.512069][ T4074] __quota_error: 50 callbacks suppressed
[   87.512084][ T4074] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[   87.542594][ T4074] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[   87.673687][ T4074] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz.4.116: Failed to acquire dquot type 0
[   87.802986][ T4074] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[   87.840497][ T4074] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[   87.856784][ T4074] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz.4.116: Failed to acquire dquot type 0
[   87.892922][ T4089] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   87.910573][ T4074] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.116: bg 0: block 64: padding at end of block bitmap is not set
[   87.956240][ T4074] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6173: Corrupt filesystem
[   87.967283][ T4074] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[   87.979558][ T4074] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[   87.992127][ T4074] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz.4.116: Failed to acquire dquot type 0
[   88.083963][ T4074] EXT4-fs (loop4): 1 orphan inode deleted
[   88.120844][ T4074] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   88.281347][ T3552] EXT4-fs (loop4): unmounting filesystem.
[   89.182254][ T4111] loop4: detected capacity change from 0 to 512
[   89.477553][ T4111] EXT4-fs: Ignoring removed mblk_io_submit option
[   89.491201][ T4111] EXT4-fs: Ignoring removed mblk_io_submit option
[   89.531078][ T4111] EXT4-fs: Ignoring removed i_version option
[   89.567502][ T4111] ext4: Unknown parameter 'pcr'
[   89.995750][ T4117] loop4: detected capacity change from 0 to 1024
[   90.162577][ T4117] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   90.866244][ T4136] loop3: detected capacity change from 0 to 2048
[   90.965704][ T4136] UDF-fs: bad mount option "gid=(>?YÄ”]ˆx€¥¯Æ{v7dS ß½cø·ˆèüœ¨›‚G¤çâ9Ä~Š2Ü:o>­…Ú%Z1×¥D·|
[   90.965704][ T4136] ñ•ZRJ£ÙLy;G› Ä<¶‚óF3" or missing value
[   91.709967][ T3552] EXT4-fs (loop4): unmounting filesystem.
[   91.823123][ T4145] device syzkaller1 entered promiscuous mode
[   91.932805][ T4153] loop2: detected capacity change from 0 to 256
[   91.977637][ T4153] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[   92.491308][   T41] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   92.651235][ T3836] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   92.861469][   T41] usb 3-1: config index 0 descriptor too short (expected 44, got 36)
[   92.879437][   T41] usb 3-1: config 0 has an invalid interface number: 16 but max is 0
[   92.889009][   T41] usb 3-1: config 0 has no interface number 0
[   92.895367][   T41] usb 3-1: config 0 interface 16 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.907537][   T41] usb 3-1: config 0 interface 16 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.918912][   T41] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[   92.941477][ T3836] usb 2-1: Using ep0 maxpacket: 16
[   92.944561][   T41] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.957732][   T41] usb 3-1: config 0 descriptor??
[   93.421947][ T3836] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[   93.439506][ T3836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.440669][ T4178] loop3: detected capacity change from 0 to 32768
[   93.456107][ T3836] usb 2-1: Product: syz
[   93.459834][   T41] uclogic 0003:5543:0781.0001: unknown main item tag 0x0
[   93.467857][   T41] uclogic 0003:5543:0781.0001: unknown main item tag 0x0
[   93.470521][ T3836] usb 2-1: Manufacturer: syz
[   93.497859][ T3836] usb 2-1: SerialNumber: syz
[   93.499733][   T41] uclogic 0003:5543:0781.0001: item fetching failed at offset 2/5
[   93.530890][ T3836] usb 2-1: config 0 descriptor??
[   93.603092][ T3836] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[   93.617584][ T3836] usb 2-1: Detected FT232H
[   93.697163][   T41] uclogic 0003:5543:0781.0001: parse failed
[   93.703628][   T41] uclogic: probe of 0003:5543:0781.0001 failed with error -22
[   94.781139][ T3836] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   94.968942][   T14] usb 3-1: USB disconnect, device number 2
[   95.031373][ T3836] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[   95.050581][ T3836] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   95.068032][ T4180] loop4: detected capacity change from 0 to 40427
[   95.110345][ T3836] usb 2-1: USB disconnect, device number 2
[   95.119746][ T4180] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   95.128183][ T4188] device syzkaller1 entered promiscuous mode
[   95.141365][ T3836] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   95.171618][ T3836] ftdi_sio 2-1:0.0: device disconnected
[   95.263980][ T4180] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   95.577676][ T4180] F2FS-fs (loop4): Found nat_bits in checkpoint
[   95.611265][   T26] audit: type=1326 audit(1721885304.702:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4189 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a1c775f19 code=0x7ffc0000
[   96.023709][   T26] audit: type=1326 audit(1721885304.702:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4189 comm="syz.2.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a1c775f19 code=0x7ffc0000
[   96.175716][ T4180] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   96.207814][ T4180] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   96.551714][ T4215] 9pnet_fd: p9_fd_create_unix (4215): address too long: ./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   96.734170][ T4222] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   98.241181][   T41] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   98.293621][ T4242] loop0: detected capacity change from 0 to 2048
[   98.402670][ T4242] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz.0.168: bad orphan inode 8192
[   98.428681][ T4247] loop4: detected capacity change from 0 to 512
[   98.437743][ T4242] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[   98.501080][   T41] usb 4-1: Using ep0 maxpacket: 16
[   98.547579][ T4247] EXT4-fs (loop4): orphan cleanup on readonly fs
[   98.597038][ T4247] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[   98.630273][ T4247] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[   98.648500][ T4247] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz.4.169: Failed to acquire dquot type 0
[   98.670114][ T4247] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[   98.683735][ T4247] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[   98.694755][ T4247] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz.4.169: Failed to acquire dquot type 0
[   98.697001][ T4250] loop2: detected capacity change from 0 to 128
[   98.719775][ T4247] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.169: bg 0: block 64: padding at end of block bitmap is not set
[   98.735199][ T4247] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6173: Corrupt filesystem
[   98.745493][ T4247] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated!
[   98.761968][ T4247] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota
[   98.787437][ T4247] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz.4.169: Failed to acquire dquot type 0
[   98.798754][   T41] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[   98.809915][   T41] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.821459][ T4247] EXT4-fs (loop4): 1 orphan inode deleted
[   98.830267][   T41] usb 4-1: Product: syz
[   98.835239][   T41] usb 4-1: Manufacturer: syz
[   98.840820][ T4247] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[   98.850095][   T41] usb 4-1: SerialNumber: syz
[   98.873784][   T41] usb 4-1: config 0 descriptor??
[   99.052119][   T41] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[   99.060379][   T41] usb 4-1: Detected FT232H
[   99.072417][ T3552] EXT4-fs (loop4): unmounting filesystem.
[   99.151138][   T41] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   99.170214][ T4253] netlink: 40 bytes leftover after parsing attributes in process `syz.1.171'.
[   99.411169][   T41] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71
[   99.421392][   T41] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   99.468215][   T41] usb 4-1: USB disconnect, device number 2
[   99.489050][   T41] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   99.528288][   T41] ftdi_sio 4-1:0.0: device disconnected
[   99.762336][ T3595] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  100.021366][ T3595] usb 3-1: Using ep0 maxpacket: 8
[  100.156357][ T3595] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  100.169925][ T3595] usb 3-1: config 179 has no interface number 0
[  100.187845][ T3595] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  100.265934][ T3595] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  100.300793][ T4256] loop4: detected capacity change from 0 to 40427
[  100.319467][ T3595] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  100.532610][ T4256] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  100.567542][ T4256] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  100.633472][ T3595] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  100.644931][ T3595] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  100.658722][ T3595] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  100.668139][ T3595] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.680171][ T4256] F2FS-fs (loop4): Found nat_bits in checkpoint
[  100.691335][ T4261] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  100.773128][ T4256] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  100.784669][ T4256] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  101.030780][ T4261] loop2: detected capacity change from 0 to 1024
[  101.295840][ T3595] usb 3-1: USB disconnect, device number 3
[  101.301734][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  101.301797][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  101.370034][ T4271] loop1: detected capacity change from 0 to 32768
[  101.457530][ T4271] XFS (loop1): Mounting V5 Filesystem
[  101.575779][ T4271] XFS (loop1): Ending clean mount
[  101.777984][ T3545] XFS (loop1): Unmounting Filesystem
[  102.178825][ T4297] loop3: detected capacity change from 0 to 512
[  102.212823][ T4297] EXT4-fs (loop3): orphan cleanup on readonly fs
[  102.247292][ T4297] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  102.291087][ T4297] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  102.300890][ T4297] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz.3.183: Failed to acquire dquot type 0
[  102.306632][ T3546] EXT4-fs (loop0): unmounting filesystem.
[  102.346005][ T4297] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  102.386548][ T4291] loop4: detected capacity change from 0 to 32768
[  102.410272][ T4305] loop2: detected capacity change from 0 to 256
[  102.420277][ T4297] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  102.438179][ T4305] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  102.452336][ T4297] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz.3.183: Failed to acquire dquot type 0
[  102.471757][ T4297] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.183: bg 0: block 64: padding at end of block bitmap is not set
[  102.631706][ T4297] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6173: Corrupt filesystem
[  102.731186][ T4308] capability: warning: `syz.1.180' uses 32-bit capabilities (legacy support in use)
[  103.275704][   T26] audit: type=1326 audit(1721885311.882:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4302 comm="syz.1.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5bb75f19 code=0x7ffc0000
[  103.643900][ T4297] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated!
[  103.892056][ T4297] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[  103.931167][ T4297] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz.3.183: Failed to acquire dquot type 0
[  103.952681][   T26] audit: type=1326 audit(1721885311.882:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4302 comm="syz.1.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5bb75f19 code=0x7ffc0000
[  104.012660][ T4297] EXT4-fs (loop3): 1 orphan inode deleted
[  104.039262][ T4297] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  104.047807][   T26] audit: type=1326 audit(1721885311.882:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4302 comm="syz.1.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7efc5bb75f19 code=0x7ffc0000
[  104.087931][   T26] audit: type=1326 audit(1721885311.902:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4302 comm="syz.1.180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efc5bb75f19 code=0x7ffc0000
[  104.142367][    T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  104.228455][ T3555] EXT4-fs (loop3): unmounting filesystem.
[  104.337655][ T4323] netlink: 'syz.3.190': attribute type 1 has an invalid length.
[  104.415067][ T4323] loop3: detected capacity change from 0 to 2048
[  104.526432][    T7] usb 3-1: config index 0 descriptor too short (expected 44, got 36)
[  104.551026][    T7] usb 3-1: config 0 has an invalid interface number: 16 but max is 0
[  104.569295][    T7] usb 3-1: config 0 has no interface number 0
[  104.584498][    T7] usb 3-1: config 0 interface 16 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.607911][    T7] usb 3-1: config 0 interface 16 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.630661][    T7] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  104.649951][    T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.676098][    T7] usb 3-1: config 0 descriptor??
[  104.781400][ T4326] loop4: detected capacity change from 0 to 2048
[  104.838579][ T4326] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found
[  104.857530][ T4326] UDF-fs: Scanning with blocksize 512 failed
[  104.908025][ T4326] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  105.749141][    T7] uclogic 0003:5543:0781.0002: unknown main item tag 0x0
[  105.776922][    T7] uclogic 0003:5543:0781.0002: unknown main item tag 0x0
[  105.819866][    T7] uclogic 0003:5543:0781.0002: item fetching failed at offset 2/5
[  105.860806][    T7] uclogic 0003:5543:0781.0002: parse failed
[  105.985031][    T7] uclogic: probe of 0003:5543:0781.0002 failed with error -22
[  106.842951][ T4334] loop3: detected capacity change from 0 to 40427
[  106.892058][ T4334] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  106.911083][ T4334] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  107.029971][ T4334] F2FS-fs (loop3): invalid crc value
[  107.178066][ T4334] F2FS-fs (loop3): invalid crc_offset: 33558524
[  107.439504][ T4334] F2FS-fs (loop3): Failed to get valid F2FS checkpoint
[  107.638792][   T41] usb 3-1: USB disconnect, device number 4
[  107.675113][ T4334] loop3: detected capacity change from 0 to 512
[  107.741477][ T4334] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  107.791822][ T4334] EXT4-fs (loop3): orphan cleanup on readonly fs
[  107.812319][ T4334] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3845: comm syz.3.192: Allocating blocks 41-42 which overlap fs metadata
[  107.876027][ T4334] EXT4-fs (loop3): Remounting filesystem read-only
[  107.890831][ T4334] __quota_error: 7 callbacks suppressed
[  107.890843][ T4334] Quota error (device loop3): write_blk: dquota write failed
[  107.924856][ T4362] netlink: 'syz.4.201': attribute type 1 has an invalid length.
[  108.042346][ T4334] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  108.134169][ T4334] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz.3.192: Failed to acquire dquot type 0
[  108.181620][ T4334] EXT4-fs (loop3): 1 truncate cleaned up
[  108.199067][ T4334] EXT4-fs (loop3): pa ffff888074236b60: logic 1, phys. 41, len 23
[  108.207277][ T4334] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4885: group 0, free 22, pa_free 23
[  108.288000][ T4362] loop4: detected capacity change from 0 to 2048
[  108.297460][ T4334] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  108.713096][ T3555] EXT4-fs (loop3): unmounting filesystem.
[  108.795858][ T4350] loop1: detected capacity change from 0 to 32768
[  110.076333][ T4386] Zero length message leads to an empty skb
[  110.097546][ T4385] loop3: detected capacity change from 0 to 2048
[  110.136759][ T4385] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  110.190519][ T4385] UDF-fs: Scanning with blocksize 512 failed
[  110.235988][ T4385] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  110.502249][ T4396] netlink: 20 bytes leftover after parsing attributes in process `syz.4.212'.
[  110.562814][ T4398] device syzkaller1 entered promiscuous mode
[  111.067977][ T4387] loop0: detected capacity change from 0 to 32768
[  111.102974][ T4405] netlink: 76 bytes leftover after parsing attributes in process `syz.4.215'.
[  111.126665][ T4387] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.205 (4387)
[  111.146593][ T4405] openvswitch: netlink: Message has 8 unknown bytes.
[  111.188165][ T4387] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  111.191871][ T4407] loop2: detected capacity change from 0 to 2048
[  111.216465][ T4387] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  111.226804][ T4407] EXT4-fs: Ignoring removed bh option
[  111.261945][ T4407] EXT4-fs: Ignoring removed nomblk_io_submit option
[  111.283521][ T4387] BTRFS info (device loop0): using free space tree
[  111.315244][ T4407] EXT4-fs: Ignoring removed nobh option
[  111.390641][ T4407] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  111.417068][ T4415] loop3: detected capacity change from 0 to 256
[  111.484302][   T26] audit: type=1804 audit(1721885320.642:76): pid=4407 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.216" name="/newroot/41/file1/bus" dev="loop2" ino=18 res=1 errno=0
[  111.533688][ T4407] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm syz.2.216: bg 0: block 2: invalid block bitmap
[  111.649161][ T4407] syz.2.216 (4407) used greatest stack depth: 19744 bytes left
[  111.674672][ T4387] BTRFS info (device loop0): enabling ssd optimizations
[  111.700100][   T26] audit: type=1804 audit(1721885320.852:77): pid=4387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.205" name="/newroot/47/file0/file1" dev="loop0" ino=260 res=1 errno=0
[  111.827671][ T3557] EXT4-fs (loop2): unmounting filesystem.
[  111.836457][ T4387] syz.0.205 (4387) used greatest stack depth: 18584 bytes left
[  111.954089][ T3546] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  112.111631][ T4437] loop1: detected capacity change from 0 to 164
[  112.224017][ T4437] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[  112.534129][ T4456] device syzkaller1 entered promiscuous mode
[  113.589134][ T4468] loop3: detected capacity change from 0 to 32768
[  113.625753][ T4460] loop4: detected capacity change from 0 to 32768
[  113.651717][ T4468] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.231 (4468)
[  113.877879][ T4468] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  113.908532][ T4468] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  115.011192][ T4468] BTRFS info (device loop3): using free space tree
[  115.316275][ T4468] BTRFS info (device loop3): enabling ssd optimizations
[  115.391505][ T4517] device syzkaller1 entered promiscuous mode
[  115.407775][   T26] audit: type=1804 audit(1721885324.562:78): pid=4468 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.231" name="/newroot/40/file0/file1" dev="loop3" ino=260 res=1 errno=0
[  115.512930][ T3555] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  116.876756][ T4544] loop1: detected capacity change from 0 to 512
[  116.978827][ T4544] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  117.063063][ T4544] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038 (0x7fffffff)
[  117.303140][ T3545] EXT4-fs (loop1): unmounting filesystem.
[  117.368040][ T4564] device syzkaller1 entered promiscuous mode
[  117.845255][ T4580] netlink: 76 bytes leftover after parsing attributes in process `syz.0.260'.
[  117.867528][ T4554] loop3: detected capacity change from 0 to 40427
[  117.904318][ T4580] openvswitch: netlink: Message has 8 unknown bytes.
[  117.932991][ T4554] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  117.964627][ T4554] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  118.029678][ T4554] F2FS-fs (loop3): Found nat_bits in checkpoint
[  118.177961][ T4554] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  118.192838][ T4554] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  118.400816][ T4562] loop4: detected capacity change from 0 to 32768
[  119.775013][ T4562] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 scanned by syz.4.255 (4562)
[  119.833936][ T4562] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  119.891300][ T4562] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  119.900770][ T4562] BTRFS info (device loop4): using free space tree
[  120.333060][ T4562] BTRFS error (device loop4): open_ctree failed
[  120.759803][ T4620] netlink: 16 bytes leftover after parsing attributes in process `syz.2.268'.
[  120.779929][ T4624] loop3: detected capacity change from 0 to 512
[  120.839235][ T4624] EXT4-fs: Ignoring removed i_version option
[  120.915589][ T4624] EXT4-fs: Ignoring removed nobh option
[  120.952439][ T4624] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  121.035453][ T4624] EXT4-fs (loop3): 1 truncate cleaned up
[  121.045658][ T4624] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  121.106092][ T4633] device syzkaller1 entered promiscuous mode
[  121.331174][ T4624] loop3: detected capacity change from 512 to 511
[  121.445203][ T3555] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /43/bus: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=33619980, rec_len=46, size=1024 fake=0
[  121.606333][ T3555] EXT4-fs (loop3): unmounting filesystem.
[  121.832452][ T4654] bridge0: port 2(bridge_slave_1) entered disabled state
[  122.399859][ T3664] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.698621][ T3664] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  122.798445][ T4674] netlink: 'syz.2.287': attribute type 1 has an invalid length.
[  122.845798][ T4675] loop2: detected capacity change from 0 to 2048
[  123.014798][ T4670] device syzkaller1 entered promiscuous mode
[  123.021645][ T3559] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  123.031515][ T3559] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  123.039471][ T3559] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  123.047588][ T3559] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  123.055510][ T3559] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  123.065941][ T3559] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  123.130461][ T3664] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.153208][ T3561] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  123.162353][ T3561] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  123.169975][ T3561] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  123.189775][ T3561] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  123.198598][ T3561] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  123.206540][ T3561] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  123.388863][ T3664] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  123.470038][ T4685] Driver unsupported XDP return value 0 on prog  (id 83) dev N/A, expect packet loss!
[  124.012130][ T4678] chnl_net:caif_netlink_parms(): no params data found
[  124.187828][ T4680] chnl_net:caif_netlink_parms(): no params data found
[  124.429212][ T4678] bridge0: port 1(bridge_slave_0) entered blocking state
[  124.451976][ T4678] bridge0: port 1(bridge_slave_0) entered disabled state
[  124.460017][ T4678] device bridge_slave_0 entered promiscuous mode
[  124.473688][ T4678] bridge0: port 2(bridge_slave_1) entered blocking state
[  124.480834][ T4678] bridge0: port 2(bridge_slave_1) entered disabled state
[  124.489231][ T4678] device bridge_slave_1 entered promiscuous mode
[  124.559303][ T4720] loop0: detected capacity change from 0 to 2048
[  124.583934][ T4717] netlink: 'syz.0.296': attribute type 1 has an invalid length.
[  124.845398][ T4678] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  124.996430][ T4678] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.030886][ T4730] device syzkaller1 entered promiscuous mode
[  125.096712][ T4680] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.111102][ T4680] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.119145][ T4680] device bridge_slave_0 entered promiscuous mode
[  125.161106][ T3559] Bluetooth: hci3: command tx timeout
[  125.222566][ T4736] loop2: detected capacity change from 0 to 32768
[  125.241152][ T3559] Bluetooth: hci5: command tx timeout
[  125.296940][ T4733] infiniband syz1: set down
[  125.303349][ T4733] infiniband syz1: added ipvlan1
[  125.305244][ T4736] XFS (loop2): Mounting V5 Filesystem
[  125.316108][ T4680] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.325876][ T4680] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.334616][ T4680] device bridge_slave_1 entered promiscuous mode
[  125.423836][ T4733] RDS/IB: syz1: added
[  125.429687][ T4678] team0: Port device team_slave_0 added
[  125.455879][ T4733] smc: adding ib device syz1 with port count 1
[  125.463464][ T4736] XFS (loop2): Ending clean mount
[  125.489560][ T4733] smc:    ib device syz1 port 1 has pnetid 
[  125.568482][ T3557] XFS (loop2): Unmounting Filesystem
[  125.582225][ T4678] team0: Port device team_slave_1 added
[  125.665402][ T4680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.770785][ T4680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.837150][ T4678] batman_adv: batadv0: Adding interface: batadv_slave_0
[  125.851467][ T4678] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  125.951327][ T4678] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.079423][ T4678] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.079846][ T4767] netlink: 12 bytes leftover after parsing attributes in process `syz.2.301'.
[  126.091036][ T4678] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.137372][ T4678] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.160456][ T4680] team0: Port device team_slave_0 added
[  126.214447][ T4680] team0: Port device team_slave_1 added
[  126.317711][ T4680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.328976][ T4680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.405230][ T4680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.438140][ T4678] device hsr_slave_0 entered promiscuous mode
[  126.465984][ T4678] device hsr_slave_1 entered promiscuous mode
[  126.475962][ T4678] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  126.511058][ T4678] Cannot create hsr debugfs directory
[  126.537333][ T4680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.559039][ T4680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.594069][ T4680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.608614][ T4761] loop1: detected capacity change from 0 to 32768
[  126.699433][ T4761] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 scanned by syz.1.303 (4761)
[  127.241791][ T3559] Bluetooth: hci3: command tx timeout
[  127.288945][ T4680] device hsr_slave_0 entered promiscuous mode
[  127.312509][ T4680] device hsr_slave_1 entered promiscuous mode
[  127.321150][ T3559] Bluetooth: hci5: command tx timeout
[  127.332071][ T4680] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.360079][ T4680] Cannot create hsr debugfs directory
[  127.381029][ T4761] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  127.402592][ T4761] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  127.441722][ T4761] BTRFS info (device loop1): using free space tree
[  127.581533][ T4783] netlink: 76 bytes leftover after parsing attributes in process `syz.2.306'.
[  127.624131][ T4783] openvswitch: netlink: Message has 8 unknown bytes.
[  127.801129][ T4761] BTRFS info (device loop1): enabling ssd optimizations
[  127.833004][   T26] audit: type=1804 audit(1721885336.992:79): pid=4761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.303" name="/newroot/60/file0/file1" dev="loop1" ino=260 res=1 errno=0
[  127.983252][ T3545] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  128.490041][ T4680] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.543373][ T4813] device syzkaller1 entered promiscuous mode
[  128.609444][ T4680] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.772345][ T4680] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.910519][ T4680] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.958714][ T4823] device syzkaller1 entered promiscuous mode
[  129.351483][ T3559] Bluetooth: hci3: command tx timeout
[  129.408293][ T3561] Bluetooth: hci5: command tx timeout
[  129.433462][ T3664] device hsr_slave_0 left promiscuous mode
[  129.440227][ T3664] device hsr_slave_1 left promiscuous mode
[  129.466058][ T3664] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.480647][ T3664] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.498227][ T3664] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.533015][ T3664] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.587850][ T3664] device bridge_slave_1 left promiscuous mode
[  129.623065][ T3664] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.793406][ T3664] device bridge_slave_0 left promiscuous mode
[  129.884998][ T3664] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.229745][ T3664] device veth1_macvtap left promiscuous mode
[  130.269047][ T3664] device veth0_macvtap left promiscuous mode
[  130.276199][ T3664] device veth1_vlan left promiscuous mode
[  130.291951][ T3664] device veth0_vlan left promiscuous mode
[  130.479156][ T3664] bond1 (unregistering): Released all slaves
[  130.648895][ T4837] loop1: detected capacity change from 0 to 32768
[  130.660893][ T4837] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 scanned by syz.1.315 (4837)
[  130.698514][ T4837] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  130.711285][ T4837] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  130.722602][ T4837] BTRFS info (device loop1): using free space tree
[  130.800747][ T4837] BTRFS info (device loop1): enabling ssd optimizations
[  130.824737][   T26] audit: type=1804 audit(1721885339.982:80): pid=4837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.315" name="/newroot/65/file0/file1" dev="loop1" ino=260 res=1 errno=0
[  130.877219][ T3545] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  131.015255][ T3664] team0 (unregistering): Port device team_slave_1 removed
[  131.049940][ T3664] team0 (unregistering): Port device team_slave_0 removed
[  131.086600][ T3664] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.125686][ T3664] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.411124][ T3561] Bluetooth: hci3: command tx timeout
[  131.426773][ T3664] bond0 (unregistering): Released all slaves
[  131.491544][ T3561] Bluetooth: hci5: command tx timeout
[  131.512303][ T4877] device syzkaller1 entered promiscuous mode
[  131.563139][ T4678] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  131.705848][ T4678] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  131.754367][ T4678] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  131.778377][ T4680] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  131.806443][ T4678] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  131.852170][ T4890] device syzkaller1 entered promiscuous mode
[  131.859037][ T4680] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  131.927108][ T4680] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  131.972500][ T4680] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  132.150088][ T4899] netlink: 40 bytes leftover after parsing attributes in process `syz.2.325'.
[  132.166334][ T4678] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.226918][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.237095][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.270667][ T4678] 8021q: adding VLAN 0 to HW filter on device team0
[  132.333215][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  132.354929][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  132.382966][ T3600] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.390120][ T3600] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.435061][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.445259][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  132.473425][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  132.496706][ T3628] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.503862][ T3628] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.547266][ T3628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.583992][ T4680] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.606136][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.611472][ T1252] ieee802154 phy0 wpan0: encryption failed: -22
[  132.620318][ T1252] ieee802154 phy1 wpan1: encryption failed: -22
[  132.643526][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.680189][   T41] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.767801][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.792512][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.829953][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.866379][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  132.891869][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  132.918410][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.937276][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.968309][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  133.013787][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  133.036690][ T4680] 8021q: adding VLAN 0 to HW filter on device team0
[  133.058932][ T4678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  133.188531][ T4907] loop0: detected capacity change from 0 to 32768
[  133.206053][ T4907] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.327 (4907)
[  133.218574][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  133.231570][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  133.239965][ T4439] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.247089][ T4439] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.298555][ T4907] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  133.349949][ T4907] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  133.351570][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  133.411182][ T4907] BTRFS info (device loop0): using free space tree
[  133.431644][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  133.481623][ T4439] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.488731][ T4439] bridge0: port 2(bridge_slave_1) entered forwarding state
[  133.527574][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  133.622654][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  133.630595][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  133.704493][ T4907] BTRFS info (device loop0): enabling ssd optimizations
[  133.712180][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  133.783946][   T26] audit: type=1804 audit(1721885342.942:81): pid=4907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.327" name="/newroot/76/file0/file1" dev="loop0" ino=260 res=1 errno=0
[  133.791425][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  133.857690][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  133.888308][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  133.929826][ T4680] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  133.962978][ T3546] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  133.980710][ T4680] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  134.039194][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  134.080252][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  134.097351][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  134.149935][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  134.198597][ T3559] Bluetooth: hci2: sending frame failed (-49)
[  134.206006][ T3561] Bluetooth: hci2: Opcode 0x1003 failed: -49
[  134.214752][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  134.268686][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  134.448355][ T4678] 8021q: adding VLAN 0 to HW filter on device batadv0
[  134.486718][ T4961] device syzkaller1 entered promiscuous mode
[  134.494329][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  134.511810][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  134.706057][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  134.715758][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  134.783802][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  134.819524][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  134.852657][ T4678] device veth0_vlan entered promiscuous mode
[  134.869481][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  134.887314][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  134.934839][ T4678] device veth1_vlan entered promiscuous mode
[  135.062738][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  135.086517][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  135.152372][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  135.171996][ T4978] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  135.222946][ T4678] device veth0_macvtap entered promiscuous mode
[  135.263250][ T4678] device veth1_macvtap entered promiscuous mode
[  135.332054][ T4680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.380724][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  135.400507][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  135.442469][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  135.475409][  T936] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  135.518858][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.551168][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.607882][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.703858][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.740553][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.770680][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.803340][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.871080][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.915146][ T4678] batman_adv: batadv0: Interface activated: batadv_slave_0
[  135.969215][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  135.988214][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  136.029719][ T5017] netlink: 40 bytes leftover after parsing attributes in process `syz.1.345'.
[  136.073779][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.118114][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.171032][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.199389][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.224752][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.271018][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.301003][ T4678] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.329392][ T4678] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.348839][ T4678] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.350680][   T26] audit: type=1400 audit(1721885345.502:82): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=5026 comm="syz.1.347"
[  136.388531][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  136.397708][ T5029] loop1: detected capacity change from 0 to 512
[  136.398028][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  136.437538][ T4678] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.458134][ T4678] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.495508][ T4678] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.517175][ T5029] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  136.529622][ T4678] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.541364][ T5029] ext4 filesystem being mounted at /76/wÅü5ÔTÕÔ)­`)Y�Fæ¾nA­½@T<Ÿ3»Ú‚$¢ó×rçcnH³<¿pƒrèñ¹“>ÅwC¾" žð-ùËòöè€Ó8 supports timestamps until 2038 (0x7fffffff)
[  136.563649][ T5013] loop2: detected capacity change from 0 to 32768
[  136.589438][ T5013] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.344 (5013)
[  136.645144][ T5013] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  136.717642][ T5013] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  136.737733][ T5029] EXT4-fs error (device loop1): ext4_do_update_inode:5210: inode #2: comm syz.1.347: corrupted inode contents
[  136.781485][ T5013] BTRFS info (device loop2): using free space tree
[  136.817093][ T3665] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.825902][ T5029] EXT4-fs error (device loop1): ext4_dirty_inode:6072: inode #2: comm syz.1.347: mark_inode_dirty error
[  136.846534][ T3612] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.855472][ T3612] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.869252][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  136.879561][ T3665] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.895432][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  136.908722][ T5029] EXT4-fs error (device loop1): ext4_do_update_inode:5210: inode #2: comm syz.1.347: corrupted inode contents
[  136.933889][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  136.950061][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  136.975629][ T5029] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #2: comm syz.1.347: mark_inode_dirty error
[  137.009645][ T4680] device veth0_vlan entered promiscuous mode
[  137.072160][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  137.080444][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  137.125126][ T4680] device veth1_vlan entered promiscuous mode
[  137.159155][ T5013] BTRFS info (device loop2): enabling ssd optimizations
[  137.166265][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  137.181765][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  137.205412][ T3545] EXT4-fs (loop1): unmounting filesystem.
[  137.232194][   T26] audit: type=1804 audit(1721885346.392:83): pid=5013 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.344" name="/newroot/88/file0/file1" dev="loop2" ino=260 res=1 errno=0
[  137.304217][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  137.361920][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  137.404076][ T4680] device veth0_macvtap entered promiscuous mode
[  137.417572][ T5065] loop1: detected capacity change from 0 to 1024
[  137.466162][ T3557] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  137.473822][ T5065] EXT4-fs (loop1): Test dummy encryption mode enabled
[  137.496170][ T4680] device veth1_macvtap entered promiscuous mode
[  137.573703][ T5065] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  137.648815][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.704202][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.744566][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.776097][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.810176][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.858486][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.888579][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.899155][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.916879][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.928704][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.940831][ T4680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  138.032353][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  138.040458][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  138.051099][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  138.060689][  T153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  138.070679][ T5065] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  138.081053][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.111019][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.120831][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.208894][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.259448][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.313868][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.344615][ T5089] loop2: detected capacity change from 0 to 256
[  138.348668][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.391002][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.431017][ T4680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  138.452015][ T5089] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  138.464858][ T4680] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  138.490544][ T4680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  138.544082][ T4680] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.600058][ T4680] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.644468][ T4680] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.678862][ T4680] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  139.018950][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  139.125329][ T4969] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  139.251313][ T5095] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)")
[  139.742858][ T3545] EXT4-fs (loop1): unmounting filesystem.
[  140.146188][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.186666][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.216164][ T4975] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  140.299438][ T5114] loop2: detected capacity change from 0 to 32768
[  140.419633][ T5114] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.358 (5114)
[  140.532385][ T3665] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  140.568065][ T3665] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  140.902473][ T4439] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  141.047096][ T5133] loop3: detected capacity change from 0 to 256
[  141.056560][ T5114] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  141.127259][ T5114] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  141.174072][ T5133] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  141.190567][ T5114] BTRFS info (device loop2): using free space tree
[  142.147438][ T5114] BTRFS info (device loop2): enabling ssd optimizations
[  142.239468][   T26] audit: type=1804 audit(1721885351.392:84): pid=5114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.358" name="/newroot/91/file0/file1" dev="loop2" ino=260 res=1 errno=0
[  142.357059][ T3557] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  143.513158][ T5164] loop4: detected capacity change from 0 to 32768
[  143.529971][    T9] device hsr_slave_0 left promiscuous mode
[  143.601395][    T9] device hsr_slave_1 left promiscuous mode
[  143.709790][ T5164] XFS (loop4): Mounting V5 Filesystem
[  143.719475][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  143.758689][ T5197] syz.1.380[5197] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.758803][ T5197] syz.1.380[5197] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  143.770046][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  143.789997][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  143.799141][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  143.814775][    T9] device bridge_slave_1 left promiscuous mode
[  143.826483][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  143.839177][    T9] device bridge_slave_0 left promiscuous mode
[  143.845901][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  143.861692][ T5199] netlink: 76 bytes leftover after parsing attributes in process `syz.3.378'.
[  143.877325][ T5199] openvswitch: netlink: Message has 8 unknown bytes.
[  143.909108][ T5164] XFS (loop4): Ending clean mount
[  143.979243][    T9] device veth1_macvtap left promiscuous mode
[  144.001452][    T9] device veth0_macvtap left promiscuous mode
[  144.015725][ T4680] XFS (loop4): Unmounting Filesystem
[  144.025571][    T9] device veth1_vlan left promiscuous mode
[  144.055264][    T9] device veth0_vlan left promiscuous mode
[  145.039803][ T5218] loop2: detected capacity change from 0 to 512
[  145.152093][ T5218] EXT4-fs (loop2): 1 orphan inode deleted
[  145.176974][ T5218] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  145.338081][ T3557] EXT4-fs (loop2): unmounting filesystem.
[  145.445448][ T5230] loop4: detected capacity change from 0 to 512
[  145.494960][    T9] bond1 (unregistering): Released all slaves
[  145.508166][ T5230] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.386: casefold flag without casefold feature
[  145.541607][ T5230] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.386: casefold flag without casefold feature
[  145.556771][ T5230] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #12: comm syz.4.386: ea_inode with extended attributes
[  145.571107][ T5230] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.386: error while reading EA inode 12 err=-117
[  145.587157][ T5230] EXT4-fs (loop4): 1 orphan inode deleted
[  145.595590][ T5230] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  146.082863][ T5248] loop3: detected capacity change from 0 to 2048
[  146.096656][ T5248] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  146.120271][ T5248] UDF-fs: warning (device loop3): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  146.184441][ T5248] loop3: detected capacity change from 0 to 1024
[  146.204805][ T5248] EXT4-fs: quotafile must be on filesystem root
[  146.507418][ T5253] loop3: detected capacity change from 0 to 1024
[  147.034854][ T5254] hfsplus: xattr searching failed
[  147.144925][    T9] team0 (unregistering): Port device team_slave_1 removed
[  147.165776][   T51] hfsplus: b-tree write err: -5, ino 4
[  147.226656][    T9] team0 (unregistering): Port device team_slave_0 removed
[  147.272619][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  147.312284][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  147.652995][    T9] bond0 (unregistering): Released all slaves
[  147.807669][ T5237] netlink: 40 bytes leftover after parsing attributes in process `syz.2.393'.
[  147.941316][ T4680] EXT4-fs (loop4): unmounting filesystem.
[  148.129727][ T5267] netlink: 76 bytes leftover after parsing attributes in process `syz.0.401'.
[  148.183797][ T5267] openvswitch: netlink: Message has 8 unknown bytes.
[  149.308102][ T5299] loop2: detected capacity change from 0 to 1024
[  149.374943][ T5299] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  149.484190][ T5303] loop3: detected capacity change from 0 to 512
[  149.504366][ T5301] netlink: 40 bytes leftover after parsing attributes in process `syz.1.415'.
[  149.635234][ T5303] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.414: invalid indirect mapped block 256 (level 2)
[  149.663602][ T5303] EXT4-fs (loop3): 2 truncates cleaned up
[  149.669360][ T5303] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  149.696344][   T26] audit: type=1804 audit(1721885358.852:85): pid=5303 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.414" name="/newroot/19/file1/bus" dev="loop3" ino=18 res=1 errno=0
[  149.797888][ T4678] EXT4-fs (loop3): unmounting filesystem.
[  150.043279][ T5319] loop1: detected capacity change from 0 to 1024
[  150.079663][ T5319] EXT4-fs: Ignoring removed nobh option
[  150.143606][ T5319] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  150.231827][ T5319] EXT4-fs (loop1): re-mounted. Quota mode: writeback.
[  150.324651][ T5290] loop4: detected capacity change from 0 to 32768
[  150.371055][  T153] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  150.438702][ T5290] XFS (loop4): Mounting V5 Filesystem
[  150.566197][ T5290] XFS (loop4): Ending clean mount
[  150.606516][ T5290] XFS (loop4): Quotacheck needed: Please wait.
[  150.621135][  T153] usb 4-1: Using ep0 maxpacket: 8
[  150.693355][ T5290] XFS (loop4): Quotacheck: Done.
[  150.835671][ T3545] EXT4-fs (loop1): unmounting filesystem.
[  150.841365][ T5290] loop4: detected capacity change from 32768 to 0
[  150.901253][    C0] I/O error, dev loop4, sector 11945515059154780159 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[  150.901438][  T153] usb 4-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=ad.59
[  150.960720][ T5316] loop0: detected capacity change from 0 to 40427
[  150.978023][  T153] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  151.008369][  T153] usb 4-1: Product: syz
[  151.013760][  T153] usb 4-1: Manufacturer: syz
[  151.018374][  T153] usb 4-1: SerialNumber: syz
[  151.021331][ T5316] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  151.044842][  T153] usb 4-1: config 0 descriptor??
[  151.064751][ T5316] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  151.082703][  T153] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state.
[  151.114618][ T5320] loop2: detected capacity change from 0 to 40427
[  151.121263][  T153] dvb-usb: bulk message failed: -22 (3/0)
[  151.136946][ T5320] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  151.179364][  T153] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  151.183609][ T5320] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  151.189398][ T4680] XFS (loop4): Unmounting Filesystem
[  151.205619][ T5316] F2FS-fs (loop0): Found nat_bits in checkpoint
[  151.205989][ T5320] F2FS-fs (loop2): invalid crc value
[  151.254580][ T5320] F2FS-fs (loop2): Found nat_bits in checkpoint
[  151.261638][  T153] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device)
[  151.308932][ T5316] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  151.316033][  T153] usb 4-1: media controller created
[  151.318323][ T5316] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  151.370220][  T153] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  151.418872][ T5320] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  151.444080][ T5320] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  151.490851][  T153] dvb-usb: bulk message failed: -22 (6/0)
[  151.518063][  T153] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device'
[  151.564292][   T26] audit: type=1800 audit(1721885360.722:86): pid=5343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.421" name="bus" dev="loop2" ino=10 res=0 errno=0
[  151.609685][  T153] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input5
[  151.623231][ T5320] syz.2.421: attempt to access beyond end of device
[  151.623231][ T5320] loop2: rw=34817, sector=77824, nr_sectors = 848 limit=40427
[  151.680634][  T153] dvb-usb: schedule remote query interval to 150 msecs.
[  151.703399][  T153] dvb-usb: bulk message failed: -22 (3/0)
[  151.751066][  T153] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected.
[  151.813287][  T153] usb 4-1: USB disconnect, device number 3
[  151.958286][  T153] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected.
[  152.006091][ T5346] loop3: detected capacity change from 0 to 128
[  152.035441][ T3559] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  152.045506][ T3559] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  152.071353][ T3551] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  152.079697][ T3551] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  152.087951][ T3559] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  152.215117][ T5352] loop4: detected capacity change from 0 to 256
[  152.232734][ T3559] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  152.337211][ T5354] x_tables: unsorted underflow at hook 3
[  152.627557][ T5352] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  153.818449][ T5372] netlink: 40 bytes leftover after parsing attributes in process `syz.2.429'.
[  154.282471][ T3559] Bluetooth: hci0: command tx timeout
[  154.328625][ T5364] loop0: detected capacity change from 0 to 40427
[  154.344163][ T5364] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  154.358626][ T5364] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  154.358805][    T9] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.388313][ T5364] F2FS-fs (loop0): invalid crc value
[  154.415496][ T5364] F2FS-fs (loop0): Found nat_bits in checkpoint
[  154.458072][    T9] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.494176][ T5348] chnl_net:caif_netlink_parms(): no params data found
[  154.515068][ T4969] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  154.586382][ T5364] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  154.596624][    T9] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.608079][ T5364] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  154.669429][ T5364] syz.0.434: attempt to access beyond end of device
[  154.669429][ T5364] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  154.719726][    T9] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.738311][ T5379] loop2: detected capacity change from 0 to 32768
[  154.743912][ T5364] syz.0.434: attempt to access beyond end of device
[  154.743912][ T5364] loop0: rw=34817, sector=77824, nr_sectors = 848 limit=40427
[  154.767059][ T5379] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.437 (5379)
[  154.791164][ T4969] usb 5-1: Using ep0 maxpacket: 8
[  154.818533][ T5379] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  154.823232][ T5348] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.835952][ T5379] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  154.846539][ T5379] BTRFS info (device loop2): max_inline at 0
[  154.862171][ T5379] BTRFS info (device loop2): enabling auto defrag
[  154.881846][ T5379] BTRFS info (device loop2): doing ref verification
[  154.888883][ T5379] BTRFS info (device loop2): max_inline at 0
[  154.895136][ T5348] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.911138][ T5379] BTRFS info (device loop2): enabling ssd optimizations
[  154.931081][ T5379] BTRFS info (device loop2): turning on sync discard
[  154.937834][ T5379] BTRFS info (device loop2): setting nodatacow, compression disabled
[  154.946541][ T5348] device bridge_slave_0 entered promiscuous mode
[  154.966470][ T5379] BTRFS info (device loop2): using free space tree
[  154.969538][ T5348] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.000666][ T5348] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.029071][ T3546] syz-executor: attempt to access beyond end of device
[  155.029071][ T3546] loop0: rw=2051, sector=45096, nr_sectors = 16 limit=40427
[  155.043956][ T5348] device bridge_slave_1 entered promiscuous mode
[  155.081444][ T4969] usb 5-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=ad.59
[  155.100281][ T3546] F2FS-fs (loop0): Issue discard(5637, 5637, 2) failed, ret: -5
[  155.111287][ T4969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.161187][ T4969] usb 5-1: Product: syz
[  155.165385][ T4969] usb 5-1: Manufacturer: syz
[  155.174343][ T4969] usb 5-1: SerialNumber: syz
[  155.185071][ T5348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  155.205374][ T4969] usb 5-1: config 0 descriptor??
[  155.252734][ T4969] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state.
[  155.308956][ T5348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  155.337008][ T4969] dvb-usb: bulk message failed: -22 (3/0)
[  155.383248][ T4969] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  155.441483][ T4969] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device)
[  155.473990][ T4969] usb 5-1: media controller created
[  155.500623][ T4969] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  155.583173][ T5348] team0: Port device team_slave_0 added
[  155.590840][ T5348] team0: Port device team_slave_1 added
[  155.623315][ T4969] dvb-usb: bulk message failed: -22 (6/0)
[  155.629113][ T4969] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device'
[  155.647448][ T3557] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  155.707756][ T5429] loop0: detected capacity change from 0 to 128
[  155.722479][ T4969] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input6
[  155.768805][ T4969] dvb-usb: schedule remote query interval to 150 msecs.
[  155.790044][ T4969] dvb-usb: bulk message failed: -22 (3/0)
[  155.956343][ T4978] dvb-usb: bulk message failed: -22 (1/0)
[  155.962790][ T4978] dvb-usb: error while querying for an remote control event.
[  155.981037][ T4969] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected.
[  156.104096][ T5435] x_tables: unsorted underflow at hook 3
[  156.381156][ T3561] Bluetooth: hci0: command tx timeout
[  156.462663][ T4969] usb 5-1: USB disconnect, device number 2
[  156.860166][ T4969] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected.
[  156.903978][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.933680][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.031172][ T5348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.121493][ T5348] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.133566][ T5348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.266501][ T5348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.295792][ T5442] device syzkaller1 entered promiscuous mode
[  157.316896][ T5426] loop3: detected capacity change from 0 to 40427
[  157.391292][ T5426] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  157.399047][ T5426] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  157.529675][ T5348] device hsr_slave_0 entered promiscuous mode
[  157.539351][ T5426] F2FS-fs (loop3): Found nat_bits in checkpoint
[  157.556698][ T5348] device hsr_slave_1 entered promiscuous mode
[  157.577648][ T5348] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  157.604382][ T5348] Cannot create hsr debugfs directory
[  157.680668][ T5426] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  157.701077][ T5426] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  158.441113][ T3559] Bluetooth: hci0: command tx timeout
[  158.451092][ T3596] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  158.567521][ T5493] netlink: 76 bytes leftover after parsing attributes in process `syz.2.459'.
[  158.596723][ T5493] openvswitch: netlink: Message has 8 unknown bytes.
[  158.683034][ T5480] loop0: detected capacity change from 0 to 32768
[  158.713730][ T3596] usb 5-1: Using ep0 maxpacket: 8
[  158.724739][ T5480] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.456 (5480)
[  158.769434][ T5480] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  158.798018][ T5480] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  158.826835][ T5480] BTRFS info (device loop0): max_inline at 0
[  158.834407][ T5480] BTRFS info (device loop0): enabling auto defrag
[  158.859466][ T5480] BTRFS info (device loop0): doing ref verification
[  158.870058][ T5480] BTRFS info (device loop0): max_inline at 0
[  158.893480][ T5480] BTRFS info (device loop0): enabling ssd optimizations
[  158.926681][ T5480] BTRFS info (device loop0): turning on sync discard
[  158.954083][ T5480] BTRFS info (device loop0): setting nodatacow, compression disabled
[  158.977647][ T5480] BTRFS info (device loop0): using free space tree
[  159.013664][ T3596] usb 5-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=ad.59
[  159.048897][ T3596] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.075367][ T3596] usb 5-1: Product: syz
[  159.107926][ T3596] usb 5-1: Manufacturer: syz
[  159.160359][ T3596] usb 5-1: SerialNumber: syz
[  159.193951][ T5348] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  159.241612][ T3596] usb 5-1: config 0 descriptor??
[  159.280078][ T5348] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  159.313006][ T3596] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state.
[  159.341573][ T3596] dvb-usb: bulk message failed: -22 (3/0)
[  159.347703][ T4678] syz-executor: attempt to access beyond end of device
[  159.347703][ T4678] loop3: rw=2051, sector=49152, nr_sectors = 4096 limit=40427
[  159.407977][    T9] device hsr_slave_0 left promiscuous mode
[  159.415068][ T4678] syz-executor: attempt to access beyond end of device
[  159.415068][ T4678] loop3: rw=2051, sector=57344, nr_sectors = 20480 limit=40427
[  159.431368][ T4678] syz-executor: attempt to access beyond end of device
[  159.431368][ T4678] loop3: rw=2051, sector=81920, nr_sectors = 4096 limit=40427
[  159.441376][ T3596] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  159.447620][ T4678] F2FS-fs (loop3): Issue discard(6144, 6144, 512) failed, ret: -5
[  159.454866][ T4678] F2FS-fs (loop3): Issue discard(7168, 7168, 2560) failed, ret: -5
[  159.463711][ T4678] F2FS-fs (loop3): Issue discard(10240, 10240, 512) failed, ret: -5
[  159.505469][    T9] device hsr_slave_1 left promiscuous mode
[  159.574633][ T3596] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device)
[  159.616669][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  159.648751][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  159.671642][ T3596] usb 5-1: media controller created
[  159.686521][ T3546] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  159.711768][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  159.719187][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  159.719216][ T3596] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  159.770337][ T3596] dvb-usb: bulk message failed: -22 (6/0)
[  159.780286][ T3596] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device'
[  159.847674][ T3596] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input7
[  159.896073][    T9] device bridge_slave_1 left promiscuous mode
[  159.898437][ T3596] dvb-usb: schedule remote query interval to 150 msecs.
[  159.903806][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.936663][ T3596] dvb-usb: bulk message failed: -22 (3/0)
[  159.972418][    T9] device bridge_slave_0 left promiscuous mode
[  159.988241][ T3596] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected.
[  159.991138][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.019696][ T3596] usb 5-1: USB disconnect, device number 3
[  160.113718][ T3596] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected.
[  160.162022][    T9] device veth1_macvtap left promiscuous mode
[  160.168061][    T9] device veth0_macvtap left promiscuous mode
[  160.211152][    T9] device veth1_vlan left promiscuous mode
[  160.217001][    T9] device veth0_vlan left promiscuous mode
[  160.521239][ T3559] Bluetooth: hci0: command tx timeout
[  161.807368][ T5556] loop0: detected capacity change from 0 to 32768
[  161.838545][ T5556] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.469 (5556)
[  161.871571][ T5556] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  161.894865][ T5556] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  161.917264][ T5556] BTRFS info (device loop0): setting nodatacow, compression disabled
[  161.937073][ T5556] BTRFS info (device loop0): turning on flush-on-commit
[  161.949677][ T5556] BTRFS info (device loop0): enabling auto defrag
[  161.964413][ T5556] BTRFS info (device loop0): max_inline at 0
[  161.975682][ T5556] BTRFS info (device loop0): using free space tree
[  162.090534][ T5563] loop3: detected capacity change from 0 to 32768
[  162.100338][ T5563] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.471 (5563)
[  162.130186][ T5563] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  162.141910][ T5563] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  162.166549][ T5563] BTRFS info (device loop3): max_inline at 0
[  162.187811][ T5563] BTRFS info (device loop3): enabling auto defrag
[  162.194918][ T5563] BTRFS info (device loop3): doing ref verification
[  162.198850][ T5556] BTRFS info (device loop0): enabling ssd optimizations
[  162.209353][ T5563] BTRFS info (device loop3): max_inline at 0
[  162.215867][ T5563] BTRFS info (device loop3): enabling ssd optimizations
[  162.223455][ T5563] BTRFS info (device loop3): turning on sync discard
[  162.225338][    T9] team0 (unregistering): Port device team_slave_1 removed
[  162.231046][ T5563] BTRFS info (device loop3): setting nodatacow, compression disabled
[  162.247081][ T5563] BTRFS info (device loop3): using free space tree
[  162.319970][    T9] team0 (unregistering): Port device team_slave_0 removed
[  162.459967][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  162.519508][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  162.538134][ T4678] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  162.945345][ T5609] loop3: detected capacity change from 0 to 512
[  162.990930][ T5609] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  163.018186][ T5609] EXT4-fs (loop3): orphan cleanup on readonly fs
[  163.041600][ T5609] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #16: comm syz.3.473: casefold flag without casefold feature
[  163.070639][ T5609] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #16: comm syz.3.473: unexpected EA_INODE flag
[  163.109761][ T5609] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.473: couldn't read orphan inode 16 (err -117)
[  163.129169][ T5609] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  163.309436][ T3546] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  163.468360][    T9] bond0 (unregistering): Released all slaves
[  163.560823][ T5348] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  163.581672][ T5608] netlink: 'syz.3.473': attribute type 10 has an invalid length.
[  163.594085][ T5608] bond0: (slave bond_slave_0): Releasing backup interface
[  163.623792][ T5348] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  163.760073][ T4678] EXT4-fs (loop3): unmounting filesystem.
[  164.061253][ T4969] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  164.119239][ T5348] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.224559][ T4974] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  164.247016][ T4974] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  164.287676][ T5348] 8021q: adding VLAN 0 to HW filter on device team0
[  164.331095][ T4969] usb 5-1: Using ep0 maxpacket: 8
[  164.335642][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  164.347847][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  164.397968][ T3593] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.405119][ T3593] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.456568][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  164.477343][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  164.507471][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  164.546840][ T3838] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.553978][ T3838] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.597200][ T3838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  164.611119][ T4969] usb 5-1: New USB device found, idVendor=1822, idProduct=3202, bcdDevice=ad.59
[  164.640488][ T4969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.657956][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  164.677608][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  164.684607][ T4969] usb 5-1: Product: syz
[  164.689672][ T4969] usb 5-1: Manufacturer: syz
[  164.727429][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  164.731411][ T4969] usb 5-1: SerialNumber: syz
[  164.755596][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  164.758170][ T4969] usb 5-1: config 0 descriptor??
[  164.802087][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  164.813942][ T4969] dvb-usb: found a 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device' in warm state.
[  164.842731][ T5348] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  164.861859][ T4969] dvb-usb: bulk message failed: -22 (3/0)
[  164.894040][ T5348] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  164.906202][ T4969] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  164.940658][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  164.957125][ T4969] dvbdev: DVB: registering new adapter (TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device)
[  164.961660][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  165.009233][ T4969] usb 5-1: media controller created
[  165.019663][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  165.061994][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  165.075607][ T4969] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  165.087489][ T3593] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  165.165302][ T4969] dvb-usb: bulk message failed: -22 (6/0)
[  165.174703][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  165.195812][ T4969] dvb-usb: no frontend was attached by 'TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device'
[  165.246300][ T5653] device syzkaller1 entered promiscuous mode
[  165.283070][ T4969] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input8
[  165.326181][ T4969] dvb-usb: schedule remote query interval to 150 msecs.
[  165.361067][ T4969] dvb-usb: bulk message failed: -22 (3/0)
[  165.411176][ T4969] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I / HAMA USB1.1 DVB-T device successfully initialized and connected.
[  165.456923][ T5634] loop2: detected capacity change from 0 to 32768
[  165.465711][ T4969] usb 5-1: USB disconnect, device number 4
[  165.491779][ T5634] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.482 (5634)
[  165.624197][ T4969] dvb-usb: TwinhanDTV USB-Ter USB1.1 / Magic Box I successfully deinitialized and disconnected.
[  165.709403][ T5634] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  165.732550][ T5634] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  165.770541][ T5634] BTRFS info (device loop2): using free space tree
[  165.830529][ T5678] device pim6reg1 entered promiscuous mode
[  166.002239][ T5348] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.065445][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  166.093570][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  166.224175][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  166.265038][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  166.294410][ T5634] BTRFS info (device loop2): enabling ssd optimizations
[  166.365429][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  166.379815][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  166.406582][   T26] audit: type=1804 audit(1721885375.562:87): pid=5634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.482" name="/newroot/116/file0/file1" dev="loop2" ino=260 res=1 errno=0
[  166.455085][ T5348] device veth0_vlan entered promiscuous mode
[  166.488839][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  166.504173][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  166.534837][ T5348] device veth1_vlan entered promiscuous mode
[  166.557375][ T3557] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  166.719261][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  166.756075][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  166.786494][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  166.824002][ T3837] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  166.856783][ T5348] device veth0_macvtap entered promiscuous mode
[  166.887863][ T5717] netlink: 40 bytes leftover after parsing attributes in process `syz.3.497'.
[  166.909141][ T5348] device veth1_macvtap entered promiscuous mode
[  167.010359][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.158247][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.169299][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.202883][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.239351][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.261441][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.281103][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.291912][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.303665][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_0
[  167.320680][ T4972] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  167.339813][ T4972] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  167.390479][ T4972] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  167.414541][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.480288][ T5736] loop2: detected capacity change from 0 to 1024
[  167.513934][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.544405][ T5739] loop3: detected capacity change from 0 to 128
[  167.587714][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.614606][ T5736] hfsplus: extend alloc file! (8192,65536,366)
[  167.655350][ T5739] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  167.670704][ T5739] ext4 filesystem being mounted at /46/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  167.680998][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.719709][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.740548][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.750452][ T5348] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.792632][ T5348] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.870607][ T5348] batman_adv: batadv0: Interface activated: batadv_slave_1
[  167.898129][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  167.952002][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  167.962088][ T5739] process 'syz.3.503' launched './file0' with NULL argv: empty string added
[  167.985853][ T5348] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.039919][ T5348] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.079332][ T5348] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.106461][ T5348] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.355058][ T4678] EXT4-fs (loop3): unmounting filesystem.
[  168.582456][ T3827] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.590538][ T3827] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.673896][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  168.702995][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  168.718284][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  168.757344][ T5529] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  169.362421][ T5781] netlink: 'syz.3.513': attribute type 10 has an invalid length.
[  169.457909][ T5781] loop3: detected capacity change from 0 to 512
[  169.556863][ T5781] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  169.572465][ T5781] EXT4-fs (loop3): orphan cleanup on readonly fs
[  169.599690][ T5781] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #16: comm syz.3.513: casefold flag without casefold feature
[  169.731402][ T5781] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #16: comm syz.3.513: unexpected EA_INODE flag
[  169.747549][ T5798] netlink: 76 bytes leftover after parsing attributes in process `syz.1.515'.
[  169.756738][ T5798] openvswitch: netlink: Message has 8 unknown bytes.
[  169.774014][ T5781] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.513: couldn't read orphan inode 16 (err -117)
[  169.809459][ T5781] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  169.973523][ T4678] EXT4-fs (loop3): unmounting filesystem.
[  170.130005][ T5811] loop3: detected capacity change from 0 to 164
[  170.169800][ T5811] Unable to read rock-ridge attributes
[  170.221157][ T3837] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  170.299079][ T5811] Unable to read rock-ridge attributes
[  171.211224][ T3837] usb 5-1: Using ep0 maxpacket: 8
[  171.501276][ T3837] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  171.517977][ T5835] 9pnet_fd: Insufficient options for proto=fd
[  171.520587][ T3837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.561108][ T3837] usb 5-1: Product: syz
[  171.571238][ T3837] usb 5-1: Manufacturer: syz
[  171.575993][ T3837] usb 5-1: SerialNumber: syz
[  171.601704][ T3837] usb 5-1: config 0 descriptor??
[  171.847291][ T5845] capability: warning: `syz.1.533' uses deprecated v2 capabilities in a way that may be insecure
[  171.862406][ T3837] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  172.001229][ T4969] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  172.060659][ T5852] loop2: detected capacity change from 0 to 1024
[  172.099897][ T5821] loop0: detected capacity change from 0 to 32768
[  172.173524][ T5821] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.525 (5821)
[  172.185399][ T5855] device syzkaller1 entered promiscuous mode
[  172.241212][ T5821] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  172.287324][ T5821] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  172.331044][ T5821] BTRFS info (device loop0): setting nodatacow, compression disabled
[  172.356097][ T5821] BTRFS info (device loop0): turning on flush-on-commit
[  172.361160][ T4969] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  172.366172][ T5821] BTRFS info (device loop0): enabling auto defrag
[  172.396349][ T4969] usb 4-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=a0.b5
[  172.397850][ T5821] BTRFS info (device loop0): max_inline at 0
[  172.426697][ T4969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.438264][ T5821] BTRFS info (device loop0): using free space tree
[  172.461953][ T4969] usb 4-1: config 0 descriptor??
[  172.611120][ T5821] BTRFS info (device loop0): enabling ssd optimizations
[  172.727496][ T5529] usb 4-1: USB disconnect, device number 4
[  172.951465][ T5886] device syzkaller1 entered promiscuous mode
[  174.421150][ T3837] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[  174.531172][ T3837] usb 5-1: USB disconnect, device number 5
[  174.561923][ T3546] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  174.919172][ T5924] loop4: detected capacity change from 0 to 128
[  175.375522][ T5937] netlink: 'syz.4.562': attribute type 34 has an invalid length.
[  175.921391][ T5070] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  176.852085][ T5070] usb 4-1: Using ep0 maxpacket: 8
[  177.033541][ T5975] netlink: 'syz.0.578': attribute type 34 has an invalid length.
[  177.131137][ T5070] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  177.140206][ T5070] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.196367][ T5070] usb 4-1: Product: syz
[  177.200560][ T5070] usb 4-1: Manufacturer: syz
[  177.216364][ T5070] usb 4-1: SerialNumber: syz
[  177.241252][ T5070] usb 4-1: config 0 descriptor??
[  177.302603][ T5983] loop0: detected capacity change from 0 to 512
[  177.320477][ T5983] EXT4-fs: Ignoring removed nobh option
[  177.362034][ T5983] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  177.370266][ T5983] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -61
[  177.391145][ T5983] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #13: comm syz.0.583: casefold flag without casefold feature
[  177.405653][ T5983] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #13: comm syz.0.583: unexpected EA_INODE flag
[  177.421577][ T5983] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.583: couldn't read orphan inode 13 (err -117)
[  177.443162][ T5983] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  177.459943][ T5989] netlink: 8 bytes leftover after parsing attributes in process `syz.1.584'.
[  177.481771][ T5983] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  177.491164][ T5070] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  177.512272][ T5983] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  177.520522][ T5983] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  177.543969][ T5983] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  177.607663][ T3546] EXT4-fs (loop0): unmounting filesystem.
[  177.637363][ T5991] netlink: 8 bytes leftover after parsing attributes in process `syz.2.586'.
[  177.937482][ T5998] device syzkaller1 entered promiscuous mode
[  178.115787][ T6014] loop1: detected capacity change from 0 to 2048
[  178.704985][ T6014] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  179.148626][ T5348] EXT4-fs (loop1): unmounting filesystem.
[  179.881326][ T5070] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71
[  179.900661][ T5070] usb 4-1: USB disconnect, device number 5
[  180.119186][ T6055] netlink: 'syz.1.609': attribute type 34 has an invalid length.
[  180.158076][ T6035] loop4: detected capacity change from 0 to 32768
[  180.220332][ T6059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.234989][ T6059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  180.324992][ T6035] XFS (loop4): Mounting V5 Filesystem
[  180.478705][ T6035] XFS (loop4): Ending clean mount
[  180.504566][ T6035] XFS (loop4): Quotacheck needed: Please wait.
[  180.604540][ T6035] XFS (loop4): Quotacheck: Done.
[  180.629862][ T6083] netlink: 60 bytes leftover after parsing attributes in process `syz.0.614'.
[  180.645462][ T6083] netlink: 60 bytes leftover after parsing attributes in process `syz.0.614'.
[  180.746258][ T6035] syz.4.601: attempt to access beyond end of device
[  180.746258][ T6035] loop4: rw=4096, sector=9621242980929110015, nr_sectors = 1 limit=32768
[  180.841172][ T3559] Bluetooth: hci1: command 0x0406 tx timeout
[  180.847217][ T3559] Bluetooth: hci4: command 0x0406 tx timeout
[  180.929156][ T4680] XFS (loop4): Unmounting Filesystem
[  180.955540][ T6096] netlink: 'syz.2.622': attribute type 34 has an invalid length.
[  180.998947][ T6094] loop1: detected capacity change from 0 to 512
[  181.053530][ T6094] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  181.162204][ T6094] EXT4-fs (loop1): orphan cleanup on readonly fs
[  181.198363][ T6094] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #16: comm syz.1.619: casefold flag without casefold feature
[  181.221324][ T6094] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #16: comm syz.1.619: unexpected EA_INODE flag
[  181.388724][ T6094] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.619: couldn't read orphan inode 16 (err -117)
[  181.505302][ T6094] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  181.820232][ T5348] EXT4-fs (loop1): unmounting filesystem.
[  181.845885][ T6109] device syzkaller1 entered promiscuous mode
[  182.151241][ T6115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  182.186373][ T6115] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  182.297650][ T6123] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  182.390109][ T6127] netlink: 'syz.4.634': attribute type 34 has an invalid length.
[  182.874981][ T6140] netlink: 4 bytes leftover after parsing attributes in process `syz.0.641'.
[  183.019631][ T6126] loop2: detected capacity change from 0 to 32768
[  183.019943][ T6144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.641'.
[  183.106778][ T6126] XFS (loop2): Mounting V5 Filesystem
[  183.209828][ T6163] netlink: 'syz.4.646': attribute type 34 has an invalid length.
[  183.259214][ T6126] XFS (loop2): Ending clean mount
[  183.279981][ T6126] XFS (loop2): Quotacheck needed: Please wait.
[  183.467242][ T6172] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  183.512405][ T6172] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  183.531511][ T6126] XFS (loop2): Quotacheck: Done.
[  183.827812][ T6181] syz.2.632: attempt to access beyond end of device
[  183.827812][ T6181] loop2: rw=4096, sector=9621242980929110015, nr_sectors = 1 limit=32768
[  184.480705][ T3557] XFS (loop2): Unmounting Filesystem
[  184.828903][ T6196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.663'.
[  184.861306][ T5070] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  185.141181][ T5070] usb 1-1: Using ep0 maxpacket: 32
[  185.240871][ T6200] netlink: 4 bytes leftover after parsing attributes in process `syz.1.663'.
[  185.281316][ T5070] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  185.311018][ T5070] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.377840][ T5070] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  185.413343][ T5070] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.434956][ T6206] netlink: 'syz.3.667': attribute type 7 has an invalid length.
[  185.444927][ T5070] usb 1-1: config 0 descriptor??
[  185.463188][ T6206] netlink: 'syz.3.667': attribute type 39 has an invalid length.
[  185.495834][ T5070] hub 1-1:0.0: USB hub found
[  185.687457][ T6215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  185.719020][ T6215] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  185.746491][ T5070] hub 1-1:0.0: 1 port detected
[  185.800393][ T6221] netlink: 'syz.2.661': attribute type 7 has an invalid length.
[  185.808781][ T6221] netlink: 'syz.2.661': attribute type 39 has an invalid length.
[  185.850354][ T6221] bridge1: port 1(gretap1) entered blocking state
[  185.870751][ T6221] bridge1: port 1(gretap1) entered disabled state
[  185.899044][ T6221] device gretap1 entered promiscuous mode
[  185.916146][ T6225] netlink: 'syz.2.661': attribute type 7 has an invalid length.
[  185.938961][ T6225] netlink: 'syz.2.661': attribute type 39 has an invalid length.
[  186.901320][ T5070] hub 1-1:0.0: activate --> -90
[  187.104378][ T3593] usb 1-1: USB disconnect, device number 3
[  187.131386][ T5070] hub 1-1:0.0: hub_ext_port_status failed (err = -71)
[  187.380929][ T6259] device syzkaller1 entered promiscuous mode
[  187.462665][ T6263] netlink: 'syz.3.688': attribute type 34 has an invalid length.
[  187.492267][ T6266] netlink: 40 bytes leftover after parsing attributes in process `syz.2.690'.
[  187.542275][ T6266] netlink: 20 bytes leftover after parsing attributes in process `syz.2.690'.
[  187.971529][ T6284] device syzkaller1 entered promiscuous mode
[  188.063567][ T6290] sctp: [Deprecated]: syz.3.699 (pid 6290) Use of struct sctp_assoc_value in delayed_ack socket option.
[  188.063567][ T6290] Use struct sctp_sack_info instead
[  188.158996][ T6264] loop4: detected capacity change from 0 to 32768
[  188.184988][ T6264] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 scanned by syz.4.689 (6264)
[  188.246086][ T6264] BTRFS info (device loop4): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  188.268477][ T6264] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  188.280133][ T6264] BTRFS info (device loop4): using free space tree
[  188.288928][ T6297] netlink: 'syz.2.702': attribute type 34 has an invalid length.
[  188.411347][ T6264] BTRFS info (device loop4): enabling ssd optimizations
[  188.420259][ T6315] device syzkaller1 entered promiscuous mode
[  188.445774][   T26] audit: type=1804 audit(1721885397.602:88): pid=6264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.689" name="/newroot/54/file0/file1" dev="loop4" ino=260 res=1 errno=0
[  188.484325][ T4680] BTRFS info (device loop4): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  188.879148][ T6288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  189.016305][ T6332] netlink: 76 bytes leftover after parsing attributes in process `syz.3.710'.
[  189.034252][ T6332] openvswitch: netlink: Message has 8 unknown bytes.
[  189.830115][ T6354] netlink: 44 bytes leftover after parsing attributes in process `syz.0.717'.
[  189.884150][ T6354] IPVS: lblc: SCTP 172.20.20.187:0 - no destination available
[  189.959942][ T6342] loop1: detected capacity change from 0 to 32768
[  189.988281][ T6342] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 scanned by syz.1.714 (6342)
[  190.025106][ T6342] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  190.041828][ T6342] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  190.059395][ T6342] BTRFS info (device loop1): using free space tree
[  190.230151][ T6342] BTRFS info (device loop1): enabling ssd optimizations
[  190.289104][   T26] audit: type=1804 audit(1721885399.442:89): pid=6342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.714" name="/newroot/57/file0/file1" dev="loop1" ino=260 res=1 errno=0
[  190.353370][ T3817] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.399702][ T5348] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  190.642060][ T3817] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.787429][ T3817] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.117185][ T3817] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.313160][ T3561] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  191.323315][ T3561] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  191.332408][ T3561] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  191.343276][ T3561] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  191.351052][ T3561] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  191.358416][ T3561] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  191.511206][ T3333] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  191.771037][ T3333] usb 2-1: Using ep0 maxpacket: 32
[  191.891274][ T3333] usb 2-1: config 0 has no interfaces?
[  191.896870][ T3333] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  191.942667][ T3333] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.733822][ T3333] usb 2-1: config 0 descriptor??
[  193.046628][ T6431] netlink: 44 bytes leftover after parsing attributes in process `syz.4.731'.
[  193.096062][ T6431] IPVS: lblc: SCTP 172.20.20.187:0 - no destination available
[  193.270595][ T6399] chnl_net:caif_netlink_parms(): no params data found
[  193.401615][ T3561] Bluetooth: hci2: command tx timeout
[  193.424215][ T3817] device gretap1 left promiscuous mode
[  193.450063][ T3817] bridge1: port 1(gretap1) entered disabled state
[  193.566050][ T6426] loop3: detected capacity change from 0 to 32768
[  193.595694][ T6399] bridge0: port 1(bridge_slave_0) entered blocking state
[  193.629280][ T6399] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.677646][ T6399] device bridge_slave_0 entered promiscuous mode
[  193.687675][ T6426] XFS (loop3): Mounting V5 Filesystem
[  193.751202][ T6399] bridge0: port 2(bridge_slave_1) entered blocking state
[  193.787227][ T6399] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.803115][ T6426] XFS (loop3): Ending clean mount
[  193.826847][ T6399] device bridge_slave_1 entered promiscuous mode
[  193.858773][ T6426] XFS (loop3): Quotacheck needed: Please wait.
[  193.955196][ T6426] XFS (loop3): Quotacheck: Done.
[  194.013185][ T6426] syz.3.730: attempt to access beyond end of device
[  194.013185][ T6426] loop3: rw=4096, sector=9621242980929110015, nr_sectors = 1 limit=32768
[  194.035187][ T6399] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  194.061257][ T1252] ieee802154 phy0 wpan0: encryption failed: -22
[  194.067566][ T1252] ieee802154 phy1 wpan1: encryption failed: -22
[  194.121268][ T6399] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  194.154565][ T4678] XFS (loop3): Unmounting Filesystem
[  194.337254][ T6399] team0: Port device team_slave_0 added
[  194.377261][ T6399] team0: Port device team_slave_1 added
[  194.489520][ T6399] batman_adv: batadv0: Adding interface: batadv_slave_0
[  194.512517][ T6399] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  194.581294][ T6399] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  194.657789][ T3817] device hsr_slave_0 left promiscuous mode
[  194.683371][ T3817] device hsr_slave_1 left promiscuous mode
[  194.690266][ T3817] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  194.704594][ T3817] batman_adv: batadv0: Removing interface: batadv_slave_0
[  194.736063][ T3817] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  194.748117][ T3817] batman_adv: batadv0: Removing interface: batadv_slave_1
[  194.779084][ T3817] device bridge_slave_1 left promiscuous mode
[  194.794312][ T3817] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.870306][ T3817] device bridge_slave_0 left promiscuous mode
[  194.878874][ T3817] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.071159][ T3817] device veth1_macvtap left promiscuous mode
[  195.077233][ T3817] device veth0_macvtap left promiscuous mode
[  195.106432][ T3817] device veth1_vlan left promiscuous mode
[  195.121395][ T3817] device veth0_vlan left promiscuous mode
[  195.193158][ T6465] loop0: detected capacity change from 0 to 32768
[  195.220097][ T6465] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 scanned by syz.0.733 (6465)
[  195.267243][ T6465] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  195.277827][ T6465] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  195.287442][ T6465] BTRFS info (device loop0): using free space tree
[  195.338574][ T3333] usb 2-1: USB disconnect, device number 3
[  195.437769][ T6465] BTRFS info (device loop0): enabling ssd optimizations
[  195.465783][ T3817] bond1 (unregistering): Released all slaves
[  195.475664][   T26] audit: type=1804 audit(1721885404.632:90): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.733" name="/newroot/156/file0/file1" dev="loop0" ino=260 res=1 errno=0
[  195.498159][ T3561] Bluetooth: hci2: command tx timeout
[  195.534093][ T3546] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  195.755591][ T6468] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  195.804234][ T3333] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  195.944775][ T3817] team0 (unregistering): Port device team_slave_1 removed
[  195.976252][ T3817] team0 (unregistering): Port device team_slave_0 removed
[  196.003428][ T3817] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.033230][ T3817] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.053616][ T3333] usb 2-1: Using ep0 maxpacket: 32
[  196.061149][ T5072] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  196.171793][ T3333] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  196.182669][ T3333] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  196.192348][ T3333] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.202303][ T3333] usb 2-1: config 0 descriptor??
[  196.223302][ T6492] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  196.245602][ T3333] hub 2-1:0.0: bad descriptor, ignoring hub
[  196.251612][ T3333] hub: probe of 2-1:0.0 failed with error -5
[  196.258408][ T3333] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  196.336871][ T5072] usb 1-1: Using ep0 maxpacket: 8
[  196.407135][ T3817] bond0 (unregistering): Released all slaves
[  196.459115][ T6399] batman_adv: batadv0: Adding interface: batadv_slave_1
[  196.469467][ T6399] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  196.498828][ T6399] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  196.533678][ T6473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.736'.
[  196.560286][ T6474] netlink: 4 bytes leftover after parsing attributes in process `syz.4.736'.
[  196.641234][ T5072] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  196.651217][ T5072] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.659224][ T5072] usb 1-1: Product: syz
[  196.667359][ T5072] usb 1-1: Manufacturer: syz
[  196.672290][ T5072] usb 1-1: SerialNumber: syz
[  196.679397][ T5072] usb 1-1: config 0 descriptor??
[  196.690461][ T6399] device hsr_slave_0 entered promiscuous mode
[  196.697475][ T6399] device hsr_slave_1 entered promiscuous mode
[  197.492689][ T6505] device syzkaller1 entered promiscuous mode
[  197.544924][ T5072] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  197.561308][ T3561] Bluetooth: hci2: command tx timeout
[  198.263487][ T6399] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  198.313758][ T6399] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  198.330109][ T6399] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  198.350071][ T6399] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  198.551239][ T3333] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  198.572716][ T4621] usb 2-1: USB disconnect, device number 4
[  198.592165][ T6399] 8021q: adding VLAN 0 to HW filter on device bond0
[  198.633765][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  198.642114][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  198.660171][ T6399] 8021q: adding VLAN 0 to HW filter on device team0
[  198.702522][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  198.711949][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  198.724996][ T3600] bridge0: port 1(bridge_slave_0) entered blocking state
[  198.732163][ T3600] bridge0: port 1(bridge_slave_0) entered forwarding state
[  198.760365][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  198.775515][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  198.791832][ T3600] bridge0: port 2(bridge_slave_1) entered blocking state
[  198.798954][ T3600] bridge0: port 2(bridge_slave_1) entered forwarding state
[  198.906581][ T4979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  198.921132][ T3333] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.934762][ T6534] loop3: detected capacity change from 0 to 32768
[  199.116151][ T6534] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.747 (6534)
[  199.396056][ T6534] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  199.570689][ T6534] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  199.640481][ T6534] BTRFS info (device loop3): using free space tree
[  199.647637][ T3561] Bluetooth: hci2: command tx timeout
[  199.657434][ T4979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  199.665407][ T3333] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  199.679184][ T4979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  199.687309][ T3333] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  199.697499][ T4979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  199.712641][ T3333] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.731159][ T5072] dvb_usb_rtl28xxu: probe of 1-1:0.0 failed with error -71
[  199.732138][ T4979] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  199.745779][ T5072] usb 1-1: USB disconnect, device number 4
[  199.791855][ T3333] usb 5-1: config 0 descriptor??
[  199.800961][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  199.809703][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  199.818869][ T3591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  199.834133][ T3333] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  199.850432][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  199.871811][ T3595] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  199.884204][ T6399] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  199.923715][ T6399] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  199.967211][ T4621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  199.976077][ T4621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  200.007446][ T6534] BTRFS info (device loop3): enabling ssd optimizations
[  200.044288][   T26] audit: type=1804 audit(1721885409.202:91): pid=6534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.747" name="/newroot/93/file0/file1" dev="loop3" ino=260 res=1 errno=0
[  200.213826][ T4678] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  200.220722][ T6561] device syzkaller1 entered promiscuous mode
[  200.686349][ T6596] netlink: 76 bytes leftover after parsing attributes in process `syz.0.754'.
[  200.772854][ T6596] openvswitch: netlink: Message has 8 unknown bytes.
[  200.841739][ T6399] 8021q: adding VLAN 0 to HW filter on device batadv0
[  200.889625][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  200.919612][ T3600] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  200.970731][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  201.012704][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  201.093403][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  201.109286][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  201.150924][ T6399] device veth0_vlan entered promiscuous mode
[  201.174644][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  201.190580][ T4440] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  201.231181][ T3591] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  201.260223][ T6399] device veth1_vlan entered promiscuous mode
[  201.307932][ T4440] usb 5-1: USB disconnect, device number 6
[  201.346984][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  201.366379][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  201.405683][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  201.441968][ T5070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  201.481348][ T3591] usb 4-1: Using ep0 maxpacket: 8
[  201.488704][ T6399] device veth0_macvtap entered promiscuous mode
[  201.527954][ T6399] device veth1_macvtap entered promiscuous mode
[  201.598532][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.716092][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.591232][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.641365][ T3591] usb 4-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  203.650448][ T3591] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.667012][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.690499][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.707605][ T3591] usb 4-1: Product: syz
[  203.727368][ T3591] usb 4-1: Manufacturer: syz
[  203.732364][ T3591] usb 4-1: SerialNumber: syz
[  203.738045][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.752843][ T3591] usb 4-1: config 0 descriptor??
[  203.834572][ T3591] gspca_main: sq930x-2.14.0 probing 2770:930c
[  203.841591][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.899080][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.922717][ T6399] batman_adv: batadv0: Interface activated: batadv_slave_0
[  203.963406][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  204.173706][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  204.352872][ T3591] gspca_sq930x: reg_r 001f failed -110
[  204.357782][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  204.358561][ T3591] sq930x: probe of 4-1:0.0 failed with error -110
[  204.385678][ T3591] usb 4-1: USB disconnect, device number 6
[  204.468588][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  204.492619][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.521126][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.569173][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.590264][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.609737][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.621153][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.632388][ T6399] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  204.642906][ T6399] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  204.661268][ T3595] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  204.684027][ T6399] batman_adv: batadv0: Interface activated: batadv_slave_1
[  204.732262][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  204.749537][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  204.900617][ T6399] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  204.927454][ T6399] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  205.048953][ T6399] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  205.061192][ T3595] usb 2-1: Using ep0 maxpacket: 16
[  205.070052][ T6399] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  205.181319][ T3595] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  205.232915][ T3595] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  205.310278][ T3595] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  205.368419][ T3595] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.369867][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.411660][ T3595] usb 2-1: config 0 descriptor??
[  205.439468][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.467322][ T6660] loop3: detected capacity change from 0 to 1764
[  205.483530][   T56] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.489127][ T4979] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  205.539169][   T56] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  205.584850][ T3596] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  205.587501][ T6660] loop3: detected capacity change from 0 to 512
[  205.697997][ T6634] loop1: detected capacity change from 0 to 128
[  205.705735][ T6660] ------------[ cut here ]------------
[  205.711516][ T6660] WARNING: CPU: 0 PID: 6660 at arch/x86/kvm/x86.c:11207 kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  205.712992][ T6634] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  205.722118][ T6660] Modules linked in:
[  205.722167][ T6660] CPU: 0 PID: 6660 Comm: syz.3.772 Not tainted 6.1.100-syzkaller #0
[  205.722189][ T6660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  205.722201][ T6660] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  205.722230][ T6660] Code: e8 c4 81 d1 00 e9 62 eb ff ff 44 89 f9 80 e1 07 38 c1 0f 8c 6a eb ff ff 4c 89 ff e8 a9 81 d1 00 e9 5d eb ff ff e8 ef f9 79 00 <0f> 0b e9 07 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 05 f9 ff
[  205.777483][ T6634] FAT-fs (loop1): bogus number of directory entries (203)
[  205.779441][ T6660] RSP: 0018:ffffc90003b9fc68 EFLAGS: 00010287
[  205.792676][ T6660] RAX: ffffffff8110a091 RBX: 0000000000000000 RCX: 0000000000040000
[  205.797828][ T6634] FAT-fs (loop1): Can't find a valid FAT filesystem
[  205.800651][ T6660] RDX: ffffc900169cd000 RSI: 00000000000003d6 RDI: 00000000000003d7
[  205.815297][ T6660] RBP: ffff8880543d2aac R08: ffffffff8117fa21 R09: fffffbfff2093866
[  205.823332][ T6660] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807ed6d940
[  205.831366][ T6660] R13: ffff8880543d27c0 R14: ffff88805b56e000 R15: dffffc0000000000
[  205.839356][ T6660] FS:  00007f0c4606a6c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
[  205.848334][ T6660] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  205.854963][ T6660] CR2: 00007feae7c06000 CR3: 0000000060b4f000 CR4: 00000000003526f0
[  205.862982][ T6660] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  205.870999][ T6660] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  205.878980][ T6660] Call Trace:
[  205.882302][ T6660]  <TASK>
[  205.885247][ T6660]  ? __warn+0x15a/0x520
[  205.889413][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  205.895275][ T6660]  ? report_bug+0x2af/0x500
[  205.899795][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  205.905664][ T6660]  ? handle_bug+0x3d/0x70
[  205.910008][ T6660]  ? exc_invalid_op+0x16/0x40
[  205.914751][ T6660]  ? asm_exc_invalid_op+0x16/0x20
[  205.919802][ T6660]  ? kvm_lapic_hv_timer_in_use+0x61/0xc0
[  205.925505][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  205.931366][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  205.937196][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  205.943083][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x13e/0x2470
[  205.948822][ T6660]  ? get_task_pid+0x1f/0x300
[  205.953488][ T6660]  kvm_vcpu_ioctl+0x7f0/0xcf0
[  205.958269][ T6660]  ? __fget_files+0x28/0x4a0
[  205.962908][ T6660]  ? xa_release+0x50/0x50
[  205.967266][ T6660]  ? __fget_files+0x28/0x4a0
[  205.971901][ T6660]  ? __fget_files+0x435/0x4a0
[  205.976595][ T6660]  ? __fget_files+0x28/0x4a0
[  205.981231][ T6660]  ? bpf_lsm_file_ioctl+0x5/0x10
[  205.986183][ T6660]  ? security_file_ioctl+0x7d/0xa0
[  205.991336][ T6660]  ? xa_release+0x50/0x50
[  205.995681][ T6660]  __se_sys_ioctl+0xf1/0x160
[  206.000298][ T6660]  do_syscall_64+0x3b/0xb0
[  206.004755][ T6660]  ? clear_bhb_loop+0x45/0xa0
[  206.009447][ T6660]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.015386][ T6660] RIP: 0033:0x7f0c45375f19
[  206.019827][ T6660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.039475][ T6660] RSP: 002b:00007f0c4606a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.047936][ T6660] RAX: ffffffffffffffda RBX: 00007f0c45505f60 RCX: 00007f0c45375f19
[  206.051073][ T3591] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  206.055945][ T6660] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  206.055963][ T6660] RBP: 00007f0c453e4e68 R08: 0000000000000000 R09: 0000000000000000
[  206.055976][ T6660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.055987][ T6660] R13: 000000000000000b R14: 00007f0c45505f60 R15: 00007fff409a40c8
[  206.056021][ T6660]  </TASK>
[  206.056031][ T6660] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  206.056041][ T6660] CPU: 0 PID: 6660 Comm: syz.3.772 Not tainted 6.1.100-syzkaller #0
[  206.056059][ T6660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  206.056069][ T6660] Call Trace:
[  206.056075][ T6660]  <TASK>
[  206.056082][ T6660]  dump_stack_lvl+0x1e3/0x2cb
[  206.056111][ T6660]  ? nf_tcp_handle_invalid+0x642/0x642
[  206.056136][ T6660]  ? panic+0x764/0x764
[  206.056156][ T6660]  ? 0xffffffffa0003b40
[  206.056175][ T6660]  ? vscnprintf+0x59/0x80
[  206.056198][ T6660]  panic+0x318/0x764
[  206.056218][ T6660]  ? __warn+0x169/0x520
[  206.056236][ T6660]  ? memcpy_page_flushcache+0xfc/0xfc
[  206.056268][ T6660]  __warn+0x348/0x520
[  206.056283][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  206.056307][ T6660]  report_bug+0x2af/0x500
[  206.056323][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  206.056346][ T6660]  handle_bug+0x3d/0x70
[  206.056360][ T6660]  exc_invalid_op+0x16/0x40
[  206.056376][ T6660]  asm_exc_invalid_op+0x16/0x20
[  206.056396][ T6660] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  206.056416][ T6660] Code: e8 c4 81 d1 00 e9 62 eb ff ff 44 89 f9 80 e1 07 38 c1 0f 8c 6a eb ff ff 4c 89 ff e8 a9 81 d1 00 e9 5d eb ff ff e8 ef f9 79 00 <0f> 0b e9 07 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 05 f9 ff
[  206.056429][ T6660] RSP: 0018:ffffc90003b9fc68 EFLAGS: 00010287
[  206.056444][ T6660] RAX: ffffffff8110a091 RBX: 0000000000000000 RCX: 0000000000040000
[  206.056456][ T6660] RDX: ffffc900169cd000 RSI: 00000000000003d6 RDI: 00000000000003d7
[  206.056467][ T6660] RBP: ffff8880543d2aac R08: ffffffff8117fa21 R09: fffffbfff2093866
[  206.056480][ T6660] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88807ed6d940
[  206.056491][ T6660] R13: ffff8880543d27c0 R14: ffff88805b56e000 R15: dffffc0000000000
[  206.056510][ T6660]  ? kvm_lapic_hv_timer_in_use+0x61/0xc0
[  206.056531][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  206.056555][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x22b1/0x2470
[  206.056581][ T6660]  ? kvm_arch_vcpu_ioctl_run+0x13e/0x2470
[  206.056601][ T6660]  ? get_task_pid+0x1f/0x300
[  206.056624][ T6660]  kvm_vcpu_ioctl+0x7f0/0xcf0
[  206.056640][ T6660]  ? __fget_files+0x28/0x4a0
[  206.056661][ T6660]  ? xa_release+0x50/0x50
[  206.056688][ T6660]  ? __fget_files+0x28/0x4a0
[  206.056703][ T6660]  ? __fget_files+0x435/0x4a0
[  206.056719][ T6660]  ? __fget_files+0x28/0x4a0
[  206.056740][ T6660]  ? bpf_lsm_file_ioctl+0x5/0x10
[  206.056757][ T6660]  ? security_file_ioctl+0x7d/0xa0
[  206.056773][ T6660]  ? xa_release+0x50/0x50
[  206.056790][ T6660]  __se_sys_ioctl+0xf1/0x160
[  206.056816][ T6660]  do_syscall_64+0x3b/0xb0
[  206.056836][ T6660]  ? clear_bhb_loop+0x45/0xa0
[  206.056859][ T6660]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  206.056880][ T6660] RIP: 0033:0x7f0c45375f19
[  206.056893][ T6660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  206.056906][ T6660] RSP: 002b:00007f0c4606a048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.056923][ T6660] RAX: ffffffffffffffda RBX: 00007f0c45505f60 RCX: 00007f0c45375f19
[  206.056935][ T6660] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  206.056945][ T6660] RBP: 00007f0c453e4e68 R08: 0000000000000000 R09: 0000000000000000
[  206.056956][ T6660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.056966][ T6660] R13: 000000000000000b R14: 00007f0c45505f60 R15: 00007fff409a40c8
[  206.056991][ T6660]  </TASK>
[  206.063858][ T6660] Kernel Offset: disabled
[  206.438113][ T6660] Rebooting in 86400 seconds..