last executing test programs:

15.67317189s ago: executing program 1 (id=2261):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x3}})
close_range(r0, 0xffffffffffffffff, 0x0)

15.539069707s ago: executing program 1 (id=2262):
rseq(&(0x7f0000000040), 0x20, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000002e80), 0x2, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x6, 0x12, r1, 0x0)
syz_io_uring_setup(0x0, &(0x7f0000000440), &(0x7f0000004000), &(0x7f0000ffb000))

15.404276998s ago: executing program 1 (id=2263):
socket$rds(0x15, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ZERO(r2, 0x0, 0x48f, &(0x7f0000000000)={0x2, @private=0xa010100, 0x4e21, 0x2, 'wlc\x00', 0xc, 0x1, 0x80}, 0x2c)

14.191080073s ago: executing program 1 (id=2267):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)={0x7b8, r1, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x1, 0x1}}}}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x3}, @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x1}, @NL80211_ATTR_HE_BSS_COLOR={0x10, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_PARTIAL={0x4}, @NL80211_HE_BSS_COLOR_ATTR_COLOR={0x5, 0x1, 0x20}]}, @NL80211_ATTR_HE_OBSS_PD={0x64, 0x117, 0x0, 0x1, [@NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x10}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x11}, @NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP={0xc, 0x4, "dbc664a68095ac70"}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x5, 0x6, 0x9}, @NL80211_HE_OBSS_PD_ATTR_SR_CTRL={0x5, 0x6, 0x7}, @NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET={0x5, 0x2, 0x14}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0xf}, @NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET={0x5, 0x3, 0x12}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x4}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_HIDDEN_SSID={0x8, 0x7e, 0x1}, @beacon=[@NL80211_ATTR_FTM_RESPONDER={0xa4, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_CIVICLOC={0x9f, 0x3, "68982f9c25efcb8782f177d21f1966e6577813a0237652f63d062b57a03bb63b7d52f807bb811ff85d4ae0e626871d7720031be25b59e5f26560627654387aeaa5c47252b26eabf42dd9cb40e06da2b1a3db6abb3c94be1434533b2f4989ecf0ddf8de27aee706079c9ef48a0793308130b2f6bb997709fef1490ba1a8bb94139c3e37592e7628d3012cb94768eddca8800a24883f867ed312e02e"}]}, @NL80211_ATTR_BEACON_TAIL={0x4a, 0xf, [@mesh_chsw={0x76, 0x6, {0x7a, 0x81, 0x41, 0x1}}, @chsw_timing={0x68, 0x4, {0xaf0, 0x90}}, @perr={0x84, 0x1c, {0xde, 0x2, [{}, {}]}}, @cf={0x4, 0x6, {0x9, 0x1, 0xfff7, 0x9}}, @mic={0x8c, 0x10, {0xce7, "7e23ec1a47b7", @short="7d43ce2415c51b23"}}]}, @NL80211_ATTR_FTM_RESPONDER={0x30c, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0xa2, 0x2, "15844d2118112f84919e6455887919db52f577acbb39de32169154665ea589073f55ddc2477bf58023482f3e0e7d8b0dce1a5d7a5e60aef246b19329efa1503d24386c60b4eb7ee71812d54cc83cdd09bc8b754b0aabf9e209799e39c5a733c5ba9822ddf8ad8bb5bf288fa3d919985488ce63071e1566a603d8ad3140f3d3b0598839a4abb3ce92e12bcc40baf9313743cea1620551adc9e66d277ea6a1"}, @NL80211_FTM_RESP_ATTR_LCI={0xc6, 0x2, "b41765091a3da40ff88665a528f2a19cd3278dca69f84a402346428f8314cc51f48783a1d806f988fa29933de0087d909b4980de200e0674077dafb0e4b7ec4315e43eb1789ee11d2ca1d6659b7a497717da829b866c5239fdfc4b091397bfdbdcb1e369810e91a5b2504bb0ebadfb92f964a5744394ca1e853dbc72b2edd34364a853f0f066dac90b4bd237aed158782be0ab91a51213b6c1fff55d2ce88044d2d7744f16bc038966f6cda8dd5fefa7de06e486a39a31ceaa121dc43043a9ec6c0d"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0x95, 0x3, "9f260aa919f2130c82bc20dd682ed483d0b2e4d934f67114abf98022e39897c165942e03f9e3742981a492f641c931d3dc59eebc3fd6ff2292b84769625e772670f0ad6087f9b04a5ef34ebf38906577102440ad0e15ce491cde4c1509ef761e520375745f204d8ac9e71f64b446062b96b7644d11d5be49fdc6be4ce6fa5beaf0e23a77dc7cb1c2b25181329f97fb5d80"}, @NL80211_FTM_RESP_ATTR_LCI={0x102, 0x2, "963d7c9cfa4f1a1f6c42ca9c01ead55072481b32966e7b2ec9003bc1d45cdcdb187ce5b6fa787a202da4fc9a3f0194f57f7eaa77a0937e9bb63dbcf0609d87918031aa0397abedc9634aa32473a1fa0d9609edfb2fe81362c0766d95e22c2a8107b90d8a762407f0b948c4ed6fb9a8ef64264a40de6d92c9bd36292d49fff7b55b88773d4325976de2015cc0b2f39271cf755aecc6d376c18763b5d1533b66432815008bab081715f910ba63aa48b42209cd8c9a50e301973ccea3b567f8a9d6a8f8eaa90ee7c7333e90a979c87b721ded5f82854feeb620b71126b4cffc98c5f93e977a018f8086c024c8efa71cb238c49baa8fa4ba0d79028caec07893"}]}, @NL80211_ATTR_IE_PROBE_RESP={0x2c5, 0x7f, [@tim={0x5, 0xfb, {0x2, 0xa7, 0x8, "15b62744faccbc0b9c680328f39478a1dcda6c7662fdc4d6087eef28aa54ad7ff6eed80a63bc5cf03f749bc85713218bdae7ffa95ab4458a04fe26c75f96ad380a61d6e947ed577d3d7ab81411c21e808f27bd7b6b5e81cd0bef2675f604369f5d8deb530d7a3a3144485cd4090860dc1b5870e03b3309e355394e2ee2f7baec9b74d644a7e9a90283d600287e305eafb22a0d222ff9862f4639e5bf0c2d7e93eef1a18e179568d8b342933762d84dce5a0bb5596518c8123cbc4b04f17483aebfec86c8e6dfa568e78577864b4029adb271c2479dd08dbccac154631a12852e7e1bd5cb7de213f2023134e9f2390e4771435c9e5928d793"}}, @ssid={0x0, 0x6, @random="24930db4e080"}, @preq={0x82, 0x1a}, @random_vendor={0xdd, 0xd1, "ca7290433734520c6afe851aceafe0fe9990f968fe64add8a18a3fcab4d11f9c99d2076a5be7a80adf31a3189215e597779613138ada3432c72fb970ab3636f32d83f99d383cde56c7d95773d66a7dffc9618f224cc610673dd1a35ceeaaa99f4d60b127764031bcfc23d3a678dfa90ddb3c1d936413f69ad847297b95d3dfbb641e7dbdcee2a124a3581733f6f49a6d028ca7a107f147ec54880337bf5a60134c6192ed0e80d2cde0f53759ce061520cad3faf7f552065c8087a71ac0f1d863b862cefffe3db060bf14ccc604b84a66f5"}, @random_vendor={0xdd, 0xa6, "9b3a0d8aa3b6815e402f2eb701206b45ef9cac3b086dfda12fff651deeeb1cad4f359fcdebc1861f2efb94384cc8737355c9e1a33725f861793853c81e1f0f39260d5d70275a7559434aa855adb28543e563563256cfcacfb2f7e6fc307f4074bcbd9152cc8920560dcdfaa83ab494a3b297af9d26b1877b9b5cace932ba99fac5273164411389b81ec65209d2c26b3da536f0a271da86b227f9d882441a9ec2eb167563e5cc"}, @rann={0x7e, 0x15, {{0x0, 0x63}, 0x0, 0x2, @broadcast, 0x7, 0xfc}}, @chsw_timing={0x68, 0x4, {0x0, 0xf9c2}}, @gcr_ga={0xbd, 0x6, @broadcast}]}], @acl_policy=[@NL80211_ATTR_MAC_ADDRS={0x1c, 0xa6, 0x0, 0x1, [{0xa}, {0xa, 0x6, @broadcast}]}]]}, 0x7b8}}, 0x20044001)
socket$inet(0x2, 0x4000000000000001, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r5, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0)
sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r5, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x4, 0x4}}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x43e}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x20040000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3)
sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000e00)={0x2c, r9, 0x18fe2a01ed25d92f, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r7}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x2c}}, 0x0)

12.572382346s ago: executing program 1 (id=2271):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xd8}}, 0x0)

12.324874946s ago: executing program 1 (id=2274):
r0 = open(&(0x7f0000000000)='./bus\x00', 0x1c5c7e, 0x0)
r1 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
close(r1)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r2, 0x0, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x76, &(0x7f0000000240)={@local, @random="6a2ddcf6177a", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x10, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @exp_fastopen={0xfe, 0x10, 0xf989, "6080356e793ca9d55b8ef24e"}, @fastopen={0x22, 0x3, "e1"}, @generic={0x0, 0xe, "04f6fea52eb715ea7022d662"}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}]}}}}}}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

8.846382026s ago: executing program 3 (id=2288):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0], 0x12, 0xa10, &(0x7f00000001c0)="$eJzs3c1vXGe9B/Dv8UviulWStrm9vVGbTNKb1G19Hdu5TW7UxSWxJ4mLX5DtSI1YNKVxUBRDoQWprZBIJWBFBRKIBewqVqwqdUM3qDvYwYoFEuq/UCEWYWV0zoyTsT1jO2lsp+nnY83Mefmd5/mdOS+PZ3x8nrCzLj+y3twba6Ys7V0xtrRUPe5y/OLvPk/qfPGdHf/0gw/fLx/v3ciudOfF4vdJX5Ja0pPkyaR3bHx2ZmqDgq4nl5N8khRJdqfxuimXU/wsLYfBJyl+U9bb0a7NlsxGlvhS2+n9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7kfF2Pjw8EixKxPTF1+pNSS1NcbGZ2eKLC2tnbO8TMPHVa/fxccb1psU5SN9fctdfT+5//bsJ5LUjuSpxthTVYfk6cu7Dz+x76XHe7qWl++Uzeeye/PFvvXOu9dfW1xceHNLErn/na9PT8zNTEydOV+vTczN1E6fPDl8/MK5udq5icn63KW5+fpUbWy2fmZ+ZrY2MPZcbeT06RO1+tClmYvT58eHJuvLE0/9z+jw8Mnay0Nfq5+ZnZuZPv7y0NzYhYnJyYnp81VMObuMOVXuiF+dmK/N189M1WpXry0unFiVU3dW7b9l0MhGa1IGjW4UNDo8OjoyMjo68l6z9+xbE06+ePrFU8PDPcOrZE3EFu203F8e6ryZ7/1JHO5SV6P9TyYzkelczCuptf0Zy3hmM5OpDvObltv/o8fr69bb2v43W/meltkHyqcjOdic2Neh/e+Qy/b9vJV38m6u57UsZjELeXPHM9ren/OpZzoTmctMJjKVM9WUWnNKLadzMicznFdzIYcyl1rOZSKTqWculzKX+dSrPWoss6nnTOYzk9nUMpCxPJdaRnI6p3MitdQzlEuZycVM53zGc6Yq5WquVe/7iXVyvBU0spmg0XWC1jTmd9z+11f/csKXzlacxuGuLDXb/10bhw6MbUdCAAAAwD33X3/Knv2P/fHvSZGnq+/lz01M1od3Oi0AAADgHqou13uqfOkth55O4fM/AAAAPGiKHGx+C9CfQ42h5f+E8iUAAAAAPCCqv/8fTHHo9gSf/wEAAOAB89DyQMd77G94F/5icPn2v7UrjdcrzYjGWNF/bmKyPjQ2M/nSSI5Vdxmo/tNgTWndSdFb/fvB8znciDrc33jtv11iWWdfGTUy9NJIns+RRsSRgWfKl2cG2kSONiKfbUQ+2xrZnRWRJ8pIAHjQHWnfHhebbP97VxQ2eKBq8nsOtGmDh7WsAHC/OFJd/5/kX80uzdp8/m9GHOz0+f9/V33+77mysv1/LFcPNS4pGMrreSOLuZLBNK84ONSu1OXeCBqXIQxu8G1Af/OShb+c6srgmu8D+m6ta2vsQkYz2PYbgZZyi+UcTjTiurdoIwDANjuybju8ufZ/MIONiA6f//tdUggA95VbPdhv4cBOryMAsJJWGgAAAAAAAAAAAAAAAAAAAAAAAAAAAO69Td3A/8/HksXFhWQbOgu4NdB3JxmuP9CVbcp5xwe6k+xU7f+fO16q3Mb3y1v34A38+J+NI+juFt/JsxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbpUi6203vSnYnGU5yfPuz2jo3djqBe6W27tz3Os0obuZm3s6erUgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODLrHn//640Xh9uTEpPV3I0yeUkX9/pHO+lmzudwI75VvXccv//rqQ3S7nR0+wAougdG5+dmSo3f7G7nP/pBx++Xz42LnttrwplAWUNKzqXaNbQMqV35VKPVkv1jy+8df17b3ynNn622jHPzp+bHJ86P/uV24FPFB81ukBo7QZhOd8fHP3Dz1sm72pW/lF6OuW/ut5zVb3ja+v9z3ZLd6h3E64tLoyWNc3XX5n//revvd0y67EcTp4ZSAZW1vTN8tGhpsOr38+Vis+KnxR78qtcrrZ/+W4US0W5ifZW6//Q1WuLC0Ovv7F45VZOP1yR074cSnIl6VuZ0/Jou5wOVeeTth6uau0tax2ugsqn/Rus47paShzp8L4+Wu0y/WvWYb06a53XobLB+97M6ETbjH7x3cdz7I639LENamyr+Kz4W3Ehf82PWvr/6Cq3/9G0PTrbFFFFtuwprfNWHF5djchqzUdbZ7y6usyORyVb4Kf5Rv7v1vbvWirK97/luNmm81FLje2Pi+TOj4vf7l3TotxWtUj7V7VIzbNPp2Waee5vRHXI8z/yQtJz4I7OKC9scEbZquP/18VA/pEb+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuf0XS3W56V3I0yb4ke8vxWrK0OubGXdTX1V/cTZr3zN3k/MVTdFzR4mZu5u3s2e6MAAAAAAAAANgaZ8c//eDD98tH9ff47vx3V3NOLelJsq/4Ze/Y+OzM1AYF9SaXl/+k33dnOVwunx65Pf5JOfbkBgvt7OUDAPCF9u8AAAD//yjzadA=")
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, 0x0, &(0x7f0000000180))
openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgid(0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2718, 0x0, &(0x7f0000000080))
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0xf, &(0x7f0000000c80)={0x0, @in6={{0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}}, &(0x7f0000000000)=0x9c)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000c40))

6.626715724s ago: executing program 3 (id=2292):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000580)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2e, 0x4, 0x0, 0x0, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x56, 0x0, 0x9, [0x0, 0x0, 0x0, 0x81]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev}, {@broadcast}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010100}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @ra={0x94, 0x4}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='autofs\x00', 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

6.380214354s ago: executing program 2 (id=2295):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
syz_open_procfs$pagemap(0x0, &(0x7f0000000180))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$can_j1939(0x1d, 0x2, 0x7)
socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
r4 = creat(0x0, 0x0)
close(0xffffffffffffffff)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$kcm(0x2, 0x1000000000000002, 0x0)
fsmount(0xffffffffffffffff, 0x1, 0x70)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)

6.132954255s ago: executing program 3 (id=2296):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r5, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r4, 0x0, <r6=>0xffffffffffffffff, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004f80)=[{0x0, 0x0, &(0x7f0000000fc0)}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000100)={0x0, 0xef, 0x84, &(0x7f00000002c0)=""/132})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32315d})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.55609127s ago: executing program 0 (id=2298):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x3}})
close_range(r0, 0xffffffffffffffff, 0x0)

5.512411679s ago: executing program 0 (id=2299):
syz_mount_image$jfs(&(0x7f0000005d00), &(0x7f0000005d40)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00d841a0bf6c38c9caf8f4e88bdb1082f568ad2898112a90fb0effd1aae37d2a7076a7fff8aeb6d7352668e3a97de6cffe6576325156be4c8bf3b165702ecebeb9f87328977f714ca2813ab9fbad0578867d506619a4b10bb21ef8797729576a29e38b41effba81d407f535f452b"], 0x1, 0x5ce8, &(0x7f0000005dc0)="$eJzs3U1vHVcZB/Dnvvj6pbSNKlSFiEWaQmkpzXsC5a0pCxawAAllTSLXrQIpoMQgWlnElReIFV8BNt2w6FfgA/QzID4AkWxWXVAGjX1OMh5f5zokvnPt8/tJzswz547vmfw9nns9M/cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/+uHPLvQi4sbv0oITEV+IQUQ/YrGuT0c9cy0/fhgRJ2O7OV6MiMF8RL3+9j/PR1yOiE+fi9jcWluuF188YD+unF+98/mPf/CPP/554+Qv3vn5x+32n37x0id/uhdx4idvfvL5vaez7QAAAFCKqqqqXnqbfyq9v+933SkAYCry8b9K8nK1Wq1Wq9XHr26qxrvXLCJivblO/ZrB6XgAOGLW47Ouu0CH5F+0YUQ803UngJnW67oDHIrNrbXlXsq31zwenN5pz9eC7Mp/vffg/o79ppO0rzGZ1s/XRgzihX36szilPsySnH+/nf+NnfZRetxh5z8t++U/2rn1qTg5/0E7/5bjk39/bP6lyvkPHyv/gfwBAAAAAGCG5b//n+j4/O/8k2/KgTzq/O/pKfUBAAAAAAAAAJ62Jx3/7wHj/wEAAMDMqt+r1/7y3MNl+30WW738ei/i2dbjgcKkm2WWuu4HAAAAAAAAAAAAAJRkuHMN7/VexFxEPLu0VFVV/dXUrh/Xk65/1JW+/VCyrn/JAwDAjk+fa93L34tYiIjr6bP+5paWlqpqYXGpWqoW5/Pr2dH8QrXYeF+bp/Wy+dEBXhAPR1X9zRYa6zVNer88qb39/ernGlWDA3RsOjoMHAAiYudotOmIdMxU1fPR9ascjgb7//Fj/+cguv45BQAAAA5fVVVVL32c96l0zr/fdacAgKnIx//2eQG1Wq1Wq9XHr26qxrvXLCJivblO/ZrBcPwAcMSsx2ddd4EOyb9ow4g42XUngJnW67oDHIrNrbXlXsq31zwepPHd87Ugu/Jf722vl9cfN52kfY3JtH6+NmIQL+zTnxen1IdZkvPvt/O/sdM+So877PynZb/86+080UF/upbzH7Tzbzk++ffH5l+qnP/wsfIfyB8AAAAAAGZY/vv/Ced/8yYDAAAAAAAAwJGzubW2nO97zef/vzzmce7/PJ5y/j35Fynn32/n37ogZ9CYv//2w/z/vbW2/PHqv76UpzOf/9xgVD/3XK8/GKZrfqq5d+NW3I6VOL/n8cNd7Rf2tM/tar84of3SnvZR3b6Y28/Gcvw6bsc7D9rnJ1wYtTChvZrQnvMf2P+LlPMfNr7q/JdSe681rd3/qL9nv29Oxz3Ptb/955W9e9f0bcTgwbY11dt3poP+bP+fPDOK395duXP29zdXV+9ciDTZtfRipMlTlvOfS185/1df3mnPv/eb++v9j0aPnf+s2Ijhvvm/3Jivt/e1KfetCzn/UfrK+ecj0Pj9/yjnv//+/3oH/QEAAAAAAAAAAAAAAIBHqapq+xbRaxFxNd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49f3VSN91aziIi/N9epXzP8Ydw3AwBm2X8j4p9dd4LOyL9g+fP+6ulXuu4MMFV3P/jwlzdv3165c7frngAAAAAAAAAA/688/ufpxvjP29cBtcaN3jX+69tx+siO/9kfDbbHOk8b9FI8evzvM/Ho8b+HE55vbkL7aEL7/IT2hQntY2/0aMj5v5QyzvmfShtW0vivr3bQn67l/M+ksZ5z/l9rPa6Zf/XXo5x/f1f+51bf/825ux98+Mat92++t/Leyq8unL96+dKVy5euXDn37q3bK+d3/u2wx4cr55/HvnYdaFly/jlz+Zcl5//VVMu/LDn/V1It/7Lk/PPrPfmXJeef3/vIvyw5/9dSLf+y5Py/nmr5lyXn/3qq5V+WnP83Ui3/suT830i1/MuS8z+bavmXJed/LtXyL0vOP5/hkn9Zcv75ygb5lyXnfzHV8i9Lzv9SquVflpz/5VTLvyw5/yupln9Zcv5XUy3/suT8v5lq+Zcl5/+tVMu/LDn/N1Mt/7Lk/L+davmXJef/nVTLvyw5/++mWv5lyfl/L9XyL0vO//upln9Zcv5vpVr+ZXn4+f9mzJgxk2e6/s0EAAAAAAAAAAAAALRN43LirrcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO/cWI2d53w/83ZO9NgT8D2figG1OBhZ21ydwiMEkIX9KeqAkpE1Lahx7bZz4VO8up6KyKbQlClKR2gt60TSJ0ihSW4GqSE0lGiE1UnvXXDXiJmqlXPgCKgcllVIFtnpnnufxzOx63jVmYOZ9Pp8I/+ydd2aeeeeZ2f1u9B0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAVhs/PvOnQ0VRlP81/lhXFOeXf19T7C7/ubDj/V4hAAAAcK7eavz5dxemL+xewZVajvnXq/79u4uLi4vFF948+fafLy6mCzYUxcjqomhcFv3bL36+2HpM8EwxPjTc8u/hirsfqbh8tOLysYrLV1Vcvrri8vGKy5ecgCXWNH8f07ixaxt/Xdc8pcXFxVjjsmuXudYzQ6uHh+PvchqGGtdZHDtQHCoOFzPF1JLrDDX+VxSvbCzv694i3tdwy32tL4ri1E+f2hfXMBTO8bVF2501tD53b9xdbHjzp0/t+/bc61csNytPw5KVFsXmTeU6ny2K07+uKoaK1emcxHUOt6xz/TLrHGlb51DjeuXfO9d5aoXrjI97PKzzh13WuT587fFriqJYKM54TKdniuFibce9pvM93twR5W2UT+UHi9Gz2icbV7BPyuv85Jr2fdK5J+P53xjOyegZ1tD6dLzx5VVLzvs73Sflo+6HvVre9v3lnY6Pt/5qtW2vlsc8dd2Z98Cyz90yeyDt5ZY9sKlqDwyvGmnsgeHTa97Utgeml1xnuBhq3NfJ67rvgcm5I8cnZ5948pZDR/YenDk4c3R6ase2rdu3bd2+ffLAocMzU80/z+6UDpC1xXDag5vCe03cgzd0HNu6JRe/8e69Dsb75HVQPvbPXF8u6Pzh4gx7vDzm2c3n/jpI3/dbXgejLa+DZd9Tl3kdjK7gdVAec2rzyr5njrb8t9waevVeuK5lD7yf3w/L+3zoxjO/F64P63ruprP9fjiyZA/EhzUUXnvlV9LPe+O3h/OydF9cWV5w3qpifnbmxK2P752bOzFdhPGeuKjluercL2tbHlOxZL8Mn/V+2f23v7z+ymW+vi6cq/Gbuz9X5THbJro/V4139+XPZ9tXtxRhvMve6/O53Hez8nymLNHlfJbHPHvLuf8smHJJy/vfWNX738jYaPP9bySdjbG297+lT81IY2VFceqWlb3/jYX/3uv3v4v75P2vPFcP3dp9D5THPDd5tntgtOv73zVhDoX13BgSw3hL7n+7cflCc5u2PJeV+2Z0dCzsm9F4j+37ZuuS65S3Vt735ql3tm82X9P+XLX93FLDfVOeq7+Y6r5vymNenT7394418a8t7x2rqvbA2Miqcr1jaRM03+8W18Q9cGuxrzhWHC72p+uUz3J5XxNbVrYHVoX/3uv3jsv7ZA+U5+rFLd33QHnMD7a+uz87bQ5fSce0/OzU+fuFM2X+K0dP317naXu3M3+5zk9s6/67ofKY17edbc7ofp5uDl85b5nz1Pn6OdOe3l+8N+fp8rDOw9u7/26qPObiHSvcT7uLonht+rXG77vC73f/Yf4/vtv2e9/lfqf82vRr900+8KOzWT8AAO/c240/F1Y1f9Zs+X+sV/L//wMAAAADIeb+4TAT+R8AAABqI+b+kTAT+R8AAABqI+b+0TCTTPL/I7fvfOmtp4v0aYCLQbw8nob772weFzveC+HfGxZPK7/+sW+NvfSVp1d238NFUfzyvg8te/wjd8Z1NR2P6/xI+9eXuPzqFd3/ww+ePq718xNO7Wzefnw8K90Gsav8yuSWxu1ueGK6MV+9r2jMBxaee6Z5+81/x+NPbm0e/1fhQ0t2Hxhqu/7msJ5rw9wQPlPm/t2nz0M54/VeWn/Vv1z02dP3F683tOmCxsN88Q+btxs/I+qFi5rHx8d9pvX/81e/81J5/OPXLb/+p4eXX//JcLs/CfMXu5rHt57zr7Ss/4/D+uP9xevd+s3vL7v+ly9rHv9y2BdfD7Nz/Xf/2YffWu75ivez+47m9eL9T/3Ptsb14u3F2+9c//jT023no/P2X32zeTu7Hv3ZSOvx8evxfqKH72jf30Ph+W3rkRdF8Z0/KdrOc/HR5vX+qWP98faO37H8+m/uWOfxoasb1z/9eNa1Pa6v/c2WZR9vXM/uv1/X9nheuCecvzcnf1De7skHwn4Ml//vD5u31/lZpi/f0/5+E4//+rrm6zbe3mTH+l/oWP/C1eW5q17/vW821//yXavb1r/7k2E/3ducVes/+NcXtl3/G99uPh8nHps4emx2/tD+lrPa+jpePb5m7Xnnf+CCC8N7aee/9xybe2TmxIapDVNFsWEAPzKw1+v/Zpj/3RwL7/49NP3oZ8199/ynmt+3bvh5898vhK8/HJ7P+P3xa3851rZfO5/3hbua81zXf1NYx0pd9tX/unpFB578/Cvz//hHr3f+XBAfz/FLxhuP78WNlzYuG3q1eXnn+1WV/7yk/XX949GpxvxeOK+L4ZOZN13avL/O24+fTfL8p5uv3/iTXLx+0fF5IutG2h/Hua7/x+HnmO9f3v7+F/fH957u+DTndcVQuYSF8P5QLDQvj0fF8/38qUuXvb/4OTzFwhVns8wzmn1idvLwoaPzj0/OzczOTc4+8eSeI8fmj87taXx26Z4vVl3/9Ot7beP1vX9mx7ai8Wo/1hw99n6v//iD+/bfNnX9/pkDe+cPzD14fObEwX2zs/tm9s9ev/fAgZnHqq5/aP+u6S07t962ZeLgof27bt+5c+vOiUNHj5XLaC6qwo6pL00cPbGncZXZXdt2Tm/fvm1q4six/TO7bpuampivun7je9NEee1HJ07MHN47d+jIzMTsoSdndk3v3LFjS+WnPx45fmB2w+SJ+aOT87MzJyabj2XDXOPL5fe+quuTh9lj4f2uw1D46fxzN+9In49b+taXz3hTzUPafzwt3gifBRW/v1X9O+b+sTCTTPI/AAAA5CDm/vDB/6cvkP8BAACgNmLuXx1mIv8DAABAbcTcPx5mkkn+1//X/9f/1//X/9f/7yX9f/3/bvT/9f8Hef36//r/VOu3/n/M/WuKIsv8DwAAADmIuX9tmIn8DwAAALURc/95YSbyPwAAANRGzP3nh5lkkv/1//X/9f/1//X/9f97Sf9f/78b/X/9/0Fev/6//j/V+q3/H3P/B8JMMsn/AAAAkIOY+y8IM5H/AQAAoDZi7r8wzET+BwAAgNqIuX9dmEkm+V//X/9f/1//X/9f/7+X9P/1/7vR/9f/H+T16//r/1Ot3/r/Mff/vzCTTPI/AAAA5CDm/g+Gmcj/AAAAUBsx918UZiL/AwAAQG3E3H9xmEkm+V//X/9f/1//X/9f/7+X9P/1/7vR/9f/H+T16//r/1Ot3/r/MfdfEmaSSf4HAACAHMTcf2mYifwPAAAAtRFz/2VhJvI/AAAA1EbM/ZeHmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc/8VYSaZ5H8AAADIQcz9V4aZyP8AAABQGzH3fyjMRP4HAACA2oi5f32YSSb5X/9f/1//X/9f/1//v5f0//X/u9H/1/8f5PXr/+v/U63f+v8x9384zCST/A8AAAA5iLn/qjAT+R8AAABqI+b+q8NM5H8AAACojZj7N4SZZJL/9f/1//X/9f/1//X/e0n/X/+/G/1//f9BXr/+v/4/1fqt/x9z/8Ywk0zyPwAAAOQg5v5NYSbyPwAAANRGzP3XhJnI/wAAAFAbMfdfG2aSSf7X/9f/1//X/9f/1//vJf1//f9u9P/1/wd5/fr/+v9U67f+f8z914WZZJL/AQAAIAcx918fZiL/AwAAQG3E3H9DmIn8DwAAALURc//mMJNM8r/+v/6//r/+v/6//n8v6f/r/3ej/6//P8jr1//X/6dav/X/Y+6/Mcwkk/wPAAAAOYi5/6YwE/kfAAAAaiPm/pvDTOR/AAAAqI2Y+yfCTDLJ//r/+v/6//r/+v/6/72k/6//343+v/7/IK9f/1//n2r91v+Puf+WMJNM8j8AAADkIOb+W8NM5H8AAACojZj7J8NM5H8AAACojZj7p8JMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5fzrMJJP8DwAAADmIuX9LmIn8DwAAALURc//WMBP5HwAAAGoj5v5tYSaZ5H/9f/1//X/9f/1//f9e0v/X/+9G/1//f5DXr/+v/0+1fuv/x9y/Pcwkk/wPAAAAOYi5f0eYifwPAAAAtRFz/21hJvI/AAAA1EbM/beHmWSS//X/9f/1//X/9f/1/3tJ/1//vxv9f/3/QV6//r/+P9X6rf8fc//OMJNM8j8AAADkIOb+j4SZyP8AAABQGzH33xFmIv8DAABAbcTc/9Ewk0zyv/6//r/+v/6//r/+fy/p/+v/d6P/r/8/yOvX/9f/p1q/9f9j7t8VZpJJ/gcAAIAcxNx/Z5iJ/A8AAAC1EXP/XWEm8j8AAADURsz9u8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/+4wk0zyPwAAAOQg5v6PhZnI/wAAAFAbMfd/PMxE/gcAAIDaiLn/E2EmmeR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fcf0+YSSb5HwAAAHIQc/8nw0zkfwAAAKiNmPv/f5iJ/A8AAAC1EXP/vWEmmeR//X/9f/1//X/9f/3/XtL/1//vRv9f/3+Q16//r/9PtX7r/8fc/ythJpnkfwAAAMhBzP33hZnI/wAAAFAbMfd/KsxE/gcAAIDaiLn/V8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5/9fCTDLJ/wAAAJCDmPt/PcxE/gcAAIDaiLn/N8JM5H8AAACojZj77w8zyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/t8MM8kk/wMAAEAOYu5/IMxE/gcAAIDaiLn/02Em8j8AAADURsz9nwkzyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/gfDTDLJ/wAAAJCDmPs/G2Yi/wMAAEBtxNz/W2Em8j8AAADURsz9vx1mkkn+1//X/9f/1//X/9f/7yX9f/3/bvT/9f8Hef36//r/VOu3/n/M/Z8LM8kk/wMAAEAOYu7/nTAT+R8AAABqI+b+3w0zkf8BAACgNmLufyjMJJP8r/+v/6//r/+v/6//30v6//r/3ej/6/8P8vr1//X/qdZv/f+Y+z8fZpJJ/gcAAIAcxNz/e2Em8j8AAADURsz9e8JM5H8AAACojZj7Hw4zyST/6//r/+v/6//r/+v/95L+v/5/N/r/+v+DvH79f/1/qvVb/z/m/r1hJpnkfwAAAMhBzP1fCDOR/wEAAKA2Yu7fF2Yi/wMAAEBtxNy/P8wkk/yv/6//r/+v/6//r//fS/r/+v/d6P/r/w/y+vX/9f+p1m/9/5j7Z8JMMsn/AAAAkIOY+w+Emcj/AAAAUBsx9x8MM5H/AQAAoDZi7n8kzCST/K//r/+v/6//r/+v/99L+v/6/93o/+v/D/L69f/1/6nWb/3/mPsPhZlkkv8BAAAgBzH3fzHMRP4HAACA2oi5/0thJvI/AAAA1EbM/YfDTDLJ//r/+v/6//r/+v/6/72k/6//343+v/7/IK9f/1//n2r91v+Puf9ImEkm+R8AAAByEHP/0TAT+R8AAABqI+b+Y2Em8j8AAADURsz9x8NMMsn/+v/6//r/+v/6//r/vaT/r//fjf6//v8gr1//X/+fav3W/4+5//fDTDLJ/wAAAJCDmPtPhJnI/wAAAFAbMffPhpnI/wAAAFAbMffPhZlkkv/1//X/9f/1//X/9f97Sf9f/78b/X/9/0Fev/6//j/V+q3/H3P/fJhJJvkfAAAAchBz/6NhJvI/AAAA1EbM/Y+Fmcj/AAAAUBsx9z8eZpJJ/tf/1//X/9f/1//X/+8l/X/9/270//X/B3n9+v/6/1Trt/5/zP1PhJlkkv8BAAAgBzH3PxlmIv8DAABAbcTc/wdh/h/79qwF4NKDYfTGf9u2bdu2bRzbVnGaJOU31aw1M9m7SZv2LZ5i/wMAAMAxcvc/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+58YtTfY/AAAAdJC7/3lxi/0PAAAAx8jd//y4xf4HAACAY+Tuf0Hc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/S+MW5rsfwAAAOggd/+L4hb7HwAAAI6Ru//FcYv9DwAAAMfI3f+SuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/uftfGrc02f8AAADQQe7+l8Ut9j8AAAAcI3f/y+MW+x8AAACOkbv/FXFLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3vzJuabL/AQAAoIPc/a+KW+x/AAAAOEbu/lfHLfY/AAAAHCN3/2vilib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7n9t3NJk/wMAAEAHuftfF7fY/wAAAHCM3P2vj1vsfwAAADhG7v43xC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/xrilyf4HAACADnL3vylusf8BAADgGLn73xy32P8AAABwjNz9b4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/61xS5P9DwAAAB3k7n9b3GL/AwAAwDFy9789brH/AQAA4Bi5+98RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8745Ym+x8AAAA6yN3/rrjF/gcAAIBj5O5/d9xi/wMAAMAxcve/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+98YtTfY/AAAAdJC7/31xi/0PAAAAx8jd//64xf4HAACAY+Tu/0Dc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/R+MW5rsfwAAAOggd/+H4hb7HwAAAI6Ru//DcYv9DwAAAMfI3f+RuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/ufs/Grc02f8AAADQQe7+j8Ut9j8AAAAcI3f/x+MW+x8AAACOkbv/E3FLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3fzJuabL/AQAAoIPc/Z+KW+x/AAAAOEbu/k/HLfY/AAAAHCN3/2filib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7v9s3NJk/wMAAEAHufs/F7fY/wAAAHCM3P2fj1vsfwAAADhG7v4vxC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/xbilyf4HAACADnL3fylusf8BAADgGLn7vxy32P8AAABwjNz9X4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/6txS5P9DwAAAB3k7v9a3GL/AwAAwDFy9389brH/AQAA4Bi5+78RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8345Ym+x8AAAA6yN3/rbjF/gcAAIBj5O7/dtxi/wMAAMAxcvd/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+78YtTfY/AAAAdJC7/3txi/0PAAAAx8jd//24xf4HAACAY+Tu/0Hc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/T+MW5rsfwAAAOggd/+P4hb7HwAAAI6Ru//HcYv9DwAAAMfI3f+TuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/uft/Grc02f8AAADQQe7+n8Ut9j8AAAAcI3f/z+MW+x8AAACOkbv/F3FLk/2v/9f/6//1//p//f9M+n/9/xX9v/5/5//1//p/xlbr/3P3/zJuabL/AQAAoIPc/b+KW+x/AAAAOEbu/l/HLfY/AAAAHCN3/2/ilib7X/+v/9f/6//1//r/mfT/+v8r+n/9/87/6//1/4yt1v/n7v9t3NJk/wMAAEAHuft/F7fY/wAAAHCM3P2/j1vsfwAAADhG7v4/xC1N9r/+X/+v/9f/6//1/zPp//X/V/T/+v+d/9f/6/8ZW63/z93/x7ilyf4HAACADnL3/ylusf8BAADgGLn7/xy32P8AAABwjNz9f4lbmux//b/+X/+v/9f/6/9n0v/r/6/o//X/O/+v/9f/M7Za/5+7/69xS5P9DwAAAB3k7v9b3GL/AwAAwDFy9/89brH/AQAA4Bi5+/8RtzTZ//p//b/+X/+v/9f/z6T/1/9f0f/r/3f+X/+v/2dstf4/d/8/45Ym+x8AAAA6yN3/r7jF/gcAAIBj5O7/d9xi/wMAAMAxcvf/J25psv/1//p//b/+X/+v/59J/6//v6L/1//v/L/+X//P2Gr9f+7+/8YtTfY/AAAAdJC7/39xi/0PAAAAx8jd//+4xf4HAACAY+TuvyFuabL/9f/6f/2//l//r/+fSf+v/7+i/9f/7/y//l//z9hq/X/u/hvjlib7HwAAADrI3X9T3GL/AwAAwDFy998ct9j/AAAAcIzc/bfELU32v/5f/6//1//r//X/M+n/9f9X9P/6/53/1//r/xlbrf/P3X9r3NJk/wMAAEAHuftvi1vsfwAAADhG7v7b4xb7HwAAAI6Ru/+OuKXJ/tf/6//1//p//b/+fyb9v/7/iv5f/7/z//p//T9jq/X/ufvvjFua7H8AAADoIHf/XXGL/Q8AAADHyN1/d9xi/wMAAMAxcvffE7c02f/6f/2//l//r//X/8+k/9f/X9H/6/93/l//r/9nbLX+P3f/vXFLk/0PAAAAHeTuvy9usf8BAADgGLn7749b7H8AAAA4Ru7+B+KWJvtf/6//1//r//X/+v+Z9P/6/yv6f/3/zv/r//X/jK3W/+fufzBuabL/AQAAoIPc/Q/FLfY/AAAAHCN3/8Nxi/0PAAAAx8jd/0jc0mT/6//1//p//b/+X/8/k/5f/39F/6//3/l//b/+n7HV+v/c/Y/GLU32PwAAAHSQu/+xuMX+BwAAgGPk7n88brH/AQAA4Bi5+5+IW5rsf/2//l//r//X/+v/Z9L/6/+v6P/1/zv/r//X/zO2Wv+fu//JuKXJ/gcAAIAOcvc/FbfY/wAAAHCM3P1Pxy32PwAAABwjd/8zcUuT/a//1//r//X/+n/9/0z6f/3/Ff2//n/n//X/+n/GVuv/c/c/GwAA//9/h0Q1")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'})
dup(r3)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
pwrite64(r5, &(0x7f0000000280)='+', 0x1, 0x0)
open(0x0, 0x0, 0x0)
copy_file_range(0xffffffffffffffff, 0x0, r4, 0x0, 0x0, 0x0)
write(r4, 0x0, 0x0)

5.384692291s ago: executing program 2 (id=2300):
process_vm_writev(0x0, &(0x7f0000000180)=[{&(0x7f0000000040)=""/45, 0x2d}], 0x1, 0x0, 0x9, 0x0)

5.304951573s ago: executing program 2 (id=2301):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)={0x54, r4, 0x0, 0x0, 0x0, {0x45}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc}, {0xc}}]}, 0x54}}, 0x0)

5.184877593s ago: executing program 3 (id=2302):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0], 0x12, 0xa10, &(0x7f00000001c0)="$eJzs3c1vXGe9B/Dv8UviulWStrm9vVGbTNKb1G19Hdu5TW7UxSWxJ4mLX5DtSI1YNKVxUBRDoQWprZBIJWBFBRKIBewqVqwqdUM3qDvYwYoFEuq/UCEWYWV0zoyTsT1jO2lsp+nnY83Mefmd5/mdOS+PZ3x8nrCzLj+y3twba6Ys7V0xtrRUPe5y/OLvPk/qfPGdHf/0gw/fLx/v3ciudOfF4vdJX5Ja0pPkyaR3bHx2ZmqDgq4nl5N8khRJdqfxuimXU/wsLYfBJyl+U9bb0a7NlsxGlvhS2+n9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7kfF2Pjw8EixKxPTF1+pNSS1NcbGZ2eKLC2tnbO8TMPHVa/fxccb1psU5SN9fctdfT+5//bsJ5LUjuSpxthTVYfk6cu7Dz+x76XHe7qWl++Uzeeye/PFvvXOu9dfW1xceHNLErn/na9PT8zNTEydOV+vTczN1E6fPDl8/MK5udq5icn63KW5+fpUbWy2fmZ+ZrY2MPZcbeT06RO1+tClmYvT58eHJuvLE0/9z+jw8Mnay0Nfq5+ZnZuZPv7y0NzYhYnJyYnp81VMObuMOVXuiF+dmK/N189M1WpXry0unFiVU3dW7b9l0MhGa1IGjW4UNDo8OjoyMjo68l6z9+xbE06+ePrFU8PDPcOrZE3EFu203F8e6ryZ7/1JHO5SV6P9TyYzkelczCuptf0Zy3hmM5OpDvObltv/o8fr69bb2v43W/meltkHyqcjOdic2Neh/e+Qy/b9vJV38m6u57UsZjELeXPHM9ren/OpZzoTmctMJjKVM9WUWnNKLadzMicznFdzIYcyl1rOZSKTqWculzKX+dSrPWoss6nnTOYzk9nUMpCxPJdaRnI6p3MitdQzlEuZycVM53zGc6Yq5WquVe/7iXVyvBU0spmg0XWC1jTmd9z+11f/csKXzlacxuGuLDXb/10bhw6MbUdCAAAAwD33X3/Knv2P/fHvSZGnq+/lz01M1od3Oi0AAADgHqou13uqfOkth55O4fM/AAAAPGiKHGx+C9CfQ42h5f+E8iUAAAAAPCCqv/8fTHHo9gSf/wEAAOAB89DyQMd77G94F/5icPn2v7UrjdcrzYjGWNF/bmKyPjQ2M/nSSI5Vdxmo/tNgTWndSdFb/fvB8znciDrc33jtv11iWWdfGTUy9NJIns+RRsSRgWfKl2cG2kSONiKfbUQ+2xrZnRWRJ8pIAHjQHWnfHhebbP97VxQ2eKBq8nsOtGmDh7WsAHC/OFJd/5/kX80uzdp8/m9GHOz0+f9/V33+77mysv1/LFcPNS4pGMrreSOLuZLBNK84ONSu1OXeCBqXIQxu8G1Af/OShb+c6srgmu8D+m6ta2vsQkYz2PYbgZZyi+UcTjTiurdoIwDANjuybju8ufZ/MIONiA6f//tdUggA95VbPdhv4cBOryMAsJJWGgAAAAAAAAAAAAAAAAAAAAAAAAAAAO69Td3A/8/HksXFhWQbOgu4NdB3JxmuP9CVbcp5xwe6k+xU7f+fO16q3Mb3y1v34A38+J+NI+juFt/JsxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbpUi6203vSnYnGU5yfPuz2jo3djqBe6W27tz3Os0obuZm3s6erUgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODLrHn//640Xh9uTEpPV3I0yeUkX9/pHO+lmzudwI75VvXccv//rqQ3S7nR0+wAougdG5+dmSo3f7G7nP/pBx++Xz42LnttrwplAWUNKzqXaNbQMqV35VKPVkv1jy+8df17b3ynNn622jHPzp+bHJ86P/uV24FPFB81ukBo7QZhOd8fHP3Dz1sm72pW/lF6OuW/ut5zVb3ja+v9z3ZLd6h3E64tLoyWNc3XX5n//revvd0y67EcTp4ZSAZW1vTN8tGhpsOr38+Vis+KnxR78qtcrrZ/+W4US0W5ifZW6//Q1WuLC0Ovv7F45VZOP1yR074cSnIl6VuZ0/Jou5wOVeeTth6uau0tax2ugsqn/Rus47paShzp8L4+Wu0y/WvWYb06a53XobLB+97M6ETbjH7x3cdz7I639LENamyr+Kz4W3Ehf82PWvr/6Cq3/9G0PTrbFFFFtuwprfNWHF5djchqzUdbZ7y6usyORyVb4Kf5Rv7v1vbvWirK97/luNmm81FLje2Pi+TOj4vf7l3TotxWtUj7V7VIzbNPp2Waee5vRHXI8z/yQtJz4I7OKC9scEbZquP/18VA/pEb+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuf0XS3W56V3I0yb4ke8vxWrK0OubGXdTX1V/cTZr3zN3k/MVTdFzR4mZu5u3s2e6MAAAAAAAAANgaZ8c//eDD98tH9ff47vx3V3NOLelJsq/4Ze/Y+OzM1AYF9SaXl/+k33dnOVwunx65Pf5JOfbkBgvt7OUDAPCF9u8AAAD//yjzadA=")
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, 0x0, &(0x7f0000000180))
openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgid(0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2718, 0x0, &(0x7f0000000080))
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0xf, &(0x7f0000000c80)={0x0, @in6={{0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}}, &(0x7f0000000000)=0x9c)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000c40))

4.837042759s ago: executing program 4 (id=2304):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000008dc0)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000001500)="cd07e85142f8ead499f3ef72f2227c53dd9255de4766b5f33ef218a7c39a97bbd4f8385f1852a08a0e900c7f9183f6c74e7e3407bac0d64f2fe763278fbc7ea1e7111be746ae2748fc96288a8b288a6d1baf35514905bee7b70175dd6a5b1b43735e06d236ee53c79aa6f817e833618ba7321afdf30656589fb5d92a67f70e2cb1dd98e48ff65bb2569a258f78bca3682750e0584ea00629c67c6411cd532d62be01f143fe9ce39012147357e8abe37baa6cfad28b949c343c17567015b2811ea8dfd577749855bcc1cbdae064318ac83c505129a407543c355a4e902e6d43e92cf7d4a538400b7741304b9179bc8357b82081d7141a388f8659108dbd3142dca4483efd112eae795c780aa14fde5d3ad8a29f57cbbe4929ced3ec0c45c4964e627d283b4c8302ab1eac4796a40ff79106ab2b28a1a72028a56a6b4e7e44f9578970f37fc3edfdf4b51bece98270e1b3b8da8f4bad2d38d0d04220f53e70f88f9431cd8184995253d38f27fbece66f45558a0941277de0308ed8a3bd8cbaa2f1240645", 0x183}], 0x1}}], 0x1, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000001700)=""/256})
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})

4.689428205s ago: executing program 4 (id=2305):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r2 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r2, r3, 0x0, 0xd344)

4.585785587s ago: executing program 4 (id=2306):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000580)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2e, 0x4, 0x0, 0x0, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x56, 0x0, 0x9, [0x0, 0x0, 0x0, 0x81]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev}, {@broadcast}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010100}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @ra={0x94, 0x4}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='autofs\x00', 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

3.806448673s ago: executing program 3 (id=2307):
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
socket(0x26, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000480)="0f0200003a000517d25a80648c63940d030d000000000000000008c321d51f000200080000003e37eb248833c33ccf43bf38e54bc19a5301805e3a0580d6f8e87739bc221130fabf1233a0cfa5363e8b4f1a61729df9ff2f7afba09fcc213d14fde6522749c634b91b16a060ab4b9c8e6e5c2a6f6f6e29afad1e899d7889d8803e47cc9fa861e7a1b2b54141cad3525cda9a6b3000ead1f3f398cedb3f22d2258b7db446eed6df59d302c2ab45b63f1db74eacafd295a6d5ca2953e598a5019741707cbcf12a8ee54aeadd66f3fe171573e3", 0xd2}, {&(0x7f0000000240)="14ea6b09a80fdd9810700f03d15a4c5ed13c5c9768b359f879a6db6ee18a54321484f4f48481dc5f007ccb4e5142a37bb45726fa7e5362f171c9a4ee99949c6e867251ba84edb024a97e8be1ad62727bb4bed90e4a62941a8336517c6f875606f41898dd831b4a7aec1b41c0c135332020604e9c34ccde232d5b9c76f91adf73c72a6cd62933753ec2263f5067bff09d4bcc1c5665c74e9bb7bc525daaffd17491087a5ffd5fd65eb611c415a9c885535e7d8f4c8058ad267e61da6db9585f4b41357e4823de2a70f4399ed933edbc", 0xcf}, {&(0x7f0000000340)="e03e6daa010037711721f161eec93828fa6429b8d03bca491da67932a4a70244e0742504bac4f0d0a70add918c3a93295b335e5fd3b3eda8759cacbe4fbb69aea4b80b5d5ce8ebb6321b6f61bdee1b991cd809248d1bbee7c45f9ec22a57498c07cb73195dda60de9e7101f8b4e9", 0x6e}], 0x3, 0x0, 0x0, 0x6c000000}, 0x0)

3.717017187s ago: executing program 4 (id=2308):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000740)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
write$binfmt_script(r1, &(0x7f0000000600), 0xfec8)
recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0x0, 0x0)

3.031761539s ago: executing program 0 (id=2309):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00'})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x3}})
close_range(r0, 0xffffffffffffffff, 0x0)

2.183739406s ago: executing program 0 (id=2310):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
r1 = open$dir(0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file1\x00', 0x0)
faccessat(r1, &(0x7f0000000100)='./file1\x00', 0x0)

2.016884326s ago: executing program 2 (id=2312):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r5, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r2, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r4, 0x0, <r6=>0xffffffffffffffff, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004f80)=[{0x0, 0x0, &(0x7f0000000fc0)}], 0x1, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000100)={0x0, 0xef, 0x84, &(0x7f00000002c0)=""/132})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32315d})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.016416505s ago: executing program 0 (id=2313):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_io_uring_setup(0x320e, &(0x7f0000000800)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000540)=<r2=>0x0)
syz_io_uring_setup(0x297a, &(0x7f0000000200), &(0x7f00000002c0)=<r3=>0x0, &(0x7f0000000080))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, 0x0, 0x0, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
io_uring_enter(r1, 0x3332, 0x0, 0x0, 0x0, 0x0)
readv(r0, &(0x7f0000000700)=[{&(0x7f0000000580)=""/52, 0x34}], 0x1)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000a80))

674.15031ms ago: executing program 2 (id=2314):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x0, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000})
ioctl$IOMMU_IOAS_UNMAP(r0, 0x3b86, 0x0)

673.897435ms ago: executing program 4 (id=2315):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000008dc0)=[{{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000001500)="cd07e85142f8ead499f3ef72f2227c53dd9255de4766b5f33ef218a7c39a97bbd4f8385f1852a08a0e900c7f9183f6c74e7e3407bac0d64f2fe763278fbc7ea1e7111be746ae2748fc96288a8b288a6d1baf35514905bee7b70175dd6a5b1b43735e06d236ee53c79aa6f817e833618ba7321afdf30656589fb5d92a67f70e2cb1dd98e48ff65bb2569a258f78bca3682750e0584ea00629c67c6411cd532d62be01f143fe9ce39012147357e8abe37baa6cfad28b949c343c17567015b2811ea8dfd577749855bcc1cbdae064318ac83c505129a407543c355a4e902e6d43e92cf7d4a538400b7741304b9179bc8357b82081d7141a388f8659108dbd3142dca4483efd112eae795c780aa14fde5d3ad8a29f57cbbe4929ced3ec0c45c4964e627d283b4c8302ab1eac4796a40ff79106ab2b28a1a72028a56a6b4e7e44f9578970f37fc3edfdf4b51bece98270e1b3b8da8f4bad2d38d0d04220f53e70f88f9431cd8184995253d38f27fbece66f45558a0941277de0308ed8a3bd8cbaa2f1240645", 0x183}], 0x1}}], 0x1, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000001700)=""/256})
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})

507.557465ms ago: executing program 0 (id=2316):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
sendfile(r1, r2, 0x0, 0xd344)

344.937795ms ago: executing program 2 (id=2317):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0], 0x12, 0xa10, &(0x7f00000001c0)="$eJzs3c1vXGe9B/Dv8UviulWStrm9vVGbTNKb1G19Hdu5TW7UxSWxJ4mLX5DtSI1YNKVxUBRDoQWprZBIJWBFBRKIBewqVqwqdUM3qDvYwYoFEuq/UCEWYWV0zoyTsT1jO2lsp+nnY83Mefmd5/mdOS+PZ3x8nrCzLj+y3twba6Ys7V0xtrRUPe5y/OLvPk/qfPGdHf/0gw/fLx/v3ciudOfF4vdJX5Ja0pPkyaR3bHx2ZmqDgq4nl5N8khRJdqfxuimXU/wsLYfBJyl+U9bb0a7NlsxGlvhS2+n9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7kfF2Pjw8EixKxPTF1+pNSS1NcbGZ2eKLC2tnbO8TMPHVa/fxccb1psU5SN9fctdfT+5//bsJ5LUjuSpxthTVYfk6cu7Dz+x76XHe7qWl++Uzeeye/PFvvXOu9dfW1xceHNLErn/na9PT8zNTEydOV+vTczN1E6fPDl8/MK5udq5icn63KW5+fpUbWy2fmZ+ZrY2MPZcbeT06RO1+tClmYvT58eHJuvLE0/9z+jw8Mnay0Nfq5+ZnZuZPv7y0NzYhYnJyYnp81VMObuMOVXuiF+dmK/N189M1WpXry0unFiVU3dW7b9l0MhGa1IGjW4UNDo8OjoyMjo68l6z9+xbE06+ePrFU8PDPcOrZE3EFu203F8e6ryZ7/1JHO5SV6P9TyYzkelczCuptf0Zy3hmM5OpDvObltv/o8fr69bb2v43W/meltkHyqcjOdic2Neh/e+Qy/b9vJV38m6u57UsZjELeXPHM9ren/OpZzoTmctMJjKVM9WUWnNKLadzMicznFdzIYcyl1rOZSKTqWculzKX+dSrPWoss6nnTOYzk9nUMpCxPJdaRnI6p3MitdQzlEuZycVM53zGc6Yq5WquVe/7iXVyvBU0spmg0XWC1jTmd9z+11f/csKXzlacxuGuLDXb/10bhw6MbUdCAAAAwD33X3/Knv2P/fHvSZGnq+/lz01M1od3Oi0AAADgHqou13uqfOkth55O4fM/AAAAPGiKHGx+C9CfQ42h5f+E8iUAAAAAPCCqv/8fTHHo9gSf/wEAAOAB89DyQMd77G94F/5icPn2v7UrjdcrzYjGWNF/bmKyPjQ2M/nSSI5Vdxmo/tNgTWndSdFb/fvB8znciDrc33jtv11iWWdfGTUy9NJIns+RRsSRgWfKl2cG2kSONiKfbUQ+2xrZnRWRJ8pIAHjQHWnfHhebbP97VxQ2eKBq8nsOtGmDh7WsAHC/OFJd/5/kX80uzdp8/m9GHOz0+f9/V33+77mysv1/LFcPNS4pGMrreSOLuZLBNK84ONSu1OXeCBqXIQxu8G1Af/OShb+c6srgmu8D+m6ta2vsQkYz2PYbgZZyi+UcTjTiurdoIwDANjuybju8ufZ/MIONiA6f//tdUggA95VbPdhv4cBOryMAsJJWGgAAAAAAAAAAAAAAAAAAAAAAAAAAAO69Td3A/8/HksXFhWQbOgu4NdB3JxmuP9CVbcp5xwe6k+xU7f+fO16q3Mb3y1v34A38+J+NI+juFt/JsxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbpUi6203vSnYnGU5yfPuz2jo3djqBe6W27tz3Os0obuZm3s6erUgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODLrHn//640Xh9uTEpPV3I0yeUkX9/pHO+lmzudwI75VvXccv//rqQ3S7nR0+wAougdG5+dmSo3f7G7nP/pBx++Xz42LnttrwplAWUNKzqXaNbQMqV35VKPVkv1jy+8df17b3ynNn622jHPzp+bHJ86P/uV24FPFB81ukBo7QZhOd8fHP3Dz1sm72pW/lF6OuW/ut5zVb3ja+v9z3ZLd6h3E64tLoyWNc3XX5n//revvd0y67EcTp4ZSAZW1vTN8tGhpsOr38+Vis+KnxR78qtcrrZ/+W4US0W5ifZW6//Q1WuLC0Ovv7F45VZOP1yR074cSnIl6VuZ0/Jou5wOVeeTth6uau0tax2ugsqn/Rus47paShzp8L4+Wu0y/WvWYb06a53XobLB+97M6ETbjH7x3cdz7I639LENamyr+Kz4W3Ehf82PWvr/6Cq3/9G0PTrbFFFFtuwprfNWHF5djchqzUdbZ7y6usyORyVb4Kf5Rv7v1vbvWirK97/luNmm81FLje2Pi+TOj4vf7l3TotxWtUj7V7VIzbNPp2Waee5vRHXI8z/yQtJz4I7OKC9scEbZquP/18VA/pEb+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuf0XS3W56V3I0yb4ke8vxWrK0OubGXdTX1V/cTZr3zN3k/MVTdFzR4mZu5u3s2e6MAAAAAAAAANgaZ8c//eDD98tH9ff47vx3V3NOLelJsq/4Ze/Y+OzM1AYF9SaXl/+k33dnOVwunx65Pf5JOfbkBgvt7OUDAPCF9u8AAAD//yjzadA=")
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, 0x0, &(0x7f0000000180))
openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getpgid(0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2718, 0x0, &(0x7f0000000080))
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0xf, &(0x7f0000000c80)={0x0, @in6={{0xa, 0x4e23, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}}}}, &(0x7f0000000000)=0x9c)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000c40))

344.562358ms ago: executing program 4 (id=2318):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000580)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2e, 0x4, 0x0, 0x0, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x14, 0x56, 0x0, 0x9, [0x0, 0x0, 0x0, 0x81]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x0, [{@private=0xa010100}, {@multicast1}, {@remote}, {@dev}, {@broadcast}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x8, [{@dev}, {@remote}, {@multicast2}, {@private=0xa010101}, {@rand_addr=0x64010100}, {@broadcast, 0x52b1}, {@multicast2}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @ra={0x94, 0x4}]}}}}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b)
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='autofs\x00', 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

0s ago: executing program 3 (id=2319):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$midi(&(0x7f0000000400), 0xb6, 0x0)
syz_io_uring_setup(0x4e5e, &(0x7f0000000080), 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
fanotify_init(0x0, 0x0)
fanotify_init(0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x40)
syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0)

kernel console output (not intermixed with test programs):

acketSize 0
[  539.855432][ T7414] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  539.889184][ T7414] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  539.910284][ T7414] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  539.934035][ T7414] usb 4-1: Product: syz
[  539.949195][ T7414] usb 4-1: Manufacturer: syz
[  539.963126][ T7414] usb 4-1: SerialNumber: syz
[  539.989894][ T7414] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  540.212002][ T7414] usb 4-1: USB disconnect, device number 22
[  540.234197][T12158] fuse: Unknown parameter 'user_i00000000000000000000'
[  541.815366][  T927] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  541.895584][T10723] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  542.014485][  T927] usb 4-1: Using ep0 maxpacket: 16
[  542.023598][  T927] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  542.066958][  T927] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  542.089371][  T927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.107212][  T927] usb 4-1: Product: syz
[  542.121728][  T927] usb 4-1: Manufacturer: syz
[  542.126446][  T927] usb 4-1: SerialNumber: syz
[  542.155348][  T927] usb 4-1: config 0 descriptor??
[  542.163216][  T927] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  542.315321][T12190] fuse: Unknown parameter 'user_id00000000000000000000'
[  542.442988][T12165] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  542.504364][  T927] ssu100 4-1:0.0: probe with driver ssu100 failed with error -110
[  542.578900][ T7414] usb 4-1: USB disconnect, device number 23
[  544.001722][T12226] syz.2.1711: attempt to access beyond end of device
[  544.001722][T12226] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0
[  544.014743][T12226] syz.2.1711: attempt to access beyond end of device
[  544.014743][T12226] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0
[  545.008119][  T927] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  545.213902][  T927] usb 1-1: Using ep0 maxpacket: 16
[  545.246227][  T927] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  545.435316][  T927] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  545.582602][  T927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.644891][  T927] usb 1-1: Product: syz
[  545.649091][  T927] usb 1-1: Manufacturer: syz
[  545.689638][  T927] usb 1-1: SerialNumber: syz
[  545.733548][  T927] usb 1-1: config 0 descriptor??
[  545.771844][  T927] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  545.776224][T12239] loop1: detected capacity change from 0 to 32768
[  545.788937][T12239] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1722 (12239)
[  545.841864][T12239] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  545.861402][T12239] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  545.878886][T12239] BTRFS info (device loop1): using free-space-tree
[  545.930241][    T9] libceph: connect (1)[c::]:6789 error -101
[  545.961126][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  546.007006][    T9] libceph: connect (1)[c::]:6789 error -101
[  546.013106][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  546.036356][T12243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  546.124285][  T927] ssu100 1-1:0.0: probe with driver ssu100 failed with error -110
[  546.219084][T10723] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  546.230982][ T7414] usb 1-1: USB disconnect, device number 16
[  546.278399][    T9] libceph: connect (1)[c::]:6789 error -101
[  546.291872][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  546.677187][T12251] ceph: No mds server is up or the cluster is laggy
[  546.799956][T12276] loop2: detected capacity change from 0 to 1764
[  546.873881][T12276] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  546.911081][T12276] ISOFS: unable to read i-node block
[  546.934982][T12276] isofs_fill_super: get root inode failed
[  547.581121][  T927] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  547.904025][  T927] usb 5-1: Using ep0 maxpacket: 8
[  547.937862][T12282] netlink: 'syz.4.1731': attribute type 10 has an invalid length.
[  547.978131][T12282] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1731'.
[  548.059787][T12282] batman_adv: batadv0: Adding interface: virt_wifi0
[  548.078658][T12282] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  548.166872][T12282] batman_adv: batadv0: Interface activated: virt_wifi0
[  548.210579][  T927] usb 5-1: unable to get BOS descriptor or descriptor too short
[  548.247787][  T927] usb 5-1: unable to read config index 0 descriptor/start: -71
[  548.275493][  T927] usb 5-1: can't read configurations, error -71
[  549.400871][T12307] loop2: detected capacity change from 0 to 32768
[  549.417638][T12307] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1737 (12307)
[  549.461074][    T9] libceph: connect (1)[c::]:6789 error -101
[  549.467201][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  549.493138][T12307] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  549.560504][T12307] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  549.586958][T12307] BTRFS info (device loop2): using free-space-tree
[  549.734273][  T927] libceph: connect (1)[c::]:6789 error -101
[  549.751118][  T927] libceph: mon0 (1)[c::]:6789 connect error
[  549.876388][T10686] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  550.246938][T12321] ceph: No mds server is up or the cluster is laggy
[  550.266136][  T927] libceph: connect (1)[c::]:6789 error -101
[  550.272739][  T927] libceph: mon0 (1)[c::]:6789 connect error
[  550.526159][T12352] loop1: detected capacity change from 0 to 1764
[  550.547225][T12352] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  550.563356][T12352] ISOFS: unable to read i-node block
[  550.572483][T12352] isofs_fill_super: get root inode failed
[  550.578383][   T25] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  550.986546][   T25] usb 3-1: Using ep0 maxpacket: 16
[  551.033260][   T25] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  551.222913][   T25] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  551.373330][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.475615][   T25] usb 3-1: Product: syz
[  551.556699][   T25] usb 3-1: Manufacturer: syz
[  551.561449][   T25] usb 3-1: SerialNumber: syz
[  551.608616][   T25] usb 3-1: config 0 descriptor??
[  551.622323][   T25] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  551.863434][T12345] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  551.938696][   T25] ssu100 3-1:0.0: probe with driver ssu100 failed with error -71
[  551.972798][   T25] usb 3-1: USB disconnect, device number 16
[  552.403462][    T9] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  552.740226][T12385] syz.0.1756: attempt to access beyond end of device
[  552.740226][T12385] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0
[  552.753710][T12385] syz.0.1756: attempt to access beyond end of device
[  552.753710][T12385] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0
[  552.893864][    T9] usb 5-1: Using ep0 maxpacket: 8
[  552.905057][T12368] netlink: 'syz.4.1751': attribute type 10 has an invalid length.
[  552.912930][T12368] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1751'.
[  552.976420][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  553.017762][ T5091] libceph: connect (1)[c::]:6789 error -101
[  553.029345][    T9] usb 5-1: unable to read config index 0 descriptor/start: -71
[  553.037683][ T5091] libceph: mon0 (1)[c::]:6789 connect error
[  553.049912][    T9] usb 5-1: can't read configurations, error -71
[  553.334202][ T5091] libceph: connect (1)[c::]:6789 error -101
[  553.354042][ T5091] libceph: mon0 (1)[c::]:6789 connect error
[  553.785970][T12388] ceph: No mds server is up or the cluster is laggy
[  553.877199][  T927] libceph: connect (1)[c::]:6789 error -101
[  553.926491][  T927] libceph: mon0 (1)[c::]:6789 connect error
[  554.222324][T12409] loop2: detected capacity change from 0 to 16
[  554.249040][T12409] erofs: (device loop2): mounted with root inode @ nid 36.
[  554.784401][ T9681] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[9000]
[  554.800067][T12412] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[  554.843905][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  554.843946][   T29] audit: type=1800 audit(1720200875.503:405): pid=12412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1764" name="file3" dev="loop2" ino=89 res=0 errno=0
[  555.047321][ T9681] Bluetooth: hci4: command 0x0406 tx timeout
[  556.494817][T12428] fuse: Bad value for 'fd'
[  556.635486][   T25] libceph: connect (1)[c::]:6789 error -101
[  556.653286][   T25] libceph: mon0 (1)[c::]:6789 connect error
[  556.755074][T12422] loop4: detected capacity change from 0 to 32768
[  556.799028][T12422] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  556.804280][T12416] loop2: detected capacity change from 0 to 32768
[  556.924393][ T5143] libceph: connect (1)[c::]:6789 error -101
[  556.954115][ T5143] libceph: mon0 (1)[c::]:6789 connect error
[  557.001355][T12422] XFS (loop4): Ending clean mount
[  557.019012][T12422] XFS (loop4): Quotacheck needed: Please wait.
[  557.121683][T12422] XFS (loop4): Quotacheck: Done.
[  557.141266][ T5092] Bluetooth: hci4: unexpected event for opcode 0x041b
[  557.234790][   T29] audit: type=1804 audit(1720200877.913:406): pid=12445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1766" name="/newroot/90/file0/bus" dev="loop2" ino=7 res=1 errno=0
[  557.423196][T12430] ceph: No mds server is up or the cluster is laggy
[  557.504263][ T5143] libceph: connect (1)[c::]:6789 error -101
[  557.514125][ T5143] libceph: mon0 (1)[c::]:6789 connect error
[  557.631338][T12447] pimreg3: entered allmulticast mode
[  557.804479][T12432] loop1: detected capacity change from 0 to 32768
[  557.825399][T12432] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1772 (12432)
[  557.912146][T12432] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  557.932059][T10638] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  557.933939][T12432] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  557.969984][T12432] BTRFS info (device loop1): using free-space-tree
[  558.366465][T10723] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  558.542960][ T9681] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  558.563353][ T9681] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  558.572569][ T9681] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  558.626922][ T9681] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  558.642633][ T9681] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  558.657582][ T9681] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  559.131636][ T5092] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  559.157156][ T5092] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  559.544786][ T5092] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  559.559092][ T5092] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  559.571278][ T5092] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  559.581329][ T5092] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  559.717719][ T6936] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.011641][ T6936] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.211232][ T6936] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.339117][T12492] loop2: detected capacity change from 0 to 32768
[  560.449522][ T6936] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  560.835796][ T5092] Bluetooth: hci0: command tx timeout
[  560.877261][   T29] audit: type=1804 audit(1720200881.543:407): pid=12511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1784" name="/newroot/92/file0/bus" dev="loop2" ino=7 res=1 errno=0
[  561.130282][T12514] syz.1.1790: attempt to access beyond end of device
[  561.130282][T12514] nbd1: rw=0, sector=2, nr_sectors = 2 limit=0
[  561.143446][T12514] syz.1.1790: attempt to access beyond end of device
[  561.143446][T12514] nbd1: rw=0, sector=16, nr_sectors = 2 limit=0
[  561.511596][T12472] chnl_net:caif_netlink_parms(): no params data found
[  561.579241][ T6936] ip6gretap0: left allmulticast mode
[  561.594205][ T6936] ip6gretap0: left promiscuous mode
[  561.602495][ T6936] bridge0: port 3(ip6gretap0) entered disabled state
[  561.621021][T12498] loop0: detected capacity change from 0 to 32768
[  561.674989][ T6936] bridge_slave_1: left allmulticast mode
[  561.680665][ T6936] bridge_slave_1: left promiscuous mode
[  561.709467][ T6936] bridge0: port 2(bridge_slave_1) entered disabled state
[  561.732102][ T6936] bridge_slave_0: left allmulticast mode
[  561.744877][ T5092] Bluetooth: hci4: command tx timeout
[  561.754485][ T6936] bridge_slave_0: left promiscuous mode
[  561.760209][ T6936] bridge0: port 1(bridge_slave_0) entered disabled state
[  563.162464][ T5092] Bluetooth: hci0: command tx timeout
[  563.188553][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  563.238463][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  563.635887][T12539] netlink: 'syz.1.1797': attribute type 2 has an invalid length.
[  563.823904][ T5092] Bluetooth: hci4: command tx timeout
[  563.888320][ T6936] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  563.926591][ T6936] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  563.953905][ T1798] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  563.970351][ T6936] bond0 (unregistering): Released all slaves
[  564.070333][T12488] chnl_net:caif_netlink_parms(): no params data found
[  564.144641][ T1798] usb 2-1: Using ep0 maxpacket: 8
[  564.164860][ T1798] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  564.184620][ T1798] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  564.203879][ T1798] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  564.221540][ T1798] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  564.244285][ T1798] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  564.254933][ T1798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.262942][ T1798] usb 2-1: Product: syz
[  564.267328][ T1798] usb 2-1: Manufacturer: syz
[  564.271942][ T1798] usb 2-1: SerialNumber: syz
[  564.281553][ T1798] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  564.507367][  T927] usb 2-1: USB disconnect, device number 24
[  565.023343][T12565] overlayfs: failed to resolve './file0': -2
[  565.036339][T12488] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.054625][T12488] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.061841][T12488] bridge_slave_0: entered allmulticast mode
[  565.083256][T12488] bridge_slave_0: entered promiscuous mode
[  565.199735][ T5092] Bluetooth: hci0: command tx timeout
[  565.205519][T12472] bridge0: port 1(bridge_slave_0) entered blocking state
[  565.232159][T12472] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.259951][T12472] bridge_slave_0: entered allmulticast mode
[  565.288781][T12472] bridge_slave_0: entered promiscuous mode
[  565.297106][T12472] bridge0: port 2(bridge_slave_1) entered blocking state
[  565.304485][T12472] bridge0: port 2(bridge_slave_1) entered disabled state
[  565.311667][T12472] bridge_slave_1: entered allmulticast mode
[  565.319008][T12472] bridge_slave_1: entered promiscuous mode
[  565.595408][ T6936] hsr_slave_0: left promiscuous mode
[  565.690370][ T6936] hsr_slave_1: left promiscuous mode
[  565.756856][ T6936] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  565.809822][ T6936] batman_adv: batadv0: Removing interface: batadv_slave_0
[  565.837092][ T6936] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  565.860601][ T6936] batman_adv: batadv0: Removing interface: batadv_slave_1
[  565.879080][ T6936] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  565.904006][ T5092] Bluetooth: hci4: command tx timeout
[  565.911032][ T6936] batman_adv: batadv0: Removing interface: virt_wifi0
[  565.995133][ T6936] veth1_macvtap: left promiscuous mode
[  566.000709][ T6936] veth0_macvtap: left promiscuous mode
[  566.006434][ T6936] veth1_vlan: left promiscuous mode
[  566.011764][ T6936] veth0_vlan: left promiscuous mode
[  566.319617][ T6936] pimreg3 (unregistering): left allmulticast mode
[  567.209972][ T6936] team0 (unregistering): Port device team_slave_1 removed
[  567.270686][ T5092] Bluetooth: hci0: command tx timeout
[  567.294153][ T6936] team0 (unregistering): Port device team_slave_0 removed
[  567.525991][T12578] loop2: detected capacity change from 0 to 32768
[  567.580791][T12578] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  567.622127][T12578] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  567.703513][T12578] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  567.730491][    T8] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  567.739052][    T8] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  567.843457][    T8] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 104ms
[  567.859195][    T8] gfs2: fsid=syz:syz.0: jid=0: Done
[  567.871729][T12578] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  568.000927][ T5092] Bluetooth: hci4: command tx timeout
[  568.074182][T12488] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.089364][T12488] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.104207][T12488] bridge_slave_1: entered allmulticast mode
[  568.111534][T12488] bridge_slave_1: entered promiscuous mode
[  568.212697][T12488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  568.549854][T12472] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  568.562233][T12488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  568.574803][T12472] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  568.808863][T12604] overlayfs: failed to resolve './file0': -2
[  568.841933][T12472] team0: Port device team_slave_0 added
[  568.982888][T12488] team0: Port device team_slave_0 added
[  569.051808][T12488] team0: Port device team_slave_1 added
[  569.082921][T12472] team0: Port device team_slave_1 added
[  569.885793][T12472] batman_adv: batadv0: Adding interface: batadv_slave_0
[  569.892774][T12472] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.033465][T12472] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  570.168883][T12488] batman_adv: batadv0: Adding interface: batadv_slave_0
[  570.184142][T12488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.303885][T12488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  570.329200][T12472] batman_adv: batadv0: Adding interface: batadv_slave_1
[  570.353775][T12472] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.456439][T12472] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  570.484212][T12488] batman_adv: batadv0: Adding interface: batadv_slave_1
[  570.498363][T12488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  570.532103][T12488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  570.685146][T12488] hsr_slave_0: entered promiscuous mode
[  570.714891][T12488] hsr_slave_1: entered promiscuous mode
[  570.774211][T12472] hsr_slave_0: entered promiscuous mode
[  570.790923][T12472] hsr_slave_1: entered promiscuous mode
[  570.816974][T12472] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  570.852607][T12472] Cannot create hsr debugfs directory
[  571.183118][T12637] loop2: detected capacity change from 0 to 128
[  571.255150][T12637] FAT-fs (loop2): Directory bread(block 11554) failed
[  571.261980][T12637] FAT-fs (loop2): Directory bread(block 11555) failed
[  571.297926][T12637] FAT-fs (loop2): Directory bread(block 11556) failed
[  571.310534][T12637] FAT-fs (loop2): Directory bread(block 11557) failed
[  571.342732][T12637] FAT-fs (loop2): Directory bread(block 11558) failed
[  571.360321][T12637] FAT-fs (loop2): Directory bread(block 11559) failed
[  571.390738][T12637] FAT-fs (loop2): Directory bread(block 11560) failed
[  571.400856][T12637] FAT-fs (loop2): Directory bread(block 11561) failed
[  571.434163][T12637] FAT-fs (loop2): Directory bread(block 11562) failed
[  571.454898][T12637] FAT-fs (loop2): Directory bread(block 11563) failed
[  571.565911][T12633] loop1: detected capacity change from 0 to 32768
[  571.595090][T12633] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  571.633944][T12633] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  571.752613][T12633] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  571.795766][   T25] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  571.820009][   T25] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  572.031494][   T25] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 211ms
[  572.078904][   T25] gfs2: fsid=syz:syz.0: jid=0: Done
[  572.100366][T12633] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  572.676555][T12472] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  572.734916][T12664] overlayfs: failed to resolve './file0': -2
[  572.775798][T12488] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  572.872909][T12472] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  572.950887][T12472] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  573.037754][T12472] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  573.762920][T12488] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  573.847899][T12673] loop2: detected capacity change from 0 to 1764
[  573.900901][T12673] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  573.922006][T12673] ISOFS: unable to read i-node block
[  573.953985][T12673] isofs_fill_super: get root inode failed
[  574.112158][T12488] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.515518][T12488] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  574.695602][T12472] 8021q: adding VLAN 0 to HW filter on device bond0
[  574.750361][T12696] loop1: detected capacity change from 0 to 128
[  574.753787][T12472] 8021q: adding VLAN 0 to HW filter on device team0
[  574.779720][T12696] FAT-fs (loop1): Directory bread(block 11554) failed
[  574.806902][T12696] FAT-fs (loop1): Directory bread(block 11555) failed
[  574.830882][T12696] FAT-fs (loop1): Directory bread(block 11556) failed
[  574.857389][T12696] FAT-fs (loop1): Directory bread(block 11557) failed
[  574.864299][T12696] FAT-fs (loop1): Directory bread(block 11558) failed
[  574.871106][T12696] FAT-fs (loop1): Directory bread(block 11559) failed
[  574.878206][T12696] FAT-fs (loop1): Directory bread(block 11560) failed
[  574.898433][T12696] FAT-fs (loop1): Directory bread(block 11561) failed
[  574.916461][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  574.922502][T12696] FAT-fs (loop1): Directory bread(block 11562) failed
[  574.923597][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  574.942357][T12696] FAT-fs (loop1): Directory bread(block 11563) failed
[  575.089222][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  575.096403][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  575.222397][T12472] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  575.300761][T12472] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  575.375506][T12488] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  575.417958][T12488] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  575.524725][T12488] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  575.579795][T12488] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  575.885021][T12488] 8021q: adding VLAN 0 to HW filter on device bond0
[  575.984363][T12488] 8021q: adding VLAN 0 to HW filter on device team0
[  576.010917][T12472] 8021q: adding VLAN 0 to HW filter on device batadv0
[  576.127993][ T7414] bridge0: port 1(bridge_slave_0) entered blocking state
[  576.135202][ T7414] bridge0: port 1(bridge_slave_0) entered forwarding state
[  576.176211][ T7414] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.183405][ T7414] bridge0: port 2(bridge_slave_1) entered forwarding state
[  576.406209][T12732] overlayfs: failed to resolve './file1': -2
[  577.506309][T12488] 8021q: adding VLAN 0 to HW filter on device batadv0
[  577.674481][T12472] veth0_vlan: entered promiscuous mode
[  577.740925][T12472] veth1_vlan: entered promiscuous mode
[  577.798902][T12488] veth0_vlan: entered promiscuous mode
[  577.879703][T12472] veth0_macvtap: entered promiscuous mode
[  577.904321][  T927] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  577.925276][T12472] veth1_macvtap: entered promiscuous mode
[  577.947928][T12488] veth1_vlan: entered promiscuous mode
[  578.051349][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  578.073380][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.096129][  T927] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  578.115728][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  578.144443][  T927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  578.157838][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.172935][  T927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.193876][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  578.203775][  T927] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  578.227454][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.235055][  T927] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  578.258056][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  578.263769][  T927] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  578.284014][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.312748][  T927] usb 2-1: Manufacturer: syz
[  578.326190][T12472] batman_adv: batadv0: Interface activated: batadv_slave_0
[  578.341007][  T927] usb 2-1: config 0 descriptor??
[  578.403822][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.424127][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.466005][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.493837][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.503951][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.518378][T12752] loop2: detected capacity change from 0 to 32768
[  578.533778][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.589323][T12472] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.608617][T12472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.611884][T12752] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  578.621145][T12472] batman_adv: batadv0: Interface activated: batadv_slave_1
[  578.659131][T12472] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  578.668623][T12472] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  578.685210][T12472] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  578.696833][T12472] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  578.738788][T12488] veth0_macvtap: entered promiscuous mode
[  578.789136][T12488] veth1_macvtap: entered promiscuous mode
[  578.826541][  T927] appleir 0003:05AC:8243.0006: No inputs registered, leaving
[  578.922445][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  578.936063][  T927] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  579.010359][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.060260][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.070819][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.141468][T12782] syz.0.1837: attempt to access beyond end of device
[  579.141468][T12782] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0
[  579.155794][T12782] syz.0.1837: attempt to access beyond end of device
[  579.155794][T12782] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0
[  579.250095][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.540302][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.633149][T12752] XFS (loop2): Ending clean mount
[  579.683211][T12752] XFS (loop2): Quotacheck needed: Please wait.
[  579.690000][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.751425][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.823707][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  579.864067][T12752] XFS (loop2): Quotacheck: Done.
[  579.888826][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.963046][T12488] batman_adv: batadv0: Interface activated: batadv_slave_0
[  580.019746][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.030611][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.040635][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.051129][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.358576][   T46] usb 2-1: USB disconnect, device number 25
[  580.363798][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.545828][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  580.786582][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  580.979609][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  581.063863][T12488] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  581.113875][T12488] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  581.137787][T12488] batman_adv: batadv0: Interface activated: batadv_slave_1
[  581.237031][T12795] pimreg3: entered allmulticast mode
[  581.255458][T12488] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  581.283897][T12488] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  581.319514][T12488] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  581.344181][T12488] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  581.414821][T10686] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  581.442427][ T1098] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.473115][ T1098] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.763099][T11930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  581.839131][T11930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  581.841155][T12810] overlayfs: failed to resolve './file1': -2
[  582.000605][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  582.054717][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  582.098258][T12816] loop2: detected capacity change from 0 to 1764
[  582.128148][T12816] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  582.141034][T12816] ISOFS: unable to read i-node block
[  582.145900][ T1098] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  582.148786][T12816] isofs_fill_super: get root inode failed
[  582.190898][ T1098] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  584.035501][ T5092] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  584.044475][ T5092] Bluetooth: hci3: Injecting HCI hardware error event
[  584.056295][ T5092] Bluetooth: hci3: hardware error 0x00
[  584.467323][T12843] loop4: detected capacity change from 0 to 16
[  584.531363][T12843] erofs: (device loop4): mounted with root inode @ nid 36.
[  585.064657][ T9681] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[9000]
[  585.086454][T12855] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[  585.143861][   T29] audit: type=1800 audit(1720200905.783:408): pid=12855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1776" name="file3" dev="loop4" ino=89 res=0 errno=0
[  585.698138][T12862] overlayfs: failed to resolve './file1': -2
[  585.732445][T12865] netlink: 188 bytes leftover after parsing attributes in process `syz.2.1856'.
[  585.884089][   T29] audit: type=1326 audit(1720200906.543:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12868 comm="syz.2.1857" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0974b75bd9 code=0x0
[  586.144046][ T5092] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  586.921844][T12840] loop1: detected capacity change from 0 to 32768
[  586.967818][T12840] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  587.694102][T12840] XFS (loop1): Ending clean mount
[  587.753630][T12840] XFS (loop1): Quotacheck needed: Please wait.
[  587.830831][T12840] XFS (loop1): Quotacheck: Done.
[  587.868847][T10723] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  588.485549][T12908] loop0: detected capacity change from 0 to 16
[  588.537354][T12908] erofs: (device loop0): mounted with root inode @ nid 36.
[  589.095687][ T5092] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[9000]
[  589.114581][T12917] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -41 in[4096, 0] out[8192]
[  589.744760][   T29] audit: type=1800 audit(1720200910.333:410): pid=12917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1865" name="file3" dev="loop0" ino=89 res=0 errno=0
[  590.190280][T12931] syz.2.1869: attempt to access beyond end of device
[  590.190280][T12931] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0
[  590.203889][T12931] syz.2.1869: attempt to access beyond end of device
[  590.203889][T12931] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0
[  591.833879][ T7414] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  592.011831][   T29] audit: type=1326 audit(1720200912.693:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12947 comm="syz.2.1876" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0974b75bd9 code=0x0
[  592.040406][ T7414] usb 2-1: Using ep0 maxpacket: 32
[  592.074067][ T7414] usb 2-1: unable to get BOS descriptor or descriptor too short
[  592.108609][ T7414] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  592.136308][ T7414] usb 2-1: New USB device found, idVendor=05cc, idProduct=3352, bcdDevice=bd.ea
[  592.156240][ T7414] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  592.173770][ T7414] usb 2-1: Product: syz
[  592.178008][ T7414] usb 2-1: Manufacturer: syz
[  592.182618][ T7414] usb 2-1: SerialNumber: syz
[  592.196109][ T7414] usb 2-1: config 0 descriptor??
[  592.218320][ T7414] usb 2-1: [ueagle-atm] ADSL device founded vid (0X5CC) pid (0X3352) Rev (0XBDEA): ADI930
[  592.382359][T12943] loop4: detected capacity change from 0 to 32768
[  592.438546][T12943] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  592.438676][ T7414] usb 2-1: reset high-speed USB device number 26 using dummy_hcd
[  592.657400][T12943] XFS (loop4): Ending clean mount
[  592.685772][T12943] XFS (loop4): Quotacheck needed: Please wait.
[  592.773415][T12943] XFS (loop4): Quotacheck: Done.
[  592.969245][T12967] pimreg3: entered allmulticast mode
[  593.117739][T12472] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  593.130243][T12966] loop0: detected capacity change from 0 to 32768
[  593.153977][ T7414] usb 2-1: device descriptor read/64, error -71
[  594.757904][ T7414] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware
[  594.931908][ T7414] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/adi930.fw
[  594.987403][ T1798] usb 2-1: Direct firmware load for ueagle-atm/adi930.fw failed with error -2
[  595.025555][ T7414] usb 2-1: USB disconnect, device number 26
[  595.054587][ T1798] usb 2-1: Falling back to sysfs fallback for: ueagle-atm/adi930.fw
[  595.135435][ T1798] kobject: kobject_add_internal failed for firmware (error: -2 parent: 2-1)
[  595.176295][ T1798] firmware ueagle-atm!adi930.fw: fw_load_sysfs_fallback: device_register failed
[  595.195461][ T1798] usb 2-1: [UEAGLE-ATM] firmware is not available
[  596.863871][ T5092] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  596.872705][ T5092] Bluetooth: hci0: Injecting HCI hardware error event
[  596.882542][ T5092] Bluetooth: hci0: hardware error 0x00
[  596.964912][T13013] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  596.975051][T13013] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  596.983174][T13013] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  596.992944][T13013] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  597.000931][T13013] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  597.010406][T13013] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  597.136791][T12999] loop0: detected capacity change from 0 to 32768
[  597.170569][T12999] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1887 (12999)
[  597.257361][T12999] BTRFS info (device loop0): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  597.299995][T12999] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  597.344172][T12999] BTRFS info (device loop0): using free-space-tree
[  597.654102][   T29] audit: type=1326 audit(1720200918.333:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13034 comm="syz.4.1893" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x0
[  597.681219][T10597] BTRFS info (device loop0): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  597.831622][T13011] chnl_net:caif_netlink_parms(): no params data found
[  598.912500][T13031] loop1: detected capacity change from 0 to 32768
[  598.934067][T13011] bridge0: port 1(bridge_slave_0) entered blocking state
[  598.954048][T13011] bridge0: port 1(bridge_slave_0) entered disabled state
[  598.957689][ T5092] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  598.997394][T13011] bridge_slave_0: entered allmulticast mode
[  599.034457][T13011] bridge_slave_0: entered promiscuous mode
[  599.104094][ T5092] Bluetooth: hci6: command tx timeout
[  599.125375][T13011] bridge0: port 2(bridge_slave_1) entered blocking state
[  599.189897][T13011] bridge0: port 2(bridge_slave_1) entered disabled state
[  599.222386][T13011] bridge_slave_1: entered allmulticast mode
[  599.245260][T13011] bridge_slave_1: entered promiscuous mode
[  599.455405][   T25] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  599.581643][T13011] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  599.643196][T13011] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  599.713944][   T25] usb 3-1: Using ep0 maxpacket: 8
[  599.737457][T13052] netlink: 'syz.2.1897': attribute type 10 has an invalid length.
[  599.771797][T13052] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1897'.
[  599.785771][T13052] batman_adv: batadv0: Adding interface: virt_wifi0
[  599.792383][T13052] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  599.818485][T13052] batman_adv: batadv0: Interface activated: virt_wifi0
[  599.931656][T13011] team0: Port device team_slave_0 added
[  599.966297][   T25] usb 3-1: unable to get BOS descriptor or descriptor too short
[  599.968226][T13011] team0: Port device team_slave_1 added
[  600.005467][   T25] usb 3-1: unable to read config index 0 descriptor/start: -71
[  600.023847][   T25] usb 3-1: can't read configurations, error -71
[  600.161221][T13011] batman_adv: batadv0: Adding interface: batadv_slave_0
[  600.177319][T13011] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  600.213102][T13011] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  600.232693][T13011] batman_adv: batadv0: Adding interface: batadv_slave_1
[  600.239983][T13011] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  600.283795][T13011] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  600.463444][T13011] hsr_slave_0: entered promiscuous mode
[  600.477210][T13011] hsr_slave_1: entered promiscuous mode
[  600.485342][T13011] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  600.509855][T13011] Cannot create hsr debugfs directory
[  600.794199][T13011] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  600.921936][T13011] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.078523][T13011] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.195021][ T5092] Bluetooth: hci6: command tx timeout
[  601.209589][T13011] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  601.401815][T13075] loop2: detected capacity change from 0 to 32768
[  601.416410][T13075] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1903 (13075)
[  601.603515][T13075] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  601.639230][T13011] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  601.651957][T13075] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  601.746390][T13075] BTRFS info (device loop2): using free-space-tree
[  601.787036][T13011] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  601.968376][T13011] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  602.209770][T13011] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  602.454835][T10686] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  602.621964][T13011] 8021q: adding VLAN 0 to HW filter on device bond0
[  602.705193][T13011] 8021q: adding VLAN 0 to HW filter on device team0
[  602.967651][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  602.974881][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  603.129895][ T1798] bridge0: port 2(bridge_slave_1) entered blocking state
[  603.137089][ T1798] bridge0: port 2(bridge_slave_1) entered forwarding state
[  603.335300][ T5092] Bluetooth: hci6: command tx timeout
[  603.719910][T13011] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  604.099142][T13011] 8021q: adding VLAN 0 to HW filter on device batadv0
[  604.232884][T13011] veth0_vlan: entered promiscuous mode
[  604.251398][T13011] veth1_vlan: entered promiscuous mode
[  604.315169][T13011] veth0_macvtap: entered promiscuous mode
[  604.343345][T13011] veth1_macvtap: entered promiscuous mode
[  604.383680][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.417421][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.441814][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.464055][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.483859][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.512775][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.532946][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.554725][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.571965][T13107] loop4: detected capacity change from 0 to 32768
[  604.583795][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.600333][T13111] loop2: detected capacity change from 0 to 32768
[  604.614849][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.632557][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  604.633088][T13107] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  604.653341][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.666169][T13011] batman_adv: batadv0: Interface activated: batadv_slave_0
[  604.732523][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  604.743627][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.753528][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  604.764661][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.775573][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  604.787129][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.800708][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  604.851950][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.896680][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  604.941455][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  604.945351][T13107] XFS (loop4): Ending clean mount
[  604.951456][T13011] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  604.957173][   T29] audit: type=1326 audit(1720200925.623:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13132 comm="syz.1.1911" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d40575bd9 code=0x0
[  604.967156][T13011] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  605.060593][   T29] audit: type=1804 audit(1720200925.733:414): pid=13134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1908" name="/newroot/127/file0/bus" dev="loop2" ino=7 res=1 errno=0
[  605.102212][T13107] XFS (loop4): Quotacheck needed: Please wait.
[  605.212606][T13107] XFS (loop4): Quotacheck: Done.
[  605.222498][T13011] batman_adv: batadv0: Interface activated: batadv_slave_1
[  605.299234][T13011] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  605.371740][T13011] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  605.406658][T13011] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  605.434883][ T5092] Bluetooth: hci6: command tx timeout
[  605.459353][T13011] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  605.626441][ T6542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.648673][ T6542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  605.676310][T12472] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  605.824212][ T2398] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  605.853617][ T2398] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  607.355142][   T25] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  607.576413][T13150] loop4: detected capacity change from 0 to 32768
[  607.584615][   T25] usb 3-1: Using ep0 maxpacket: 8
[  607.600679][T13150] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1915 (13150)
[  607.603883][T13149] netlink: 'syz.2.1912': attribute type 10 has an invalid length.
[  607.733899][T13149] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1912'.
[  607.809283][   T25] usb 3-1: unable to get BOS descriptor or descriptor too short
[  607.857734][T13150] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  607.873144][T13150] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  607.878614][   T25] usb 3-1: unable to read config index 0 descriptor/start: -71
[  607.882040][T13150] BTRFS info (device loop4): using free-space-tree
[  607.966127][   T25] usb 3-1: can't read configurations, error -71
[  608.582432][T12472] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  610.020169][T13205] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1923'.
[  610.903083][T13195] loop1: detected capacity change from 0 to 32768
[  610.927544][T13212] netlink: 'syz.3.1927': attribute type 2 has an invalid length.
[  611.032535][T13198] loop2: detected capacity change from 0 to 32768
[  611.202514][T13198] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  611.263000][ T9681] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  611.321641][ T9681] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  611.333790][   T29] audit: type=1804 audit(1720200932.013:415): pid=13224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1921" name="/newroot/133/file0/bus" dev="loop1" ino=7 res=1 errno=0
[  611.440442][ T9681] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  611.448677][ T9681] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  611.459245][ T9681] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  611.468791][ T9681] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  611.624093][T13198] XFS (loop2): Ending clean mount
[  611.673887][T13198] XFS (loop2): Quotacheck needed: Please wait.
[  611.804135][T13198] XFS (loop2): Quotacheck: Done.
[  611.903909][ T5143] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  612.231235][T13216] chnl_net:caif_netlink_parms(): no params data found
[  612.376927][T10686] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  612.504117][ T5143] usb 4-1: Using ep0 maxpacket: 8
[  612.527940][ T5143] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  612.541823][ T5143] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  612.551781][ T5143] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  612.562144][ T5143] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  612.574437][ T5143] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  612.609708][ T5143] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  612.619525][ T5143] usb 4-1: Product: syz
[  612.637592][ T5143] usb 4-1: Manufacturer: syz
[  612.642220][ T5143] usb 4-1: SerialNumber: syz
[  612.665964][ T5143] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  612.724724][T13216] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.742179][T13216] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.774080][T13216] bridge_slave_0: entered allmulticast mode
[  612.796354][T13216] bridge_slave_0: entered promiscuous mode
[  612.823477][T13216] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.847510][T13216] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.875991][   T25] usb 4-1: USB disconnect, device number 24
[  612.880132][T13216] bridge_slave_1: entered allmulticast mode
[  612.905572][T13216] bridge_slave_1: entered promiscuous mode
[  613.042501][T13233] loop1: detected capacity change from 0 to 32768
[  613.066022][T13216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  613.075649][T13233] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1928 (13233)
[  613.128816][T13216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  613.142632][T13233] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  613.167827][T13233] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  613.216406][T13233] BTRFS info (device loop1): using free-space-tree
[  613.547622][T13269] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1935'.
[  613.665474][ T9681] Bluetooth: hci7: command tx timeout
[  613.696099][T13216] team0: Port device team_slave_0 added
[  614.030620][T13216] team0: Port device team_slave_1 added
[  614.264869][T10723] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  614.476763][T13216] batman_adv: batadv0: Adding interface: batadv_slave_0
[  614.536105][T13216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  614.616831][T13216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  614.788830][T13216] batman_adv: batadv0: Adding interface: batadv_slave_1
[  614.990607][T13216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  615.294304][T13216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  615.785496][ T9681] Bluetooth: hci7: command tx timeout
[  616.256683][T13216] hsr_slave_0: entered promiscuous mode
[  616.363287][T13216] hsr_slave_1: entered promiscuous mode
[  616.413903][T13216] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  616.421499][T13216] Cannot create hsr debugfs directory
[  616.536856][T13274] loop3: detected capacity change from 0 to 32768
[  616.832176][T13303] netlink: 'syz.2.1946': attribute type 2 has an invalid length.
[  616.926807][   T29] audit: type=1804 audit(1720200937.613:416): pid=13308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1937" name="/newroot/6/file0/bus" dev="loop3" ino=7 res=1 errno=0
[  617.843796][ T9681] Bluetooth: hci7: command tx timeout
[  618.754123][ T1798] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  618.768237][T13216] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.959291][T13216] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  618.972157][ T1798] usb 3-1: Using ep0 maxpacket: 8
[  618.985530][ T1798] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  619.008214][ T1798] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  619.031475][ T1798] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  619.051190][ T1798] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  619.092262][ T1798] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  619.121404][ T1798] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.151139][ T1798] usb 3-1: Product: syz
[  619.155649][ T1798] usb 3-1: Manufacturer: syz
[  619.160270][ T1798] usb 3-1: SerialNumber: syz
[  619.168134][T13216] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  619.192462][ T1798] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  619.293321][T13314] loop3: detected capacity change from 0 to 32768
[  619.315728][T13314] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1948 (13314)
[  619.368110][T13216] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  619.378227][T13314] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  619.405983][ T1798] usb 3-1: USB disconnect, device number 21
[  619.410554][T13314] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  619.463602][T13314] BTRFS info (device loop3): using free-space-tree
[  619.710164][T13324] loop4: detected capacity change from 0 to 32768
[  619.731195][T13324] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1952 (13324)
[  619.795255][T13324] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  619.805896][T13011] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  619.832092][T13216] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  619.840945][T13324] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  619.874033][T13324] BTRFS info (device loop4): using free-space-tree
[  619.906072][T13216] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  619.906577][ T9681] Bluetooth: hci7: command tx timeout
[  619.929029][T13216] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  619.966680][T13216] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  620.429280][   T29] audit: type=1800 audit(1720200941.093:417): pid=13324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1952" name="bus" dev="loop4" ino=263 res=0 errno=0
[  620.490623][T13216] 8021q: adding VLAN 0 to HW filter on device bond0
[  620.582139][T13216] 8021q: adding VLAN 0 to HW filter on device team0
[  620.635240][ T5091] bridge0: port 1(bridge_slave_0) entered blocking state
[  620.642397][ T5091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  620.695634][ T5091] bridge0: port 2(bridge_slave_1) entered blocking state
[  620.702830][ T5091] bridge0: port 2(bridge_slave_1) entered forwarding state
[  620.768314][T12472] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  620.852349][T13216] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  620.915800][T13216] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  621.485303][T13367] loop1: detected capacity change from 0 to 32768
[  623.068488][   T29] audit: type=1804 audit(1720200943.143:418): pid=13389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1957" name="/newroot/141/file0/bus" dev="loop1" ino=7 res=1 errno=0
[  623.183690][T13216] 8021q: adding VLAN 0 to HW filter on device batadv0
[  623.312325][T13397] syz.3.1953: attempt to access beyond end of device
[  623.312325][T13397] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0
[  623.334271][T13216] veth0_vlan: entered promiscuous mode
[  623.365991][T13216] veth1_vlan: entered promiscuous mode
[  623.388249][T13397] syz.3.1953: attempt to access beyond end of device
[  623.388249][T13397] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0
[  623.481387][T13216] veth0_macvtap: entered promiscuous mode
[  623.518658][T13216] veth1_macvtap: entered promiscuous mode
[  623.577357][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.614121][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.643853][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.675804][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.702654][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.719939][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  623.851663][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  623.933782][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.005451][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  624.080897][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.131570][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  624.188742][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.236200][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  624.246962][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.280674][T13216] batman_adv: batadv0: Interface activated: batadv_slave_0
[  624.330013][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.348917][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.370662][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.382519][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.402602][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.413357][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.426973][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.446663][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.469656][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.482667][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.501619][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.512856][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.526426][T13216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  624.547994][T13216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  624.585439][T13216] batman_adv: batadv0: Interface activated: batadv_slave_1
[  624.612034][T13216] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  624.632009][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  624.638902][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  624.655338][T13216] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  624.674451][T13216] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  624.683288][T13216] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  624.921117][T13413] netlink: 'syz.2.1965': attribute type 2 has an invalid length.
[  624.966026][ T4132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  624.989288][ T4132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  625.068930][ T6936] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  625.085527][ T6936] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  625.324254][ T5225] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  625.525076][T13429] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  625.533813][ T5225] usb 3-1: Using ep0 maxpacket: 8
[  625.545712][ T5225] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  625.577537][ T5225] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  625.590342][   T29] audit: type=1326 audit(1720200946.263:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  625.643817][ T5225] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  625.664494][T13429] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  625.670804][ T5225] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  625.693122][   T29] audit: type=1326 audit(1720200946.263:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  625.716116][ T5225] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  625.748911][ T5225] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  625.764212][ T5225] usb 3-1: Product: syz
[  625.774521][ T5225] usb 3-1: Manufacturer: syz
[  625.794826][ T5225] usb 3-1: SerialNumber: syz
[  625.801970][   T29] audit: type=1326 audit(1720200946.263:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  625.822593][ T5225] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  625.913945][   T29] audit: type=1326 audit(1720200946.263:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  625.982433][   T29] audit: type=1326 audit(1720200946.263:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  626.053084][ T5143] usb 3-1: USB disconnect, device number 22
[  626.098211][   T29] audit: type=1326 audit(1720200946.263:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  626.173811][   T29] audit: type=1326 audit(1720200946.343:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  626.243770][   T29] audit: type=1326 audit(1720200946.343:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  626.335350][T13417] loop3: detected capacity change from 0 to 32768
[  626.344622][   T29] audit: type=1326 audit(1720200946.343:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13427 comm="syz.0.1972" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fbe5ed75bd9 code=0x7ffc0000
[  626.374287][T13417] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1967 (13417)
[  626.479122][T13417] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  626.523918][T13417] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  626.562435][T13417] BTRFS info (device loop3): using free-space-tree
[  626.784423][T13424] loop1: detected capacity change from 0 to 32768
[  627.736447][T13011] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  628.663812][   T25] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  628.863793][   T25] usb 3-1: Using ep0 maxpacket: 16
[  628.879524][   T25] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  628.914701][   T25] usb 3-1: New USB device found, idVendor=04ca, idProduct=3008, bcdDevice=e6.00
[  628.933919][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  628.950695][   T25] usb 3-1: Product: syz
[  628.965219][   T25] usb 3-1: Manufacturer: syz
[  628.981492][   T25] usb 3-1: SerialNumber: syz
[  629.007619][   T25] usb 3-1: config 0 descriptor??
[  629.034862][T13492] syz.3.1976: attempt to access beyond end of device
[  629.034862][T13492] nbd3: rw=0, sector=2, nr_sectors = 2 limit=0
[  629.080869][T13492] syz.3.1976: attempt to access beyond end of device
[  629.080869][T13492] nbd3: rw=0, sector=16, nr_sectors = 2 limit=0
[  629.281494][ T5225] usb 3-1: USB disconnect, device number 23
[  630.116485][T13494] loop1: detected capacity change from 0 to 32768
[  630.496781][T13503] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  630.790900][   T29] kauditd_printk_skb: 29 callbacks suppressed
[  630.791059][   T29] audit: type=1804 audit(1720200951.453:457): pid=13505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1987" name="/newroot/146/file0/bus" dev="loop1" ino=7 res=1 errno=0
[  631.435000][ T5143] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  631.673831][ T5143] usb 3-1: Using ep0 maxpacket: 8
[  631.878878][T13500] netlink: 'syz.2.1989': attribute type 10 has an invalid length.
[  632.051514][T13500] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1989'.
[  632.124274][    C1] IPv4: Oversized IP packet from 127.0.0.1
[  632.248427][T13522] syzkaller1: entered promiscuous mode
[  632.254344][ T5143] usb 3-1: unable to get BOS descriptor or descriptor too short
[  632.276247][T13522] syzkaller1: entered allmulticast mode
[  632.290165][ T5143] usb 3-1: unable to read config index 0 descriptor/start: -71
[  632.313402][ T5143] usb 3-1: can't read configurations, error -71
[  632.594138][ T1798] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  633.163867][ T1798] usb 5-1: Using ep0 maxpacket: 16
[  633.171463][ T1798] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  633.183466][ T1798] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  633.196843][ T1798] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  633.214124][ T1798] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.244432][ T1798] usb 5-1: config 0 descriptor??
[  633.747993][ T1798] microsoft 0003:045E:07DA.0007: unknown main item tag 0x2
[  633.795215][ T1798] microsoft 0003:045E:07DA.0007: No inputs registered, leaving
[  633.873485][T13544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2001'.
[  633.884132][T13544] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2001'.
[  633.946905][ T1798] microsoft 0003:045E:07DA.0007: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  634.152058][ T1798] microsoft 0003:045E:07DA.0007: no inputs found
[  634.286843][ T1798] microsoft 0003:045E:07DA.0007: could not initialize ff, continuing anyway
[  635.000942][T13557] can0: slcan on pts0.
[  635.205376][T13559] can0 (unregistered): slcan off pts0.
[  635.670984][ T5225] usb 5-1: USB disconnect, device number 27
[  635.703836][  T927] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  635.984346][  T927] usb 1-1: Using ep0 maxpacket: 8
[  636.510163][T13567] netlink: 'syz.0.2008': attribute type 10 has an invalid length.
[  636.552976][T13567] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2008'.
[  636.605027][T13567] batman_adv: batadv0: Adding interface: virt_wifi0
[  636.624309][T13567] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  636.733841][T13567] batman_adv: batadv0: Interface activated: virt_wifi0
[  636.824810][  T927] usb 1-1: unable to get BOS descriptor or descriptor too short
[  636.869643][  T927] usb 1-1: unable to read config index 0 descriptor/start: -71
[  637.097111][  T927] usb 1-1: can't read configurations, error -71
[  637.937103][T13608] loop4: detected capacity change from 0 to 256
[  640.985899][ T1798] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  641.033935][   T46] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  641.194049][ T1798] usb 5-1: Using ep0 maxpacket: 16
[  641.210807][ T1798] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  641.253965][   T46] usb 2-1: Using ep0 maxpacket: 8
[  641.269513][ T1798] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  641.304505][T13658] netlink: 'syz.1.2032': attribute type 10 has an invalid length.
[  641.327261][ T1798] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  641.347212][T13658] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2032'.
[  641.381427][ T1798] usb 5-1: Product: syz
[  641.406316][ T1798] usb 5-1: Manufacturer: syz
[  641.410993][ T1798] usb 5-1: SerialNumber: syz
[  641.446711][   T46] usb 2-1: unable to get BOS descriptor or descriptor too short
[  641.467411][   T46] usb 2-1: unable to read config index 0 descriptor/start: -71
[  641.484734][ T1798] usb 5-1: config 0 descriptor??
[  641.496359][ T1798] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  641.505630][   T46] usb 2-1: can't read configurations, error -71
[  641.747311][T13659] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  641.827360][ T1798] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71
[  641.854082][ T1798] usb 5-1: USB disconnect, device number 28
[  641.927914][T13671] syz.2.2034: attempt to access beyond end of device
[  641.927914][T13671] nbd2: rw=0, sector=2, nr_sectors = 2 limit=0
[  641.951218][T13671] syz.2.2034: attempt to access beyond end of device
[  641.951218][T13671] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0
[  643.510572][T13676] loop4: detected capacity change from 0 to 32768
[  643.930677][T13676] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  644.280134][T13676] XFS (loop4): Ending clean mount
[  644.748491][T12472] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  646.123967][ T5225] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  646.323883][ T5225] usb 4-1: Using ep0 maxpacket: 16
[  646.367350][ T5225] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  646.418277][ T5225] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  646.433801][ T5225] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.441901][ T5225] usb 4-1: Product: syz
[  646.446934][ T5225] usb 4-1: Manufacturer: syz
[  646.466223][ T5225] usb 4-1: SerialNumber: syz
[  646.594220][ T5225] usb 4-1: config 0 descriptor??
[  646.771627][ T5225] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  647.119546][T13719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  647.282123][ T5225] ssu100 4-1:0.0: probe with driver ssu100 failed with error -110
[  647.331905][ T5225] usb 4-1: USB disconnect, device number 25
[  647.756954][T13738] syz.4.2052: attempt to access beyond end of device
[  647.756954][T13738] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[  647.806227][T13738] syz.4.2052: attempt to access beyond end of device
[  647.806227][T13738] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0
[  648.159214][T13736] loop1: detected capacity change from 0 to 32768
[  648.210320][T13736] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2054 (13736)
[  648.303361][T13736] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  648.333876][T13736] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  648.344637][T13736] BTRFS info (device loop1): using free-space-tree
[  648.458816][   T29] audit: type=1800 audit(1720200969.143:458): pid=13736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2054" name="bus" dev="loop1" ino=263 res=0 errno=0
[  648.598239][T10723] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  649.996504][ T5092] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  650.007573][ T5092] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  650.018313][ T5092] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  650.034519][ T5092] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  650.043323][ T5092] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  650.053893][ T5092] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  650.647913][T13772] chnl_net:caif_netlink_parms(): no params data found
[  651.710272][T13772] bridge0: port 1(bridge_slave_0) entered blocking state
[  651.734025][T13772] bridge0: port 1(bridge_slave_0) entered disabled state
[  651.741386][T13772] bridge_slave_0: entered allmulticast mode
[  651.760007][T13772] bridge_slave_0: entered promiscuous mode
[  651.771444][T13772] bridge0: port 2(bridge_slave_1) entered blocking state
[  651.785077][T13772] bridge0: port 2(bridge_slave_1) entered disabled state
[  651.803070][T13772] bridge_slave_1: entered allmulticast mode
[  651.819849][T13772] bridge_slave_1: entered promiscuous mode
[  651.933085][T13772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  651.959768][T13772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  652.068252][T13772] team0: Port device team_slave_0 added
[  652.078179][T13772] team0: Port device team_slave_1 added
[  652.110601][T13772] batman_adv: batadv0: Adding interface: batadv_slave_0
[  652.117762][T13772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  652.149140][T13772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  652.179022][ T5092] Bluetooth: hci8: command tx timeout
[  652.734596][T13772] batman_adv: batadv0: Adding interface: batadv_slave_1
[  652.772127][T13772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  652.850160][T13772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  653.016797][T13772] hsr_slave_0: entered promiscuous mode
[  653.054713][T13772] hsr_slave_1: entered promiscuous mode
[  653.071541][T13772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  653.099212][T13772] Cannot create hsr debugfs directory
[  654.224201][ T5092] Bluetooth: hci8: command tx timeout
[  654.415902][T13772] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.630458][T13772] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  654.810920][T13772] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.663639][T13772] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.975778][T13772] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  656.107011][T13772] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  656.159785][T13772] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  656.194891][T13772] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  656.305669][ T5092] Bluetooth: hci8: command tx timeout
[  656.972063][T13772] 8021q: adding VLAN 0 to HW filter on device bond0
[  656.994702][T13772] 8021q: adding VLAN 0 to HW filter on device team0
[  657.007341][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state
[  657.014507][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  657.075227][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state
[  657.082366][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  657.143352][T13772] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  657.174102][T13772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  657.693400][T13772] 8021q: adding VLAN 0 to HW filter on device batadv0
[  657.830689][T13772] veth0_vlan: entered promiscuous mode
[  657.849464][T13772] veth1_vlan: entered promiscuous mode
[  657.878003][T13772] veth0_macvtap: entered promiscuous mode
[  657.905676][T13772] veth1_macvtap: entered promiscuous mode
[  657.936676][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  657.959782][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  657.969843][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  657.993098][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.007202][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.028059][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.045364][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.065440][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.083273][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.094364][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.117586][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.137737][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.159882][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.180391][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.197643][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  658.212510][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.231892][T13772] batman_adv: batadv0: Interface activated: batadv_slave_0
[  658.253514][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.278705][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.293527][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.317281][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.434934][ T5092] Bluetooth: hci8: command tx timeout
[  658.453033][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.477369][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.586843][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.752307][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  658.881070][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  658.982605][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.054818][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  659.089019][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.123880][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  659.163863][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.222762][T13772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  659.243859][T13772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  659.276914][T13772] batman_adv: batadv0: Interface activated: batadv_slave_1
[  659.341884][T13772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  659.367238][T13772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  659.388232][T13772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  659.404923][T13772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  659.751596][ T2398] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.783104][ T2398] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.192234][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  660.343891][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  660.889385][T13889] loop2: detected capacity change from 0 to 32768
[  661.178964][T13889] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  661.567229][T13913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2104'.
[  661.576274][T13913] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2104'.
[  661.688566][T13889] XFS (loop2): Ending clean mount
[  662.324246][   T25] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  662.587178][   T25] usb 5-1: Using ep0 maxpacket: 16
[  662.702554][   T25] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  662.805608][   T25] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  662.844721][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.852748][   T25] usb 5-1: Product: syz
[  662.865824][T10686] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  662.916583][   T25] usb 5-1: Manufacturer: syz
[  662.921222][   T25] usb 5-1: SerialNumber: syz
[  663.006160][   T25] usb 5-1: config 0 descriptor??
[  663.039132][ T9681] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  663.052218][ T9681] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  663.060851][ T9681] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  663.067440][   T25] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  663.084984][ T9681] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  663.099472][ T9681] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  663.113997][ T9681] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  663.365310][T13923] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  663.441539][   T25] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110
[  663.552130][    T8] usb 5-1: USB disconnect, device number 29
[  663.813866][   T25] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  663.822961][T13932] chnl_net:caif_netlink_parms(): no params data found
[  663.945835][T13932] bridge0: port 1(bridge_slave_0) entered blocking state
[  663.953181][T13932] bridge0: port 1(bridge_slave_0) entered disabled state
[  663.966099][T13932] bridge_slave_0: entered allmulticast mode
[  663.976505][T13932] bridge_slave_0: entered promiscuous mode
[  663.989237][T13932] bridge0: port 2(bridge_slave_1) entered blocking state
[  663.998368][T13932] bridge0: port 2(bridge_slave_1) entered disabled state
[  664.008501][T13932] bridge_slave_1: entered allmulticast mode
[  664.016029][T13932] bridge_slave_1: entered promiscuous mode
[  664.035556][   T25] usb 1-1: Using ep0 maxpacket: 16
[  664.051795][   T25] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  664.076727][   T25] usb 1-1: New USB device found, idVendor=04ca, idProduct=3008, bcdDevice=e6.00
[  664.089268][T13932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  664.099494][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.116968][T13932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  664.136341][   T25] usb 1-1: Product: syz
[  664.140526][   T25] usb 1-1: Manufacturer: syz
[  664.163985][   T25] usb 1-1: SerialNumber: syz
[  664.216152][   T25] usb 1-1: config 0 descriptor??
[  664.325381][T13932] team0: Port device team_slave_0 added
[  664.348562][T13932] team0: Port device team_slave_1 added
[  664.440671][T13932] batman_adv: batadv0: Adding interface: batadv_slave_0
[  664.482669][T13932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  664.561605][T13932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  664.577193][T13932] batman_adv: batadv0: Adding interface: batadv_slave_1
[  664.587492][T13932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  664.617736][T13932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  664.619866][    T8] usb 1-1: USB disconnect, device number 19
[  664.683786][  T927] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  664.832845][T13932] hsr_slave_0: entered promiscuous mode
[  664.842478][T13932] hsr_slave_1: entered promiscuous mode
[  664.860635][T13932] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  664.870479][T13932] Cannot create hsr debugfs directory
[  664.884482][  T927] usb 5-1: Using ep0 maxpacket: 8
[  664.908989][T13957] netlink: 'syz.4.2114': attribute type 10 has an invalid length.
[  664.923950][T13957] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2114'.
[  664.955751][T13957] batman_adv: batadv0: Adding interface: virt_wifi0
[  664.963808][T13957] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  665.013151][T13957] batman_adv: batadv0: Interface activated: virt_wifi0
[  665.107012][  T927] usb 5-1: unable to get BOS descriptor or descriptor too short
[  665.140618][  T927] usb 5-1: unable to read config index 0 descriptor/start: -71
[  665.158658][  T927] usb 5-1: can't read configurations, error -71
[  665.184065][ T5092] Bluetooth: hci9: command tx timeout
[  666.464419][T13932] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  667.311418][ T5092] Bluetooth: hci9: command tx timeout
[  667.627480][T13932] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.040900][T13932] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.064361][ T5091] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  668.227913][T13932] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  668.744736][T13932] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  668.753875][ T5091] usb 5-1: Using ep0 maxpacket: 16
[  668.766046][ T5091] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  668.787009][ T5091] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  668.811454][T13932] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  668.828684][ T5091] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  668.855771][ T5091] usb 5-1: Product: syz
[  668.860244][ T5091] usb 5-1: Manufacturer: syz
[  668.865746][ T5091] usb 5-1: SerialNumber: syz
[  668.873436][ T5091] usb 5-1: config 0 descriptor??
[  668.881802][ T5091] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  668.904173][T13932] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  668.948648][T13932] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  669.245355][ T5091] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110
[  669.346615][ T5092] Bluetooth: hci9: command tx timeout
[  669.494137][    T8] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  669.805625][T13987] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  669.834079][    T8] usb 3-1: Using ep0 maxpacket: 8
[  669.858838][    T8] usb 3-1: New USB device found, idVendor=0b48, idProduct=3009, bcdDevice=3d.50
[  669.879421][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  669.892752][ T1798] usb 5-1: USB disconnect, device number 32
[  669.907067][    T8] usb 3-1: Product: syz
[  669.936846][    T8] usb 3-1: Manufacturer: syz
[  669.941482][    T8] usb 3-1: SerialNumber: syz
[  669.962172][T13932] 8021q: adding VLAN 0 to HW filter on device bond0
[  669.985915][    T8] usb 3-1: config 0 descriptor??
[  670.004802][    T8] dvb-usb: found a 'Technotrend TT-connect S-2400 (8kB EEPROM)' in warm state.
[  670.024057][    T8] dvb-usb: bulk message failed: -22 (4/0)
[  670.029068][T13932] 8021q: adding VLAN 0 to HW filter on device team0
[  670.046697][    T8] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  670.069740][    T8] dvb-usb: bulk message failed: -22 (5/0)
[  670.083842][    T8] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  670.087052][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  670.101122][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  670.114638][    T8] dvb-usb: Technotrend TT-connect S-2400 (8kB EEPROM) error while loading driver (-22)
[  670.145485][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  670.152619][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  670.270679][T13932] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  670.559132][   T29] audit: type=1326 audit(1720200991.243:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  670.612304][   T29] audit: type=1326 audit(1720200991.243:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  670.650253][T13932] 8021q: adding VLAN 0 to HW filter on device batadv0
[  670.701071][   T29] audit: type=1326 audit(1720200991.243:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  670.835102][   T29] audit: type=1326 audit(1720200991.243:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  670.878305][T13932] veth0_vlan: entered promiscuous mode
[  670.915461][   T29] audit: type=1326 audit(1720200991.243:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  670.949303][T13932] veth1_vlan: entered promiscuous mode
[  670.950128][   T29] audit: type=1326 audit(1720200991.283:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  671.424406][ T5092] Bluetooth: hci9: command tx timeout
[  671.465958][   T29] audit: type=1326 audit(1720200991.343:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  671.529309][T13932] veth0_macvtap: entered promiscuous mode
[  671.594869][T13932] veth1_macvtap: entered promiscuous mode
[  671.598920][   T29] audit: type=1326 audit(1720200991.343:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  671.623573][   T29] audit: type=1326 audit(1720200991.343:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  671.658464][   T29] audit: type=1326 audit(1720200991.343:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14014 comm="syz.4.2128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5025d75bd9 code=0x7ffc0000
[  671.702221][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.740220][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.757084][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.784323][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.815684][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  671.934059][    T8] usb 3-1: USB disconnect, device number 26
[  671.969370][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  671.982290][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.014665][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.298001][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.593742][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.651261][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.703778][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.749192][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.759736][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.769808][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.780648][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.794679][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  672.810789][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.822579][T13932] batman_adv: batadv0: Interface activated: batadv_slave_0
[  672.843147][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  672.883886][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.912835][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  672.934221][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.951225][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  672.963300][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  672.978095][ T5092] Bluetooth: hci6: ACL packet for unknown connection handle 0
[  672.990942][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.033570][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.063999][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.089443][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.117224][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.128179][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.139538][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.151179][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.164825][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.179674][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.195909][T13932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  673.209660][T13932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  673.244259][T13932] batman_adv: batadv0: Interface activated: batadv_slave_1
[  673.256020][T13932] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  673.280179][T13932] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  673.299615][T13932] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  673.311658][   T25] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  673.321808][T13932] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  673.513766][   T25] usb 4-1: Using ep0 maxpacket: 8
[  673.588382][T14036] netlink: 'syz.3.2134': attribute type 10 has an invalid length.
[  673.635027][T14036] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2134'.
[  673.698474][T14036] batman_adv: batadv0: Adding interface: virt_wifi0
[  673.724569][T14036] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  673.801988][T14036] batman_adv: batadv0: Interface activated: virt_wifi0
[  673.980845][   T25] usb 4-1: unable to get BOS descriptor or descriptor too short
[  674.004679][   T25] usb 4-1: unable to read config index 0 descriptor/start: -71
[  674.012290][   T25] usb 4-1: can't read configurations, error -71
[  674.056627][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  674.077192][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  674.093928][ T5140] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  674.145738][ T6542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  674.166827][ T6542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  674.304298][ T5140] usb 5-1: Using ep0 maxpacket: 16
[  674.327635][ T5140] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  674.351151][ T5140] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  674.363801][ T5140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.382126][ T5140] usb 5-1: Product: syz
[  674.388817][ T5140] usb 5-1: Manufacturer: syz
[  674.402895][ T5140] usb 5-1: SerialNumber: syz
[  674.411153][ T5140] usb 5-1: config 0 descriptor??
[  674.420248][ T5140] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  674.675261][T14051] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  674.748324][ T5140] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110
[  674.787955][ T5140] usb 5-1: USB disconnect, device number 33
[  676.553992][ T5140] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  676.905135][ T5140] usb 5-1: Using ep0 maxpacket: 8
[  676.926566][ T5140] usb 5-1: New USB device found, idVendor=0b48, idProduct=3009, bcdDevice=3d.50
[  676.953990][ T5140] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.982388][ T5140] usb 5-1: Product: syz
[  677.000837][ T5140] usb 5-1: Manufacturer: syz
[  677.032994][ T5140] usb 5-1: SerialNumber: syz
[  677.049344][ T5140] usb 5-1: config 0 descriptor??
[  677.083421][ T5140] dvb-usb: found a 'Technotrend TT-connect S-2400 (8kB EEPROM)' in warm state.
[  677.113842][ T5140] dvb-usb: bulk message failed: -22 (4/0)
[  677.142630][ T5140] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  677.188040][ T5140] dvb-usb: bulk message failed: -22 (5/0)
[  677.206982][ T5140] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  677.259531][ T5140] dvb-usb: Technotrend TT-connect S-2400 (8kB EEPROM) error while loading driver (-22)
[  678.083838][    T8] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  678.107730][T14099] netlink: 'syz.1.2152': attribute type 2 has an invalid length.
[  678.203965][ T5140] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  678.273985][    T8] usb 4-1: Using ep0 maxpacket: 8
[  678.288523][T14092] netlink: 'syz.3.2150': attribute type 10 has an invalid length.
[  678.307357][T14092] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2150'.
[  678.350349][    T8] usb 4-1: unable to get BOS descriptor or descriptor too short
[  678.369950][    T8] usb 4-1: unable to read config index 0 descriptor/start: -71
[  678.385326][    T8] usb 4-1: can't read configurations, error -71
[  678.393878][ T5140] usb 3-1: Using ep0 maxpacket: 16
[  678.408223][ T5140] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  678.424929][   T25] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  678.427078][ T5140] usb 3-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  678.459585][ T5140] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.468491][ T5140] usb 3-1: Product: syz
[  678.472760][ T5140] usb 3-1: Manufacturer: syz
[  678.481350][ T5140] usb 3-1: SerialNumber: syz
[  678.502785][ T5140] usb 3-1: config 0 descriptor??
[  678.516050][ T5140] ssu100 3-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  678.772981][T14096] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  678.830467][   T25] usb 2-1: Using ep0 maxpacket: 8
[  678.835013][ T5140] ssu100 3-1:0.0: probe with driver ssu100 failed with error -110
[  678.840218][   T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  678.856602][   T25] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  678.866948][   T25] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  678.876836][   T25] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  678.889802][   T25] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  679.096280][ T5091] usb 5-1: USB disconnect, device number 34
[  679.109520][ T5140] usb 3-1: USB disconnect, device number 27
[  679.589064][   T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.597383][   T25] usb 2-1: Product: syz
[  679.601753][   T25] usb 2-1: Manufacturer: syz
[  679.606448][   T25] usb 2-1: SerialNumber: syz
[  679.633214][   T25] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  679.891689][ T5139] usb 2-1: USB disconnect, device number 29
[  682.487284][ T5139] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  682.843771][ T5139] usb 2-1: Using ep0 maxpacket: 8
[  682.868380][ T5139] usb 2-1: New USB device found, idVendor=0b48, idProduct=3009, bcdDevice=3d.50
[  682.893755][ T5139] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.933446][ T5139] usb 2-1: Product: syz
[  682.941251][ T1798] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  682.953764][ T5139] usb 2-1: Manufacturer: syz
[  682.958435][ T5139] usb 2-1: SerialNumber: syz
[  682.987143][ T5139] usb 2-1: config 0 descriptor??
[  682.998007][ T5139] dvb-usb: found a 'Technotrend TT-connect S-2400 (8kB EEPROM)' in warm state.
[  683.027565][ T5139] dvb-usb: bulk message failed: -22 (4/0)
[  683.048894][ T9681] Bluetooth: hci4: command 0x0406 tx timeout
[  683.083359][ T5139] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  683.094524][ T5139] dvb-usb: bulk message failed: -22 (5/0)
[  683.100282][ T5139] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  683.162157][ T5139] dvb-usb: Technotrend TT-connect S-2400 (8kB EEPROM) error while loading driver (-22)
[  683.187850][ T1798] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  683.231803][ T1798] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  683.247937][ T1798] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  683.985861][ T1798] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.997048][T14141] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  684.787495][ T1798] usb 2-1: USB disconnect, device number 30
[  685.030490][ T5140] usb 3-1: USB disconnect, device number 28
[  685.387839][T14166] netlink: 'syz.1.2172': attribute type 2 has an invalid length.
[  685.713811][ T5140] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  686.155436][ T1247] ieee802154 phy0 wpan0: encryption failed: -22
[  686.163725][ T1247] ieee802154 phy1 wpan1: encryption failed: -22
[  686.710384][ T5140] usb 2-1: Using ep0 maxpacket: 8
[  686.764571][ T5140] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  686.803746][ T5140] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  687.049375][ T5140] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  687.073761][ T5140] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  687.280634][ T5140] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  687.412469][ T5140] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  687.629862][ T5140] usb 2-1: Product: syz
[  687.686571][ T5140] usb 2-1: Manufacturer: syz
[  687.691226][ T5140] usb 2-1: SerialNumber: syz
[  688.035969][ T5140] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  688.674069][ T7414] usb 2-1: USB disconnect, device number 31
[  691.595308][  T927] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  691.953213][  T927] usb 5-1: Using ep0 maxpacket: 16
[  691.981992][  T927] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  692.058281][  T927] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=c9.61
[  692.108188][  T927] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.153845][  T927] usb 5-1: Product: syz
[  692.164621][  T927] usb 5-1: Manufacturer: syz
[  692.185691][  T927] usb 5-1: SerialNumber: syz
[  692.193357][  T927] usb 5-1: config 0 descriptor??
[  692.218962][  T927] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  692.441437][T14228] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  692.560770][  T927] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110
[  692.661939][  T927] usb 5-1: USB disconnect, device number 35
[  693.363473][T14233] loop1: detected capacity change from 0 to 40427
[  693.418613][T14233] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  693.459955][T14233] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  693.494850][T14233] F2FS-fs (loop1): invalid crc value
[  693.530143][T14233] F2FS-fs (loop1): Found nat_bits in checkpoint
[  693.742817][T14233] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  693.760162][T14233] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  693.827383][T14233] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  693.942133][T14238] loop2: detected capacity change from 0 to 40427
[  693.979242][T14238] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  693.994641][T14238] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  694.062176][T14238] F2FS-fs (loop2): Found nat_bits in checkpoint
[  694.226396][T14238] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  694.243868][T14238] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  694.368725][T14269] syz.4.2202: attempt to access beyond end of device
[  694.368725][T14269] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[  694.401297][    T8] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  694.484509][T14269] syz.4.2202: attempt to access beyond end of device
[  694.484509][T14269] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0
[  694.594263][    T8] usb 1-1: Using ep0 maxpacket: 8
[  694.606759][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  694.638407][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  694.683927][    T8] usb 1-1: New USB device found, idVendor=044e, idProduct=121e, bcdDevice= 0.00
[  694.721914][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.775997][    T8] usb 1-1: config 0 descriptor??
[  694.876546][T14279] loop1: detected capacity change from 0 to 1764
[  694.897774][T14279] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  694.932869][T14279] ISOFS: unable to read i-node block
[  694.943995][T14279] isofs_fill_super: get root inode failed
[  695.325983][    T8] hid-alps 0003:044E:121E.0008: hidraw0: USB HID v0.00 Device [HID 044e:121e] on usb-dummy_hcd.0-1/input0
[  695.775862][ T5139] usb 1-1: USB disconnect, device number 20
[  696.996924][T14297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2211'.
[  697.005941][T14297] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2211'.
[  697.681281][ T5092] Bluetooth: Unexpected continuation frame (len 10)
[  697.953800][ T5140] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  698.156157][ T5140] usb 1-1: Using ep0 maxpacket: 8
[  698.199961][T14306] netlink: 'syz.0.2213': attribute type 10 has an invalid length.
[  698.236127][T14306] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2213'.
[  698.261012][T14306] batman_adv: batadv0: Adding interface: virt_wifi0
[  698.313807][T14306] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  698.419199][T14306] batman_adv: batadv0: Interface activated: virt_wifi0
[  698.519931][ T5140] usb 1-1: unable to get BOS descriptor or descriptor too short
[  698.591685][ T5140] usb 1-1: unable to read config index 0 descriptor/start: -71
[  698.611530][ T5140] usb 1-1: can't read configurations, error -71
[  698.757525][T14326] loop2: detected capacity change from 0 to 1764
[  698.770784][T14326] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  698.805547][T14326] ISOFS: unable to read i-node block
[  698.810920][T14326] isofs_fill_super: get root inode failed
[  699.033589][T14313] loop1: detected capacity change from 0 to 40427
[  699.127612][T14313] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  699.174952][T14313] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  699.271420][T14313] F2FS-fs (loop1): Found nat_bits in checkpoint
[  699.680907][T14313] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  699.714969][T14313] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  700.940487][T14360] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2226'.
[  700.952038][T14360] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2226'.
[  702.089512][T14373] loop3: detected capacity change from 0 to 1764
[  702.170275][T14380] syz.4.2227: attempt to access beyond end of device
[  702.170275][T14380] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[  702.184887][T14380] syz.4.2227: attempt to access beyond end of device
[  702.184887][T14380] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0
[  702.258812][T14373] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  702.286555][T14373] ISOFS: unable to read i-node block
[  702.302552][T14373] isofs_fill_super: get root inode failed
[  703.811565][T14378] loop2: detected capacity change from 0 to 32768
[  703.873911][T14378] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2234 (14378)
[  703.921603][T14378] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  703.943932][T14378] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  703.952640][T14378] BTRFS info (device loop2): using free-space-tree
[  705.324405][T10686] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  705.450835][T14431] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2241'.
[  705.461759][T14431] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2241'.
[  706.132657][T14392] loop1: detected capacity change from 0 to 40427
[  706.140701][T14436] loop3: detected capacity change from 0 to 1764
[  706.179688][T14392] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  706.196619][T14436] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  706.225972][T14392] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  706.232654][T14436] ISOFS: unable to read i-node block
[  706.242676][T14436] isofs_fill_super: get root inode failed
[  706.279497][T14392] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-4)
[  707.337380][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  709.480878][T14488] loop2: detected capacity change from 0 to 1764
[  709.503179][T14488] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  709.517354][T14488] ISOFS: unable to read i-node block
[  709.522886][T14488] isofs_fill_super: get root inode failed
[  709.939566][T14500] IPVS: set_ctl: invalid protocol: 2 10.1.1.0:20001
[  710.866453][T14476] loop4: detected capacity change from 0 to 32768
[  712.125643][T14518] read_mapping_page failed!
[  712.941635][T14536] loop0: detected capacity change from 0 to 1764
[  712.959877][T14536] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  713.003043][T14536] ISOFS: unable to read i-node block
[  713.013885][T14536] isofs_fill_super: get root inode failed
[  715.016160][ T5139] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  716.053844][ T5139] usb 3-1: Using ep0 maxpacket: 8
[  716.075960][ T5139] usb 3-1: New USB device found, idVendor=0b48, idProduct=3009, bcdDevice=3d.50
[  716.093947][ T5139] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.101997][ T5139] usb 3-1: Product: syz
[  716.124461][ T5139] usb 3-1: Manufacturer: syz
[  716.129111][ T5139] usb 3-1: SerialNumber: syz
[  716.147156][ T5139] usb 3-1: config 0 descriptor??
[  716.166675][ T5139] dvb-usb: found a 'Technotrend TT-connect S-2400 (8kB EEPROM)' in warm state.
[  716.187762][ T5139] dvb-usb: bulk message failed: -22 (4/0)
[  716.193546][ T5139] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  716.206557][ T5139] dvb-usb: bulk message failed: -22 (5/0)
[  716.224192][ T5139] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  716.245375][ T5139] dvb-usb: Technotrend TT-connect S-2400 (8kB EEPROM) error while loading driver (-22)
[  716.396529][T14583] loop3: detected capacity change from 0 to 1764
[  716.458022][T14561] loop4: detected capacity change from 0 to 32768
[  716.497239][T14583] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  716.542399][T14583] ISOFS: unable to read i-node block
[  716.561855][T14583] isofs_fill_super: get root inode failed
[  717.483580][ T7414] usb 3-1: USB disconnect, device number 29
[  720.179596][T14632] loop3: detected capacity change from 0 to 1764
[  720.208494][T14632] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  720.237819][T14632] ISOFS: unable to read i-node block
[  720.243243][T14632] isofs_fill_super: get root inode failed
[  721.070710][T14622] loop0: detected capacity change from 0 to 32768
[  723.870627][ T9681] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1
[  723.883384][ T9681] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9
[  723.897381][ T9681] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9
[  723.911204][ T9681] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4
[  723.919552][ T9681] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3
[  723.929792][ T9681] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2
[  724.720291][T14672] chnl_net:caif_netlink_parms(): no params data found
[  724.999578][T14689] loop2: detected capacity change from 0 to 1764
[  725.059336][T14689] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  725.087872][T14689] ISOFS: unable to read i-node block
[  725.093390][T14689] isofs_fill_super: get root inode failed
[  725.166870][T14672] bridge0: port 1(bridge_slave_0) entered blocking state
[  725.224063][T14672] bridge0: port 1(bridge_slave_0) entered disabled state
[  725.252695][T14672] bridge_slave_0: entered allmulticast mode
[  725.282354][T14672] bridge_slave_0: entered promiscuous mode
[  725.306941][T14672] bridge0: port 2(bridge_slave_1) entered blocking state
[  725.354058][T14672] bridge0: port 2(bridge_slave_1) entered disabled state
[  725.389300][T14672] bridge_slave_1: entered allmulticast mode
[  725.417925][T14672] bridge_slave_1: entered promiscuous mode
[  725.452544][T14700] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000007: 0000 [#1] PREEMPT SMP KASAN PTI
[  725.452571][T14700] KASAN: null-ptr-deref in range [0x0000000000000038-0x000000000000003f]
[  725.452586][T14700] CPU: 0 UID: 0 PID: 14700 Comm: syz.3.2319 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[  725.452609][T14700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  725.452621][T14700] RIP: 0010:dev_map_redirect+0x65/0x6a0
[  725.452649][T14700] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 83 b3 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff
[  725.452666][T14700] RSP: 0018:ffffc9001336f088 EFLAGS: 00010202
[  725.452684][T14700] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000
[  725.452697][T14700] RDX: ffffc9001982d000 RSI: 00000000000004b6 RDI: 00000000000004b7
[  725.452711][T14700] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5ee2f
[  725.452724][T14700] R10: 0000000000000004 R11: ffff88801af9da00 R12: 000000001336f0d8
[  725.452738][T14700] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038
[  725.452750][T14700] FS:  00007fb21005e6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  725.452767][T14700] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  725.452781][T14700] CR2: 000000110c329294 CR3: 00000000477b8000 CR4: 00000000003526f0
[  725.452798][T14700] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  725.452811][T14700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  725.452824][T14700] Call Trace:
[  725.452832][T14700]  <TASK>
[  725.452841][T14700]  ? __die_body+0x88/0xe0
[  725.452866][T14700]  ? die_addr+0x108/0x140
[  725.452892][T14700]  ? exc_general_protection+0x3dd/0x5d0
[  725.452926][T14700]  ? asm_exc_general_protection+0x26/0x30
[  725.452950][T14700]  ? bpf_ringbuf_query+0x4f/0x150
[  725.452975][T14700]  ? dev_map_redirect+0x65/0x6a0
[  725.452995][T14700]  ? dev_map_redirect+0x28/0x6a0
[  725.453016][T14700]  bpf_prog_ec9efaa32d58ce69+0x56/0x5a
[  725.453034][T14700]  bpf_prog_run_generic_xdp+0x679/0x14c0
[  725.453079][T14700]  do_xdp_generic+0x673/0xb90
[  725.453103][T14700]  ? __pfx_validate_chain+0x10/0x10
[  725.453137][T14700]  ? __pfx_do_xdp_generic+0x10/0x10
[  725.453167][T14700]  __netif_receive_skb_core+0x1be6/0x4570
[  725.453192][T14700]  ? mark_lock+0x9a/0x360
[  725.453225][T14700]  ? __pfx___netif_receive_skb_core+0x10/0x10
[  725.453252][T14700]  ? mark_lock+0x9a/0x360
[  725.453276][T14700]  ? __lock_acquire+0x1359/0x2000
[  725.453309][T14700]  __netif_receive_skb+0x12f/0x650
[  725.453334][T14700]  ? __pfx_lock_acquire+0x10/0x10
[  725.453355][T14700]  ? seqcount_lockdep_reader_access+0x1d7/0x220
[  725.453379][T14700]  ? __pfx___netif_receive_skb+0x10/0x10
[  725.453402][T14700]  ? __kasan_slab_alloc+0x66/0x80
[  725.453423][T14700]  ? read_tsc+0x9/0x20
[  725.453443][T14700]  ? timekeeping_get_ns+0x2c0/0x420
[  725.453468][T14700]  ? netif_receive_skb+0x131/0x890
[  725.453490][T14700]  ? netif_receive_skb+0x131/0x890
[  725.453513][T14700]  netif_receive_skb+0x1e8/0x890
[  725.453537][T14700]  ? tun_rx_batched+0x160/0x8f0
[  725.453555][T14700]  ? __pfx_netif_receive_skb+0x10/0x10
[  725.453584][T14700]  ? tun_rx_batched+0x160/0x8f0
[  725.453601][T14700]  tun_rx_batched+0x1b7/0x8f0
[  725.453619][T14700]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  725.453640][T14700]  ? __pfx_lock_acquire+0x10/0x10
[  725.453659][T14700]  ? __pfx_tun_rx_batched+0x10/0x10
[  725.453682][T14700]  tun_get_user+0x2f3b/0x4560
[  725.453699][T14700]  ? tun_get_user+0x2a35/0x4560
[  725.453720][T14700]  ? __pfx_tun_get_user+0x10/0x10
[  725.453742][T14700]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  725.453761][T14700]  ? tun_get+0x1e/0x2f0
[  725.453786][T14700]  ? tun_get+0x1e/0x2f0
[  725.453802][T14700]  ? tun_get+0x27d/0x2f0
[  725.453820][T14700]  tun_chr_write_iter+0x113/0x1f0
[  725.453840][T14700]  vfs_write+0xa72/0xc90
[  725.453859][T14700]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  725.453876][T14700]  ? __pfx_vfs_write+0x10/0x10
[  725.453890][T14700]  ? do_futex+0x33b/0x560
[  725.453920][T14700]  ksys_write+0x1a0/0x2c0
[  725.453939][T14700]  ? __pfx_ksys_write+0x10/0x10
[  725.453955][T14700]  ? do_syscall_64+0x100/0x230
[  725.453972][T14700]  ? do_syscall_64+0xb6/0x230
[  725.453990][T14700]  do_syscall_64+0xf3/0x230
[  725.454007][T14700]  ? clear_bhb_loop+0x35/0x90
[  725.454028][T14700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.454047][T14700] RIP: 0033:0x7fb20f37475f
[  725.454063][T14700] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  725.454088][T14700] RSP: 002b:00007fb21005e010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  725.454108][T14700] RAX: ffffffffffffffda RBX: 00007fb20f503f60 RCX: 00007fb20f37475f
[  725.454124][T14700] RDX: 0000000000000022 RSI: 0000000020000100 RDI: 00000000000000c8
[  725.454136][T14700] RBP: 00007fb20f3e4aa1 R08: 0000000000000000 R09: 0000000000000000
[  725.454149][T14700] R10: 0000000000000022 R11: 0000000000000293 R12: 0000000000000000
[  725.454161][T14700] R13: 000000000000000b R14: 00007fb20f503f60 R15: 00007fff6ec1edd8
[  725.454181][T14700]  </TASK>
[  725.454187][T14700] Modules linked in:
[  725.454251][T14700] ---[ end trace 0000000000000000 ]---
[  725.962640][T14700] RIP: 0010:dev_map_redirect+0x65/0x6a0
[  725.968208][T14700] Code: 48 c1 e8 03 80 3c 28 00 74 08 48 89 df e8 83 b3 3d 00 4c 8b 2b 4d 8d 7d 38 4c 89 fb 48 c1 eb 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 03 84 c0 0f 85 6e 04 00 00 41 8b 2f 89 ee 83 e6 02 31 ff
[  725.987928][T14700] RSP: 0018:ffffc9001336f088 EFLAGS: 00010202
[  725.994048][T14700] RAX: dffffc0000000000 RBX: 0000000000000007 RCX: 0000000000040000
[  725.994143][ T9681] Bluetooth: hci10: command tx timeout
[  726.002023][T14700] RDX: ffffc9001982d000 RSI: 00000000000004b6 RDI: 00000000000004b7
[  726.002039][T14700] RBP: dffffc0000000000 R08: 0000000000000007 R09: ffffffff81b5ee2f
[  726.002053][T14700] R10: 0000000000000004 R11: ffff88801af9da00 R12: 000000001336f0d8
[  726.002068][T14700] R13: 0000000000000000 R14: 0000000000000008 R15: 0000000000000038
[  726.039456][T14700] FS:  00007fb21005e6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
[  726.048432][T14700] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  726.055066][T14700] CR2: 000000110c329294 CR3: 00000000477b8000 CR4: 00000000003526f0
[  726.063067][T14700] DR0: 0000000000002800 DR1: 0000000000000000 DR2: 0000000000000000
[  726.071068][T14700] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  726.079071][T14700] Kernel panic - not syncing: Fatal exception in interrupt
[  726.086478][T14700] Kernel Offset: disabled
[  726.090791][T14700] Rebooting in 86400 seconds..