last executing test programs:

8.411173764s ago: executing program 0 (id=782):
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000480)=""/203)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
syz_io_uring_setup(0x7934, &(0x7f0000000200)={0x0, 0x0, 0x40}, &(0x7f0000000380), &(0x7f0000000000)=<r1=>0x0)
syz_io_uring_setup(0xa91, &(0x7f00000002c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r4, 0x0, 0x0, 0x5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})

8.211262809s ago: executing program 0 (id=784):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)

7.480312376s ago: executing program 0 (id=786):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000200), 0x10)
syz_clone(0x5100100, &(0x7f0000000340), 0x0, 0x0, &(0x7f0000001340), &(0x7f0000000900))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
mincore(&(0x7f0000fef000/0x11000)=nil, 0x11000, &(0x7f0000001400)=""/94)
setresuid(0xee01, 0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}}, 0x0)

5.820377169s ago: executing program 4 (id=793):
socket(0x11, 0x800000003, 0x0)
socket$netlink(0x10, 0x3, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000010440)=[{{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)

5.674247992s ago: executing program 4 (id=795):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
openat$cgroup_ro(r0, &(0x7f0000000580)='cpuacct.usage_all\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
getdents64(r0, &(0x7f00000029c0)=""/250, 0xfa)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000080)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='alloc_mode=default,resgid=', @ANYRESHEX=0x0, @ANYBLOB=',background_gc=off,resgid=', @ANYRESHEX=0x0, @ANYBLOB='\x00\b'], 0x1, 0x5501, &(0x7f0000005880)="$eJzs3M1rI2UYAPAnabvfrkU8eNuBRWhhEzbd7aK3qrv4gV3KqgdPmiZpyG6SKU2a1p48eBQP/iei4Mmjf4MHz97Eg+JNUDIzXbd+gNA0sdvfDybPvG/ePPO8YVl4ZkoCOLMWk19/LsXVuBgRcxFxJSI7LxVHZi0PL0TEtYgoP3GUivnHE+ci4lJEXB0nz3OWirc+vzG6vvrTW7988935+ctffP397HYNzNqLEdHbzs/3enlM23l8WMzXR50s9m6Pipi/0XtUjNM87rU2swx79cN19Szeaufr0+3dwThudeuNcWx3trL57X5+wcGofZgn+8DD+k42brY2s9gZpFlsH+R17R/k/7cdDIZ5nmaR76MsfQyHhzGfb+238v1sP8pioz8s5vO8abO1P46jIhaXi0babWZ1bB7nm/5/e7vT391PRq2dQSftJ6vV2kvV2p1KbSdttoat25V6r3nndrLU7o6XVYatem+tnabtbqvaSMtFilotWbrb2uzU+0mtVr1VvVlZXS7ObiSv338v6TaTpXF8tdPfHXa6g2Qr3UnyTywnK9VbLy8n12vJO+sbycaDe/fWN9794O77919Zf/O1YtHfykqWVm6urFRqNysrteWZ7b+3nCy1G43K9Pb/SVH0BPcPx1KadQEAp8/0+v95/T/w2Mn1/zsPIk6+/w/9/0Scqv73rPf/J7B/OBb9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAmfXDwpdvZCeL+fhyMf9MMfVcMS5FRDkifv8Hc3HuSM65Is/Cv6xf+EsN35YiyzC+xvniuBQRa8Xx27Mn/S0AAADA0+urj699lnfr+cvirAtimvKbNuUrH04oXykiFhZ/nFC28vjl+Qkly/59z8f+hLJlN7AuTChZfsttflLZ/pO5I+HCE6GUh/JUywEAAKbiaCcw3S4EAACAafp01gUwG6U4fJR5+Cw4+8v7Px8IXjwyAgAAAE6h0qwLAAAAAE5c1v/7/T8AAAB4uuW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwB/s3M9t4kAUB+Bngxf2nxat9r6t7A3K2BL2uMeIAtIEJZAW0gA1kFtKiCDC46AQkSiSx7aCvk8yw1jwYwbBYd5IAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANClu2q9uLn6fd02Z7dvJ89sAAAAgHO21XpRP5ml/tfm/vfm1s+mX0REGRHn1u6j+HSSOWpyqldeX70Yw21EnXD4jElzfYmIP8318KPrbwEAAAAu12a5mqfVenqYDT0g+pSKNuW3v5nyioioZveZ0spD3q9MYfXvexz/M6XVBaxpprBUchvnSnuX+u9+rNpNnzVFasq3359t7gAAQI9GJ02/qxAAAAD69G/oATCMIp62Mo9bgZPUNNt7n096AAAAwAdUDD0AAAAAoHP1+t/5fwAAAHDZ0vl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdGlbrReb5WreNme3byfPbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCR/XlHgRAIgzDYu74zmfsfVho0NTWpAuHjbwwGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADe/O4v/yemxplk7rWx9DySrJ0aW6fG3rlx9Ifx9WsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC725yUFQiAIomDO+N9J3/+wkqBnECECGh5V1KIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC/63S//J6bGmWTutLF0PJKsXTW2rhp7DxpHD8bbvwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC527uc1jioOAPibmZ2trYprlD1ERMGDXux2W1t7Ew9K8OCfIIR0W2O3/mhzsKUIuXiTnHMRPYoISrzlf8g5gVziLYc9RPCszOxMMvkBrj86s0k+H3jzvjsM875vFkK+814CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafTuQZxkh844jotzm3uPF7J+60ifWV/Zns1aFkd1Jn06vFz9EHWbSwQAAIDzIynr+xDCTro2l/VxJ6//0/KarOb/7tlxXNbzR+v+si9r/6z9+svui/sDdcbjZDe9vTgcXDmeSuvJzXK6Pfe3V7TyJ5+/e0nyLyT+YPmFUZo/z+ibjY332nl4oY5sAYB/43LZF0H5+1DW95tMDIBzo1UpvMv6P+k0mxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAHUbL4ekyjkIIs62DOLO193jhpH59ZXu2bDdWV1eq98xukYYQbi8OB1dqnMu0e/Dw0d354XBwv/7glRBCU6O/U0z/7kcTXBxCI89H8D8FcfFlT0s+pyNo8IcSAABnUlq0rK7fSdfmsnPRTAh/fn+4/n+9EocJ6//dj29sVseq1v/92mY4/XpL9z7vPXj46M3Fe/N3BncGn751tf92/9rN69dv9vJ3JT1vTAAAAPhv2kWr1v/xzPH1/0uVOExY/3/xbf+r6liJ+v9EB4t+TWcCAABwvj3/6h+/Ryecj9rt8OX80tL9/vi4//nq+NhAqv/YhaJV6/9kpumsAAAAgDqMlqND6/+3KnGYcP3/mR9e+ql6zySEcLFY/7+88NnwVn3TmWp1/Dlx03MEAACgWReLVl3/T/P9//H+loc4hPDGa+O4+DeAE9X/yftf/1gdq7r//1p9U5xKcXf8PPK+G0Kr23RGAAAAnGVPFS0r9n9L1+Y++fnSh237/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq9lcAAAD//1CCPCw=")
creat(&(0x7f0000002440)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000240)='.\x00', 0x0, 0x0)
renameat(r1, &(0x7f0000000400)='./file0\x00', r1, &(0x7f0000000440)='./file1\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r2, 0x0, 0x0, 0xfecc)
r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r3, &(0x7f0000000000)=""/29, 0x1d)
getdents64(r3, 0xfffffffffffffffe, 0x29)
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
mkdirat(r4, &(0x7f0000000180)='./bus\x00', 0x0)
rename(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)='./bus/file0\x00')

5.312101525s ago: executing program 1 (id=797):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f00000021c0)=ANY=[@ANYBLOB="b700000060000000bca3000000000000240300001afeffff620af0fff8ffffff69a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000a61140800000000001d430000000000007a0a00fe0000001f6114040000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19b0161e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba3a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652db036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700e89a56fe8e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a033a2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf799b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d54abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c940000002b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac987fd637c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fd52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23541320d8579c5ab42bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de01fdee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812fc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b2584e6c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795d35f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7eddd12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f386c4dd317e11c1e89fac1fa9bceb50fad686ffbb5f7d79565271add99821c3601653bf6d4091ce8e0af3ab3a82a2735abb21d675d21f0a65caeb3213db39c9d55a35c1d588a732ee0b3d3a09c7786bc50b01480202"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f00000000c0), 0x10}, 0x90)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@bloom_filter={0x1e, 0x0, 0x20, 0x80, 0xc, 0xffffffffffffffff, 0x5ea, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x3, 0x5}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000b40)=ANY=[@ANYRESOCT=r0, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0xffffff72}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$MAP_CREATE(0xe4ffffff00000000, 0x0, 0x0)
ptrace$getsig(0x4202, 0x0, 0x6, &(0x7f0000000bc0))
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r4, 0x29, 0x19, &(0x7f0000000040)=0x3, 0x4)
syz_emit_ethernet(0x6e, &(0x7f00000007c0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa00884700050d000000000000000000000001000000000000000003000000000000000000000d006866013100002101fe880000000000000000000000000001fc00000000000000000000000000000100000520680000004e224e200061907892e12186092f3e9bf0013e63e01b7e71b4ad88289130bafe0a69a9ad7a286286d59c122cce383e8114e4a8fc9019a36025485265d5e3a36867ba1af5719156525afdb0152242cca677332dcd5c264a284cb5194a0194fce109f8f9999cee97bce8c6efe2"], 0x0)
recvmmsg(r4, &(0x7f0000002780)=[{{0x0, 0xfffffffffffffde1, 0x0}}], 0x1, 0x2140, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000980)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
sendto$inet6(r7, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
getsockopt$IP6T_SO_GET_ENTRIES(r7, 0x29, 0x41, 0x0, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x3, &(0x7f0000000b00)=0x10001, 0x4)
setsockopt$inet6_int(r7, 0x29, 0x8, &(0x7f0000000380)=0x3f, 0x4)
recvmmsg(r7, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x80, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186, 0xba}], 0x1, &(0x7f0000000280)=""/239, 0xef}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18, 0x12}, {&(0x7f0000000440)=""/110, 0x6e}, {&(0x7f00000004c0)=""/165, 0xa5}, {&(0x7f0000001540)=""/4096, 0x1000}, {&(0x7f0000000580)=""/245, 0xf5}], 0x5, &(0x7f0000000700)=""/27, 0x1b}}, {{&(0x7f0000000740)=@nfc, 0x80, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180, 0xb4}}], 0x4, 0x10162, 0x0)

4.176873038s ago: executing program 1 (id=799):
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000000c0)={0x73, 0x0, 0xfc, 0x0, 0xffffffff, 0xa, 0x0, 0x7, 0x0, 0x0, 0xc, 0x7, 0x0, 0x5, 0x4, 0xba, 0x0, 0x4, 0x1, '\x00', 0x0, 0x9})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
write$FUSE_INIT(r0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x4100, 0x0)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r2)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)="180000006a007ffa9e", 0x9}, {&(0x7f00000001c0)="64cabf2dfb58fc021d6b689866f05d", 0xf}], 0x2}, 0x0)
ioctl$SOUND_MIXER_READ_STEREODEVS(r4, 0x80044dfb, &(0x7f0000000080))
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x0, 0x0, 0x1}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
r8 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='pids.current\x00', 0x275a, 0x0)
memfd_create(&(0x7f0000000ac0)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d  \x97\xf5G\x97A\xc2\xd8\xf0Uq\xe6+\xa5l\x94\v\xb6\a\x17\\\xfb\x04!\xe4\xc4\xb1\xa2\x1c\a\x00;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19P\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\xa1\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\xb7/\xa5\xa7\xeb\xf4b/\xef!\x8f\xf6]-\xe9k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xffY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84,\xd3\x06\xaeO \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x00\x04\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96\xb8\x02\x13pA\x19\tf\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKlb\xe5:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcc\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2Cw\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93', 0xe)
socket$nl_route(0x10, 0x3, 0x0)
r9 = syz_usb_connect(0x1, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a86200000904000002ca744d07090503020000ff"], &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1401}}]})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000380))
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r9)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000000, 0x11, r8, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x400)

3.819409881s ago: executing program 0 (id=802):
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x1c)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001"], 0x1c}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e20, @loopback}, 0x10)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r3 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2c}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in6=@private1}}, 0xe8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r4}, 0x38)
r5 = socket$packet(0x11, 0x3, 0x300)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000181500", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfbe00000000000007020000f8ffffffb703000008000000b70400000000000085000000140000009539442f000000800000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xcc03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000f40)={r7, 0x609, 0xe, 0x0, &(0x7f0000000b40)="dd80000400070000000000000000", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = socket(0x11, 0x2, 0x0)
close(r8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65845c86f657a113b1142ba881a3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645647fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b", 0x138}], 0x2}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r12=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000710000007100000002000000000000000000000c00000000000000000000000900000000000000000400000f0100000000000000000000000000004b3c0000000000000000000000000000000000000000000000000000000000000000000000af000040000000000e00000000000000000000000000000007000000000000000000"], 0x0, 0x8e}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x24, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000003c06000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000000000001845000000000000000000000000000085000000c900000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000118800b70500000800000085000000a50000000900000000000000b7020000060000008500000000000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r12, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

3.660447037s ago: executing program 2 (id=803):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62581)
r1 = syz_io_uring_setup(0x11d0, &(0x7f0000000180), &(0x7f0000000080), &(0x7f0000000100))
r2 = dup3(r0, r1, 0x0)
writev(r2, 0x0, 0x0)

3.660181598s ago: executing program 3 (id=804):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000004300)={0x0, 0x0, &(0x7f00000042c0)={&(0x7f0000000100)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x18, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'batadv0\x00'}}, @TIPC_NLA_BEARER_PROP={0x4}]}]}, 0x2c}}, 0x0)

3.543466487s ago: executing program 3 (id=805):
socket(0x11, 0x800000003, 0x0)
socket$netlink(0x10, 0x3, 0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000010440)=[{{&(0x7f0000000140)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0)

3.327992047s ago: executing program 3 (id=806):
ioctl$KVM_GET_SUPPORTED_CPUID(0xffffffffffffffff, 0xc008ae05, &(0x7f0000000480)=""/203)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
syz_io_uring_setup(0x7934, &(0x7f0000000200)={0x0, 0x0, 0x40}, &(0x7f0000000380), &(0x7f0000000000))
syz_io_uring_setup(0xa91, &(0x7f00000002c0), &(0x7f0000000040), &(0x7f0000000080))
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000280)={0x4000001, 0x4})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}})

2.842372853s ago: executing program 2 (id=807):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000041c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000004300)={0x0, 0xe, &(0x7f00000042c0)={&(0x7f0000000100)={0x98, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x84, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'batadv0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x0, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU, @TIPC_NLA_PROP_MTU, @TIPC_NLA_PROP_MTU, @TIPC_NLA_PROP_MTU, @TIPC_NLA_PROP_PRIO]}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @multicast2}}, {0x14, 0x2, @in={0x2, 0x0, @loopback}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}]}, 0x98}}, 0x0)

2.841388937s ago: executing program 3 (id=808):
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00'})
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x8000)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, &(0x7f0000000200)={0x0, 0xea60}, 0x8)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5)
accept4(r0, 0x0, 0x0, 0x0)
recvmmsg$unix(r0, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f0000000300)}}], 0x1, 0x40002020, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfe, 0x100}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f00000001c0))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
socket$unix(0x1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x0)
fallocate(r2, 0x0, 0x0, 0x3)
r3 = socket$kcm(0x10, 0x2, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x3, 0x10)
sendmmsg(r5, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000000c0)='R', 0x1}], 0x1, &(0x7f0000000680)=ANY=[@ANYBLOB="5000000000000000170100000a000000cf126bcdd216983553c6b3eed112c5791fa1fc745b6d18b34e64bd9016edb6170e66a935f1b831b1afedbb19ae8357ab618478590e8d33e4f2c82d22a752ac6318000000000000000100000002"], 0x228}}], 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYRES8=r0, @ANYRESHEX=r3, @ANYRESHEX=r5], 0x22)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c90012000e00"], 0x17)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x400001, 0x0)

2.496240037s ago: executing program 2 (id=809):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000000), 0x10)

2.495883769s ago: executing program 4 (id=810):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{0x0}], 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x8001, 0xf9f0}, 0x48)

2.057835158s ago: executing program 2 (id=811):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r5 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x42, 0x0)
write$vga_arbiter(r5, 0x0, 0x8)
sendfile(r3, r4, 0x0, 0x20000023896)
timer_create(0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000000c0)='syz_tun\x00', 0x10)
r6 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r6, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r6, 0x0, 0x29, &(0x7f0000000200)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c)
syz_emit_ethernet(0x36, &(0x7f0000001800)=ANY=[@ANYRESOCT=r2], 0x0)
chmod(&(0x7f0000000180)='./file0\x00', 0x0)
ftruncate(0xffffffffffffffff, 0x0)

1.838384883s ago: executing program 0 (id=812):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000200), 0x10)
syz_clone(0x5100100, &(0x7f0000000340), 0x0, 0x0, &(0x7f0000001340), &(0x7f0000000900))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
mincore(&(0x7f0000fef000/0x11000)=nil, 0x11000, &(0x7f0000001400)=""/94)
setresuid(0xee01, 0x0, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x38}}, 0x0)

1.788719821s ago: executing program 3 (id=813):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000001380)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper})
openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0))
socket$inet6_sctp(0xa, 0x5, 0x84)
pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0)

716.345395ms ago: executing program 1 (id=814):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r0, &(0x7f0000000a80)=[{{&(0x7f0000000100)={0x2, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x4040000)

715.686331ms ago: executing program 2 (id=815):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000010c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001100)=@newtfilter={0x80, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xffff}}, [@filter_kind_options=@f_basic={{0xa}, {0x50, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x5, 0xd}}, @TCA_BASIC_EMATCHES={0x4}, @TCA_BASIC_POLICE={0x40, 0x4, [@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x9, {}, {0x0, 0x0, 0x0, 0x0, 0x8}}}]}]}}]}, 0x80}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

700.754663ms ago: executing program 0 (id=816):
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r2})
io_setup(0x4, &(0x7f00000001c0)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000540)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1}])
ioctl$TIOCGPGRP(r0, 0x5450, &(0x7f0000000180))
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$VFAT_IOCTL_READDIR_BOTH(r4, 0x82187201, &(0x7f0000000900)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
bind$inet(r4, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r4, &(0x7f00000000c0)='G', 0xfffffffffffffca0, 0x8001, 0x0, 0x0)
recvfrom$inet(r4, &(0x7f0000000180)=""/172, 0xffb0, 0x82, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000100900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000010000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000012c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000050a03000000000000000000020000000c00024002000000000000020900010073797a30"], 0x54}}, 0x0)
sendmsg$nl_route(r5, 0x0, 0x0)
r7 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904"], 0x0)
syz_usb_control_io$printer(r7, 0x0, 0x0)
syz_usb_control_io(r7, &(0x7f0000000380)={0x2c, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="7f000000000004030a30"], &(0x7f00000002c0)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0xf9, 0x1, 0x8, 0x3, "6ac48626", 'jppt'}}, &(0x7f0000000340)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x3, 0x1f, 0x20, 0x9, 0xfff5, 0x8}}}, &(0x7f0000000840)={0x84, &(0x7f00000003c0)=ANY=[@ANYBLOB="40001f000737e577f07b58342d92b0e5a19f96e4ff1f3c980500"/37], &(0x7f0000000440)={0x0, 0xa, 0x1, 0xa6}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x1}, &(0x7f00000004c0)={0x20, 0x0, 0x4, {0x3, 0x2}}, &(0x7f0000000580)={0x20, 0x0, 0x8, {0x120, 0x80, [0xff]}}, &(0x7f0000000540)={0x40, 0x7, 0x2, 0x8000}, &(0x7f0000000100)={0x40, 0x9, 0x1}, &(0x7f00000005c0)={0x40, 0xb, 0x2, "6bc8"}, 0x0, &(0x7f0000000640)={0x40, 0x13, 0x6, @local}, &(0x7f0000000680)={0x40, 0x17, 0x6, @remote}, 0x0, &(0x7f0000000740)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000000780)={0x40, 0x1c, 0x1, 0x4}, &(0x7f00000007c0)={0x40, 0x1e, 0x1, 0xc2}, 0x0})
wait4(0x0, 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="2071bd1101000073333608000000000000000000", @ANYRESOCT=r0], 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5420, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
close(r8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)

648.225448ms ago: executing program 4 (id=817):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62581)
r1 = syz_io_uring_setup(0x11d0, &(0x7f0000000180), &(0x7f0000000080), &(0x7f0000000100))
r2 = dup3(r0, r1, 0x0)
writev(r2, 0x0, 0x0)

556.362604ms ago: executing program 1 (id=818):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x20, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x20}}, 0x0)

552.786641ms ago: executing program 2 (id=819):
r0 = socket$inet(0x2, 0x3, 0x8d)
setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="8e"], 0x1)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f00000000c0)={<r1=>0x0, @local, @local}, &(0x7f0000000140)=0xc)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
read(r2, &(0x7f0000000180)=""/227, 0xe3)
syz_io_uring_setup(0x0, &(0x7f0000000000), &(0x7f0000c57000), 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @local}, 0x0, r1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl(0xffffffffffffffff, 0x8916, 0x0)

520.838014ms ago: executing program 4 (id=820):
socket$can_bcm(0x1d, 0x2, 0x2)
syz_open_procfs$namespace(0x0, 0x0)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x11, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)

432.334284ms ago: executing program 1 (id=821):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
modify_ldt$write2(0x11, &(0x7f0000000000), 0x10)

138.713863ms ago: executing program 3 (id=822):
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000040)=@req3={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x1c)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a000000060001"], 0x1c}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x4e20, @loopback}, 0x10)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc)
r3 = socket$inet6(0xa, 0x3, 0x1)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x2c}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in6=@private1}}, 0xe8)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r4}, 0x38)
r5 = socket$packet(0x11, 0x3, 0x300)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000181500", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfbe00000000000007020000f8ffffffb703000008000000b70400000000000085000000140000009539442f000000800000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xcc03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000f40)={r7, 0x609, 0xe, 0x0, &(0x7f0000000b40)="dd80000400070000000000000000", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r8 = socket(0x11, 0x2, 0x0)
close(r8)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65845c86f657a113b1142ba881a3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645647fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba1", 0x13a}], 0x2}, 0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r12=>0x0})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000710000007100000002000000000000000000000c00000000000000000000000900000000000000000400000f0100000000000000000000000000004b3c0000000000000000000000000000000000000000000000000000000000000000000000af000040000000000e00000000000000000000000000000007000000000000000000"], 0x0, 0x8e}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x0, 0x24, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000003c06000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000085000000000000001845000000000000000000000000000085000000c900000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000118800b70500000800000085000000a50000000900000000000000b7020000060000008500000000000000b7000000000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x90)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r10, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r12, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0)

119.930164ms ago: executing program 4 (id=823):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x2}, 0x12)
sendto$inet6(r0, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
r4 = socket(0x10, 0x3, 0x0)
sendto$inet6(r4, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0)
recvfrom(r3, &(0x7f00000001c0)=""/45, 0x2d, 0x40000140, 0x0, 0x0)
r5 = socket$kcm(0x10, 0x2, 0x0)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
write$UHID_GET_REPORT_REPLY(r6, &(0x7f00000000c0)={0xa, {0x0, 0x3, 0x11}}, 0xa)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)="2e00000010008188040f80ec59acbc0413a1f848100000005e0c00f0ffffff180e000a001400000002801687121f", 0x2e}], 0x1}, 0x0)
getsockopt$SO_TIMESTAMPING(r4, 0x1, 0x41, &(0x7f0000000340), &(0x7f0000000300)=0x4)
sendmsg$AUDIT_ADD_RULE(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000980)=ANY=[@ANYBLOB="50040000f30304002cbd7000fbdbdf2506000000010000000000000000020000010000000100000008000000f9ffffff01000000010000000d7d000003000000050000000700000007000000030000000b00000007000000030000000000000008000000020000000400000000000000e0070000000001000300000000080000ffffff7fac0c0000000000000800000038100000ff010000fcffffff06000000a0df000001000000090000000000008002000000050000000c000000050000000101000001000000060000000c00000062000000f20900001000000000000000050000000e0000000200000000000000080000000100000002000000020000000400000044810000090000003903000000000000000000000500000007000000050000000100000000000000e20d000007000000000000000600000003000000070000008f000000f6ffffffb8090000040000005300000002000000090000000200000001000080b4040000adbd00000002000000000000000000000000000000800000e4ac000094d500000800000005000000000000000c000000ff7f00000700000004000000020000000700000009000000060000000200000004000000ff7f000000000000070000000500000002000000060000000000000001000000870700000300000003000000ff0f0000050000000700000000003000000200000700000002000000feff00000000000072af000009000000d90e000009000000fffeffff03000000010000000000000004000000f7ffffff000000000500000000000000faffffff0104000000000000320d0000c80c0000010000000900000007000000030000000b000000b901000003000000020000007f0000000800000006000000010000000300000001000000c802000004000000fd1500000500000008000000c704000005000000b100000003000000ca0000000004000007000000cc000000000000000000000000000000080000000100000026946f3e06000000010000000b0400004d9500009a000000010400001affffff050000000500000034e1000005000000fe960000010100007700000006000000ca0300000500000008000000f10f0000ff7f00000200000002000000060000000400000002000000ffffff7f0000000040000000b4300000070000000100000001000000fdffffff0f0000002e0e00003b0600006f0000001d0d00000900000005000000010000000000000009000000000000000400000003000000f9ffffff01000000090000000400000017510000010000000d81745e0010000001ffffff05000000090000000101000080ffffff0002000000000000060000000500000009000000090000005000000001000000050000000400000000000000050000000100000009000000f6000000fcffffffdc00000000000000"], 0x450}}, 0x4000041)
sendmsg$kcm(r5, &(0x7f0000000100)={0x0, 0x2c00, &(0x7f0000001340)=[{&(0x7f0000000040)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb010511000b000a000d000000ba8000001201", 0x2e}], 0x1, 0x0, 0x0, 0xc9e}, 0x25000000)
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, 0x0)
dup(0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), r4)
socket$nl_generic(0x10, 0x3, 0x10)

0s ago: executing program 1 (id=824):
r0 = socket(0xa, 0x1, 0x0)
close(r0)
r1 = socket$nl_generic(0x11, 0x3, 0x10)
syz_emit_ethernet(0x2a, 0x0, 0x0)
sendmsg(r1, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c", 0xb}], 0x1, 0x0, 0x0, 0x11000000}, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r0, 0x8983, &(0x7f0000000040)={0x6, 'pim6reg1\x00', {0x7ff}, 0x3})
socket$kcm(0x10, 0x2, 0x10)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100), &(0x7f0000000140)=0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)}], 0x1}, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = openat$bsg(0xffffff9c, &(0x7f0000000180), 0x40, 0x0)
r4 = socket$rds(0x15, 0x5, 0x0)
syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a0000080480020009"], 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
r6 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000340)="0322f1fde6d84309e82f6c5b4d986037", 0x10}], 0x1, &(0x7f0000002200)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
sendmsg$nl_netfilter(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="0403000000000000000000000000000000000000690000004c29ef4f7a96f263b46c720abe53d401cbc43a36f31a4354d5a9924f4360deec07340942c7dea7e10076d90019c18708463ab4442355a6955ffa816cc6c314fa8d3cf4e5661397df386d83ba4b1ab4b9876ccd6826e7e7be419f0e907360f799e83d9786f0000000af50919ad1465bd69d07ef8c08eb7ba6f1c5aa967ab605005460adee636c44e7b61167fef1d4fd80db3fccb1939c550002913fa6a3e849a75b484c312c33eba3db0660d8bf72e514c320d2294f7798dec7d7a04ff5def0c6598d705497c5696822052ab1e1cb96d5fc22cbaf16eb77f8ccd14dc63291c8094899c41934821b44fa6cf23a2b9539684544939fae1ff8bf56899a4e739682b6f8368469dbe624ab4a4e80875c62123e7b5bb1b8c11ab35f2534cfa2230e52862983ddf0d492aede0bf3a2005b6051974954bf3f64d54d42caa412d1a23df7334178f005383f2d27420379f7799c8915c7884a9daff93d37064188ced0cb48fa6e64e06de11974d2a2ea81b427798047bf2b8fbd9f41b0b6cdf95d60dce1abebe5dcbcb0a040d24d59d1783b800333933c8e52e049ee537cfe320abe97aae5b0255048f3de8df3bebc1928cf47516b6f261d8f613579e8d9aef750694f5fcddbad0663757988464a00dcb475bc4a1b287f83b77fbaf1e12e17b06d98377481cce5836ad54d810898d60b9cc067c3abfaa6e3daeca1dbb1c1b9dcaf2dc6fbe5f46c716271742751d371e695dd05dca6b1ab9d66bac6ec4668a92c1e5f96428c8a97d6c156ceabc8c004cc52192969fdbe148d776cfd9a566cdbfee7223d44b7e07fdc04da3a4b1cbe371198a8f3d35643aff0c0d292bd7b622121cb6052f1cfde7bb5e327eea0c1b454b4c75d5d36a8687273904bb0632f60b25fbe0ea66b36a4085bfd76820958c4d073973fd2cc1a8c3c6ddd5487a3505e32baff788bc8b0a4554ac440e03918c0cbb53df10707011ec02fa1c5321557749add1b9fb356d2f0a3e6db19c7824c9829409121b0ab366ae29d926b60f52f3810aa722e2b5c856f892d711bebfed99740000000306d640a546c9f253a30f6bbae0def1e0d6ab284d51efda334a70fbf400e8e31cc94929a4ea6a22f7efa31846ee959351250cb7f1684d1f43716e3f1deb8c46e6b5ec4a10fcfe3551287ed184830b2b1c8232dfcd6365a5de19dd70efa6bf99fb0078f43d29b62b1ddcca5a59507fd0de3ae22b6e8c19f3402bc097451f096d4bd99b60b7dd95fb502c14f533f1ebd9394131be7d15d1b9e0ff164fcea4c8f6b6620428427bca6055a03bffecc6b6008c096abd51f382ad11200000000", @ANYRES32=r5, @ANYRES8=r1, @ANYBLOB="75dc19c359a720f795ef8a93c6148cc896f64c9ef119666a"], 0x304}}, 0x4000800)
ioctl$FS_IOC_SETFLAGS(r0, 0x40046602, &(0x7f00000000c0)=0x20000)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r7=>0x0}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000280)={r7}, &(0x7f00000002c0)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={r7, 0x10, &(0x7f00000020c0)=[@in={0x2, 0x4e21, @empty}]}, &(0x7f0000002100)=0xc)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x3, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000003c00)=0x90)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x10, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

idge_slave_0) entered blocking state
[  200.749052][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  200.764004][ T7368] netlink: 'syz.2.511': attribute type 3 has an invalid length.
[  200.786900][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state
[  200.794157][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  200.806310][ T7368] netlink: 4 bytes leftover after parsing attributes in process `syz.2.511'.
[  200.916561][ T6953] 8021q: adding VLAN 0 to HW filter on device batadv0
[  200.941605][ T7367] loop4: detected capacity change from 0 to 2048
[  201.041593][ T7369] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  201.130771][ T6953] veth0_vlan: entered promiscuous mode
[  201.242121][ T6953] veth1_vlan: entered promiscuous mode
[  201.374910][ T6953] veth0_macvtap: entered promiscuous mode
[  201.418459][ T6953] veth1_macvtap: entered promiscuous mode
[  201.469108][ T5159] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  201.492711][ T6953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.516637][   T29] audit: type=1326 audit(1721265881.289:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7380 comm="syz.4.514" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0595975a99 code=0x0
[  201.525651][ T6953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.575061][ T6953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.603290][ T6953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.621681][ T6953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  201.645876][ T6953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.668455][ T5159] usb 3-1: Using ep0 maxpacket: 16
[  201.685152][ T5159] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  201.715108][ T5159] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.724848][ T6953] batman_adv: batadv0: Interface activated: batadv_slave_0
[  201.741461][ T5159] usb 3-1: Product: syz
[  201.754313][ T6953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.765877][ T5159] usb 3-1: Manufacturer: syz
[  201.772912][ T5159] usb 3-1: SerialNumber: syz
[  201.784317][ T6953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.800474][ T6953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.816358][ T5159] r8152-cfgselector 3-1: Unknown version 0x0000
[  201.827068][ T5159] r8152-cfgselector 3-1: config 0 descriptor??
[  201.833366][ T6953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.850339][ T6953] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  201.867393][ T6953] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  201.892269][ T6953] batman_adv: batadv0: Interface activated: batadv_slave_1
[  201.969272][ T6953] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  201.978520][ T6953] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  201.989116][ T6953] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  201.998624][ T6953] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.076174][ T7019] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.094179][ T5159] r8152-cfgselector 3-1: Unknown version 0x0000
[  202.109211][ T5159] r8152-cfgselector 3-1: bad CDC descriptors
[  202.167751][ T5159] r8152-cfgselector 3-1: USB disconnect, device number 5
[  202.367885][ T5122] Bluetooth: hci5: command 0x1003 tx timeout
[  202.375641][   T55] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  202.434444][ T7019] veth0_vlan: entered promiscuous mode
[  202.485105][ T7019] veth1_vlan: entered promiscuous mode
[  202.516063][ T2887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.544624][ T2887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.682578][ T7406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.515'.
[  202.784531][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.817476][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.845400][ T7019] veth0_macvtap: entered promiscuous mode
[  202.888762][ T7019] veth1_macvtap: entered promiscuous mode
[  202.983844][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.023730][ T7416] loop2: detected capacity change from 0 to 256
[  203.030377][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.067068][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.070736][ T7416] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  203.107144][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.137116][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.177170][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.202696][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  203.227175][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.255243][ T7019] batman_adv: batadv0: Interface activated: batadv_slave_0
[  203.286325][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.337082][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.377342][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.409440][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.441252][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.453774][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.466477][ T7019] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  203.487010][ T7019] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  203.509994][ T7019] batman_adv: batadv0: Interface activated: batadv_slave_1
[  203.548179][ T7422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.435'.
[  203.563088][ T7019] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  203.583404][ T7019] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  203.602146][ T7019] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  203.625626][ T7019] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  203.738729][ T7430] netlink: 'syz.0.519': attribute type 10 has an invalid length.
[  203.833528][ T7433] netlink: 'syz.3.520': attribute type 3 has an invalid length.
[  203.844492][   T55] Bluetooth: hci1: SCO packet for unknown connection handle 2096
[  203.851924][ T7433] netlink: 4 bytes leftover after parsing attributes in process `syz.3.520'.
[  203.871624][ T7430] bond0: (slave netdevsim0): Releasing backup interface
[  203.895837][ T7430] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  203.913289][ T7430] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  203.932079][ T7430] team0: Port device netdevsim0 added
[  203.957998][ T7431] netlink: 'syz.0.519': attribute type 10 has an invalid length.
[  204.236017][ T7431] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  204.381045][ T7431] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  204.465676][ T7431] team0: Port device netdevsim0 removed
[  204.484711][ T7431] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  204.804037][ T7442] netlink: 'syz.4.521': attribute type 10 has an invalid length.
[  204.934514][ T7442] bridge0: port 2(team0) entered disabled state
[  204.988555][   T29] audit: type=1326 audit(1721265884.769:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7452 comm="syz.0.523" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29bc775a99 code=0x0
[  205.011227][ T7442] team0: left allmulticast mode
[  205.033072][ T7442] team_slave_0: left allmulticast mode
[  205.044808][ T7442] team_slave_1: left allmulticast mode
[  205.062523][ T7442] team0: left promiscuous mode
[  205.083519][ T7442] team_slave_0: left promiscuous mode
[  205.086594][   T29] audit: type=1804 audit(1721265884.849:20): pid=7416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.518" name="/newroot/112/file2/bus" dev="loop2" ino=1048668 res=1 errno=0
[  205.127437][ T7442] team_slave_1: left promiscuous mode
[  205.182720][ T7442] bridge0: port 2(team0) entered disabled state
[  205.208588][ T7442] batman_adv: batadv0: Adding interface: team0
[  205.223370][ T7442] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  205.281277][ T7442] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  205.315320][ T7445] netlink: 'syz.4.521': attribute type 10 has an invalid length.
[  205.337087][ T7445] netlink: 2 bytes leftover after parsing attributes in process `syz.4.521'.
[  205.378252][ T7445] team0: entered promiscuous mode
[  205.409866][ T7445] team_slave_0: entered promiscuous mode
[  205.419363][ T7445] team_slave_1: entered promiscuous mode
[  205.452938][ T7445] 8021q: adding VLAN 0 to HW filter on device team0
[  205.490910][ T7445] batman_adv: batadv0: Interface activated: team0
[  205.517093][ T7445] batman_adv: batadv0: Interface deactivated: team0
[  205.541143][ T7445] batman_adv: batadv0: Removing interface: team0
[  205.580212][ T7445] bridge0: port 2(team0) entered blocking state
[  205.602031][ T7445] bridge0: port 2(team0) entered disabled state
[  205.625463][ T7445] team0: entered allmulticast mode
[  205.637372][ T7445] team_slave_0: entered allmulticast mode
[  205.653474][ T7445] team_slave_1: entered allmulticast mode
[  205.667774][ T7445] bridge0: port 2(team0) entered blocking state
[  205.674227][ T7445] bridge0: port 2(team0) entered forwarding state
[  205.706802][ T7466] netlink: 4 bytes leftover after parsing attributes in process `syz.2.525'.
[  205.901382][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  205.968270][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  206.035837][ T1057] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  206.052698][ T1057] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  206.366690][ T7483] netlink: 4 bytes leftover after parsing attributes in process `syz.4.529'.
[  206.570775][ T5158] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  206.585133][ T7457] loop3: detected capacity change from 0 to 32768
[  206.620681][ T7493] netlink: 'syz.4.531': attribute type 3 has an invalid length.
[  206.639434][ T7494] netlink: 'syz.1.532': attribute type 10 has an invalid length.
[  206.662593][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.531'.
[  206.682130][ T7457] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  206.709401][ T7494] team0: Port device netdevsim0 added
[  206.728486][ T7501] netlink: 'syz.1.532': attribute type 10 has an invalid length.
[  206.764273][   T55] Bluetooth: hci3: SCO packet for unknown connection handle 2096
[  206.783873][ T5158] usb 3-1: device descriptor read/64, error -71
[  206.806798][ T7501] team0: Port device netdevsim0 removed
[  206.841631][ T7457] XFS (loop3): Ending clean mount
[  206.856341][ T7457] XFS (loop3): Quotacheck needed: Please wait.
[  206.878666][ T7501] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  206.967121][ T7457] XFS (loop3): Quotacheck: Done.
[  207.065369][ T7457] overlayfs: missing 'lowerdir'
[  207.158393][ T7516] Bluetooth: hci5: Frame reassembly failed (-84)
[  207.211175][ T7514] loop1: detected capacity change from 0 to 2048
[  207.252696][   T53] Bluetooth: hci5: Frame reassembly failed (-84)
[  207.300410][ T6953] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.448110][ T7519] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  207.488746][ T5158] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  207.527852][   T29] audit: type=1804 audit(1721265887.309:21): pid=7514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.534" name="/newroot/2/file0/file1" dev="loop1" ino=15 res=1 errno=0
[  207.572847][ T7514] syz.1.534 (7514) used greatest stack depth: 18096 bytes left
[  207.609126][ T7528] netlink: 4 bytes leftover after parsing attributes in process `syz.4.536'.
[  207.647318][ T5158] usb 3-1: device descriptor read/64, error -71
[  207.773475][   T29] audit: type=1326 audit(1721265887.549:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7532 comm="syz.1.537" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f130ab75a99 code=0x0
[  207.822575][ T5158] usb usb3-port1: attempt power cycle
[  208.164450][ T7538] loop4: detected capacity change from 0 to 32768
[  208.174079][ T7538] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.539 (7538)
[  208.202631][ T7538] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  208.213048][ T7538] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  208.224433][ T7538] BTRFS info (device loop4): using free-space-tree
[  208.237467][ T5158] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  208.269391][ T5158] usb 3-1: device descriptor read/8, error -71
[  208.364737][   T29] audit: type=1800 audit(1721265888.139:23): pid=7538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.539" name="bus" dev="loop4" ino=263 res=0 errno=0
[  208.554061][ T5158] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  208.556004][ T5102] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  208.633649][ T5158] usb 3-1: device descriptor read/8, error -71
[  208.779490][ T5158] usb usb3-port1: unable to enumerate USB device
[  208.795611][ T7558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.541'.
[  208.974163][ T7563] netlink: 'syz.3.535': attribute type 10 has an invalid length.
[  209.093738][ T7563] batman_adv: batadv0: Adding interface: team0
[  209.100202][ T7563] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.115381][ T7565] loop1: detected capacity change from 0 to 2048
[  209.147316][ T7563] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  209.160473][ T7566] netlink: 'syz.3.535': attribute type 10 has an invalid length.
[  209.168379][ T7566] netlink: 2 bytes leftover after parsing attributes in process `syz.3.535'.
[  209.177520][ T7566] team0: entered promiscuous mode
[  209.183263][ T7566] team_slave_0: entered promiscuous mode
[  209.189982][ T7566] team_slave_1: entered promiscuous mode
[  209.198697][ T7566] 8021q: adding VLAN 0 to HW filter on device team0
[  209.205850][ T7566] batman_adv: batadv0: Interface activated: team0
[  209.212514][ T7566] batman_adv: batadv0: Interface deactivated: team0
[  209.219308][ T7566] batman_adv: batadv0: Removing interface: team0
[  209.334299][ T5122] Bluetooth: hci5: command 0x1003 tx timeout
[  209.343795][   T55] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  209.756628][ T7566] bridge0: port 3(team0) entered blocking state
[  209.757637][ T7570] netlink: 56 bytes leftover after parsing attributes in process `syz.0.543'.
[  209.774308][ T7566] bridge0: port 3(team0) entered disabled state
[  209.803541][ T7571] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  209.848017][ T7566] team0: entered allmulticast mode
[  209.892941][ T7566] team_slave_0: entered allmulticast mode
[  209.922883][ T7566] team_slave_1: entered allmulticast mode
[  209.953768][ T7566] bridge0: port 3(team0) entered blocking state
[  209.960225][ T7566] bridge0: port 3(team0) entered forwarding state
[  209.983950][ T7573] netlink: 'syz.2.544': attribute type 10 has an invalid length.
[  210.032802][    C1] eth0: bad gso: type: 1, size: 1408
[  210.049006][   T55] Bluetooth: hci4: SCO packet for unknown connection handle 2096
[  210.119028][ T7573] bond0: (slave netdevsim0): Releasing backup interface
[  210.150167][ T7573] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  210.187498][ T7573] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  210.233246][ T7573] team0: Port device netdevsim0 added
[  210.263665][ T7581] loop1: detected capacity change from 0 to 2048
[  210.267131][ T7574] netlink: 'syz.2.544': attribute type 10 has an invalid length.
[  210.325126][ T7584] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  210.350850][ T7574] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  210.354079][   T29] audit: type=1800 audit(1721265890.129:24): pid=7581 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.547" name="file1" dev="loop1" ino=15 res=0 errno=0
[  210.404728][ T7574] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  210.454920][ T7574] team0: Port device netdevsim0 removed
[  210.573228][ T7574] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  210.775998][ T7560] loop4: detected capacity change from 0 to 32768
[  210.808565][ T7560] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.540 (7560)
[  210.846267][   T29] audit: type=1326 audit(1721265890.609:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7590 comm="syz.1.551" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f130ab75a99 code=0x0
[  210.906168][ T7560] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  210.945904][ T7560] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  210.957907][ T7560] BTRFS info (device loop4): using free-space-tree
[  210.965167][ T7593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'.
[  211.219061][   T29] audit: type=1804 audit(1721265890.989:26): pid=7560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.540" name="/newroot/152/file1/bus" dev="loop4" ino=263 res=1 errno=0
[  211.376558][ T5102] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  211.466609][ T7583] loop0: detected capacity change from 0 to 32768
[  211.502405][ T7583] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.548 (7583)
[  211.579163][ T7583] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  211.618610][ T7583] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  211.659896][ T7583] BTRFS info (device loop0): using free-space-tree
[  211.665800][ T7580] loop3: detected capacity change from 0 to 32768
[  211.908261][ T7637] netlink: 'syz.1.555': attribute type 10 has an invalid length.
[  211.937603][ T7637] batman_adv: batadv0: Adding interface: team0
[  211.943912][ T7637] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  211.974345][ T7637] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  211.983234][ T7580] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  211.994155][ T7638] netlink: 'syz.1.555': attribute type 10 has an invalid length.
[  212.003026][ T7638] netlink: 2 bytes leftover after parsing attributes in process `syz.1.555'.
[  212.012314][ T7638] team0: entered promiscuous mode
[  212.017641][ T7638] team_slave_0: entered promiscuous mode
[  212.023657][ T7638] team_slave_1: entered promiscuous mode
[  212.032471][ T7638] 8021q: adding VLAN 0 to HW filter on device team0
[  212.040976][ T7638] batman_adv: batadv0: Interface activated: team0
[  212.050051][ T7638] batman_adv: batadv0: Interface deactivated: team0
[  212.057700][ T7638] batman_adv: batadv0: Removing interface: team0
[  212.481571][ T7638] bridge0: port 3(team0) entered blocking state
[  212.537837][ T7638] bridge0: port 3(team0) entered disabled state
[  212.544947][ T7638] team0: entered allmulticast mode
[  212.551918][ T7638] team_slave_0: entered allmulticast mode
[  212.557922][ T7638] team_slave_1: entered allmulticast mode
[  212.570053][ T7638] bridge0: port 3(team0) entered blocking state
[  212.576490][ T7638] bridge0: port 3(team0) entered forwarding state
[  212.702961][   T11] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared)
[  212.724713][ T7580] XFS (loop3): Ending clean mount
[  212.745518][ T7580] XFS (loop3): Quotacheck needed: Please wait.
[  212.752313][ T5105] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  212.828300][   T49] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  212.830295][ T7580] XFS (loop3): Quotacheck: Done.
[  212.850682][ T7580] overlayfs: missing 'lowerdir'
[  212.964965][ T6953] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  213.016656][ T7650] netlink: 56 bytes leftover after parsing attributes in process `syz.1.557'.
[  213.051423][   T49] usb 5-1: device descriptor read/64, error -71
[  213.184075][ T7656] netlink: 'syz.1.560': attribute type 10 has an invalid length.
[  213.234673][ T7656] bond0: (slave netdevsim0): Releasing backup interface
[  213.284360][ T7656] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  213.293979][ T7656] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  213.303891][ T5122] Bluetooth: hci3: SCO packet for unknown connection handle 2096
[  213.338483][   T49] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  213.343607][ T7656] team0: Port device netdevsim0 added
[  213.382412][ T7657] netlink: 'syz.1.560': attribute type 10 has an invalid length.
[  213.412012][ T7660] loop3: detected capacity change from 0 to 2048
[  213.419236][ T7657] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  213.427527][ T7657] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[  213.441120][ T5157] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  213.452015][ T7661] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  213.473499][ T7657] team0: Port device netdevsim0 removed
[  213.514859][ T7657] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  213.524068][   T49] usb 5-1: device descriptor read/64, error -71
[  213.674657][   T49] usb usb5-port1: attempt power cycle
[  213.680311][ T5157] usb 1-1: Using ep0 maxpacket: 16
[  213.698213][ T7665] netlink: 'syz.3.561': attribute type 10 has an invalid length.
[  213.769267][ T5157] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  213.787373][ T7665] bridge0: port 3(team0) entered disabled state
[  213.832089][ T5157] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  213.841170][ T7665] team0: left allmulticast mode
[  213.846152][ T7665] team_slave_0: left allmulticast mode
[  213.851915][ T7665] team_slave_1: left allmulticast mode
[  213.857548][ T7665] team0: left promiscuous mode
[  213.862402][ T7665] team_slave_0: left promiscuous mode
[  213.868322][ T7665] team_slave_1: left promiscuous mode
[  213.874363][ T7665] bridge0: port 3(team0) entered disabled state
[  213.911657][ T5157] usb 1-1: Product: syz
[  213.924855][ T5157] usb 1-1: Manufacturer: syz
[  213.929952][ T5157] usb 1-1: SerialNumber: syz
[  213.938454][ T5157] r8152-cfgselector 1-1: Unknown version 0x0000
[  213.950428][ T5157] r8152-cfgselector 1-1: config 0 descriptor??
[  213.999578][ T7665] batman_adv: batadv0: Adding interface: team0
[  214.005884][ T7665] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  214.031476][ T7665] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  214.457468][ T5122] Bluetooth: hci5: command 0x1003 tx timeout
[  214.464491][   T55] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  214.484309][ T7672] netlink: 4 bytes leftover after parsing attributes in process `syz.1.563'.
[  214.619482][   T49] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  214.670614][   T49] usb 5-1: device descriptor read/8, error -71
[  214.684093][ T7674] loop2: detected capacity change from 0 to 256
[  214.756301][   T29] audit: type=1326 audit(1721265894.519:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7675 comm="syz.3.565" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fabfb375a99 code=0x0
[  214.789505][ T5157] r8152-cfgselector 1-1: Unknown version 0x0000
[  214.801406][ T7674] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  214.818112][ T5157] r8152-cfgselector 1-1: bad CDC descriptors
[  214.830482][ T5157] r8152-cfgselector 1-1: USB disconnect, device number 7
[  215.050829][ T7685] netlink: 'syz.4.567': attribute type 10 has an invalid length.
[  215.148489][ T7685] bridge0: port 2(team0) entered disabled state
[  215.249241][ T7685] team0: left allmulticast mode
[  215.287319][ T7685] team_slave_0: left allmulticast mode
[  215.292938][ T7685] team_slave_1: left allmulticast mode
[  215.298656][ T7685] team0: left promiscuous mode
[  215.303568][ T7685] team_slave_0: left promiscuous mode
[  215.337263][ T7685] team_slave_1: left promiscuous mode
[  215.355399][ T7685] bridge0: port 2(team0) entered disabled state
[  215.899777][ T7685] batman_adv: batadv0: Adding interface: team0
[  215.906060][ T7685] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  215.955924][ T7690] netlink: 56 bytes leftover after parsing attributes in process `syz.0.569'.
[  216.007019][ T7685] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  216.035719][ T7686] netlink: 'syz.4.567': attribute type 10 has an invalid length.
[  216.054424][ T7686] netlink: 2 bytes leftover after parsing attributes in process `syz.4.567'.
[  216.078345][ T7686] team0: entered promiscuous mode
[  216.094618][ T7686] team_slave_0: entered promiscuous mode
[  216.111713][ T7686] team_slave_1: entered promiscuous mode
[  216.133172][ T7686] 8021q: adding VLAN 0 to HW filter on device team0
[  216.162266][ T7686] batman_adv: batadv0: Interface activated: team0
[  216.177217][ T7686] batman_adv: batadv0: Interface deactivated: team0
[  216.189551][ T7686] batman_adv: batadv0: Removing interface: team0
[  216.216113][ T7686] bridge0: port 2(team0) entered blocking state
[  216.236361][ T7686] bridge0: port 2(team0) entered disabled state
[  216.255781][ T7686] team0: entered allmulticast mode
[  216.272670][ T7686] team_slave_0: entered allmulticast mode
[  216.296601][ T7686] team_slave_1: entered allmulticast mode
[  216.319170][ T7686] bridge0: port 2(team0) entered blocking state
[  216.325641][ T7686] bridge0: port 2(team0) entered forwarding state
[  216.626110][ T7696] loop4: detected capacity change from 0 to 2048
[  216.704952][ T7699] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  216.738474][ T7698] netlink: 'syz.0.572': attribute type 10 has an invalid length.
[  216.781279][ T7698] bond0: (slave netdevsim0): Releasing backup interface
[  216.885650][   T55] Bluetooth: hci1: SCO packet for unknown connection handle 2096
[  216.889627][ T7698] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  216.918826][ T7698] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  216.962096][ T7698] team0: Port device netdevsim0 added
[  217.016025][ T7700] netlink: 'syz.0.572': attribute type 10 has an invalid length.
[  217.065305][ T7700] netdevsim netdevsim0 netdevsim0: left promiscuous mode
[  217.102558][ T7700] netdevsim netdevsim0 netdevsim0: left allmulticast mode
[  217.103560][ T7692] loop3: detected capacity change from 0 to 32768
[  217.138203][ T7700] team0: Port device netdevsim0 removed
[  217.185496][ T7700] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  217.209187][ T7692] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  217.481076][ T7692] XFS (loop3): Ending clean mount
[  217.501253][ T7692] XFS (loop3): Quotacheck needed: Please wait.
[  217.610522][ T7715] netlink: 'syz.0.575': attribute type 10 has an invalid length.
[  217.711136][ T7715] bridge0: port 3(team0) entered disabled state
[  217.770341][ T7692] XFS (loop3): Quotacheck: Done.
[  217.818467][ T7692] overlay: Unknown parameter '/'
[  217.848301][ T7715] team0: left allmulticast mode
[  217.853318][ T7715] team_slave_1: left allmulticast mode
[  217.859264][ T7715] team0: left promiscuous mode
[  217.864256][ T7715] team_slave_1: left promiscuous mode
[  217.870351][ T7715] bridge0: port 3(team0) entered disabled state
[  218.348387][ T7715] batman_adv: batadv0: Adding interface: team0
[  218.382581][ T7715] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  218.422112][ T7715] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  218.457809][ T6953] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  218.529174][ T7721] Bluetooth: hci5: Frame reassembly failed (-84)
[  218.629021][   T12] Bluetooth: hci5: Frame reassembly failed (-84)
[  218.850308][ T7703] loop4: detected capacity change from 0 to 32768
[  218.904727][ T7703] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.573 (7703)
[  219.015381][ T7703] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  219.035910][ T7703] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  219.064990][ T7703] BTRFS info (device loop4): using free-space-tree
[  219.288086][    T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  219.338686][ T7741] netlink: 4 bytes leftover after parsing attributes in process `syz.3.576'.
[  219.366231][ T5102] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  219.367787][   T12] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  219.465594][ T7743] netlink: 56 bytes leftover after parsing attributes in process `syz.3.580'.
[  219.488605][    T9] usb 1-1: device descriptor read/64, error -71
[  219.695098][   T29] audit: type=1326 audit(1721265899.469:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7746 comm="syz.3.581" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fabfb375a99 code=0x0
[  219.788303][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  220.627130][    T9] usb 1-1: device descriptor read/64, error -71
[  220.635982][ T7760] netlink: 'syz.4.585': attribute type 10 has an invalid length.
[  220.677959][ T5122] Bluetooth: hci5: command 0x1003 tx timeout
[  220.690770][   T55] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  220.692316][ T7760] bond0: (slave netdevsim0): Releasing backup interface
[  220.759747][    T9] usb usb1-port1: attempt power cycle
[  220.775927][ T7760] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  220.784011][   T55] Bluetooth: hci0: SCO packet for unknown connection handle 2096
[  220.834283][ T7760] netdevsim netdevsim4 netdevsim0: entered allmulticast mode
[  220.846062][ T7761] loop1: detected capacity change from 0 to 2048
[  220.883550][ T7760] team0: Port device netdevsim0 added
[  220.905140][ T7768] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  220.921593][ T7762] macsec1: entered promiscuous mode
[  220.940313][ T7762] team0: entered promiscuous mode
[  220.955360][ T7762] team_slave_0: entered promiscuous mode
[  220.974914][ T7762] team_slave_1: entered promiscuous mode
[  220.989486][ T7762] macsec1: entered allmulticast mode
[  221.001172][ T7762] team0: entered allmulticast mode
[  221.025192][ T7762] team_slave_0: entered allmulticast mode
[  221.034587][ T7762] team_slave_1: entered allmulticast mode
[  221.055533][ T7762] team0: left allmulticast mode
[  221.075902][ T7762] team_slave_0: left allmulticast mode
[  221.087305][ T7762] team_slave_1: left allmulticast mode
[  221.093080][ T7762] team0: left promiscuous mode
[  221.098769][ T7762] team_slave_0: left promiscuous mode
[  221.104571][ T7762] team_slave_1: left promiscuous mode
[  221.248834][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  221.409924][    T9] usb 1-1: device descriptor read/8, error -71
[  221.421114][ T7763] netlink: 'syz.4.585': attribute type 10 has an invalid length.
[  221.987344][ T7763] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[  221.998387][    T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  222.016510][ T7763] netdevsim netdevsim4 netdevsim0: left allmulticast mode
[  222.052130][ T7763] team0: Port device netdevsim0 removed
[  222.073476][ T7763] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  222.112339][ T7772] netlink: 'syz.1.587': attribute type 10 has an invalid length.
[  222.177864][ T7772] bridge0: port 3(team0) entered disabled state
[  222.211098][ T7772] team0: left allmulticast mode
[  222.216006][ T7772] team_slave_0: left allmulticast mode
[  222.234372][ T7772] team_slave_1: left allmulticast mode
[  222.240437][    T9] usb 1-1: device not accepting address 11, error -71
[  222.259259][ T7772] team0: left promiscuous mode
[  222.264066][ T7772] team_slave_0: left promiscuous mode
[  222.272855][    T9] usb usb1-port1: unable to enumerate USB device
[  222.309548][ T7772] team_slave_1: left promiscuous mode
[  222.320053][ T7772] bridge0: port 3(team0) entered disabled state
[  222.342192][ T7782] netlink: 56 bytes leftover after parsing attributes in process `syz.3.591'.
[  222.353891][ T7772] batman_adv: batadv0: Adding interface: team0
[  222.374900][ T7772] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  222.410675][ T7772] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  222.435621][ T7781] netlink: 4 bytes leftover after parsing attributes in process `syz.0.590'.
[  222.655969][ T7767] loop2: detected capacity change from 0 to 32768
[  222.817369][   T29] audit: type=1326 audit(1721265902.589:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7789 comm="syz.1.594" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f130ab75a99 code=0x0
[  222.895063][ T7767] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.599612][ T7767] XFS (loop2): Ending clean mount
[  223.635416][ T7767] XFS (loop2): Quotacheck needed: Please wait.
[  223.813672][ T7767] XFS (loop2): Quotacheck: Done.
[  223.913538][ T5114] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.924101][ T7778] loop4: detected capacity change from 0 to 32768
[  224.034355][ T7806] loop1: detected capacity change from 0 to 2048
[  224.052936][ T7778] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  224.277356][ T7815] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  224.295774][ T7778] XFS (loop4): Ending clean mount
[  224.336066][ T7778] XFS (loop4): Quotacheck needed: Please wait.
[  224.381447][ T7794] loop3: detected capacity change from 0 to 40427
[  224.432704][ T7778] XFS (loop4): Quotacheck: Done.
[  224.487723][ T7794] F2FS-fs (loop3): invalid crc value
[  224.543266][ T7794] F2FS-fs (loop3): Found nat_bits in checkpoint
[  224.558994][ T5102] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  224.567899][ T7818] netlink: 'syz.1.599': attribute type 10 has an invalid length.
[  224.602183][ T7818] bond0: (slave netdevsim0): Releasing backup interface
[  224.630002][ T7818] team0: Port device netdevsim0 added
[  224.672640][ T7823] netlink: 'syz.1.599': attribute type 10 has an invalid length.
[  224.681340][ T7794] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  224.709154][   T55] Bluetooth: hci3: SCO packet for unknown connection handle 2096
[  224.780578][ T7823] team0: Port device netdevsim0 removed
[  224.814363][   T63] Bluetooth: hci5: Frame reassembly failed (-84)
[  224.823723][ T7823] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  224.964764][ T6953] syz-executor: attempt to access beyond end of device
[  224.964764][ T6953] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  225.000192][ T6953] F2FS-fs (loop3): Remounting filesystem read-only
[  225.285328][ T7839] netlink: 'syz.1.604': attribute type 10 has an invalid length.
[  226.259060][ T7842] netlink: 56 bytes leftover after parsing attributes in process `syz.2.605'.
[  226.838475][ T5122] Bluetooth: hci5: command 0x1003 tx timeout
[  226.927278][   T55] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  227.254168][ T7852] loop4: detected capacity change from 0 to 2048
[  227.315466][ T7856] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  227.327638][   T49] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  227.404465][ T7855] netlink: 4 bytes leftover after parsing attributes in process `syz.3.603'.
[  227.527252][   T49] usb 2-1: Using ep0 maxpacket: 16
[  227.562873][   T49] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  227.592153][   T49] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.611823][   T49] usb 2-1: Product: syz
[  227.623675][   T49] usb 2-1: Manufacturer: syz
[  227.635675][   T49] usb 2-1: SerialNumber: syz
[  227.645209][ T7858] loop4: detected capacity change from 0 to 256
[  227.660457][   T49] r8152-cfgselector 2-1: Unknown version 0x0000
[  227.671133][   T49] r8152-cfgselector 2-1: config 0 descriptor??
[  227.695940][ T7858] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  227.929562][   T49] r8152-cfgselector 2-1: Unknown version 0x0000
[  227.962968][   T49] r8152-cfgselector 2-1: bad CDC descriptors
[  227.993925][   T49] r8152-cfgselector 2-1: USB disconnect, device number 2
[  228.368409][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  228.414029][ T7864] netlink: 'syz.0.614': attribute type 10 has an invalid length.
[  228.469941][   T55] Bluetooth: hci1: SCO packet for unknown connection handle 2096
[  228.472918][ T7864] bond0: (slave netdevsim0): Releasing backup interface
[  228.511534][ T7864] team0: Port device netdevsim0 added
[  228.537835][ T7865] netlink: 'syz.0.614': attribute type 10 has an invalid length.
[  228.605299][ T7865] team0: Port device netdevsim0 removed
[  228.639988][ T7865] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  228.751261][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.217119][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  229.285001][ T7862] loop3: detected capacity change from 0 to 32768
[  230.417736][ T7870] netlink: 'syz.0.617': attribute type 10 has an invalid length.
[  230.432855][ T7862] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  230.597531][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  230.635270][ T7886] loop1: detected capacity change from 0 to 2048
[  230.654908][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.670300][ T7894] netlink: 4 bytes leftover after parsing attributes in process `syz.2.621'.
[  230.695856][ T7896] loop0: detected capacity change from 0 to 256
[  230.720071][ T7897] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  230.744905][ T7896] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  230.836363][ T7862] XFS (loop3): Ending clean mount
[  230.893174][ T7862] XFS (loop3): Quotacheck needed: Please wait.
[  230.959696][ T5122] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  230.980417][ T5122] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  230.998889][ T5122] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  231.018728][ T7862] XFS (loop3): Quotacheck: Done.
[  231.024142][ T5122] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  231.024377][   T12] team0: left allmulticast mode
[  231.040953][ T5122] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  231.052741][ T5122] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  231.063657][   T12] team_slave_0: left allmulticast mode
[  231.072607][   T12] team_slave_1: left allmulticast mode
[  231.086798][   T12] bridge0: port 2(team0) entered disabled state
[  231.132967][ T6953] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  231.155327][   T12] bridge_slave_0: left allmulticast mode
[  231.161774][   T12] bridge_slave_0: left promiscuous mode
[  231.173121][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.203955][   T12] veth1_to_bond: left allmulticast mode
[  231.210120][   T12] veth1_to_bond: left promiscuous mode
[  231.215882][   T12] bridge2: port 1(veth1_to_bond) entered disabled state
[  231.580543][ T5122] Bluetooth: hci2: SCO packet for unknown connection handle 2096
[  231.829387][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  231.856882][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  231.869091][   T12] bond0 (unregistering): Released all slaves
[  231.905582][ T7905] netlink: 20 bytes leftover after parsing attributes in process `syz.2.628'.
[  231.953408][ T7907] veth1_to_bond: left allmulticast mode
[  231.963299][ T7907] veth1_to_bond: left promiscuous mode
[  231.969693][ T7907] bridge3: port 1(veth1_to_bond) entered disabled state
[  232.004927][ T7907] bridge4: port 1(veth1_to_bond) entered blocking state
[  232.024826][ T7907] bridge4: port 1(veth1_to_bond) entered disabled state
[  232.040400][ T7907] veth1_to_bond: entered allmulticast mode
[  232.048092][ T7907] veth1_to_bond: entered promiscuous mode
[  232.060965][ T7907] bridge4: port 1(veth1_to_bond) entered blocking state
[  232.068137][ T7907] bridge4: port 1(veth1_to_bond) entered forwarding state
[  232.085965][ T7909] netlink: 'syz.3.627': attribute type 10 has an invalid length.
[  232.164210][ T7909] team0: Port device netdevsim0 added
[  232.176438][ T7910] netlink: 'syz.3.627': attribute type 10 has an invalid length.
[  232.231065][ T7910] team0: Port device netdevsim0 removed
[  232.250982][ T7910] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  232.431468][ T7920] loop1: detected capacity change from 0 to 256
[  232.563439][ T7921] netlink: 4 bytes leftover after parsing attributes in process `syz.3.633'.
[  232.584600][ T7920] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  232.966506][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  232.983293][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  232.997515][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  233.028194][   T12] hsr_slave_0: left promiscuous mode
[  233.029912][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  233.043684][   T12] hsr_slave_1: left promiscuous mode
[  233.050493][   T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  233.062242][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  233.067223][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  233.078928][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  233.122945][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  233.131830][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  233.157275][ T5122] Bluetooth: hci0: command tx timeout
[  233.188281][   T12] veth1_macvtap: left promiscuous mode
[  233.193972][   T12] veth0_macvtap: left promiscuous mode
[  233.207300][   T12] veth1_vlan: left promiscuous mode
[  233.217404][   T12] veth0_vlan: left promiscuous mode
[  233.459775][ T7929] loop2: detected capacity change from 0 to 32768
[  233.510706][ T7929] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  233.688468][ T7929] XFS (loop2): Ending clean mount
[  233.706286][ T7929] XFS (loop2): Quotacheck needed: Please wait.
[  233.770780][ T7929] XFS (loop2): Quotacheck: Done.
[  233.830816][ T5114] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  234.053037][   T12] team_slave_1 (unregistering): left promiscuous mode
[  234.072896][   T12] team0 (unregistering): Port device team_slave_1 removed
[  234.140063][   T12] team_slave_0 (unregistering): left promiscuous mode
[  234.154455][   T12] team0 (unregistering): Port device team_slave_0 removed
[  234.847405][ T7957] netlink: 20 bytes leftover after parsing attributes in process `syz.3.641'.
[  235.135578][ T7959] netlink: 'syz.3.642': attribute type 10 has an invalid length.
[  235.158256][ T5122] Bluetooth: hci1: command tx timeout
[  235.247195][ T5122] Bluetooth: hci0: command tx timeout
[  235.256269][ T5122] Bluetooth: hci2: SCO packet for unknown connection handle 2096
[  235.265374][ T7959] bond0: (slave netdevsim0): Releasing backup interface
[  235.316568][ T7959] team0: Port device netdevsim0 added
[  235.343672][ T7962] netlink: 'syz.3.642': attribute type 10 has an invalid length.
[  235.402539][ T7962] team0: Port device netdevsim0 removed
[  235.425805][ T7962] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  235.655400][   T55] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  235.667396][   T55] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  235.675904][   T55] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  235.686082][   T55] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  235.695354][   T55] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  235.707035][   T55] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  235.740055][ T7974] loop3: detected capacity change from 0 to 256
[  235.754058][ T7974] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  236.287390][ T7898] chnl_net:caif_netlink_parms(): no params data found
[  236.446739][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.657608][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.783252][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  236.934511][ T7933] chnl_net:caif_netlink_parms(): no params data found
[  237.023518][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  237.052691][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  237.215134][ T7898] bridge0: port 1(bridge_slave_0) entered blocking state
[  237.227270][ T7898] bridge0: port 1(bridge_slave_0) entered disabled state
[  237.234523][ T7898] bridge_slave_0: entered allmulticast mode
[  237.235901][ T7974] loop3: detected capacity change from 256 to 0
[  237.242164][ T5122] Bluetooth: hci1: command tx timeout
[  237.254967][ T7898] bridge_slave_0: entered promiscuous mode
[  237.293883][ T7992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.646'.
[  237.295700][ T6953] syz-executor: attempt to access beyond end of device
[  237.295700][ T6953] loop3: rw=0, sector=128, nr_sectors = 1 limit=0
[  237.317609][ T5122] Bluetooth: hci0: command tx timeout
[  237.323250][ T6953] exFAT-fs (loop3): error, failed to access to FAT (entry 0x00000005, err:-5)
[  237.334354][ T6953] exFAT-fs (loop3): Filesystem has been set read-only
[  237.347817][ T6953] syz-executor: attempt to access beyond end of device
[  237.347817][ T6953] loop3: rw=0, sector=128, nr_sectors = 1 limit=0
[  237.354604][ T7898] bridge0: port 2(bridge_slave_1) entered blocking state
[  237.361054][ T6953] exFAT-fs (loop3): error, failed to access to FAT (entry 0x00000005, err:-5)
[  237.422278][ T7898] bridge0: port 2(bridge_slave_1) entered disabled state
[  237.441858][ T7898] bridge_slave_1: entered allmulticast mode
[  237.461587][ T7898] bridge_slave_1: entered promiscuous mode
[  237.653013][ T7898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  237.735333][ T7898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  237.809982][ T5122] Bluetooth: hci3: command tx timeout
[  238.025278][ T7898] team0: Port device team_slave_0 added
[  238.076189][ T8013] netlink: 20 bytes leftover after parsing attributes in process `syz.2.650'.
[  238.133215][ T7933] bridge0: port 1(bridge_slave_0) entered blocking state
[  238.151226][ T7933] bridge0: port 1(bridge_slave_0) entered disabled state
[  238.167823][ T7933] bridge_slave_0: entered allmulticast mode
[  238.185491][ T7933] bridge_slave_0: entered promiscuous mode
[  238.199810][ T7996] loop3: detected capacity change from 0 to 32768
[  238.225588][ T7898] team0: Port device team_slave_1 added
[  238.231981][ T8018] veth1_to_bond: left allmulticast mode
[  238.241356][ T8018] veth1_to_bond: left promiscuous mode
[  238.250412][ T8018] bridge4: port 1(veth1_to_bond) entered disabled state
[  238.268475][ T8018] bridge5: port 1(veth1_to_bond) entered blocking state
[  238.283742][ T8018] bridge5: port 1(veth1_to_bond) entered disabled state
[  238.293021][ T8018] veth1_to_bond: entered allmulticast mode
[  238.304069][ T7996] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  238.309561][ T8018] veth1_to_bond: entered promiscuous mode
[  238.328450][ T8018] bridge5: port 1(veth1_to_bond) entered blocking state
[  238.335587][ T8018] bridge5: port 1(veth1_to_bond) entered forwarding state
[  238.431918][ T7996] XFS (loop3): Ending clean mount
[  238.446227][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.471049][ T7996] XFS (loop3): Quotacheck needed: Please wait.
[  238.513153][ T7933] bridge0: port 2(bridge_slave_1) entered blocking state
[  238.536651][ T7933] bridge0: port 2(bridge_slave_1) entered disabled state
[  238.545583][ T7933] bridge_slave_1: entered allmulticast mode
[  238.553194][ T7996] XFS (loop3): Quotacheck: Done.
[  238.558488][ T7933] bridge_slave_1: entered promiscuous mode
[  238.603573][ T6953] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  238.604998][ T8034] netlink: 'syz.2.652': attribute type 10 has an invalid length.
[  238.633575][ T5122] Bluetooth: hci4: SCO packet for unknown connection handle 2096
[  238.707930][ T8034] bond0: (slave netdevsim0): Releasing backup interface
[  238.798555][ T8034] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  238.847413][ T8034] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  238.867859][ T8034] team0: Port device netdevsim0 added
[  238.907988][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  238.956217][ T7971] chnl_net:caif_netlink_parms(): no params data found
[  238.989438][ T8035] netlink: 'syz.2.652': attribute type 10 has an invalid length.
[  239.019800][ T8035] netdevsim netdevsim2 netdevsim0: left promiscuous mode
[  239.031039][ T8035] netdevsim netdevsim2 netdevsim0: left allmulticast mode
[  239.041961][ T8035] team0: Port device netdevsim0 removed
[  239.054165][ T8035] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  239.098399][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_0
[  239.107704][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  239.135481][ T7898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  239.215757][ T8044] loop2: detected capacity change from 0 to 256
[  239.241491][ T8044] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  239.268221][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.317305][ T5122] Bluetooth: hci1: command tx timeout
[  239.345805][ T7898] batman_adv: batadv0: Adding interface: batadv_slave_1
[  239.373109][ T7898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  239.407989][ T5122] Bluetooth: hci0: command tx timeout
[  239.446682][ T7898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  239.529157][ T7933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  239.599895][   T12] bond0: (slave netdevsim0): Releasing backup interface
[  239.632748][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.772919][ T7933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  239.887098][ T5122] Bluetooth: hci3: command tx timeout
[  240.134489][ T7933] team0: Port device team_slave_0 added
[  240.224715][ T7933] team0: Port device team_slave_1 added
[  240.420557][ T7898] hsr_slave_0: entered promiscuous mode
[  240.450140][ T7898] hsr_slave_1: entered promiscuous mode
[  240.484994][ T7898] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  240.515145][ T7898] Cannot create hsr debugfs directory
[  240.895225][ T7971] bridge0: port 1(bridge_slave_0) entered blocking state
[  240.902881][ T7971] bridge0: port 1(bridge_slave_0) entered disabled state
[  240.912503][ T7971] bridge_slave_0: entered allmulticast mode
[  240.917533][ T8044] loop2: detected capacity change from 256 to 0
[  240.942048][ T7971] bridge_slave_0: entered promiscuous mode
[  241.030214][ T5114] syz-executor: attempt to access beyond end of device
[  241.030214][ T5114] loop2: rw=0, sector=128, nr_sectors = 1 limit=0
[  241.067395][ T5114] exFAT-fs (loop2): error, failed to access to FAT (entry 0x00000005, err:-5)
[  241.089777][ T7933] batman_adv: batadv0: Adding interface: batadv_slave_0
[  241.098211][ T5114] exFAT-fs (loop2): Filesystem has been set read-only
[  241.110666][ T7933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.146107][ T5114] syz-executor: attempt to access beyond end of device
[  241.146107][ T5114] loop2: rw=0, sector=128, nr_sectors = 1 limit=0
[  241.173891][ T7933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  241.187907][ T5114] exFAT-fs (loop2): error, failed to access to FAT (entry 0x00000005, err:-5)
[  241.206087][ T7971] bridge0: port 2(bridge_slave_1) entered blocking state
[  241.226410][ T7971] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.238080][ T7971] bridge_slave_1: entered allmulticast mode
[  241.280822][ T7971] bridge_slave_1: entered promiscuous mode
[  241.397136][ T5122] Bluetooth: hci1: command tx timeout
[  241.509163][ T7933] batman_adv: batadv0: Adding interface: batadv_slave_1
[  241.525630][ T7933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  241.555871][ T7933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  241.569918][ T8066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.655'.
[  241.612930][   T12] bridge_slave_1: left allmulticast mode
[  241.623131][   T12] bridge_slave_1: left promiscuous mode
[  241.629200][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  241.655217][   T12] bridge_slave_0: left allmulticast mode
[  241.661721][   T12] bridge_slave_0: left promiscuous mode
[  241.671069][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.694911][   T12] bridge_slave_0: left allmulticast mode
[  241.701818][   T12] bridge_slave_0: left promiscuous mode
[  241.723160][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  241.751277][   T12] veth1_to_bond: left allmulticast mode
[  241.757071][   T12] veth1_to_bond: left promiscuous mode
[  241.769228][   T12] bridge2: port 1(veth1_to_bond) entered disabled state
[  241.957154][ T5122] Bluetooth: hci3: command tx timeout
[  242.462876][ T8070] loop3: detected capacity change from 0 to 32768
[  242.489394][ T8070] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.657 (8070)
[  242.526199][ T8070] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  242.541784][ T8070] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  242.553197][ T8070] BTRFS info (device loop3): using free-space-tree
[  242.831762][ T6953] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  242.952788][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.037615][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  243.068836][   T12] bond0 (unregistering): Released all slaves
[  243.295984][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  243.313488][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  243.344863][   T12] bond0 (unregistering): Released all slaves
[  243.434727][ T7971] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.550946][ T8092] netlink: 28 bytes leftover after parsing attributes in process `syz.2.659'.
[  243.578993][ T8092] veth1_to_bond: left allmulticast mode
[  243.605269][ T8092] veth1_to_bond: left promiscuous mode
[  243.614224][ T8092] bridge5: port 1(veth1_to_bond) entered disabled state
[  243.662726][ T8091] netlink: 20 bytes leftover after parsing attributes in process `syz.2.659'.
[  243.742710][ T7971] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.801871][ T8098] loop2: detected capacity change from 0 to 256
[  243.838287][ T8098] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  244.038113][ T5122] Bluetooth: hci3: command tx timeout
[  244.068360][ T7933] hsr_slave_0: entered promiscuous mode
[  244.091751][ T7933] hsr_slave_1: entered promiscuous mode
[  244.127111][ T7933] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  244.148898][ T7933] Cannot create hsr debugfs directory
[  244.201242][ T7971] team0: Port device team_slave_0 added
[  244.294514][ T7971] team0: Port device team_slave_1 added
[  244.837674][ T8098] loop2: detected capacity change from 256 to 0
[  244.916183][ T5114] syz-executor: attempt to access beyond end of device
[  244.916183][ T5114] loop2: rw=0, sector=128, nr_sectors = 1 limit=0
[  244.950461][ T7971] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.960809][ T5114] exFAT-fs (loop2): error, failed to access to FAT (entry 0x00000005, err:-5)
[  244.969836][ T7971] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.996234][ T5114] exFAT-fs (loop2): Filesystem has been set read-only
[  245.016863][ T7971] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.017890][ T5114] syz-executor: attempt to access beyond end of device
[  245.017890][ T5114] loop2: rw=0, sector=128, nr_sectors = 1 limit=0
[  245.048225][ T7971] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.055272][ T7971] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  245.081762][ T5114] exFAT-fs (loop2): error, failed to access to FAT (entry 0x00000005, err:-5)
[  245.137455][ T7971] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.751114][ T7971] hsr_slave_0: entered promiscuous mode
[  245.786735][ T7971] hsr_slave_1: entered promiscuous mode
[  245.796026][ T7971] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  245.806240][ T7971] Cannot create hsr debugfs directory
[  245.841157][   T12] hsr_slave_0: left promiscuous mode
[  245.859108][   T12] hsr_slave_1: left promiscuous mode
[  245.870401][   T12] batman_adv: batadv0: Removing interface: team0
[  245.885451][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  245.897036][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.907720][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  245.935198][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.986746][   T12] hsr_slave_0: left promiscuous mode
[  246.001962][   T12] hsr_slave_1: left promiscuous mode
[  246.018544][   T12] batman_adv: batadv0: Removing interface: team0
[  246.051375][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.065197][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.082358][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.094233][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.238252][   T12] veth1_macvtap: left promiscuous mode
[  246.245666][   T12] veth0_macvtap: left promiscuous mode
[  246.254088][   T12] veth1_vlan: left promiscuous mode
[  246.260021][   T12] veth0_vlan: left promiscuous mode
[  246.283946][   T12] veth1_macvtap: left promiscuous mode
[  246.290800][   T12] veth0_macvtap: left promiscuous mode
[  246.299966][   T12] veth1_vlan: left promiscuous mode
[  246.308487][   T12] veth0_vlan: left promiscuous mode
[  246.833427][ T8109] overlayfs: missing 'lowerdir'
[  247.054891][ T8112] netlink: 4 bytes leftover after parsing attributes in process `syz.2.666'.
[  247.633728][   T12] team0 (unregistering): Port device team_slave_1 removed
[  247.683330][   T12] team0 (unregistering): Port device team_slave_0 removed
[  248.495938][   T12] team0 (unregistering): Port device team_slave_1 removed
[  248.977594][ T8119] netlink: 20 bytes leftover after parsing attributes in process `syz.3.669'.
[  248.999353][ T8120] netlink: 28 bytes leftover after parsing attributes in process `syz.3.669'.
[  249.017954][ T8121] bridge1: port 1(veth1_to_bond) entered blocking state
[  249.027982][ T8121] bridge1: port 1(veth1_to_bond) entered disabled state
[  249.035184][ T8121] veth1_to_bond: entered allmulticast mode
[  249.042840][ T8121] veth1_to_bond: entered promiscuous mode
[  249.064498][ T8121] bridge1: port 1(veth1_to_bond) entered blocking state
[  249.071731][ T8121] bridge1: port 1(veth1_to_bond) entered forwarding state
[  250.281298][ T7898] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  250.416573][ T7898] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  250.697630][ T7898] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  250.732802][ T7898] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  250.783974][ T8126] loop3: detected capacity change from 0 to 32768
[  250.802296][ T8126] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.671 (8126)
[  250.855930][ T8126] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  250.886109][ T8126] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  250.921407][ T8126] BTRFS info (device loop3): using free-space-tree
[  251.308696][ T8126] loop3: detected capacity change from 32768 to 0
[  251.457520][   T11] kworker/u8:0: attempt to access beyond end of device
[  251.457520][   T11] loop3: rw=4097, sector=10440, nr_sectors = 8 limit=0
[  251.501351][   T11] BTRFS error (device loop3): bdev /dev/loop3 errs: wr 1, rd 0, flush 0, corrupt 0, gen 0
[  251.523066][   T11] kworker/u8:0: attempt to access beyond end of device
[  251.523066][   T11] loop3: rw=4097, sector=10448, nr_sectors = 8 limit=0
[  251.590230][   T11] BTRFS error (device loop3): bdev /dev/loop3 errs: wr 2, rd 0, flush 0, corrupt 0, gen 0
[  251.610915][   T11] kworker/u8:0: attempt to access beyond end of device
[  251.610915][   T11] loop3: rw=4097, sector=13448, nr_sectors = 8 limit=0
[  251.654778][ T7898] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.658357][   T11] BTRFS error (device loop3): bdev /dev/loop3 errs: wr 3, rd 0, flush 0, corrupt 0, gen 0
[  251.683848][ T6953] BTRFS error (device loop3 state A): Transaction aborted (error -5)
[  251.726003][ T6953] BTRFS: error (device loop3 state A) in __btrfs_free_extent:3209: errno=-5 IO failure
[  251.740860][ T7898] 8021q: adding VLAN 0 to HW filter on device team0
[  251.754037][ T6953] BTRFS info (device loop3 state EA): forced readonly
[  251.775677][ T6953] BTRFS error (device loop3 state EA): failed to run delayed ref for logical 5296128 num_bytes 12288 type 178 action 2 ref_mod 1: -5
[  251.797930][ T5156] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.805112][ T5156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.820325][ T6953] BTRFS: error (device loop3 state EA) in btrfs_run_delayed_refs:2199: errno=-5 IO failure
[  251.842111][ T5156] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.849364][ T5156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.865025][ T6953] BTRFS info (device loop3 state EA): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  252.056898][ T7898] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  252.178322][ T7971] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  252.252530][ T7971] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  252.300107][ T7971] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  252.472077][ T7971] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  252.631800][ T7933] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  252.694102][ T7933] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  252.730583][ T7933] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  252.755532][ T8191] netlink: 4100 bytes leftover after parsing attributes in process `syz.3.675'.
[  252.774601][ T7933] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  252.800918][ T7898] 8021q: adding VLAN 0 to HW filter on device batadv0
[  253.041967][ T7971] 8021q: adding VLAN 0 to HW filter on device bond0
[  253.224574][ T7971] 8021q: adding VLAN 0 to HW filter on device team0
[  253.312764][ T5157] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.320139][ T5157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.352680][ T5157] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.359939][ T5157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.523497][ T7933] 8021q: adding VLAN 0 to HW filter on device bond0
[  253.592145][ T7933] 8021q: adding VLAN 0 to HW filter on device team0
[  253.640751][ T7898] veth0_vlan: entered promiscuous mode
[  253.673392][ T7898] veth1_vlan: entered promiscuous mode
[  253.685553][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.692910][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state
[  253.704681][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.711918][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state
[  253.712424][ T8187] loop2: detected capacity change from 0 to 32768
[  253.748771][ T8187] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.674 (8187)
[  253.833030][ T8187] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  253.873977][ T8187] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  253.899522][ T8187] BTRFS info (device loop2): using free-space-tree
[  253.906599][  T930] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  253.922786][ T7898] veth0_macvtap: entered promiscuous mode
[  253.975360][ T7898] veth1_macvtap: entered promiscuous mode
[  254.063680][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.105153][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.128837][  T930] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  254.144540][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  254.148232][  T930] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  254.167295][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.196483][  T930] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  254.217756][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_0
[  254.225195][  T930] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  254.239872][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.280751][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.281887][  T930] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  254.310674][ T8187] BTRFS info (device loop2): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  254.315199][  T930] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  254.323388][ T7898] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  254.356106][ T7898] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  254.360575][  T930] usb 4-1: Product: syz
[  254.375200][ T7898] batman_adv: batadv0: Interface activated: batadv_slave_1
[  254.381199][  T930] usb 4-1: Manufacturer: syz
[  254.400866][ T5114] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  254.420680][ T7898] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  254.431795][  T930] cdc_wdm 4-1:1.0: skipping garbage
[  254.447066][ T7898] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  254.459391][  T930] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  254.473790][ T7898] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  254.506580][ T7898] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  254.663978][ T7971] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.682653][ T5160] usb 4-1: USB disconnect, device number 4
[  254.832878][ T7933] 8021q: adding VLAN 0 to HW filter on device batadv0
[  254.992636][ T8244] netlink: 20 bytes leftover after parsing attributes in process `syz.2.678'.
[  255.068544][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.083759][ T8244] netlink: 28 bytes leftover after parsing attributes in process `syz.2.678'.
[  255.095121][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.127864][ T7933] veth0_vlan: entered promiscuous mode
[  255.160020][ T8244] bridge7: port 1(veth1_to_bond) entered blocking state
[  255.177243][ T8244] bridge7: port 1(veth1_to_bond) entered disabled state
[  255.191105][ T8244] veth1_to_bond: entered allmulticast mode
[  255.203179][ T8244] veth1_to_bond: entered promiscuous mode
[  255.216550][ T8244] bridge7: port 1(veth1_to_bond) entered blocking state
[  255.223845][ T8244] bridge7: port 1(veth1_to_bond) entered forwarding state
[  255.355966][ T7971] veth0_vlan: entered promiscuous mode
[  255.435103][ T7933] veth1_vlan: entered promiscuous mode
[  255.456177][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  255.494211][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  255.559155][ T7971] veth1_vlan: entered promiscuous mode
[  255.960089][ T1249] ieee802154 phy0 wpan0: encryption failed: -22
[  255.976460][ T1249] ieee802154 phy1 wpan1: encryption failed: -22
[  256.241815][ T7971] veth0_macvtap: entered promiscuous mode
[  256.601537][ T7971] veth1_macvtap: entered promiscuous mode
[  256.613080][ T7933] veth0_macvtap: entered promiscuous mode
[  256.882589][ T8265] netlink: 'syz.3.680': attribute type 10 has an invalid length.
[  256.919766][ T8267] netlink: 'syz.3.680': attribute type 10 has an invalid length.
[  256.937077][ T8267] netlink: 2 bytes leftover after parsing attributes in process `syz.3.680'.
[  256.960169][ T8267] team0: entered promiscuous mode
[  256.965316][ T8267] team_slave_0: entered promiscuous mode
[  256.997196][ T8267] team_slave_1: entered promiscuous mode
[  257.008447][ T8267] 8021q: adding VLAN 0 to HW filter on device team0
[  257.015259][ T8267] batman_adv: batadv0: Interface activated: team0
[  257.032096][ T8267] batman_adv: batadv0: Interface deactivated: team0
[  257.048305][ T8267] batman_adv: batadv0: Removing interface: team0
[  257.066096][ T8267] bridge0: port 3(team0) entered blocking state
[  257.078265][ T8267] bridge0: port 3(team0) entered disabled state
[  257.084720][ T8267] team0: entered allmulticast mode
[  257.090572][ T8267] team_slave_0: entered allmulticast mode
[  257.096335][ T8267] team_slave_1: entered allmulticast mode
[  257.111191][ T8267] bridge0: port 3(team0) entered blocking state
[  257.117710][ T8267] bridge0: port 3(team0) entered forwarding state
[  257.146844][ T7971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.166763][ T7971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.167686][   T25] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  257.178132][ T7971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.214036][ T7971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.234003][ T7971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.256117][ T7971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.289041][ T7971] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.316406][ T7933] veth1_macvtap: entered promiscuous mode
[  257.352734][ T7971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.394150][ T7971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.420134][ T7971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.430889][   T25] usb 3-1: Using ep0 maxpacket: 16
[  257.459668][   T25] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  257.473343][ T7971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.496997][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.505075][   T25] usb 3-1: Product: syz
[  257.524976][ T7971] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  257.545206][   T25] usb 3-1: Manufacturer: syz
[  257.555363][ T7971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.587004][   T25] usb 3-1: SerialNumber: syz
[  257.594530][ T7971] batman_adv: batadv0: Interface activated: batadv_slave_1
[  257.619993][   T25] r8152-cfgselector 3-1: Unknown version 0x0000
[  257.638029][   T25] r8152-cfgselector 3-1: config 0 descriptor??
[  257.668369][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.696981][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.732444][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.761550][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.787195][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.833828][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.854409][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  257.886549][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  257.915829][ T7933] batman_adv: batadv0: Interface activated: batadv_slave_0
[  257.945894][ T7971] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.988424][   T25] r8152-cfgselector 3-1: Unknown version 0x0000
[  258.000946][   T25] r8152-cfgselector 3-1: bad CDC descriptors
[  258.017508][ T7971] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.033429][ T7971] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.047554][ T7971] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  258.054226][ T8266] loop4: detected capacity change from 0 to 40427
[  258.074269][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.078849][   T25] r8152-cfgselector 3-1: USB disconnect, device number 10
[  258.104283][ T8266] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  258.112818][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.119517][ T8266] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  258.178650][ T8266] F2FS-fs (loop4): Found nat_bits in checkpoint
[  258.204893][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.257546][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.272799][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.294718][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.318393][ T8266] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  258.325524][ T8266] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  258.350276][ T7933] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  258.394696][ T7933] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  258.411311][ T7933] batman_adv: batadv0: Interface activated: batadv_slave_1
[  258.434722][ T7898] syz-executor: attempt to access beyond end of device
[  258.434722][ T7898] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  258.455757][ T7898] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  258.500116][ T7933] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.533886][ T7933] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.577009][ T7933] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.585957][ T7933] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  259.203598][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.240787][ T2862] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.285891][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.301730][ T2862] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.429953][ T2887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.487268][ T2887] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.511374][ T2408] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.548639][ T2408] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.908149][ T8319] netlink: 4100 bytes leftover after parsing attributes in process `syz.4.683'.
[  259.984203][ T8317] loop1: detected capacity change from 0 to 2048
[  260.036293][ T8317] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=18576, location=18576
[  260.085066][ T8317] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  260.103663][ T8323] netlink: 20 bytes leftover after parsing attributes in process `syz.3.686'.
[  260.221987][ T8324] veth1_to_bond: left allmulticast mode
[  260.239572][ T8324] veth1_to_bond: left promiscuous mode
[  260.276673][ T8324] bridge1: port 1(veth1_to_bond) entered disabled state
[  260.349858][ T8324] bridge2: port 1(veth1_to_bond) entered blocking state
[  260.363473][ T8324] bridge2: port 1(veth1_to_bond) entered disabled state
[  260.402934][ T8324] veth1_to_bond: entered allmulticast mode
[  260.425195][ T8324] veth1_to_bond: entered promiscuous mode
[  260.458880][ T8324] bridge2: port 1(veth1_to_bond) entered blocking state
[  260.465954][ T8324] bridge2: port 1(veth1_to_bond) entered forwarding state
[  260.725623][ T8308] loop2: detected capacity change from 0 to 32768
[  260.776990][ T5160] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  260.789096][ T8308] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.685 (8308)
[  260.969312][ T8308] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  261.000604][ T5160] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  261.275208][ T8308] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  261.524674][ T8308] BTRFS info (device loop2): using free-space-tree
[  261.759040][ T5160] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  261.787055][ T5160] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  261.796113][ T5160] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  261.878461][ T5160] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  261.965887][ T8360] netlink: 'syz.4.690': attribute type 10 has an invalid length.
[  261.973885][ T5160] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  261.997075][ T5160] usb 2-1: Product: syz
[  262.002153][ T5160] usb 2-1: Manufacturer: syz
[  262.051553][ T5160] cdc_wdm 2-1:1.0: skipping garbage
[  262.056838][ T5160] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  262.083740][ T8360] batman_adv: batadv0: Adding interface: team0
[  262.090308][ T8360] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  262.115617][ T8360] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  262.129455][ T8361] netlink: 'syz.4.690': attribute type 10 has an invalid length.
[  262.137374][ T8361] netlink: 2 bytes leftover after parsing attributes in process `syz.4.690'.
[  262.146428][ T8361] team0: entered promiscuous mode
[  262.156361][ T8361] team_slave_0: entered promiscuous mode
[  262.162527][ T8361] team_slave_1: entered promiscuous mode
[  262.171351][ T8361] 8021q: adding VLAN 0 to HW filter on device team0
[  262.178517][ T8361] batman_adv: batadv0: Interface activated: team0
[  262.185170][ T8361] batman_adv: batadv0: Interface deactivated: team0
[  262.191954][ T8361] batman_adv: batadv0: Removing interface: team0
[  262.308772][ T1793] usb 2-1: USB disconnect, device number 3
[  262.383095][ T8361] bridge0: port 3(team0) entered blocking state
[  262.389902][ T8361] bridge0: port 3(team0) entered disabled state
[  262.396715][ T8361] team0: entered allmulticast mode
[  262.404133][ T8361] team_slave_0: entered allmulticast mode
[  262.410222][ T8361] team_slave_1: entered allmulticast mode
[  262.420842][ T8361] bridge0: port 3(team0) entered blocking state
[  262.427397][ T8361] bridge0: port 3(team0) entered forwarding state
[  262.813025][ T8308] BTRFS info (device loop2): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  262.938661][ T5114] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  264.662943][ T8368] loop4: detected capacity change from 0 to 40427
[  264.717670][ T8368] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  264.746229][ T8368] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  264.811485][ T8368] F2FS-fs (loop4): Found nat_bits in checkpoint
[  264.902660][ T8377] loop1: detected capacity change from 0 to 32768
[  264.961886][ T8377] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.694 (8377)
[  264.976336][ T8409] netlink: 20 bytes leftover after parsing attributes in process `syz.3.699'.
[  265.060522][ T8368] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  265.068033][ T8377] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  265.082485][ T8411] veth1_to_bond: left allmulticast mode
[  265.100283][ T8368] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  265.111576][ T8377] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  265.139158][ T8411] veth1_to_bond: left promiscuous mode
[  265.144147][ T8377] BTRFS info (device loop1): using free-space-tree
[  265.155339][ T8411] bridge2: port 1(veth1_to_bond) entered disabled state
[  265.242933][ T8411] bridge3: port 1(veth1_to_bond) entered blocking state
[  265.267860][ T8411] bridge3: port 1(veth1_to_bond) entered disabled state
[  265.302702][ T8411] veth1_to_bond: entered allmulticast mode
[  265.323312][ T7898] syz-executor: attempt to access beyond end of device
[  265.323312][ T7898] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  265.349675][ T7898] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  265.402573][ T8411] veth1_to_bond: entered promiscuous mode
[  265.417409][ T8411] bridge3: port 1(veth1_to_bond) entered blocking state
[  265.424582][ T8411] bridge3: port 1(veth1_to_bond) entered forwarding state
[  265.665679][ T8384] loop2: detected capacity change from 0 to 32768
[  265.731825][ T7971] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  265.735068][ T8384] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  265.774551][ T8384] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  265.802833][ T8384] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  265.880432][ T1793] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  265.908061][ T1793] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  266.118390][ T1793] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 210ms
[  266.140892][ T1793] gfs2: fsid=syz:syz.0: jid=0: Done
[  266.146185][ T8384] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  266.737315][ T8453] netlink: 'syz.1.702': attribute type 10 has an invalid length.
[  266.823896][ T8453] batman_adv: batadv0: Adding interface: team0
[  266.830230][ T8453] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.858632][ T8453] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  266.878246][ T8459] netlink: 'syz.1.702': attribute type 10 has an invalid length.
[  266.951922][ T8459] netlink: 2 bytes leftover after parsing attributes in process `syz.1.702'.
[  266.971406][ T8459] team0: entered promiscuous mode
[  266.977230][ T8459] team_slave_0: entered promiscuous mode
[  267.014037][ T8459] team_slave_1: entered promiscuous mode
[  267.051621][ T8459] 8021q: adding VLAN 0 to HW filter on device team0
[  267.097608][ T8459] batman_adv: batadv0: Interface activated: team0
[  267.337784][ T8459] batman_adv: batadv0: Interface deactivated: team0
[  268.207005][ T8459] batman_adv: batadv0: Removing interface: team0
[  268.293962][ T8473] overlayfs: missing 'lowerdir'
[  268.322319][ T8459] bridge0: port 3(team0) entered blocking state
[  268.343730][ T8459] bridge0: port 3(team0) entered disabled state
[  268.372125][ T8459] team0: entered allmulticast mode
[  268.407563][ T8459] team_slave_0: entered allmulticast mode
[  268.427074][ T8459] team_slave_1: entered allmulticast mode
[  268.443970][ T8459] bridge0: port 3(team0) entered blocking state
[  268.450364][ T8459] bridge0: port 3(team0) entered forwarding state
[  268.619874][ T8482] loop4: detected capacity change from 0 to 2048
[  268.650838][ T8482] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=18576, location=18576
[  268.704364][ T8482] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  268.718756][ T8450] loop0: detected capacity change from 0 to 32768
[  268.787071][ T5159] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  268.803156][ T8450] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  268.911216][ T8496] netlink: 20 bytes leftover after parsing attributes in process `syz.4.711'.
[  268.989647][ T5159] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  269.007057][ T5159] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  269.018759][ T5159] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  269.047050][ T5159] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  269.056614][ T8450] XFS (loop0): Ending clean mount
[  269.074083][ T8450] XFS (loop0): Quotacheck needed: Please wait.
[  269.083471][ T5159] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  269.107619][ T5159] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  269.115678][ T5159] usb 3-1: Product: syz
[  269.148176][ T5159] usb 3-1: Manufacturer: syz
[  269.159820][ T8450] XFS (loop0): Quotacheck: Done.
[  269.185092][ T5159] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22
[  269.419514][   T49] usb 3-1: USB disconnect, device number 11
[  269.453168][ T7933] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  269.915140][ T8498] loop4: detected capacity change from 0 to 32768
[  269.922427][ T8485] loop1: detected capacity change from 0 to 40427
[  269.933833][ T8485] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  269.942317][ T8498] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.712 (8498)
[  269.955162][ T8485] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  269.990324][ T8498] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  270.032012][ T8485] F2FS-fs (loop1): Found nat_bits in checkpoint
[  270.051804][ T8498] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  270.081994][ T8498] BTRFS info (device loop4): using free-space-tree
[  270.104967][ T8477] loop3: detected capacity change from 0 to 32768
[  270.264264][ T8477] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  270.357591][ T8477] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  270.390398][ T8485] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  270.415851][ T8485] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  270.426332][ T8477] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  270.449295][ T5160] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  270.456299][ T5160] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  270.604579][ T7971] syz-executor: attempt to access beyond end of device
[  270.604579][ T7971] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  270.637645][ T7971] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  270.640203][ T5160] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 183ms
[  270.655981][ T7898] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  270.701480][ T5160] gfs2: fsid=syz:syz.0: jid=0: Done
[  270.712364][ T8477] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  271.325080][ T8534] overlayfs: missing 'lowerdir'
[  271.799451][ T8541] loop3: detected capacity change from 0 to 2048
[  271.911780][ T8541] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=18576, location=18576
[  272.229498][ T8541] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  272.757601][ T8548] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  272.765403][ T8548] IPv6: NLM_F_CREATE should be set when creating new route
[  272.786281][ T8527] loop2: detected capacity change from 0 to 32768
[  272.816314][ T8527] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  272.851034][ T8527] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  272.864240][ T8527] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  272.876801][   T49] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  272.884122][   T49] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  272.937327][ T5159] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  272.961711][   T49] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 77ms
[  272.980462][   T49] gfs2: fsid=syz:syz.0: jid=0: Done
[  272.990006][ T8527] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  273.153832][ T5159] usb 5-1: Using ep0 maxpacket: 16
[  273.179162][ T5159] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  273.219355][ T5159] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.257072][ T5159] usb 5-1: Product: syz
[  273.274581][ T5159] usb 5-1: Manufacturer: syz
[  273.282622][ T5159] usb 5-1: SerialNumber: syz
[  273.299425][ T5159] r8152-cfgselector 5-1: Unknown version 0x0000
[  273.310585][ T5159] r8152-cfgselector 5-1: config 0 descriptor??
[  273.318667][    T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  273.529064][    T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  273.545769][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  273.573616][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  273.597573][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  273.610678][ T5159] r8152-cfgselector 5-1: Unknown version 0x0000
[  273.649559][ T5159] r8152-cfgselector 5-1: bad CDC descriptors
[  273.669313][    T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  273.707241][    T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  273.722030][ T5159] r8152-cfgselector 5-1: USB disconnect, device number 8
[  273.741582][    T9] usb 4-1: Product: syz
[  273.745804][    T9] usb 4-1: Manufacturer: syz
[  273.779924][    T9] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  273.891521][ T8555] loop0: detected capacity change from 0 to 40427
[  273.914239][ T8555] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  273.926062][ T8555] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  273.958534][ T8555] F2FS-fs (loop0): Found nat_bits in checkpoint
[  274.004720][ T5159] usb 4-1: USB disconnect, device number 5
[  274.073023][ T8555] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  274.086125][ T8555] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  274.171659][ T7933] syz-executor: attempt to access beyond end of device
[  274.171659][ T7933] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  274.194655][ T7933] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  274.275037][ T8567] overlayfs: missing 'lowerdir'
[  274.479342][ T8560] loop1: detected capacity change from 0 to 32768
[  274.519854][ T8560] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.727 (8560)
[  274.586174][ T8560] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  274.639611][ T8560] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  274.689486][ T8560] BTRFS info (device loop1): using free-space-tree
[  274.912833][ T8589] netlink: 20 bytes leftover after parsing attributes in process `syz.0.729'.
[  275.114872][ T8591] loop0: detected capacity change from 0 to 2048
[  275.168631][ T8591] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=18576, location=18576
[  275.198743][ T7971] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  275.242615][ T8591] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  275.391785][ T8562] loop2: detected capacity change from 0 to 32768
[  275.518669][ T8562] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  275.603865][ T8562] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  275.724989][ T8562] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  275.781601][ T5159] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  275.796994][ T5159] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  276.000183][ T5159] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 203ms
[  276.027254][ T5159] gfs2: fsid=syz:syz.0: jid=0: Done
[  276.058833][ T8562] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  276.095261][ T8602] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  276.102696][ T8602] IPv6: NLM_F_CREATE should be set when creating new route
[  276.442284][ T8593] loop3: detected capacity change from 0 to 32768
[  276.484105][ T8593] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  276.543857][ T8593] CPU: 0 UID: 0 PID: 8593 Comm: syz.3.735 Not tainted 6.10.0-next-20240717-syzkaller #0
[  276.553743][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  276.563832][ T8593] Call Trace:
[  276.567122][ T8593]  <TASK>
[  276.570062][ T8593]  dump_stack_lvl+0x241/0x360
[  276.574759][ T8593]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.579970][ T8593]  ? __pfx__printk+0x10/0x10
[  276.584571][ T8593]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  276.589859][ T8593]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  276.595411][ T8593]  sysfs_create_dir_ns+0x2ce/0x3a0
[  276.600532][ T8593]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  276.606173][ T8593]  kobject_add_internal+0x435/0x8d0
[  276.611375][ T8593]  kobject_init_and_add+0x124/0x190
[  276.616587][ T8593]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  276.622429][ T8593]  ? __pfx_kobject_init_and_add+0x10/0x10
[  276.628202][ T8593]  ? __init_swait_queue_head+0xae/0x150
[  276.633774][ T8593]  gfs2_sys_fs_add+0x23b/0x4a0
[  276.638557][ T8593]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  276.643862][ T8593]  ? __pfx_alloc_workqueue+0x10/0x10
[  276.649155][ T8593]  ? read_word_at_a_time+0xe/0x20
[  276.654224][ T8593]  ? sized_strscpy+0x8d/0x220
[  276.658912][ T8593]  gfs2_fill_super+0x11db/0x2500
[  276.663881][ T8593]  ? __pfx_gfs2_fill_super+0x10/0x10
[  276.669171][ T8593]  ? snprintf+0xda/0x120
[  276.673420][ T8593]  ? __pfx_lock_release+0x10/0x10
[  276.678459][ T8593]  ? do_raw_spin_lock+0x14f/0x370
[  276.683513][ T8593]  ? __pfx_snprintf+0x10/0x10
[  276.688203][ T8593]  ? sb_set_blocksize+0x98/0xf0
[  276.693057][ T8593]  ? setup_bdev_super+0x4e6/0x5d0
[  276.698101][ T8593]  get_tree_bdev+0x3f7/0x570
[  276.702707][ T8593]  ? __pfx_gfs2_fill_super+0x10/0x10
[  276.707999][ T8593]  ? __pfx_get_tree_bdev+0x10/0x10
[  276.713130][ T8593]  gfs2_get_tree+0x54/0x220
[  276.717640][ T8593]  ? bpf_lsm_capable+0x9/0x10
[  276.722326][ T8593]  vfs_get_tree+0x90/0x2a0
[  276.726741][ T8593]  do_new_mount+0x2be/0xb40
[  276.731253][ T8593]  ? __pfx_do_new_mount+0x10/0x10
[  276.736290][ T8593]  __se_sys_mount+0x2d6/0x3c0
[  276.740975][ T8593]  ? __pfx___se_sys_mount+0x10/0x10
[  276.746175][ T8593]  ? exc_page_fault+0x590/0x8c0
[  276.751056][ T8593]  ? __x64_sys_mount+0x20/0xc0
[  276.755824][ T8593]  do_syscall_64+0xf3/0x230
[  276.760338][ T8593]  ? clear_bhb_loop+0x35/0x90
[  276.765019][ T8593]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.770929][ T8593] RIP: 0033:0x7fabfb37719a
[  276.775353][ T8593] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 7e 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.794963][ T8593] RSP: 002b:00007fabfc234e78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  276.803393][ T8593] RAX: ffffffffffffffda RBX: 00007fabfc234f00 RCX: 00007fabfb37719a
[  276.811370][ T8593] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fabfc234ec0
[  276.819343][ T8593] RBP: 0000000020000000 R08: 00007fabfc234f00 R09: 0000000000208c1b
[  276.827315][ T8593] R10: 0000000000208c1b R11: 0000000000000206 R12: 0000000020000100
[  276.835286][ T8593] R13: 00007fabfc234ec0 R14: 0000000000012754 R15: 0000000020012980
[  276.843277][ T8593]  </TASK>
[  276.857151][ T8593] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  276.880807][ T8593] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  277.886990][ T5160] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  278.055549][ T8618] loop3: detected capacity change from 0 to 40427
[  278.071978][ T8618] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  278.087846][   T29] audit: type=1800 audit(1721265957.869:30): pid=8615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.739" name="/" dev="fuse" ino=1 res=0 errno=0
[  278.093425][ T8618] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  278.139220][ T5160] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  278.169225][ T5160] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  278.207157][ T5160] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  278.212239][ T8618] F2FS-fs (loop3): Found nat_bits in checkpoint
[  278.231832][ T5160] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  278.272545][ T5160] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  278.306284][ T5160] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  278.340363][ T5160] usb 5-1: Product: syz
[  278.344587][ T5160] usb 5-1: Manufacturer: syz
[  278.384564][ T5160] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  278.447103][ T8618] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  278.464548][ T8618] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  278.514217][ T8633] loop2: detected capacity change from 0 to 2048
[  278.524679][ T8633] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=18576, location=18576
[  278.552695][ T8633] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  278.579339][ T6953] syz-executor: attempt to access beyond end of device
[  278.579339][ T6953] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  278.606139][ T1793] usb 5-1: USB disconnect, device number 9
[  278.632388][ T6953] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  278.877246][ T8635] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  278.884602][ T8635] IPv6: NLM_F_CREATE should be set when creating new route
[  278.990180][ T8624] loop0: detected capacity change from 0 to 32768
[  279.125724][ T8624] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  279.350963][ T8631] loop1: detected capacity change from 0 to 32768
[  279.379010][ T8631] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.744 (8631)
[  279.447311][ T8631] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  279.482552][ T8624] XFS (loop0): Ending clean mount
[  279.491157][ T8631] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  279.511208][ T8624] XFS (loop0): Quotacheck needed: Please wait.
[  279.541439][ T8631] BTRFS info (device loop1): using free-space-tree
[  279.635393][ T8624] XFS (loop0): Quotacheck: Done.
[  279.831507][ T7933] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  279.866295][   T29] audit: type=1800 audit(1721265959.629:31): pid=8631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.744" name="bus" dev="loop1" ino=264 res=0 errno=0
[  280.318139][ T7971] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  280.832738][ T8647] loop2: detected capacity change from 0 to 32768
[  280.903857][ T8647] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  280.950404][ T8647] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  281.015031][ T8647] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  281.046136][   T49] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  281.061109][   T49] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  281.181949][   T49] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 120ms
[  281.211821][   T49] gfs2: fsid=syz:syz.0: jid=0: Done
[  281.223620][ T8651] loop3: detected capacity change from 0 to 32768
[  281.240383][ T8647] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  281.278312][ T8651] sysfs: cannot create duplicate filename '/fs/gfs2/syz:syz'
[  281.297159][ T8651] CPU: 0 UID: 0 PID: 8651 Comm: syz.3.747 Not tainted 6.10.0-next-20240717-syzkaller #0
[  281.306912][ T8651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  281.316994][ T8651] Call Trace:
[  281.320290][ T8651]  <TASK>
[  281.323225][ T8651]  dump_stack_lvl+0x241/0x360
[  281.327929][ T8651]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.333173][ T8651]  ? __pfx__printk+0x10/0x10
[  281.337814][ T8651]  ? sysfs_create_dir_ns+0x28a/0x3a0
[  281.343135][ T8651]  ? __kmalloc_cache_noprof+0x19c/0x2c0
[  281.348736][ T8651]  sysfs_create_dir_ns+0x2ce/0x3a0
[  281.353858][ T8651]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  281.359515][ T8651]  kobject_add_internal+0x435/0x8d0
[  281.364764][ T8651]  kobject_init_and_add+0x124/0x190
[  281.369988][ T8651]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  281.375819][ T8651]  ? __pfx_kobject_init_and_add+0x10/0x10
[  281.381558][ T8651]  ? __init_swait_queue_head+0xae/0x150
[  281.387112][ T8651]  gfs2_sys_fs_add+0x23b/0x4a0
[  281.391881][ T8651]  ? __pfx_gfs2_sys_fs_add+0x10/0x10
[  281.397187][ T8651]  ? __pfx_alloc_workqueue+0x10/0x10
[  281.402528][ T8651]  ? read_word_at_a_time+0xe/0x20
[  281.407560][ T8651]  ? sized_strscpy+0x8d/0x220
[  281.412245][ T8651]  gfs2_fill_super+0x11db/0x2500
[  281.417215][ T8651]  ? __pfx_gfs2_fill_super+0x10/0x10
[  281.422528][ T8651]  ? snprintf+0xda/0x120
[  281.426802][ T8651]  ? __pfx_lock_release+0x10/0x10
[  281.431830][ T8651]  ? do_raw_spin_lock+0x14f/0x370
[  281.436863][ T8651]  ? __pfx_snprintf+0x10/0x10
[  281.441549][ T8651]  ? sb_set_blocksize+0x98/0xf0
[  281.446410][ T8651]  ? setup_bdev_super+0x4e6/0x5d0
[  281.451454][ T8651]  get_tree_bdev+0x3f7/0x570
[  281.456071][ T8651]  ? __pfx_gfs2_fill_super+0x10/0x10
[  281.461352][ T8651]  ? __pfx_get_tree_bdev+0x10/0x10
[  281.466471][ T8651]  gfs2_get_tree+0x54/0x220
[  281.470969][ T8651]  ? bpf_lsm_capable+0x9/0x10
[  281.475655][ T8651]  vfs_get_tree+0x90/0x2a0
[  281.480111][ T8651]  do_new_mount+0x2be/0xb40
[  281.484632][ T8651]  ? __pfx_do_new_mount+0x10/0x10
[  281.489667][ T8651]  __se_sys_mount+0x2d6/0x3c0
[  281.494349][ T8651]  ? __pfx___se_sys_mount+0x10/0x10
[  281.499549][ T8651]  ? exc_page_fault+0x590/0x8c0
[  281.504409][ T8651]  ? __x64_sys_mount+0x20/0xc0
[  281.509173][ T8651]  do_syscall_64+0xf3/0x230
[  281.513695][ T8651]  ? clear_bhb_loop+0x35/0x90
[  281.518375][ T8651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.524265][ T8651] RIP: 0033:0x7fabfb37719a
[  281.528674][ T8651] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 7e 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  281.548300][ T8651] RSP: 002b:00007fabfc234e78 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[  281.556706][ T8651] RAX: ffffffffffffffda RBX: 00007fabfc234f00 RCX: 00007fabfb37719a
[  281.564676][ T8651] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fabfc234ec0
[  281.572661][ T8651] RBP: 0000000020000000 R08: 00007fabfc234f00 R09: 0000000000208c1b
[  281.580657][ T8651] R10: 0000000000208c1b R11: 0000000000000206 R12: 0000000020000100
[  281.588631][ T8651] R13: 00007fabfc234ec0 R14: 0000000000012788 R15: 00000000200128c0
[  281.596603][ T8651]  </TASK>
[  281.626389][   T29] audit: type=1800 audit(1721265961.229:32): pid=8679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.754" name="/" dev="fuse" ino=1 res=0 errno=0
[  281.678088][ T8651] kobject: kobject_add_internal failed for syz:syz with -EEXIST, don't try to register things with the same name in the same directory.
[  281.693560][ T8651] gfs2: fsid=syz:syz: error -17 adding sysfs files
[  282.391475][ T8692] loop3: detected capacity change from 0 to 2048
[  282.427310][ T8692] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=18576, location=18576
[  282.493532][ T8692] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  282.667019][ T5156] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  282.877149][ T5156] usb 3-1: Using ep0 maxpacket: 16
[  282.912543][ T5156] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  282.937024][ T5156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  282.945088][ T5156] usb 3-1: Product: syz
[  282.967012][ T5156] usb 3-1: Manufacturer: syz
[  282.971668][ T5156] usb 3-1: SerialNumber: syz
[  282.991643][ T5156] r8152-cfgselector 3-1: Unknown version 0x0000
[  282.998133][ T5156] r8152-cfgselector 3-1: config 0 descriptor??
[  283.014006][ T5159] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  283.227030][ T5156] r8152-cfgselector 3-1: Unknown version 0x0000
[  283.229143][ T5159] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  283.242831][ T5156] r8152-cfgselector 3-1: bad CDC descriptors
[  283.367676][ T8706] netlink: 'syz.1.763': attribute type 10 has an invalid length.
[  283.470377][ T5159] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  283.473757][ T8690] loop0: detected capacity change from 0 to 40427
[  283.486126][ T5159] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  283.500769][ T5156] r8152-cfgselector 3-1: USB disconnect, device number 12
[  283.524787][ T5159] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  283.540025][ T8706] bridge0: port 3(team0) entered disabled state
[  283.554883][ T8706] team0: left allmulticast mode
[  283.571737][ T8690] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  283.590548][ T8706] team_slave_0: left allmulticast mode
[  283.662993][ T8706] team_slave_1: left allmulticast mode
[  283.671349][ T8706] team0: left promiscuous mode
[  283.678944][ T5159] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  283.688881][ T8706] team_slave_0: left promiscuous mode
[  283.694472][ T5159] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  283.718210][ T8706] team_slave_1: left promiscuous mode
[  283.724377][ T8706] bridge0: port 3(team0) entered disabled state
[  283.724464][ T5159] usb 4-1: Product: syz
[  283.733489][ T8690] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  283.737251][ T5159] usb 4-1: Manufacturer: syz
[  283.766704][ T8706] batman_adv: batadv0: Adding interface: team0
[  283.773319][ T8706] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  283.799027][ T8706] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  283.810212][ T8705] netlink: 'syz.1.763': attribute type 10 has an invalid length.
[  283.818245][ T8705] netlink: 2 bytes leftover after parsing attributes in process `syz.1.763'.
[  283.827504][ T8705] team0: entered promiscuous mode
[  283.835552][ T8705] team_slave_0: entered promiscuous mode
[  283.841711][ T8705] team_slave_1: entered promiscuous mode
[  283.850572][ T8705] 8021q: adding VLAN 0 to HW filter on device team0
[  283.857843][ T8705] batman_adv: batadv0: Interface activated: team0
[  283.864490][ T8705] batman_adv: batadv0: Interface deactivated: team0
[  283.869496][ T8700] loop4: detected capacity change from 0 to 32768
[  283.879380][ T8705] batman_adv: batadv0: Removing interface: team0
[  283.885881][ T5159] cdc_wdm 4-1:1.0: skipping garbage
[  283.953373][ T5159] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  284.065161][ T8700] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  284.123314][ T8690] F2FS-fs (loop0): Found nat_bits in checkpoint
[  284.206226][ T8690] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  284.210666][ T8705] bridge0: port 3(team0) entered blocking state
[  284.226059][ T8690] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  284.259015][ T5159] usb 4-1: USB disconnect, device number 6
[  284.267097][ T8705] bridge0: port 3(team0) entered disabled state
[  284.273505][ T8705] team0: entered allmulticast mode
[  284.302541][ T8700] XFS (loop4): Ending clean mount
[  284.315076][ T8705] team_slave_0: entered allmulticast mode
[  284.331721][ T8700] XFS (loop4): Quotacheck needed: Please wait.
[  284.336138][ T8705] team_slave_1: entered allmulticast mode
[  284.368026][ T8705] bridge0: port 3(team0) entered blocking state
[  284.374526][ T8705] bridge0: port 3(team0) entered forwarding state
[  284.411189][ T7933] syz-executor: attempt to access beyond end of device
[  284.411189][ T7933] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  284.442450][ T8700] XFS (loop4): Quotacheck: Done.
[  284.466601][ T7933] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  284.595961][ T7898] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  284.700852][ T8727] netlink: 20 bytes leftover after parsing attributes in process `syz.1.769'.
[  284.737524][ T8727] netlink: 28 bytes leftover after parsing attributes in process `syz.1.769'.
[  285.883600][   T12] batman_adv: batadv_iv_ogm_emit: soft interface switch for queued OGM
[  285.902139][ T8723] loop2: detected capacity change from 0 to 32768
[  285.955721][ T8723] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  286.010876][ T8723] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  286.236920][    C0] sched: RT throttling activated
[  286.628135][ T8723] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  286.697032][    T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  286.935769][    T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  287.130324][    T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 194ms
[  287.157233][    T9] gfs2: fsid=syz:syz.0: jid=0: Done
[  287.162693][ T8723] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  288.254484][ T8759] netlink: 'syz.2.778': attribute type 10 has an invalid length.
[  288.518952][ T8759] bridge0: port 2(team0) entered disabled state
[  288.548072][ T8759] team0: left allmulticast mode
[  288.553079][ T8759] team_slave_0: left allmulticast mode
[  288.558943][ T8759] team_slave_1: left allmulticast mode
[  288.564513][ T8759] team0: left promiscuous mode
[  288.569461][ T8759] team_slave_0: left promiscuous mode
[  288.575317][ T8759] team_slave_1: left promiscuous mode
[  288.581436][ T8759] bridge0: port 2(team0) entered disabled state
[  288.649001][ T8759] batman_adv: batadv0: Adding interface: team0
[  288.655392][ T8759] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  288.681013][ T8759] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  288.692300][ T8760] netlink: 'syz.2.778': attribute type 10 has an invalid length.
[  288.700434][ T8760] netlink: 2 bytes leftover after parsing attributes in process `syz.2.778'.
[  288.709618][ T8760] team0: entered promiscuous mode
[  288.714876][ T8760] team_slave_0: entered promiscuous mode
[  288.721143][ T8760] team_slave_1: entered promiscuous mode
[  288.730028][ T8760] 8021q: adding VLAN 0 to HW filter on device team0
[  288.737359][ T8760] batman_adv: batadv0: Interface activated: team0
[  288.743997][ T8760] batman_adv: batadv0: Interface deactivated: team0
[  288.753837][ T8760] batman_adv: batadv0: Removing interface: team0
[  288.800986][ T8760] bridge0: port 2(team0) entered blocking state
[  288.809266][ T8760] bridge0: port 2(team0) entered disabled state
[  288.815883][ T8760] team0: entered allmulticast mode
[  288.821171][ T8760] team_slave_0: entered allmulticast mode
[  288.827278][ T8760] team_slave_1: entered allmulticast mode
[  288.836302][ T8760] bridge0: port 2(team0) entered blocking state
[  288.842810][ T8760] bridge0: port 2(team0) entered forwarding state
[  289.250215][ T8766] netlink: 20 bytes leftover after parsing attributes in process `syz.0.780'.
[  289.257414][ T8751] loop3: detected capacity change from 0 to 40427
[  289.288960][ T8751] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  289.309109][ T8751] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  289.314722][ T8766] netlink: 28 bytes leftover after parsing attributes in process `syz.0.780'.
[  289.383758][ T8751] F2FS-fs (loop3): Found nat_bits in checkpoint
[  289.545191][ T8749] loop4: detected capacity change from 0 to 32768
[  289.663412][ T8751] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  289.696701][ T8749] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  289.708927][ T8749] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  289.722438][ T8751] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  289.767669][ T8749] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  289.795536][ T5160] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  289.951017][ T5160] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  290.714855][ T6953] syz-executor: attempt to access beyond end of device
[  290.714855][ T6953] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  290.799578][ T6953] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  290.879785][ T5160] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 928ms
[  290.922911][ T5160] gfs2: fsid=syz:syz.0: jid=0: Done
[  290.953414][ T8749] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  291.479164][ T8798] netlink: 4 bytes leftover after parsing attributes in process `syz.1.790'.
[  291.878078][ T8800] netlink: 20 bytes leftover after parsing attributes in process `syz.1.792'.
[  291.950699][ T8800] netlink: 28 bytes leftover after parsing attributes in process `syz.1.792'.
[  293.422196][ T8787] loop2: detected capacity change from 0 to 32768
[  293.554790][ T8787] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  293.629386][ T8787] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  293.749455][ T8787] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  293.828460][   T49] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  293.836486][   T49] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  294.016294][   T49] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 179ms
[  294.038362][ T8828] xt_hashlimit: overflow, try lower: 3/0
[  294.074286][   T49] gfs2: fsid=syz:syz.0: jid=0: Done
[  294.097684][ T8787] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  294.301705][ T8832] tipc: Started in network mode
[  294.306633][ T8832] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711
[  294.314288][ T8832] tipc: Enabled bearer <eth:batadv0>, priority 10
[  294.427042][   T25] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[  294.629206][   T25] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  294.653740][ T8810] loop4: detected capacity change from 0 to 40427
[  294.660300][   T25] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  294.703619][ T8810] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(262146) root(3)
[  294.710294][   T25] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  294.752261][   T25] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  294.797077][ T8810] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  294.812697][   T25] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  294.834109][   T25] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  294.867303][   T25] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  294.895724][   T25] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  294.925895][   T25] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[  294.937069][ T8810] F2FS-fs (loop4): Found nat_bits in checkpoint
[  294.942935][   T25] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt
[  294.956051][   T25] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  294.970512][   T25] usb 2-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  295.005165][   T25] usb 2-1: string descriptor 0 read error: -22
[  295.017500][   T25] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  295.059708][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.111828][   T25] adutux 2-1:168.0: interrupt endpoints not found
[  295.133986][ T8845] netlink: 104 bytes leftover after parsing attributes in process `syz.2.807'.
[  295.160732][ T8845] tipc: Started in network mode
[  295.200863][ T8845] tipc: Node identity aaaaaaaaaa2a, cluster identity 4711
[  295.256097][ T8845] tipc: Enabled bearer <eth:batadv0>, priority 10
[  295.263366][ T8810] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  295.272716][ T8810] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  295.281706][ T8846] netlink: 'syz.3.808': attribute type 10 has an invalid length.
[  295.327635][ T5122] Bluetooth: hci2: SCO packet for unknown connection handle 2096
[  295.370084][ T8846] bond0: (slave netdevsim0): Releasing backup interface
[  295.428522][   T49] tipc: Node number set to 8432298
[  295.435928][ T8846] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  295.443446][   T25] usb 2-1: USB disconnect, device number 4
[  295.466424][ T8846] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  295.501601][ T8846] team0: Port device netdevsim0 added
[  295.531395][ T8847] netlink: 'syz.3.808': attribute type 10 has an invalid length.
[  295.835394][ T8847] netdevsim netdevsim3 netdevsim0: left promiscuous mode
[  295.857873][ T8847] netdevsim netdevsim3 netdevsim0: left allmulticast mode
[  295.878416][ T8847] team0: Port device netdevsim0 removed
[  295.935164][ T8847] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  295.947634][ T8852] netlink: 4 bytes leftover after parsing attributes in process `syz.0.802'.
[  297.017608][   T25] tipc: Node number set to 8432298
[  297.936481][ T8886] netlink: 'syz.4.823': attribute type 10 has an invalid length.
[  298.019283][ T8886] bridge0: port 3(team0) entered disabled state
[  298.222929][ T8886] team0: left allmulticast mode
[  298.228059][ T8886] team_slave_0: left allmulticast mode
[  298.233631][ T8886] team_slave_1: left allmulticast mode
[  298.240573][ T8886] team0: left promiscuous mode
[  298.245439][ T8886] team_slave_0: left promiscuous mode
[  298.251342][ T8886] team_slave_1: left promiscuous mode
[  298.257365][ T8886] bridge0: port 3(team0) entered disabled state
[  298.362435][ T8889] netlink: 4 bytes leftover after parsing attributes in process `syz.3.822'.
[  298.367422][ T8879] ==================================================================
[  298.379339][ T8879] BUG: KASAN: slab-use-after-free in handle_mm_fault+0x14f0/0x19a0
[  298.387251][ T8879] Read of size 8 at addr ffff88807c445210 by task syz.2.819/8879
[  298.394964][ T8879] 
[  298.397287][ T8879] CPU: 0 UID: 0 PID: 8879 Comm: syz.2.819 Not tainted 6.10.0-next-20240717-syzkaller #0
[  298.407006][ T8879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  298.417063][ T8879] Call Trace:
[  298.420341][ T8879]  <TASK>
[  298.423267][ T8879]  dump_stack_lvl+0x241/0x360
[  298.427959][ T8879]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.433174][ T8879]  ? __pfx__printk+0x10/0x10
[  298.437774][ T8879]  ? _printk+0xd5/0x120
[  298.441949][ T8879]  ? __virt_addr_valid+0x183/0x530
[  298.447077][ T8879]  ? __virt_addr_valid+0x183/0x530
[  298.452201][ T8879]  print_report+0x169/0x550
[  298.456710][ T8879]  ? __virt_addr_valid+0x183/0x530
[  298.461831][ T8879]  ? __virt_addr_valid+0x183/0x530
[  298.466964][ T8879]  ? __virt_addr_valid+0x45f/0x530
[  298.472088][ T8879]  ? __phys_addr+0xba/0x170
[  298.476590][ T8879]  ? handle_mm_fault+0x14f0/0x19a0
[  298.481716][ T8879]  kasan_report+0x143/0x180
[  298.486233][ T8879]  ? handle_mm_fault+0x14f0/0x19a0
[  298.491345][ T8879]  handle_mm_fault+0x14f0/0x19a0
[  298.496290][ T8879]  ? __pfx_handle_mm_fault+0x10/0x10
[  298.501584][ T8879]  ? lock_vma_under_rcu+0x592/0x6e0
[  298.506790][ T8879]  ? exc_page_fault+0x113/0x8c0
[  298.511645][ T8879]  exc_page_fault+0x459/0x8c0
[  298.516331][ T8879]  asm_exc_page_fault+0x26/0x30
[  298.521185][ T8879] RIP: 0033:0x7f5e1e4393aa
[  298.525596][ T8879] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 21 c7 13 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 fd
[  298.545205][ T8879] RSP: 002b:00007f5e1f360fe0 EFLAGS: 00010217
[  298.551277][ T8879] RAX: ffffffffffffffff RBX: 00007f5e1e704038 RCX: 00007f5e1e575ad3
[  298.559243][ T8879] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  298.567224][ T8879] RBP: 0000000020000000 R08: 00000000ffffffff R09: 0000000000000000
[  298.575202][ T8879] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff
[  298.583189][ T8879] R13: 0000000020c57000 R14: 0000000000000000 R15: 0000000000000000
[  298.591170][ T8879]  </TASK>
[  298.594183][ T8879] 
[  298.596493][ T8879] Allocated by task 5114:
[  298.600807][ T8879]  kasan_save_track+0x3f/0x80
[  298.605490][ T8879]  __kasan_slab_alloc+0x66/0x80
[  298.610334][ T8879]  kmem_cache_alloc_noprof+0x135/0x2a0
[  298.615786][ T8879]  vm_area_dup+0x27/0x290
[  298.620108][ T8879]  copy_mm+0xc7b/0x1f30
[  298.624258][ T8879]  copy_process+0x186b/0x3d90
[  298.628940][ T8879]  kernel_clone+0x226/0x8f0
[  298.633471][ T8879]  __x64_sys_clone+0x258/0x2a0
[  298.638282][ T8879]  do_syscall_64+0xf3/0x230
[  298.642794][ T8879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.648711][ T8879] 
[  298.651039][ T8879] Freed by task 0:
[  298.654750][ T8879]  kasan_save_track+0x3f/0x80
[  298.659463][ T8879]  kasan_save_free_info+0x40/0x50
[  298.664487][ T8879]  poison_slab_object+0xe0/0x150
[  298.669420][ T8879]  __kasan_slab_free+0x37/0x60
[  298.674178][ T8879]  kmem_cache_free+0x145/0x350
[  298.678940][ T8879]  rcu_core+0xafd/0x1830
[  298.683213][ T8879]  handle_softirqs+0x2c4/0x970
[  298.687983][ T8879]  __irq_exit_rcu+0xf4/0x1c0
[  298.692570][ T8879]  irq_exit_rcu+0x9/0x30
[  298.696811][ T8879]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  298.702440][ T8879]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  298.708445][ T8879] 
[  298.710761][ T8879] Last potentially related work creation:
[  298.716486][ T8879]  kasan_save_stack+0x3f/0x60
[  298.721152][ T8879]  __kasan_record_aux_stack+0xac/0xc0
[  298.726520][ T8879]  call_rcu+0x167/0xa70
[  298.730695][ T8879]  vma_complete+0x98a/0xb60
[  298.735207][ T8879]  vma_merge+0x1d9b/0x2690
[  298.739615][ T8879]  vma_modify+0xb8/0x350
[  298.743851][ T8879]  userfaultfd_release+0x413/0x900
[  298.748957][ T8879]  __fput+0x24a/0x8a0
[  298.752935][ T8879]  task_work_run+0x24f/0x310
[  298.757518][ T8879]  syscall_exit_to_user_mode+0x168/0x370
[  298.763149][ T8879]  do_syscall_64+0x100/0x230
[  298.767741][ T8879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.773630][ T8879] 
[  298.775955][ T8879] The buggy address belongs to the object at ffff88807c4451f0
[  298.775955][ T8879]  which belongs to the cache vm_area_struct of size 184
[  298.790263][ T8879] The buggy address is located 32 bytes inside of
[  298.790263][ T8879]  freed 184-byte region [ffff88807c4451f0, ffff88807c4452a8)
[  298.803967][ T8879] 
[  298.806293][ T8879] The buggy address belongs to the physical page:
[  298.812770][ T8879] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7c445
[  298.821523][ T8879] memcg:ffff88801e421901
[  298.825760][ T8879] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  298.833229][ T8879] page_type: 0xfdffffff(slab)
[  298.837901][ T8879] raw: 00fff00000000000 ffff888015eefb40 ffffea0000b3bd40 dead000000000007
[  298.846487][ T8879] raw: 0000000000000000 0000000000100010 00000001fdffffff ffff88801e421901
[  298.855058][ T8879] page dumped because: kasan: bad access detected
[  298.861477][ T8879] page_owner tracks the page as allocated
[  298.867178][ T8879] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 4557, tgid 4557 (udevd), ts 34732711255, free_ts 34428255013
[  298.885847][ T8879]  post_alloc_hook+0x1f3/0x230
[  298.890621][ T8879]  get_page_from_freelist+0x2ccb/0x2d80
[  298.896181][ T8879]  __alloc_pages_noprof+0x256/0x6c0
[  298.901371][ T8879]  alloc_slab_page+0x5f/0x120
[  298.906040][ T8879]  allocate_slab+0x5a/0x2f0
[  298.910531][ T8879]  ___slab_alloc+0xcd1/0x14b0
[  298.915212][ T8879]  __slab_alloc+0x58/0xa0
[  298.919547][ T8879]  kmem_cache_alloc_noprof+0x1c1/0x2a0
[  298.925002][ T8879]  vm_area_dup+0x27/0x290
[  298.929340][ T8879]  copy_mm+0xc7b/0x1f30
[  298.933502][ T8879]  copy_process+0x186b/0x3d90
[  298.938181][ T8879]  kernel_clone+0x226/0x8f0
[  298.942681][ T8879]  __x64_sys_clone+0x258/0x2a0
[  298.947447][ T8879]  do_syscall_64+0xf3/0x230
[  298.951949][ T8879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.957867][ T8879] page last free pid 4555 tgid 4555 stack trace:
[  298.964177][ T8879]  free_unref_page+0xd22/0xea0
[  298.968932][ T8879]  __put_partials+0xeb/0x130
[  298.973520][ T8879]  put_cpu_partial+0x17c/0x250
[  298.978286][ T8879]  __slab_free+0x2ea/0x3d0
[  298.982695][ T8879]  qlist_free_all+0x9e/0x140
[  298.987297][ T8879]  kasan_quarantine_reduce+0x14f/0x170
[  298.992772][ T8879]  __kasan_slab_alloc+0x23/0x80
[  298.997647][ T8879]  kmem_cache_alloc_node_noprof+0x16b/0x320
[  299.003536][ T8879]  __alloc_skb+0x1c3/0x440
[  299.007949][ T8879]  netlink_sendmsg+0x638/0xcb0
[  299.012706][ T8879]  __sock_sendmsg+0x221/0x270
[  299.017391][ T8879]  ____sys_sendmsg+0x525/0x7d0
[  299.022155][ T8879]  __sys_sendmsg+0x2b0/0x3a0
[  299.026738][ T8879]  do_syscall_64+0xf3/0x230
[  299.031240][ T8879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.037127][ T8879] 
[  299.039439][ T8879] Memory state around the buggy address:
[  299.045055][ T8879]  ffff88807c445100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  299.053105][ T8879]  ffff88807c445180: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fa fb
[  299.061156][ T8879] >ffff88807c445200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  299.069207][ T8879]                          ^
[  299.073782][ T8879]  ffff88807c445280: fb fb fb fb fb fc fc fc fc fc fc fc fc 00 00 00
[  299.081832][ T8879]  ffff88807c445300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  299.089887][ T8879] ==================================================================
[  299.107298][ T8879] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  299.114533][ T8879] CPU: 1 UID: 0 PID: 8879 Comm: syz.2.819 Not tainted 6.10.0-next-20240717-syzkaller #0
[  299.124272][ T8879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  299.134344][ T8879] Call Trace:
[  299.137636][ T8879]  <TASK>
[  299.140568][ T8879]  dump_stack_lvl+0x241/0x360
[  299.145255][ T8879]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.150461][ T8879]  ? __pfx__printk+0x10/0x10
[  299.155051][ T8879]  ? preempt_schedule+0xe1/0xf0
[  299.159926][ T8879]  ? vscnprintf+0x5d/0x90
[  299.164255][ T8879]  panic+0x349/0x870
[  299.168166][ T8879]  ? check_panic_on_warn+0x21/0xb0
[  299.173279][ T8879]  ? __pfx_panic+0x10/0x10
[  299.177718][ T8879]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  299.183694][ T8879]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  299.190029][ T8879]  ? print_report+0x502/0x550
[  299.194707][ T8879]  check_panic_on_warn+0x86/0xb0
[  299.199644][ T8879]  ? handle_mm_fault+0x14f0/0x19a0
[  299.204754][ T8879]  end_report+0x77/0x160
[  299.208999][ T8879]  kasan_report+0x154/0x180
[  299.213504][ T8879]  ? handle_mm_fault+0x14f0/0x19a0
[  299.218623][ T8879]  handle_mm_fault+0x14f0/0x19a0
[  299.223570][ T8879]  ? __pfx_handle_mm_fault+0x10/0x10
[  299.228852][ T8879]  ? lock_vma_under_rcu+0x592/0x6e0
[  299.234071][ T8879]  ? exc_page_fault+0x113/0x8c0
[  299.238924][ T8879]  exc_page_fault+0x459/0x8c0
[  299.243609][ T8879]  asm_exc_page_fault+0x26/0x30
[  299.248463][ T8879] RIP: 0033:0x7f5e1e4393aa
[  299.252877][ T8879] Code: 90 8b 45 04 ba 03 00 00 00 c1 e0 04 03 45 64 39 c6 48 0f 42 f0 45 31 c9 31 ff e8 21 c7 13 00 8b 75 00 ba 03 00 00 00 45 89 e0 <49> 89 45 00 41 b9 00 00 00 10 b9 01 80 00 00 31 ff c1 e6 06 e8 fd
[  299.272499][ T8879] RSP: 002b:00007f5e1f360fe0 EFLAGS: 00010217
[  299.278569][ T8879] RAX: ffffffffffffffff RBX: 00007f5e1e704038 RCX: 00007f5e1e575ad3
[  299.286536][ T8879] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000000
[  299.294502][ T8879] RBP: 0000000020000000 R08: 00000000ffffffff R09: 0000000000000000
[  299.302490][ T8879] R10: 0000000000008001 R11: 0000000000000246 R12: ffffffffffffffff
[  299.310461][ T8879] R13: 0000000020c57000 R14: 0000000000000000 R15: 0000000000000000
[  299.318440][ T8879]  </TASK>
[  299.321753][ T8879] Kernel Offset: disabled
[  299.326072][ T8879] Rebooting in 86400 seconds..