last executing test programs:

58.192256585s ago: executing program 4 (id=986):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDENABIO(r0, 0x4b36)
uname(&(0x7f0000000180)=""/224)

56.192239554s ago: executing program 4 (id=991):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="68000000150001000000000000000000ff020000000000000000000000000001e000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\f\x00\b\x00('], 0x68}}, 0x0)

55.051086129s ago: executing program 4 (id=994):
sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x14)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x89f0, &(0x7f0000000900)={'bridge0\x00', @random='\x00\x00\x00 \x00'})

54.592053683s ago: executing program 4 (id=999):
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="043e1f0a00c30001bcf2f39ecf0f1d2391401d71e40c1c330fd92cfa5be6"], 0x22)
capset(&(0x7f0000000100), 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd1, 0x0, 0x0)

52.660587849s ago: executing program 4 (id=1002):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYRES8], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000080)='d', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x15}, 0x4}, 0x1c)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = syz_usb_connect(0x0, 0x3f, &(0x7f0000002000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e", @ANYRESDEC=0x0], 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r5, 0xc0145b0e, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r6, 0x11af, 0xdfd2, 0x1, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xe)
shutdown(r2, 0x1)
recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x52, 0x0}}], 0x1, 0x0, 0x0)
connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @hyper}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r0}, 0x10)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000b80)=ANY=[@ANYBLOB="12010000b19a3640d219751284000002030109022b000207000000090400010079319c000904"], 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

48.946851611s ago: executing program 4 (id=1012):
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="9fcef773371e4e035a4ff190bea4efd68642046c23be8a9aae70a0043860f98931e9a9d2a4cb9b6cbfab8d88542eafc9851179a8bc28dad0fbfc05804b2b"], 0x1, 0x8a, &(0x7f0000000180)="$eJzszqENAkEUBNDhDKhrAEEH1wOlECQ4FISEimiFEugAgcUcYsGsxCy5vJf8n0zGzO11XaZPxksyVg7H026zLz9MUpdknmSRZNWX/FiXbvbp78/z9nut9wIAAL/rMtR5aDYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A+9AwAA///rYCNS")
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0)
sync()
pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000040)="17", 0x1}], 0x1, 0x0, 0x0)

43.735056442s ago: executing program 1 (id=1023):
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x6)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)

39.740548506s ago: executing program 0 (id=1034):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl1\x00', 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r2 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r1)
r3 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r3)
r4 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000180)="fb98", 0x2, 0xfffffffffffffffb)
keyctl$read(0xb, r4, &(0x7f0000000300)=""/51, 0xfffffffffffffc2f)
keyctl$link(0x8, r3, r4)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000740)={'fscrypt:', @auto=[0x64, 0x35, 0x0, 0x0, 0x37, 0x63, 0x35, 0x36, 0x30, 0x38, 0x66, 0x63, 0x34, 0x64, 0x63]}, &(0x7f0000000080)={0x0, "52584a0dd465b5254432dd59bcb640901942e943f7b76a5c0100000000000090d9d47a4b6a1e03fb8888d9f595f4804bd3aea5f971309976f14b00", 0x1d}, 0x48, r4)
r5 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r6 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r5)
keyctl$read(0xb, r6, &(0x7f0000000300)=""/51, 0xfffffffffffffc2f)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r4, 0x0, r6}, &(0x7f0000000100)=""/107, 0x6b, &(0x7f00000001c0)={&(0x7f0000000040)={'sha256-arm64-neon\x00'}, &(0x7f0000000180)="12824e122e2dbf5a154e6bf7e4a3f5e3a642b5b488b69adb2ce4797d726ecf0b9a6ddfb7f0f9a5ed9b45f047dc8de91f719b754d4969aa", 0x37})
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000200)={0x0, "e831bccdaf4ebe9106b904ebf3d045a733132af2c824259a31f57160d9b85129b355594a553ed476080b4d78a80decdc568a787e5788807a7ba205b2e7de8621", 0x1a}, 0x48, r2)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)

38.938040518s ago: executing program 1 (id=1035):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3)

38.218152236s ago: executing program 1 (id=1038):
syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f0000000080)='./file1\x00', 0x80, &(0x7f0000000000)=ANY=[@ANYRES64=0x0], 0x1, 0x69e, &(0x7f00000008c0)="$eJzs3ctvHHcdAPDvzK433iClTpu0ASHVakRBWCR+yAVzqeGAfIhQFQ4VEpdV4jRWNm5lu8itEJj3gQuH/gHl4AMSJyTukYrEiXLr1SdUCYlLTr4ZzezMPrLZza7jeGP6+Viz85v9vb/z2oesDeALa20uqg8iibW5G7vZ9sH+UvNgf+lckd2MiCydRlRbq0g2I5JPIlajtcSXsyeL8smgfj7aWLn52cODz1tb1WLJy6fD6o1mr1hiNiIqxbrfVO9mUh2pvVsD2xuu0emoPcMsYFfLwMGkHfXZG6f6U563wPMgad03+8xEnI+I6eJ1QBRXh/R0R3fyxrrKAQAAwBn1wmEcxm5cmPQ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Cwpfv8/KZa0TM9GUv7+f614Lor0zXTCY34aDyY9AAAAAAAAAAA4Aa8exmHsxoVy+6j1zf5r+eOl/PFL8X5sx3psxbXYjUbsxE5sxUJEzHQ1VNtt7OxsLYxQc/GxNRdPY7YAAAAAAAAA8H/rV7HW+f4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeB0lEpbXKl0tleibSakRMR0QtK7cX8a8yfUYkneRqO/VgMmMBAACAY5s+Rt4Lh3EYu3Gh3D5K8vf8L+fvl6fj/diMndiInWjGetwu3kNn7/rTg/2l5sH+0v2D/aW88Z8ctbTa+d5/xxp63mK0Pnt4fM9X8hL1uBMb+TPX4lY+mNuR5jUzV4rxtJfeTn6Zjan+ZmHEkd0u1llnf+z9FOFkpT29fvrkCjN5pal2ROaLsWUNXRweicfvnXonWf1aZUhPC5G2P/m5NKSnckpJEfIbT55U7nxZLyJ+90jM3/z3n388YjPPQDsSaeSRWOw6+l4eHvOIr//tL2/fbW7eu3tne+6ZHUan5dFjYqkrEq+c6UhUxyw/n0ficnt7LX4QP4q5mI23Yis24qfRiJ1Yj+LKGI3ieM4eZ7qiFNEXqdWerbeeNJJasV9a5+4oY5qNc3mqEa/ldS/ERiTxbtyO9Xgj/1uMhfh2LMdyrHTt4csD93A+t/xKm453pb36jeic6r/vvRwN949RC46vddvM4nqxK67d19yZPK/7mU6UXhzhfpSMF6XqV4pE1sevn6sP4ItI/KH7LlFG4qXhkfhTfm5sNzfvbd1tvDeg/b1Htl+f6qR/e5ITObbyiM12yosxXVxJeo+OLO+l9lXmYs9dtVZ849LKS/vyLnfdCrMz9YcDz9Ra8Rquv6XFPO+V/rxKOfIrXXk9r7fi3X+eajgBOK7z3zxfq/+n/mn94/pv6nfrN6a/f+47575ai6m/T323Ol95PU2Tv8bH8fPO+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4tj/48F6j2VzfenwiHZx1somk+A2oQWWqUY+RG/zF0dHRKYz56ae898TCs2O2HJOf1wiJ8ternradt1ef9VDT0Y+6nkTluYjzKIlKRJTPVKKTVeyiYT8uCpxp13fuv3d9+4MPv7Vxv/HO+jvrm1PLyyvzK8tvLF2/s9Fcn289TnqUwLPQeT0w6ZEAAAAAAAAAAAAAoxr3fwZejfH/06Cru9kJThUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4o9bmojoVSSzMX5vPtg/2l5rZUqY7JasRkaYRyc8ikk8iVmMqVrOMma7mkkH9fLSxcvOzhwefd9qqluXTYfVGs1csMRsRlWLdp3a89m4Nam9kSXuGWcCuFmuYuP8FAAD//2cNBtc=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)

37.472977675s ago: executing program 1 (id=1043):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x4020}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
close(r0)

37.023572269s ago: executing program 3 (id=1045):
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043e751d"], 0x24)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYRES8], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000080)='d', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x15}, 0x4}, 0x1c)
syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = syz_usb_connect(0x0, 0x3f, &(0x7f0000002000)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e", @ANYRESDEC=0x0], 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r5, 0xc0145b0e, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r6, 0x11af, 0xdfd2, 0x1, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0xe)
shutdown(r2, 0x1)
recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x52, 0x0}}], 0x1, 0x0, 0x0)
connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @hyper}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r0}, 0x10)
syz_usb_connect(0x0, 0x3d, &(0x7f0000000b80)=ANY=[@ANYBLOB="12010000b19a3640d219751284000002030109022b000207000000090400010079319c000904"], 0x0)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r1, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)

35.87603007s ago: executing program 1 (id=1047):
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r0}, 0x10)
getpid()
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xf, 0x4, 0x4, 0x7}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f00000003c0)={r6, &(0x7f0000000300), 0x20000000}, 0x20)
recvmsg$unix(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000140)=""/219, 0xdb}], 0x1, 0x0, 0x58}, 0x0)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r6, &(0x7f0000000100)}, 0x36)
write$binfmt_script(r5, &(0x7f00000009c0), 0x75)
bpf$MAP_CREATE(0x0, &(0x7f0000000180), 0x48)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0)
open(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

33.651616614s ago: executing program 1 (id=1049):
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="9fcef773371e4e035a4ff190bea4efd68642046c23be8a9aae70a0043860f98931e9a9d2a4cb9b6cbfab8d88542eafc9851179a8bc28dad0fbfc05804b2b"], 0x1, 0x8a, &(0x7f0000000180)="$eJzszqENAkEUBNDhDKhrAEEH1wOlECQ4FISEimiFEugAgcUcYsGsxCy5vJf8n0zGzO11XaZPxksyVg7H026zLz9MUpdknmSRZNWX/FiXbvbp78/z9nut9wIAAL/rMtR5aDYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A+9AwAA///rYCNS")
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0)
sync()
pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000040)="17", 0x1}], 0x1, 0x0, 0x0)

33.408661679s ago: executing program 3 (id=1050):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3)

33.132009386s ago: executing program 0 (id=1051):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0xf1, 0x100000}, 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
process_madvise(0xffffffffffffffff, &(0x7f0000000200), 0x1000000000000276, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', 0xa00010, &(0x7f0000000700)=ANY=[@ANYBLOB='nodecomp\a\x00e,decompnsd=\x00'/36, @ANYRESHEX, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=")

30.943166776s ago: executing program 0 (id=1052):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0xc0, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x90, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x80, 0x2, 0x0, 0x1, [@IFLA_VLAN_INGRESS_QOS={0x4, 0x3}, @IFLA_VLAN_FLAGS={0xc}, @IFLA_VLAN_FLAGS={0xc}, @IFLA_VLAN_ID={0x6}, @IFLA_VLAN_INGRESS_QOS={0x58, 0x4, 0x0, 0x1, [@IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xa}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}, @IFLA_VLAN_QOS_MAPPING={0xc}]}]}}}, @IFLA_LINK={0x8}, @IFLA_NUM_TX_QUEUES]}, 0xc0}, 0x1, 0xba01}, 0x0)

30.797597017s ago: executing program 3 (id=1053):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f00000002c0)="91", 0xffffffb0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

30.416120209s ago: executing program 0 (id=1055):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000040)={0x1d, r1}, 0x18)
r2 = dup(r0)
sendmsg$SMC_PNETID_FLUSH(r2, &(0x7f0000000540)={&(0x7f0000000340), 0xc, &(0x7f00000004c0)={0x0}}, 0x0)

30.070505286s ago: executing program 0 (id=1056):
syz_mount_image$exfat(&(0x7f0000000280), &(0x7f0000001840)='./file2\x00', 0x10000, &(0x7f00000018c0)=ANY=[], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
rename(&(0x7f0000001980)='./file0\x00', &(0x7f0000002500)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)

29.074901218s ago: executing program 0 (id=1059):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
unshare(0x8000000)
unshare(0x8040080)
openat$sysfs(0xffffffffffffff9c, 0x0, 0xac802, 0x61)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00'}, 0x90)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37438e486dd6317ce22080000fffe80000000000000101000007f0c08fcffff"], 0xfdef)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000400)={0x4000000, {0x2, 0x1}, {0x2, 0x4, @multicast2}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x0, 0x0, 0x0, 0x0, 0x8000})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000500)='/sys/kernel/address_bits', 0x40042, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000001c0)=[&(0x7f0000002040)={0xf, 0x400000000000, 0x0, 0x0, 0x0, r1, &(0x7f00000000c0)="fc", 0xa}])
socket$inet_tcp(0x2, 0x1, 0x0)
unshare(0x6a040000)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r4 = dup(r3)
bind$bt_l2cap(r4, &(0x7f0000000080), 0xe)
listen(r4, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000140)={0x1f, 0x0, @none}, 0xe)
sendmmsg$inet6(r4, &(0x7f0000000480)=[{{&(0x7f0000000200)={0xa, 0x4e23, 0xbc34, @mcast1, 0x8000000}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000300)}], 0x1, &(0x7f0000000540)=ANY=[], 0x68}}], 0x1, 0x40050)

27.422311526s ago: executing program 3 (id=1062):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl1\x00', 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r2 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r1)
r3 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r3)
r4 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000180)="fb98", 0x2, 0xfffffffffffffffb)
keyctl$read(0xb, r4, &(0x7f0000000300)=""/51, 0xfffffffffffffc2f)
keyctl$link(0x8, r3, r4)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000740)={'fscrypt:', @auto=[0x64, 0x35, 0x0, 0x0, 0x37, 0x63, 0x35, 0x36, 0x30, 0x38, 0x66, 0x63, 0x34, 0x64, 0x63]}, &(0x7f0000000080)={0x0, "52584a0dd465b5254432dd59bcb640901942e943f7b76a5c0100000000000090d9d47a4b6a1e03fb8888d9f595f4804bd3aea5f971309976f14b00", 0x1d}, 0x48, r4)
r5 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r6 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r5)
keyctl$read(0xb, r6, &(0x7f0000000300)=""/51, 0xfffffffffffffc2f)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r4, 0x0, r6}, &(0x7f0000000100)=""/107, 0x6b, &(0x7f00000001c0)={&(0x7f0000000040)={'sha256-arm64-neon\x00'}, &(0x7f0000000180)="12824e122e2dbf5a154e6bf7e4a3f5e3a642b5b488b69adb2ce4797d726ecf0b9a6ddfb7f0f9a5ed9b45f047dc8de91f719b754d4969aa", 0x37})
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000200)={0x0, "e831bccdaf4ebe9106b904ebf3d045a733132af2c824259a31f57160d9b85129b355594a553ed476080b4d78a80decdc568a787e5788807a7ba205b2e7de8621", 0x1a}, 0x48, r2)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)

18.606374399s ago: executing program 3 (id=1073):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}]}]}]}, 0x2c}}, 0x0)

18.187625411s ago: executing program 3 (id=1076):
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="9fcef773371e4e035a4ff190bea4efd68642046c23be8a9aae70a0043860f98931e9a9d2a4cb9b6cbfab8d88542eafc9851179a8bc28dad0fbfc05804b2b"], 0x1, 0x8a, &(0x7f0000000180)="$eJzszqENAkEUBNDhDKhrAEEH1wOlECQ4FISEimiFEugAgcUcYsGsxCy5vJf8n0zGzO11XaZPxksyVg7H026zLz9MUpdknmSRZNWX/FiXbvbp78/z9nut9wIAAL/rMtR5aDYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4A+9AwAA///rYCNS")
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000000)='./file1\x00', 0x109042, 0x0)
sync()
pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000040)="17", 0x1}], 0x1, 0x0, 0x0)

7.575134123s ago: executing program 5 (id=1099):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
ioctl$EXT4_IOC_CHECKPOINT(0xffffffffffffffff, 0x4004662b, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000040)={'syztnl1\x00', 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r2 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r1)
r3 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r3)
r4 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f00000001c0)={'syz', 0x1}, &(0x7f0000000180)="fb98", 0x2, 0xfffffffffffffffb)
keyctl$read(0xb, r4, &(0x7f0000000300)=""/51, 0xfffffffffffffc2f)
keyctl$link(0x8, r3, r4)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000740)={'fscrypt:', @auto=[0x64, 0x35, 0x0, 0x0, 0x37, 0x63, 0x35, 0x36, 0x30, 0x38, 0x66, 0x63, 0x34, 0x64, 0x63]}, &(0x7f0000000080)={0x0, "52584a0dd465b5254432dd59bcb640901942e943f7b76a5c0100000000000090d9d47a4b6a1e03fb8888d9f595f4804bd3aea5f971309976f14b00", 0x1d}, 0x48, r4)
r5 = add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r6 = add_key(&(0x7f0000000340)='dns_resolver\x00', &(0x7f0000000540)={'syz', 0x1}, &(0x7f0000000580)="fb9c", 0xfffff, r5)
keyctl$read(0xb, r6, &(0x7f0000000300)=""/51, 0xfffffffffffffc2f)
keyctl$dh_compute(0x17, &(0x7f0000000000)={r4, 0x0, r6}, &(0x7f0000000100)=""/107, 0x6b, &(0x7f00000001c0)={&(0x7f0000000040)={'sha256-arm64-neon\x00'}, &(0x7f0000000180)="12824e122e2dbf5a154e6bf7e4a3f5e3a642b5b488b69adb2ce4797d726ecf0b9a6ddfb7f0f9a5ed9b45f047dc8de91f719b754d4969aa", 0x37})
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000200)={0x0, "e831bccdaf4ebe9106b904ebf3d045a733132af2c824259a31f57160d9b85129b355594a553ed476080b4d78a80decdc568a787e5788807a7ba205b2e7de8621", 0x1a}, 0x48, r2)
munmap(&(0x7f0000002000/0x2000)=nil, 0x2000)

4.976907572s ago: executing program 5 (id=1104):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000400), 0x4)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[], 0x5)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000a40)=""/143, 0x8f}], 0x1}}], 0x1, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a0010000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x3, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="043e1f0a00"], 0x22)
syz_emit_vhci(&(0x7f0000002a40)=ANY=[@ANYRES16=r1, @ANYBLOB="26a0e6f6e13bb9bd96655d0fe0842fd400ed0cd4f6c6b64cf895fdfbad80c529867dec1e03f33293279a38d163bf506edf49a0f43ff7b3cfa12bf14ae6d6817dbbe465775dc1048e9bc19ee381891b2211d618312b4307e485c7bd2107801425ee6a75685cb5594f332e3a39e4b6aeaba690a46e927f6a514e579fcddfd89a7ab455ae49209cc38ae247fb84319f5250e5a8b73a916adc63109d817339058db510cbfe966dd68562500689722eb2f5a9fc11b956cb4d8ea2669bd7bce14c9a7a29e1eb65b5d289a2a98ff6ced546d56466fa8605d559e288d73d737412f6fb7d15b5c41fc64edbf33056ba500b91596f3ba5526d04cba2c42ee797bb4354eeedcb74a6cfd37efa5281f3b9fc561966342ee60add71da3aaa09742b72d86394834cc424505b2bf815c29dc4da75550ae55af54e95d27d24336a1b47e58c4b3bb1726f79d742c347e1b7a52ea6049506600f53a1b8cf2bb53b7962d3109ee27cdecc67d89999914b471a6e461cf6cc1b81ed6a91c49a0a2a2fb9fffc93c8f7e6174fb96fc8af06cd372c2b4769db5b92c45667252b7afff4a092ba380ccdc96441a9e2a8809d3230e8d8a34fb9c1b6f517b8d72bbd3978d36d098642da5369f4f292275b5cde0ce6247e826f7a23d9added1dc0c2ab332067bc199339feb8082df3f877394d1f8d90ba27495e24a5c084420b2644346ab9079a7b507d1a2eb88d869d1f48d013a724ffbf6b7ca585b74a5d005d421af7a939d87929b4709cafc5a6a2241fb1f1d5ed8bec4a15162333b9a4c851eca359693a821ba37e08d469191626755bfa67f56dd29dfbfec6075f5edbb9788eef0bc11e4f637f0b8effb1f2d01f64a83f488e84ca1d671b494ceb67dccd93bcf5f50de44dd18e5f9e059a15dade38995b8cd9d52caf1d05f531865c560f0adaec062d66e631e752e3f5dd84ea8bbdf83ed7f8e9061319dba96e8eb7617c214d3c4a416b5af96c55739d6dbe3812d3f887293c8079b43c0279001149b833795eedc495d357c1d504e52bd54613480262dc777bce9c3bd1d653e3ed16887f7c104feae5be9a923e8cee8d791190f1f48d21acb0ee07f31273583979585ea2227bfda8fddd9ead3b29817f2d69e87bb6a89f3391d3d2c7d61708dde2f6355f027165401a535163239b4475db1505011a4e518108ac4fedb0a4271e7b6cc36b4d55a8b484485c5c09a02414e62c16262675c6deb0e92d8b03347d256304e140bd4bb5d2e33f2c0cc484a1829520341f12997fa5765a0e1a1f2df49a6a050974d6e5b13dc00086d12d75cab8ecad734d9c8ef7208448e1391c57ac346bde8a14a74aeaea2ba07f235423c9c12c7b7def05bad6510ec3123f6b2bb245558c84e13f2da929dc2810698d7881e76196455f20045f5a9818a61c4862ba9e582aac959aba02cbc174fa3fcc9ea2ea37f7a4b2f785e372f96338cf9dcaa84ddefcaf03bdc824bee391767c20b7a9f788a27ac457f06cbc1b35b5b5a4dd572c4d0a77b94e61ebcfab5dfd6601d4cf110bd6feac884f90e2d0d48aaab15841150a2d203b454ea91a88a317905acad2efabf1f9e2b42d695fd973f7b7c8bf25db5f433c6378317d70188952573f73c12ceb09a705506f3d8bc07f2b7621eab7e53c49e885fbb5f2d8e00865a18818026db3803b8ed0c14db69ba29e72cfe37d2a07c856fbdc8b8ac83ec3ac5044ab576e373bedeebcd693796ef5cde64e9d60a538f93911abfbbfd4354c9498dea4f771af857a1d7a8aaa730ef8d73d6f72ba1843c7a5503a1c1a8cb17e4a8d7f3c68982332a66a8dc991fba4c798140b65fd31a1a973d5f033c034ee446ca525116805fc171f830c34f1513f5d55b28e99b7bb4130d5f42335c5029f73078aca8a093c6250527a1c2ae9579e3789cf4c65c8ac2784566abcd83a86a17b66b937afd5c2269b1f14b876fb69f890962a13b3044c380a942c5ea1d6572d782132d15a2e534547cef31c07750f43eb51386e4841b4232068b986b5bf47ef21e25f116660930a414af2c44d370b753ff62655bf367dca76eb88d47975d20ef7fea822e3f863461dfe8d61936a3ba16c4eaf84c1c0ba73288cab2a62b976b89af2827ae01005c57d084bbb1ba1363e3366b3c6c34f6186a8fa40f33bb87a8385d9f4a32a3b96b5c71541df214c9ec5a2b766d51b70d466bd575db568a3cdac23eafc37d53719ad2f887980c684df080083d7d0d756cd8270f84eb0b55ecd895fb6d32b00812951968ff5f872805d1b458f4ffd752861570ee5ed342ee6aadc8877465dff4ff093dc375de0a04b23f9ea3b0483dffda4bed5aeccecdd25df0b6f1cc6d1bdaa8cfeb2cefc2ccb6df19cd32dc61038766b6dbcf10d54f7d7205d3141530d3d594d9b11dce10927a8901c69cca3a7527b6ab03a7c90417d57cfae9cc050f128aed26fc4599fa63dd95f4606afc76758cf57a6828166cedf0382b503c38e1355febbc41a3ddd0a57fe89e5d401246d22d55c4fbdf30401adf4913ea3e4fecbc920f2e1b237db1240f2541d11f899e81054336f1cb2e1dd59f97b6261f30c022c89b80054ac043448d212b36a0a3989a87a7012d631247540aaca1baca9527cc8490642fc9e72d95b286dc6508d1655d518c4f0f6e6ba12030f41db55d2fe7c560d5b940d7973b6c62a9b72749c82ac4b20f1aa07a22791b0e53978568f6015fbd5f9cbce68bb01ee3e552c51219b609978fbbdc4b6f221e1ce0d64946df8501974d8cbb0271d284e5f6567d6f09db8d5d970c1e17c99b943ae4a0b8322f4437d24a205df5f35074ce7506044b6d403f574d6ed03f0b8417c94f6c77739811185ac04af65759d6e33ee576e063c21c6550a11dc2cd3b492c9afddabc823228acdb5df9d8ab0c74138b979c124ca3aadf236fb69dd3b0c549813014c1bca2b8de073aa515d9a248537959ae7a11187cdd2e6fcd09cffd676edcf8abdb5fc7529a9ae4fed1b21ec302676e8fd82507025bc39cfbf4d4d91be81d5bbe390552040817bde8c0638c5eb5ea1c4e482cca819fd2a7418fb6b3edc6a93d6bf6d60d457e364ce11228122fe168fed39fc2e50377cc9586ac41d196060bbb7b4e3245cabe1b2ca824dcaaf74b23ed942e3e45b6d887acbe7b1ad5b3c1ef93beddf2d5e8d08d67d4d094f6d3a046798244697b6d43121e387a4ac3c123d2be2cf7d0b8891be726399abf01d83bf6e21d9f54d49b987f119b19072da9545543b98bf69496f1fa29523b91ddcec4b69cc37786bda84f638760a1a2af244a90858069175bb635cd4a6bfc37ce14a2de76907fbd321745d482a2cd2b458f398ca4aaeab3f34ddcc8ebb070e6a0a2e6577b56eceda6997fef5ee0de02f239a34b7a58ce2712c3946bf2b81e7186fd2b0e5f2ddec3a3d4094c4daeb4ee8062fd4da0436e79eced493a53ac8b4ff9f77be8d5730c996fa7cd25387a45246f673a8e0ab89d35eab1870830c550936e67498ce720832098a21c4b6a3b178f7dcb273f41a3f15d260b17ae41ed96125542156ba6ba08a61d9a9adfa7084ff20d11e2f3deffea3a6bda2aa2aeda1e05fae2a40924833e1086c120aaa203850ae120f41bcd2c637edad633e60ccc9e8bdab18e4aabc12995d121f38906486a042d7108a85755f6a7cbf47a9a84e45694f324f2bf968acbd7589a0d833b1aab08bce5ddf14bed0317cf4b71051e79f9270229ce1e03850dadcf589e7de6ae7eac30cc3de33138d91e165375dde9378bea7606c43be78da471d2f1e704218f8bce37cf7e5b2320e9807c82dc44f162885637d4db57fb1b5586f6ca1cb8075c7c88b768d47493b0d3d3eb0941b1230a2d63e871cea81ee2dda43846752403259a29af5685a44b2125d525a0bad9342b9fa3ee33b6448e8acfbcdec5debfefd0a349001cec52d79c9115eb9bd1e7c1b9306222ef79e0c77dc1d03ee2a6c0295b1bf09c01ed5f8473b683da45dd4d52c7df2f012d44e2b0fb6aa935b25ee0a487e6743e9ca1210989b4fe7da2ae5b5ed7dc60d8cdb8822b9bbe71140f0798d2ff2e195516f6b0eb8d5a8460738133bcd6d9ade0f7dcc00eea42d8b367cb82a1388126d0567f11d78f7ba243c052c8d0213f5b7af483d9a7a9be96c765b7fd3e8ada3b0ec19649bb51a5ff2707bf326f1ec759e2d9aef5eba2de1c97c1565ee6bf8ecde670608001e5ce48d4d292076978431c2b9dbf4fca7f9e7a6d6af9a091020c209c8bbd4900ec0aef68ccb167dc21972026da65e4d129e5c9aa2fec0888e8191f06ec805787fc03bcaa28ff326c7a209c417b04c1c6e33600bdb8c1096206dda0c95c7d849965b3ab82c6ead78679ee8a58e58dd48007934e26f69048886a575dfb286d8586a25990b44d609fcd3a9a3cb6540748dc112fd19818825664adc9e971bac1968116d6294c3fb1b673f10529fcf91f1b34299de145801e243641e1bbcdd513aaec72691caee74ed74f3fc35bd85ea02bd301244dc4374a59103a256ccd839dda2f9d508a8b41003be1941ecd5f01812cd48728fe9a358afb4c1b27833fc0cbfae3efbaad6809c674d8dfe690f7b48e63060f939ea1724f79b5e72573e96880f087a49eb4cde348e2d71dec822660c7a5d6a45edce150d0d3f768f0ceefa5358805bba9614b8673de6a103f50f3e1437b72dc83f986c6e0078fe803d70515f098729ab72109fe6ae5138f6ac51297049b667709ebf2f7eaeefd20a39de1dd89d8f6a6ddb8efe0cfc473280d4590b16cfb0f555e3856930c507071839a58a2a7dee56d271b6d6aff440f950fecd8eb9b891442e6140cf3ffdb118fe1a12ae959a38eeaad782623cd71eb1671e2e811b8c3a5571b9ecf0cc7f25f36b302f77980a9b487ffa1e17292a830ed9afe3a8505c875ed0f659992dad23a10ae73e355b16cb92e0c88711c6947d226c8087b1c80d9e525c86e15338c68ad5905b6e676c666f282b1d65ff43b209af542a0686c42289a463a651a85e0866cb158fb44bcaa83f67ca486e4a18240f1bec2d3a79e9a212be3d84122a1e4599ef9de25c154624461412557cb19ce4980d2052e75c464ba181114258c029ffce71faf0651cfe00487716772b8a35ec7109440c97746c25b02db6f87e8dce857ad8d4713311008f4f81312096055c579ca910ec4165d646dc21b6de5d42e73614aeec7ee68dbf7ca855500193986b7bed9ab2239d36eb66b56db42736d0b55963e66ffe8d0ec2fac942df9736a57ffc15cbbe45998b973c9f755fad60cb8fc1b87df4c175ba44b494ec33f39aa6d0370e596570f52098f409f89b4e195de8ec66d4c4e427655630adca871b5de1587a1996817d0750da94d4b5bc0610f23054671c6ead0c5a71ac0c21a8b7fb7fcc5e87e0b1e7a3fbb6e9dcf5c1941019372987e10e591404be916bd388489d5da50b76853f4dfc6ca1b938430a546ee97f6b5eb5eb6c5e208d4e57619d4a2d5671975b7a9e64d49c38976552f0063306fadcec717ac3dbb0d5bba5368ecdd3bf5748b7bd17b0c99d0405d5562cd6913da06f5d708793d76e43e1387f1b5b248704df1d5acf7b3e060c5e6c8a6f89dfa161090b47f88da28b43e7bde7fe988031f7851a694c5373e63f97f1d06b194cc0dfedda6c9e300c602b9b7d88c65e7aff754852fc9c661244ea3275adea5e06393c6a6ffd044cf3675d7002cb6fb96c9a796526cc467ed11831c5669125c73ad579531562167b8c0e8a0517e38f5be9b9529cebc5fd54f6a5882edfbd2c8ff620dae32a2ad17a7ec5b24b670f52421bd1179614749253d99e3236a", @ANYRES16=0x0], 0x17)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000040)=0x13)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="02c910"], 0x1d)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000000), 0x4)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000440), 0x400, 0x0)
ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f00000004c0)={0x0, 0x0})
request_key(&(0x7f0000000540)='asymmetric\x00', &(0x7f0000000580)={'syz', 0x3}, 0x0, 0xfffffffffffffffd)

3.212527868s ago: executing program 2 (id=1105):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f0000000180)=0x100003, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000680)=ANY=[], 0x18)
sendto$inet6(r0, &(0x7f0000000080)='w', 0x1, 0x0, 0x0, 0x0)

3.046391902s ago: executing program 5 (id=1106):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8930, &(0x7f0000000900)={'wlan1\x00', @random='\x00\x00\x00 \x00'})

2.922775408s ago: executing program 2 (id=1107):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001c0007fc000000000000000007000000", @ANYRES32=r1, @ANYBLOB="80008f000a000200aaaaaaaaaa1c"], 0x28}}, 0x0)

2.584206305s ago: executing program 5 (id=1108):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000080)=0xfffffffa)
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x2)

2.474870061s ago: executing program 2 (id=1109):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0xf1, 0x100000}, 0x10}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c003d000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
process_madvise(0xffffffffffffffff, &(0x7f0000000200), 0x1000000000000276, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x101641)
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r6, 0xc0105512, &(0x7f0000000000)=@usbdevfs_connect)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', 0xa00010, &(0x7f0000000700)=ANY=[@ANYBLOB='nodecomp\a\x00e,decompnsd=\x00'/36, @ANYRESHEX, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=")

746.966912ms ago: executing program 5 (id=1110):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFNETMASK(r0, 0x891c, &(0x7f0000000000)={'wg1\x00', {0x2, 0x0, @private}})

708.130424ms ago: executing program 2 (id=1111):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)={0x34, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES_HIGH={0x8, 0x14, 0x7}]}, 0x34}}, 0x0)

343.272784ms ago: executing program 5 (id=1112):
r0 = socket$inet(0xa, 0x801, 0x84)
syz_mount_image$cramfs(&(0x7f00000001c0), &(0x7f0000000180)='./file1\x00', 0x10080, &(0x7f00000006c0)=ANY=[@ANYRES16=0x0], 0x1, 0x154, &(0x7f0000000700)="$eJzszzFrGmEYwPH/eaeWVqtQC7ZDW+jQo2I9T+xWREulQu1Bi0uGENALCWgMCsExCbhlyAe4wUTIJA4hY4bEZDFRCMnnEDIEHA3nCcGQKfP7W477Pw8PvL9+DFWCIOP4Wa2s18x63Sx9+mfks/8Pj45f290LvACaQM1eLjn7J2lYsb8KjLacfOaH5dWy+a1YLdv/ozSoQOaV3d0pH87uS7uFnN34rKmfoffWafoTLTFr7xXIBJymAZM9+AK4eLh3BzSsSLdz8XfQz0W/HizKNHORj2+k+f7B3NGz79q+sEzBPN+3n0nDuon1o1exbud6OMj/MfLGMKHr3xNaXNOSXuNykEtu7qL89m3AwqN7Hg9QgG0JLAk60/noVPIzCfRaY6MS8IaA27UgSA1lOoFeawxzE6u4FHa3U6GgC1lFQhAEQRAEQRAEQRCe6T4AAP//8GRnwg==")
execve(&(0x7f00000003c0)='./file2\x00', 0x0, 0x0)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x25, &(0x7f00000003c0)=0xb4e, 0x4)
listen(r0, 0x100000001)
r1 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0xe)
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="043e111b07"], 0xfc)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000000100)='./file1/file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newlink={0x44, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_VFINFO_LIST={0x20, 0x16, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x18, 0xc, 0x0, 0x1, [{0x14, 0x1, {0xfffffffc}}]}]}]}, @IFLA_IFALIASn={0x4}]}, 0x44}}, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r2, 0xc0109428, &(0x7f00000000c0)={0x4})
ioctl$BTRFS_IOC_QUOTA_CTL(r2, 0x4008941a, &(0x7f0000000180)={0x2})
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000001700)={0x0, @in, 0x0, 0x400, 0x0, 0x0, 0x300}, 0x9c)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000200)={'wlan1\x00'})
recvmmsg(r1, &(0x7f0000004300), 0x3a4, 0x0, 0x0)

256.129041ms ago: executing program 2 (id=1113):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xd, &(0x7f0000001040)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a800000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000008000850000008200000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

0s ago: executing program 2 (id=1114):
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000f00)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="64697363617264000700000089bd47000000000000000000000000000000c0d7aecf05950ab7d689bb41012918d521428edf23582764292a5b70f182e5da325cc6a1e7be51ebcd00000000000000ef8a09f93326a37c6203a569725bb3f8902936d727b377c38328a16800639c2da42fb5a373d31b0e189df7a5b8963b40b15df6afce99b212e36055b1e7ae4e3f31a13f423dd3c5dda59616e2e5967e29ef83303852c5dce92983e47ebdf0912e954f7a6653c738238b9adced9d82bd3c76b7142615e9de9266c45e1b5ca13a313a5b641184d5561897edb989149ce9068e926ba693a1ebfa9c04e2b5823fb77aa6f8012b9859ce5735cf52e24655212cc25d8d0335ace4d7363ac260f11545c1f914b769b6277086817ccac98dcd5eb337a8c26663fbe2b8c21dd0c4a26645b7f23352d585431996f0fcf149fe3e92d378aa2809fc81a2e30143eb1b039ed9a93e55ef6ef04da90d39dc"], 0x1, 0xee2, &(0x7f0000001e80)="$eJzs3U9sHNUZAPA367+JTbwGCgZKSKEVgYIdkkhNb0GgHhGX3kEhoRGGooYeiPhjekBUQhQJcao4UHGhVEqRigSqVKGe2p5a9dYT6oVKVSoF9dBGSlzFeW+9O97XXY/tWXv395M+v33zZuf7xruYmcns2wCMrMbaz+PHF4oQ3v3snUdffqr45Nqyu1prHFr7WcReM4Qw0dYvStv7Ii64cumlU93aIhxd+5n64bGLrefOhBBWwqHweWiGj5aWv/rwvUcOf/z69C1vnX/mlR3a/ZbyfgAAwDC68Kflv933jz8+MH/5wsGTYaq1PB2fN2N/Jh73H4kHyul4uRE6+0VbtJssrTcWo1Fab6y03ngpz3gm30RpOxOZ9SZ75BtrW9ZtPwEAAGAvSue1zVA0Fjv6jcbi4vXz/mu+mJssFp87u3zm3IAKBQAAACr796trN90KIYQQQgghhBBiiGN1btBXIAAAAIBRU54vbIOV7Z2pq7W1Zn/5Lz7c6P582AZ1v//l31v5P3jNXxwAAKob1qPJtF/pODrNY1CeR3Cs9LzNHv83StsZ32SduXkF98p8g7k6y7/X3SpX/2Zfx0HJ1V+eD3O3ytVfnqdzt8rVP1VzHVXl6p+uuY6qcvXvq7mOqnL176+5jqpy9c/UXEdVufpna66jqlz9N9RcR1W5+g/UXEdVufr3ym21ufqbNddRVa7++ZrrqCpX/40111FVrv6baq6jqlz9N9dcx6DcGdv0eziYWW+myzndXjnHAwAAgFH3X/P/CSGEEEIIIYQQQx+vDvoCBAAAADBw6XMB6VPvq1EaH+sxPt4+Pr2+Qhqf6PH8yR7jUz3GAQAAgBB++8aZ294u1ue72+p8eGneqH3hk6uhwjxG5fkIN5t/q/OebTX/Xpm3DAAAgNFSfO/zq/c/+v4L85cvHDzZdvZ7NZ7vpnlAx+O1gU9jP90XMFvqF+kc+mRnnkZmvfL1gRty23t8izsKAAAAIyydvzdD0VhsO+9uhkZjcXH9fHwhTBRnzi6fPhL76ftZ/jA3MXVt+UM11w0AAAD0b/18v/v5f/oe34UwWSw+d3b5zLnr/dnW8olG+3WBufXlRft1gWZp+dHM8mOxn76/8wdz+9aWL5764fJT273zAAAAMCLOvXj+mSeXl0//yAMPPPCg9WDQf5kAAIDt9uWX70z8+Njs765//n99/rv0+f9Dsd+Mc/v9Oa6Q7hNInwPY8Hn9JzrzzOXWe75zvWZpvbEYU6W6p9u2E9bmG+x83nwuX7NzO5OZfDOlfLOlfOV5CsZL6xdd5hIMXeYnTOvNlZaX52EcL+UoSvnv7pILAAAAkqUXnn1+6dyL5x88++yTT59++vRzx46e+O6JE0ce+s5DS2v39S+1390PAAAA7EXrN/0OuhIAAAAAAAAAAAAAAAAAAAAYXXV8ndig9xEAAABG3b9eDSGsCJGJ9AWDg65D7OZYnRp8DcMdwX+HQgghhBBi67G6Wv6meQAAAICddeXSS6fa2w1Wim3N19pa83pzNeZN7eyDf52/Fmm1iw93Xi/Zv63VMOrqfv/Lv1vzT3Ud/+C17c0/nR70/fev0bmBkx29ff3mvXfplwvt+W8f7zN/ef8f7zdjp8Ol/PeG/vKvvl/K/0RHr9Fv/vtK+ff3mX/D/j/fb8ZO98f8C7F/+J5+83fuYnqXpv3o9w3w7dL+PxX6zV/a/2afCUseiPkBYBT1fcCyx6SjhHQ8PRP7aX/j4WYo3/2w2eP/Rmk741uuvHO76Tjo1thvHa+vdOZNNlt/+r3MxvaGinWW7ZW7SnL1b9fruNNy9U/UXEdVufona66jqlz93c/ed59c/dM111FVrv6+L0QMWK7+vXJdOVf/TM11VJWrf7bmOqrK1b/Z/48PSq7+AzXXUVWu/rma66gqV3/Fy2q1y9U/X3MdVeXqv7HmOqrK1X9TzXVUlav/5prrGJQ7Yps7H07nn3NxLPWbpf5Ul9/lsF5bAAAAgL3mn+b/E0IIIYQQYuTjP6vXDboOIcTOxerqoK9AMEg7+2lmAHYrf/9Hm9d/tHn9R5vXn/8n3cNflPrJWI/x8R7jEz3GJ0vj5ffrVI/xm0rbXU3XNaObe4x/Le5BbvxAj+ff2mN8ocf4bT3Gb+8xfkePcQAAAEbDLbF1fggAAADD6+Vfffrmb+594tL85QsHT4bJDfPOH4n9qfhv62/Efnne+2Qi/pv/T2L/F7H9fWz/Xlrf/ScAAACw89L3xPj3fwAAABhe6XtKnf8DAADA8JqPrfN/AAAAGF43xtb5PwAAAAyxYrr74tim6wJ3x7bfef0AgN3v67G9M7YHY3tXbL8R23QccE9sv1lTfQDA9vn593964u1ifb7/Y6XxK3F5ajdYuX6loGh0zuS/L7b7Y/utPuspfx9Av/mTA33m2an8c1vMDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMj8baz+PHF4oQ3v3snUd/NvnmX64tu6u1xqG1n0XsNUMIE63npdH1/q/jilcuvXSqvb0a2yIcDUUoWsvDYxdbmWZCCCvhUPg8NMNHS8tfffjeI4c/fn36lrfOP/PKDv4KOvYPAAAAhtH/AgAA//8EMCKu")
open(&(0x7f0000000180)='./bus\x00', 0xa37e, 0x0)
r0 = open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0)
ftruncate(r0, 0x2088002)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r3 = open(&(0x7f0000007f80)='./bus\x00', 0x145142, 0x0)
sendfile(r2, r3, 0x0, 0x1000000201005)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000340)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00?'])

kernel console output (not intermixed with test programs):

ck is recommended
[  458.439147][ T8036] EXT4-fs warning (device loop5): dx_probe:844: inode #2: comm syz.5.746: Hash code is SIPHASH, but hash not in dirent
[  458.491313][ T8036] EXT4-fs warning (device loop5): dx_probe:965: inode #2: comm syz.5.746: Corrupt directory, running e2fsck is recommended
[  458.675312][ T8049] netlink: 72 bytes leftover after parsing attributes in process `syz.4.748'.
[  458.799258][ T7125] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  458.942577][ T1790] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  459.050698][ T8052] loop5: detected capacity change from 0 to 256
[  459.194824][ T1790] usb 1-1: Using ep0 maxpacket: 8
[  459.203840][ T8049] netlink: 72 bytes leftover after parsing attributes in process `syz.4.748'.
[  459.271108][ T1790] usb 1-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e
[  459.323790][ T1790] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.395272][ T1790] usb 1-1: config 0 descriptor??
[  459.460709][ T1790] usb 1-1: bad CDC descriptors
[  459.789814][ T8057] rdma_op ffff8880645151f0 conn xmit_rdma 0000000000000000
[  461.518355][ T8072] xt_time: unknown flags 0xa0
[  461.560072][ T7737] 8021q: adding VLAN 0 to HW filter on device bond0
[  461.608870][ T7800] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  461.735006][ T7800] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  461.835993][ T7800] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  462.046549][ T7737] 8021q: adding VLAN 0 to HW filter on device team0
[  462.064180][ T7800] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  462.138008][   T46] usb 1-1: USB disconnect, device number 8
[  462.360310][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  462.367642][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  462.486063][ T8082] smc: net device lo applied user defined pnetid SYZ2
[  462.488202][ T8079] loop4: detected capacity change from 0 to 2048
[  462.497565][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  462.507286][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  462.612833][ T8079] hpfs: hpfs_map_sector(): read error
[  462.736166][ T8089] netlink: 9 bytes leftover after parsing attributes in process `syz.0.757'.
[  462.767763][ T8089] 1·: renamed from 
c0· (while UP)
[  462.860544][ T8089] A link change request failed with some changes committed already. Interface 
c1· may have been left with an inconsistent configuration, please check.
[  462.971962][ T8091] netlink: 16 bytes leftover after parsing attributes in process `syz.5.758'.
[  463.127153][ T8092] loop4: detected capacity change from 0 to 1024
[  463.264009][ T8092] hfsplus: request for non-existent node 3 in B*Tree
[  463.273102][ T8092] hfsplus: request for non-existent node 3 in B*Tree
[  463.313118][ T5108] Bluetooth: hci1: Dropping invalid advertising data
[  463.320503][ T5108] Bluetooth: hci1: Dropping invalid advertising data
[  463.327576][ T5108] Bluetooth: hci1: Dropping invalid advertising data
[  463.334413][ T5108] Bluetooth: hci1: Malformed LE Event: 0x02
[  463.516774][ T7680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  463.857168][ T1052] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  463.869150][ T7737] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  463.879926][ T8092] hfsplus: request for non-existent node 4 in B*Tree
[  463.900566][ T8092] hfsplus: request for non-existent node 4 in B*Tree
[  464.082878][ T1052] usb 6-1: Using ep0 maxpacket: 16
[  464.094328][ T1052] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  464.151701][ T1052] usb 6-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  464.193781][ T1052] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  464.284217][ T1052] usb 6-1: config 0 descriptor??
[  464.421244][ T1052] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input11
[  464.498717][ T3784] hfsplus: b-tree write err: -5, ino 3
[  464.647717][ T4533] bcm5974 6-1:0.0: could not read from device
[  464.758806][ T8098] bcm5974 6-1:0.0: could not read from device
[  465.001838][ T8110] syz_tun: entered promiscuous mode
[  465.104311][ T8110] syz_tun: left promiscuous mode
[  465.499517][ T4533] bcm5974 6-1:0.0: could not read from device
[  465.508652][ T1052] usb 6-1: USB disconnect, device number 10
[  465.570460][ T7452] bcm5974 6-1:0.0: could not read from device
[  465.638181][ T7800] 8021q: adding VLAN 0 to HW filter on device bond0
[  465.674772][ T4533] bcm5974 6-1:0.0: could not read from device
[  466.375745][ T7680] veth0_vlan: entered promiscuous mode
[  466.751447][ T7800] 8021q: adding VLAN 0 to HW filter on device team0
[  466.823625][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.830956][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  466.888759][ T8126] bridge0: port 3(hsr_slave_1) entered blocking state
[  466.913214][ T8126] bridge0: port 3(hsr_slave_1) entered disabled state
[  466.920373][ T8126] hsr_slave_1: entered allmulticast mode
[  466.981898][ T8126] hsr_slave_1: left allmulticast mode
[  467.080652][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.088022][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  467.127010][ T7680] veth1_vlan: entered promiscuous mode
[  467.134647][ T8133] hugetlbfs: Bad value 'A' for mount option 'nr_inodes'
[  467.134647][ T8133] 
[  467.418309][ T8136] xt_time: unknown flags 0xa0
[  467.458269][ T5117] Bluetooth: hci1: command 0x0406 tx timeout
[  467.664338][ T7737] 8021q: adding VLAN 0 to HW filter on device batadv0
[  467.950497][ T7800] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  468.023360][ T8143] netlink: 19 bytes leftover after parsing attributes in process `syz.5.766'.
[  468.250538][ T8148] loop4: detected capacity change from 0 to 256
[  468.819886][ T8156] loop5: detected capacity change from 0 to 512
[  468.846101][ T7737] veth0_vlan: entered promiscuous mode
[  468.887502][ T8156] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  468.959524][ T7737] veth1_vlan: entered promiscuous mode
[  469.021217][ T8156] EXT4-fs (loop5): 1 truncate cleaned up
[  469.054739][ T8156] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  469.217762][ T8165] loop4: detected capacity change from 0 to 128
[  469.320832][ T8156] EXT4-fs warning (device loop5): __ext4fs_dirhash:270: inode #2: comm syz.5.769: Siphash requires key
[  469.432471][ T8168] EXT4-fs warning (device loop5): dx_probe:844: inode #2: comm syz.5.769: Hash code is SIPHASH, but hash not in dirent
[  469.458266][ T7737] veth0_macvtap: entered promiscuous mode
[  469.524316][ T8168] EXT4-fs warning (device loop5): dx_probe:965: inode #2: comm syz.5.769: Corrupt directory, running e2fsck is recommended
[  469.564936][ T7737] veth1_macvtap: entered promiscuous mode
[  469.785325][ T7125] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  469.907194][ T5117] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  469.920462][ T5117] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  469.930241][ T5117] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  470.041279][ T5117] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  470.050925][ T5117] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  470.105524][ T5117] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  470.476009][ T8190] loop5: detected capacity change from 0 to 1024
[  470.558209][ T8190] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  470.630131][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.675561][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.712941][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.740169][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.760699][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.792268][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.810391][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.831423][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.847909][ T7737] batman_adv: batadv0: Interface activated: batadv_slave_0
[  470.864182][ T7125] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  471.087735][ T7800] 8021q: adding VLAN 0 to HW filter on device batadv0
[  471.531122][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.545006][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.562311][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.577283][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.592319][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.609536][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.636870][ T7737] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.718841][ T7737] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  472.168535][ T7737] batman_adv: batadv0: Interface activated: batadv_slave_1
[  472.204510][ T5117] Bluetooth: hci4: command tx timeout
[  472.487192][ T8211] netlink: 19 bytes leftover after parsing attributes in process `syz.0.779'.
[  472.611331][ T8213] netlink: 72 bytes leftover after parsing attributes in process `syz.5.781'.
[  472.688624][ T7737] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  472.711897][ T7737] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  472.721893][ T7737] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  472.733490][ T7737] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  472.753996][ T8213] netlink: 72 bytes leftover after parsing attributes in process `syz.5.781'.
[  472.802351][ T1052] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  472.930188][ T8215] loop0: detected capacity change from 0 to 256
[  473.002598][ T1052] usb 5-1: Using ep0 maxpacket: 16
[  473.033629][ T1052] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  473.073520][ T1052] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  473.084356][ T1052] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  473.101385][ T1052] usb 5-1: config 0 descriptor??
[  473.130500][ T1052] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input12
[  473.474077][ T4533] bcm5974 5-1:0.0: could not read from device
[  473.573746][ T8207] bcm5974 5-1:0.0: could not read from device
[  473.768983][ T7800] veth0_vlan: entered promiscuous mode
[  473.868299][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  473.893271][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  473.929122][ T8229] loop0: detected capacity change from 0 to 1024
[  473.957934][ T4533] bcm5974 5-1:0.0: could not read from device
[  473.959744][ T1052] usb 5-1: USB disconnect, device number 8
[  473.980096][ T4533] bcm5974 5-1:0.0: could not read from device
[  473.990045][ T4533] bcm5974 5-1:0.0: could not read from device
[  474.040163][ T8229] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  474.184808][ T6968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  474.196709][   T53] bridge_slave_1: left allmulticast mode
[  474.205218][   T53] bridge_slave_1: left promiscuous mode
[  474.220769][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  474.243093][ T5117] Bluetooth: hci4: command tx timeout
[  474.280097][   T53] bridge_slave_0: left allmulticast mode
[  474.288389][   T53] bridge_slave_0: left promiscuous mode
[  474.303524][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  474.693162][ T8239] loop5: detected capacity change from 0 to 256
[  476.457363][ T5117] Bluetooth: hci4: command tx timeout
[  477.105223][ T8252] loop5: detected capacity change from 0 to 2048
[  477.130474][ T8252] EXT4-fs: Ignoring removed mblk_io_submit option
[  477.238677][ T8252] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  477.310731][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  477.323914][ T5108] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  477.334756][ T5108] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  477.346161][ T5108] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  477.387510][ T5108] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  477.402846][ T5108] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  477.410579][ T5108] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  477.445994][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  477.479545][ T8251] EXT4-fs error (device loop5): ext4_validate_block_bitmap:440: comm syz.5.793: bg 0: block 234: padding at end of block bitmap is not set
[  477.492971][   T53] bond0 (unregistering): Released all slaves
[  477.503260][ T8251] EXT4-fs (loop5): Remounting filesystem read-only
[  477.515193][ T8251] EXT4-fs (loop5): error restoring inline_data for inode -- potential data loss! (inode 18, error -5)
[  477.687061][ T7125] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.732618][ T7800] veth1_vlan: entered promiscuous mode
[  478.203719][ T8260] netlink: 48 bytes leftover after parsing attributes in process `syz.0.795'.
[  478.214367][   T53] hsr_slave_0: left promiscuous mode
[  478.260560][   T53] hsr_slave_1: left promiscuous mode
[  478.300706][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  478.345832][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  478.349788][ T8262] loop5: detected capacity change from 0 to 256
[  478.454763][   T53] veth1_vlan: left promiscuous mode
[  478.484267][ T5108] Bluetooth: hci4: command tx timeout
[  478.499920][   T53] veth0_vlan: left promiscuous mode
[  478.685556][ T8264] loop4: detected capacity change from 0 to 1024
[  478.757562][ T8264] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  478.979422][ T7092] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  479.443371][ T5108] Bluetooth: hci5: command tx timeout
[  479.598719][   T53] team0 (unregistering): Port device team_slave_1 removed
[  479.693664][   T53] team0 (unregistering): Port device team_slave_0 removed
[  480.622927][ T8177] chnl_net:caif_netlink_parms(): no params data found
[  481.062015][ T8277] loop4: detected capacity change from 0 to 2048
[  481.084611][ T8278] netlink: 24 bytes leftover after parsing attributes in process `syz.0.801'.
[  481.097703][ T8277] hpfs: hpfs_map_sector(): read error
[  481.157138][ T8278] gre1: entered promiscuous mode
[  481.379189][ T8284] loop4: detected capacity change from 0 to 1024
[  481.532530][ T5108] Bluetooth: hci5: command tx timeout
[  481.548804][ T8284] hfsplus: request for non-existent node 3 in B*Tree
[  481.590350][ T8284] hfsplus: request for non-existent node 3 in B*Tree
[  481.738812][ T8177] bridge0: port 1(bridge_slave_0) entered blocking state
[  482.706579][ T8177] bridge0: port 1(bridge_slave_0) entered disabled state
[  482.753615][ T8177] bridge_slave_0: entered allmulticast mode
[  482.765045][ T5108] Bluetooth: hci1: Dropping invalid advertising data
[  482.771871][ T5108] Bluetooth: hci1: Dropping invalid advertising data
[  482.779887][ T5108] Bluetooth: hci1: Dropping invalid advertising data
[  482.787067][ T5108] Bluetooth: hci1: Malformed LE Event: 0x02
[  482.824560][ T8177] bridge_slave_0: entered promiscuous mode
[  482.904038][ T7800] veth0_macvtap: entered promiscuous mode
[  482.983029][ T8298] binder: 8297:8298 unknown command 0
[  482.988562][ T8298] binder: 8297:8298 ioctl c0306201 20000340 returned -22
[  483.021130][ T8177] bridge0: port 2(bridge_slave_1) entered blocking state
[  483.065881][ T8177] bridge0: port 2(bridge_slave_1) entered disabled state
[  483.145954][ T8177] bridge_slave_1: entered allmulticast mode
[  483.214931][ T8177] bridge_slave_1: entered promiscuous mode
[  483.315656][ T8306] loop0: detected capacity change from 0 to 512
[  483.316412][ T7800] veth1_macvtap: entered promiscuous mode
[  483.347062][ T8306] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  483.363634][ T8306] UDF-fs: Scanning with blocksize 512 failed
[  483.395675][ T8306] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  483.411762][ T8306] UDF-fs: Scanning with blocksize 1024 failed
[  483.448010][ T8284] hfsplus: request for non-existent node 4 in B*Tree
[  483.456204][ T8284] hfsplus: request for non-existent node 4 in B*Tree
[  483.476529][ T8303] loop5: detected capacity change from 0 to 512
[  483.481608][ T8306] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found
[  483.498048][ T8306] UDF-fs: Scanning with blocksize 2048 failed
[  483.545946][ T8306] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  483.604305][ T5108] Bluetooth: hci5: command tx timeout
[  483.611042][ T8306] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  483.617494][ T8303] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  483.678706][ T8303] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  483.789066][ T8177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  484.178783][   T11] hfsplus: b-tree write err: -5, ino 3
[  484.231814][ T8313] overlayfs: workdir and upperdir must reside under the same mount
[  484.347005][ T8177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  484.390553][ T8317] capability: warning: `syz.0.806' uses deprecated v2 capabilities in a way that may be insecure
[  484.659889][ T8314] netlink: 20 bytes leftover after parsing attributes in process `syz.0.806'.
[  485.692363][ T5108] Bluetooth: hci5: command tx timeout
[  485.992399][ T8177] team0: Port device team_slave_0 added
[  486.033105][ T8177] team0: Port device team_slave_1 added
[  486.514280][ T5117] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  486.529507][ T5117] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  486.538663][ T5117] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  486.588972][ T5117] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  486.603955][ T5117] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  486.613868][ T5117] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  486.734839][ T8331] syz_tun: entered promiscuous mode
[  486.762848][ T8331] syz_tun: left promiscuous mode
[  486.842669][ T8177] batman_adv: batadv0: Adding interface: batadv_slave_0
[  486.859972][ T8177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  486.889789][ T8177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  486.915719][ T8177] batman_adv: batadv0: Adding interface: batadv_slave_1
[  486.930973][ T8177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  486.972036][ T8177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  487.080302][   T53] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.128252][ T8336] netlink: 24 bytes leftover after parsing attributes in process `syz.4.812'.
[  487.156952][ T8336] gre1: entered promiscuous mode
[  487.181832][ T8255] chnl_net:caif_netlink_parms(): no params data found
[  487.285167][ T7125] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  487.489466][   T53] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  488.723285][ T5117] Bluetooth: hci2: command tx timeout
[  488.867195][ T8349] xt_CT: You must specify a L4 protocol and not use inversions on it
[  489.045020][ T8352] loop4: detected capacity change from 0 to 2048
[  489.115115][ T8177] hsr_slave_0: entered promiscuous mode
[  489.156276][ T8352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  489.163334][ T8177] hsr_slave_1: entered promiscuous mode
[  489.193067][ T8352] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  489.262670][ T8177] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  489.270268][ T8177] Cannot create hsr debugfs directory
[  489.480455][   T53] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.754670][   T53] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.754902][ T7092] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  490.422006][ T8366] loop0: detected capacity change from 0 to 1024
[  490.432613][ T8367] netlink: 12 bytes leftover after parsing attributes in process `syz.4.818'.
[  490.451036][ T8366] EXT4-fs: Ignoring removed orlov option
[  490.480467][ T8366] EXT4-fs: Ignoring removed nomblk_io_submit option
[  490.607941][ T8366] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  490.802886][ T5117] Bluetooth: hci2: command tx timeout
[  490.811648][ T8255] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.874110][ T8255] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.915343][ T8255] bridge_slave_0: entered allmulticast mode
[  490.972412][ T8255] bridge_slave_0: entered promiscuous mode
[  491.355553][ T8255] bridge0: port 2(bridge_slave_1) entered blocking state
[  491.374512][ T8255] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.385530][ T8255] bridge_slave_1: entered allmulticast mode
[  491.580874][ T8255] bridge_slave_1: entered promiscuous mode
[  491.915218][ T6968] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  492.609057][ T8255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  492.705799][ T8394] netlink: 9 bytes leftover after parsing attributes in process `syz.0.821'.
[  492.725890][ T8394] 0·: renamed from 
c1· (while UP)
[  492.759627][ T8394] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  492.884315][ T5117] Bluetooth: hci2: command tx timeout
[  492.926226][ T8392] netlink: 24 bytes leftover after parsing attributes in process `syz.4.824'.
[  493.046365][ T8255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  493.854275][ T8255] team0: Port device team_slave_0 added
[  493.918120][   T53] bridge_slave_1: left allmulticast mode
[  493.932895][ T8395] loop5: detected capacity change from 0 to 32768
[  493.939501][   T53] bridge_slave_1: left promiscuous mode
[  493.950715][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.984925][   T53] bridge_slave_0: left allmulticast mode
[  493.990621][   T53] bridge_slave_0: left promiscuous mode
[  494.000213][ T8395] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  494.000464][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  494.175937][ T8395] XFS (loop5): Ending clean mount
[  494.386037][ T8400] loop4: detected capacity change from 0 to 32768
[  494.646737][ T7125] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  494.963664][ T5117] Bluetooth: hci2: command tx timeout
[  495.357509][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  495.412185][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  495.436419][ T8414] hugetlbfs: Bad value 'A' for mount option 'nr_inodes'
[  495.436419][ T8414] 
[  495.468388][   T53] bond0 (unregistering): Released all slaves
[  495.795559][ T8255] team0: Port device team_slave_1 added
[  496.489003][ T8255] batman_adv: batadv0: Adding interface: batadv_slave_0
[  496.506846][ T8255] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.557536][ T8255] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  496.635897][ T8255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  496.676310][ T8255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  496.712277][ T8255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  497.227062][ T8431] loop4: detected capacity change from 0 to 128
[  497.270797][ T8332] chnl_net:caif_netlink_parms(): no params data found
[  497.316050][ T8432] loop5: detected capacity change from 0 to 2048
[  497.518454][ T8432] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  497.818373][   T29] audit: type=1800 audit(1721733220.423:30): pid=8432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.829" name="bus" dev="loop5" ino=1367 res=0 errno=0
[  499.246004][ T8255] hsr_slave_0: entered promiscuous mode
[  499.287116][ T8255] hsr_slave_1: entered promiscuous mode
[  499.333388][ T8255] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  499.341008][ T8255] Cannot create hsr debugfs directory
[  499.450730][   T53] hsr_slave_0: left promiscuous mode
[  499.466452][   T53] hsr_slave_1: left promiscuous mode
[  499.475221][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  499.492426][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  499.505007][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  499.522545][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  499.599340][   T53] veth1_macvtap: left promiscuous mode
[  499.622616][   T53] veth0_macvtap: left promiscuous mode
[  499.628584][   T53] veth1_vlan: left promiscuous mode
[  499.639468][   T53] veth0_vlan: left promiscuous mode
[  500.456583][ T8458] loop5: detected capacity change from 0 to 32768
[  501.121895][   T53] team0 (unregistering): Port device team_slave_1 removed
[  501.188830][   T53] team0 (unregistering): Port device team_slave_0 removed
[  501.772524][ T8465] loop5: detected capacity change from 0 to 32768
[  501.852157][ T8465] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  501.906764][ T8465] XFS (loop5): Ending clean mount
[  502.189152][ T7125] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  502.500776][ T8455] netlink: 24 bytes leftover after parsing attributes in process `syz.4.834'.
[  502.872183][ T5108] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  502.885905][ T5108] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  502.922874][ T5108] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  502.935708][ T5108] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  502.945359][ T5108] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  502.953754][ T5108] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  503.431278][ T8332] bridge0: port 1(bridge_slave_0) entered blocking state
[  503.492509][ T8332] bridge0: port 1(bridge_slave_0) entered disabled state
[  503.505596][ T8332] bridge_slave_0: entered allmulticast mode
[  503.525778][ T8332] bridge_slave_0: entered promiscuous mode
[  503.866783][ T8332] bridge0: port 2(bridge_slave_1) entered blocking state
[  503.913341][ T8332] bridge0: port 2(bridge_slave_1) entered disabled state
[  503.920997][ T8332] bridge_slave_1: entered allmulticast mode
[  504.264471][ T8332] bridge_slave_1: entered promiscuous mode
[  505.082887][ T5108] Bluetooth: hci6: command tx timeout
[  505.455325][ T8498] loop5: detected capacity change from 0 to 128
[  505.518174][ T8332] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  505.564220][ T8177] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  505.716071][ T8332] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  505.725542][ T8177] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  505.787505][   T29] audit: type=1804 audit(1721733228.583:31): pid=8500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.844" name="/newroot/84/file0/bus" dev="loop5" ino=1048704 res=1 errno=0
[  505.865509][   T29] audit: type=1804 audit(1721733228.583:32): pid=8500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.844" name="/newroot/84/file0/bus" dev="loop5" ino=1048704 res=1 errno=0
[  505.874315][ T8500] syz.5.844: attempt to access beyond end of device
[  505.874315][ T8500] loop5: rw=2049, sector=177, nr_sectors = 5 limit=128
[  506.031566][ T8177] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  506.233425][ T8332] team0: Port device team_slave_0 added
[  506.248195][ T8177] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  506.381186][   T11] kworker/u8:0: attempt to access beyond end of device
[  506.381186][   T11] loop5: rw=1, sector=145, nr_sectors = 32 limit=128
[  506.440831][ T8332] team0: Port device team_slave_1 added
[  506.489887][ T8496] loop4: detected capacity change from 0 to 32768
[  506.827875][ T8332] batman_adv: batadv0: Adding interface: batadv_slave_0
[  506.845346][ T8332] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  506.902401][ T8332] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  507.020809][   T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.122492][ T5108] Bluetooth: hci6: command tx timeout
[  507.227527][ T8332] batman_adv: batadv0: Adding interface: batadv_slave_1
[  507.237539][ T8332] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  507.274380][ T8332] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  507.426968][   T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.855368][   T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  507.874679][ T8518] netlink: 9 bytes leftover after parsing attributes in process `syz.4.846'.
[  507.884774][ T8518] 0·: renamed from hsr_slave_1 (while UP)
[  507.915467][ T8518] 0·: entered allmulticast mode
[  507.921410][ T8518] A link change request failed with some changes committed already. Interface 
c0· may have been left with an inconsistent configuration, please check.
[  507.998773][ T8513] loop5: detected capacity change from 0 to 32768
[  508.032702][ T8513] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  508.033951][ T8332] hsr_slave_0: entered promiscuous mode
[  508.056227][ T8332] hsr_slave_1: entered promiscuous mode
[  508.067197][ T8332] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  508.079879][ T8332] Cannot create hsr debugfs directory
[  508.193371][ T8513] XFS (loop5): Ending clean mount
[  508.265074][   T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  508.430388][ T7125] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  508.481644][ T8478] chnl_net:caif_netlink_parms(): no params data found
[  509.019910][ T8255] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  509.149563][ T8255] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  509.169540][ T8255] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  509.203145][ T5108] Bluetooth: hci6: command tx timeout
[  509.336237][ T8255] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  509.397418][ T8478] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.413383][ T8478] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.420872][ T8478] bridge_slave_0: entered allmulticast mode
[  509.434469][ T8478] bridge_slave_0: entered promiscuous mode
[  509.541349][ T8478] bridge0: port 2(bridge_slave_1) entered blocking state
[  509.552178][ T8478] bridge0: port 2(bridge_slave_1) entered disabled state
[  509.574574][ T8478] bridge_slave_1: entered allmulticast mode
[  509.597098][ T8478] bridge_slave_1: entered promiscuous mode
[  510.083428][ T8478] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  510.132084][ T8478] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  510.724601][ T8478] team0: Port device team_slave_0 added
[  510.795147][ T8478] team0: Port device team_slave_1 added
[  511.431717][ T5108] Bluetooth: hci6: command tx timeout
[  511.463292][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  511.469702][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  511.993373][   T53] bridge_slave_1: left allmulticast mode
[  511.999093][   T53] bridge_slave_1: left promiscuous mode
[  512.025509][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.046315][   T53] bridge_slave_0: left allmulticast mode
[  512.052003][   T53] bridge_slave_0: left promiscuous mode
[  512.072656][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.110425][   T53] bridge_slave_1: left allmulticast mode
[  512.134569][   T53] bridge_slave_1: left promiscuous mode
[  512.140524][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.173992][   T53] bridge_slave_0: left allmulticast mode
[  512.179709][   T53] bridge_slave_0: left promiscuous mode
[  512.202613][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  512.555389][ T8549] loop5: detected capacity change from 0 to 32768
[  512.981616][ T8551] loop4: detected capacity change from 0 to 32768
[  513.665444][ T5108] Bluetooth: Unexpected continuation frame (len 24)
[  513.852633][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  513.867181][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  513.879671][   T53] bond0 (unregistering): Released all slaves
[  514.061897][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  514.078288][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  514.093838][   T53] bond0 (unregistering): Released all slaves
[  514.124383][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_0
[  514.131410][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  514.160438][ T8478] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  514.198751][ T8177] 8021q: adding VLAN 0 to HW filter on device bond0
[  514.360724][ T8555] netlink: 'syz.4.857': attribute type 10 has an invalid length.
[  514.416494][ T8555] team0: Port device netdevsim0 added
[  514.439196][ T8557] netlink: 'syz.4.857': attribute type 10 has an invalid length.
[  514.486648][ T8557] team0: Port device netdevsim0 removed
[  514.498121][ T8557] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  514.565272][ T8478] batman_adv: batadv0: Adding interface: batadv_slave_1
[  514.582354][ T8478] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  514.608548][ T8478] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  515.325970][ T8478] hsr_slave_0: entered promiscuous mode
[  515.345956][ T8478] hsr_slave_1: entered promiscuous mode
[  515.355020][ T8478] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  515.376934][ T8478] Cannot create hsr debugfs directory
[  515.479481][ T8177] 8021q: adding VLAN 0 to HW filter on device team0
[  515.538937][   T53] hsr_slave_0: left promiscuous mode
[  515.573612][   T53] 0·: left promiscuous mode
[  515.599946][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  515.619003][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  515.663921][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  515.682570][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  515.775501][   T53] hsr_slave_0: left promiscuous mode
[  515.804032][   T53] hsr_slave_1: left promiscuous mode
[  515.827576][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  515.863548][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  516.024685][   T53] veth1_macvtap: left promiscuous mode
[  516.030396][   T53] veth0_macvtap: left promiscuous mode
[  516.072793][   T53] veth1_vlan: left promiscuous mode
[  516.078326][   T53] veth0_vlan: left promiscuous mode
[  516.128207][   T53] veth1_macvtap: left promiscuous mode
[  516.142688][   T53] veth0_macvtap: left promiscuous mode
[  516.148585][   T53] veth1_vlan: left promiscuous mode
[  516.174774][   T53] veth0_vlan: left promiscuous mode
[  516.458065][ T5117] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  516.471131][ T5117] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  516.482683][ T5117] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  516.515558][ T5117] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  516.532304][ T5117] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  516.540193][ T5117] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  516.597137][ T8597] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  518.272715][ T8601] loop4: detected capacity change from 0 to 40427
[  518.333323][ T8601] F2FS-fs (loop4): invalid crc value
[  518.363952][ T8601] F2FS-fs (loop4): Found nat_bits in checkpoint
[  518.575327][ T8601] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  518.650498][ T5117] Bluetooth: hci0: command tx timeout
[  518.860541][   T53] team0 (unregistering): Port device team_slave_1 removed
[  518.886133][ T7092] syz-executor: attempt to access beyond end of device
[  518.886133][ T7092] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  518.913505][ T7092] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  518.985652][   T53] team0 (unregistering): Port device team_slave_0 removed
[  520.723136][ T5117] Bluetooth: hci0: command tx timeout
[  521.054497][   T53] team0 (unregistering): Port device team_slave_1 removed
[  521.118699][   T53] team0 (unregistering): Port device team_slave_0 removed
[  522.101540][ T8332] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  522.347454][ T8332] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  522.406407][ T8332] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  522.678506][ T8332] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  522.767088][ T5164] bridge0: port 1(bridge_slave_0) entered blocking state
[  522.774427][ T5164] bridge0: port 1(bridge_slave_0) entered forwarding state
[  522.810437][ T5117] Bluetooth: hci0: command tx timeout
[  522.977590][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  522.984950][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  523.196395][ T8255] 8021q: adding VLAN 0 to HW filter on device bond0
[  523.785755][ T8255] 8021q: adding VLAN 0 to HW filter on device team0
[  523.896574][ T8670] sp0: Synchronizing with TNC
[  524.331908][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  524.339479][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  524.427287][ T8177] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  524.554343][ T5164] bridge0: port 2(bridge_slave_1) entered blocking state
[  524.561705][ T5164] bridge0: port 2(bridge_slave_1) entered forwarding state
[  524.679417][ T8683] loop4: detected capacity change from 0 to 2048
[  524.714569][ T8683] EXT4-fs: Ignoring removed mblk_io_submit option
[  524.879324][ T8683] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  524.904595][ T5117] Bluetooth: hci0: command tx timeout
[  525.124843][ T8683] EXT4-fs (loop4): shut down requested (0)
[  525.464839][ T8681] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm syz.4.877: bg 0: block 234: padding at end of block bitmap is not set
[  525.488950][ T8681] EXT4-fs (loop4): Remounting filesystem read-only
[  525.768821][ T7092] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  525.773330][ T8594] chnl_net:caif_netlink_parms(): no params data found
[  525.881719][   T53] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.047032][ T8177] 8021q: adding VLAN 0 to HW filter on device batadv0
[  526.158564][   T53] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.358713][ T8478] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  526.406677][   T53] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.502461][ T8478] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  526.517455][ T8478] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  526.646204][   T53] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.672540][ T8478] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  526.709079][ T8594] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.717034][ T8594] bridge0: port 1(bridge_slave_0) entered disabled state
[  526.726018][ T8594] bridge_slave_0: entered allmulticast mode
[  526.737129][ T8594] bridge_slave_0: entered promiscuous mode
[  526.757270][ T8594] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.769041][ T8594] bridge0: port 2(bridge_slave_1) entered disabled state
[  526.777595][ T8594] bridge_slave_1: entered allmulticast mode
[  526.790719][ T8594] bridge_slave_1: entered promiscuous mode
[  526.848692][ T8332] 8021q: adding VLAN 0 to HW filter on device bond0
[  526.955311][ T8594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  527.000927][ T8594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  527.071690][ T8332] 8021q: adding VLAN 0 to HW filter on device team0
[  527.119064][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  527.126469][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  527.246515][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  527.253881][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  527.278202][ T8594] team0: Port device team_slave_0 added
[  527.358299][ T8594] team0: Port device team_slave_1 added
[  527.398668][ T8255] 8021q: adding VLAN 0 to HW filter on device batadv0
[  527.487737][ T8594] batman_adv: batadv0: Adding interface: batadv_slave_0
[  527.500908][ T8594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  527.530517][ T8594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  527.560321][   T53] bridge_slave_1: left allmulticast mode
[  527.566423][   T53] bridge_slave_1: left promiscuous mode
[  527.573908][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  527.585867][   T53] bridge_slave_0: left allmulticast mode
[  527.591550][   T53] bridge_slave_0: left promiscuous mode
[  527.597891][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  527.618549][   T53] bridge_slave_1: left allmulticast mode
[  527.624813][   T53] bridge_slave_1: left promiscuous mode
[  527.630792][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  527.641859][   T53] bridge_slave_0: left allmulticast mode
[  527.648421][   T53] bridge_slave_0: left promiscuous mode
[  527.656479][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  528.338897][ T5117] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  528.351651][ T5117] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  528.360762][ T5117] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  528.378261][ T5117] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  528.386723][ T5117] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  528.394681][ T5117] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  528.873656][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  528.900212][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  528.913432][   T53] bond0 (unregistering): Released all slaves
[  529.094322][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  529.108334][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  529.126170][   T53] bond0 (unregistering): Released all slaves
[  529.172414][ T8594] batman_adv: batadv0: Adding interface: batadv_slave_1
[  529.179507][ T8594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  529.242724][ T8594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  529.856192][ T8594] hsr_slave_0: entered promiscuous mode
[  529.879926][ T8594] hsr_slave_1: entered promiscuous mode
[  530.483721][ T5117] Bluetooth: hci3: command tx timeout
[  530.749181][ T8255] veth0_vlan: entered promiscuous mode
[  530.989891][ T8255] veth1_vlan: entered promiscuous mode
[  531.057058][ T8478] 8021q: adding VLAN 0 to HW filter on device bond0
[  531.259781][   T53] hsr_slave_0: left promiscuous mode
[  531.273561][   T53] hsr_slave_1: left promiscuous mode
[  531.292575][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  531.300246][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  531.321001][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  531.329135][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  531.372476][   T53] hsr_slave_0: left promiscuous mode
[  531.396258][   T53] hsr_slave_1: left promiscuous mode
[  531.414274][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  531.421757][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  531.443244][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  531.450881][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  531.569600][   T53] veth1_macvtap: left promiscuous mode
[  531.586694][   T53] veth0_macvtap: left promiscuous mode
[  531.600620][   T53] veth1_vlan: left promiscuous mode
[  531.622655][   T53] veth0_vlan: left promiscuous mode
[  531.646236][   T53] veth1_macvtap: left promiscuous mode
[  531.652017][   T53] veth0_macvtap: left promiscuous mode
[  531.658540][   T53] veth1_vlan: left promiscuous mode
[  531.665201][   T53] veth0_vlan: left promiscuous mode
[  532.575795][ T5117] Bluetooth: hci3: command tx timeout
[  533.118269][   T53] team0 (unregistering): Port device team_slave_1 removed
[  533.189297][   T53] team0 (unregistering): Port device team_slave_0 removed
[  533.845726][   T53] smc: removing net device lo with user defined pnetid SYZ2
[  534.552009][   T53] team0 (unregistering): Port device team_slave_1 removed
[  534.639100][   T53] team0 (unregistering): Port device team_slave_0 removed
[  534.652918][ T5117] Bluetooth: hci3: command tx timeout
[  535.799072][ T8332] 8021q: adding VLAN 0 to HW filter on device batadv0
[  535.909721][ T8478] 8021q: adding VLAN 0 to HW filter on device team0
[  535.957484][ T8716] chnl_net:caif_netlink_parms(): no params data found
[  536.295574][ T5160] bridge0: port 1(bridge_slave_0) entered blocking state
[  536.302951][ T5160] bridge0: port 1(bridge_slave_0) entered forwarding state
[  536.510605][ T5160] bridge0: port 2(bridge_slave_1) entered blocking state
[  536.518014][ T5160] bridge0: port 2(bridge_slave_1) entered forwarding state
[  536.606857][ T5108] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  536.626791][ T5108] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  536.636718][ T5108] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  536.648026][ T5108] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  536.663249][ T5108] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  536.688917][ T5108] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  536.722968][ T5108] Bluetooth: hci3: command tx timeout
[  536.832848][   T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  536.847233][   T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  536.857440][   T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  536.869859][   T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  536.884348][   T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  536.894076][   T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  536.979203][ T8594] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  537.080748][ T8594] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  537.097335][ T8594] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  537.151728][ T8716] bridge0: port 1(bridge_slave_0) entered blocking state
[  537.159515][ T8716] bridge0: port 1(bridge_slave_0) entered disabled state
[  537.167369][ T8716] bridge_slave_0: entered allmulticast mode
[  537.177305][ T8716] bridge_slave_0: entered promiscuous mode
[  537.210521][ T8594] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  537.258712][ T8716] bridge0: port 2(bridge_slave_1) entered blocking state
[  537.267739][ T8716] bridge0: port 2(bridge_slave_1) entered disabled state
[  537.276735][ T8716] bridge_slave_1: entered allmulticast mode
[  537.286703][ T8716] bridge_slave_1: entered promiscuous mode
[  537.508439][ T8716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  537.528478][ T8332] veth0_vlan: entered promiscuous mode
[  537.626890][ T8716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  537.759722][ T8332] veth1_vlan: entered promiscuous mode
[  537.786170][ T8716] team0: Port device team_slave_0 added
[  537.807819][ T8716] team0: Port device team_slave_1 added
[  538.030775][ T8716] batman_adv: batadv0: Adding interface: batadv_slave_0
[  538.038009][ T8716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.065543][ T8716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  538.150167][ T8716] batman_adv: batadv0: Adding interface: batadv_slave_1
[  538.164629][ T8716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  538.198287][ T8716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  538.363579][ T8332] veth0_macvtap: entered promiscuous mode
[  538.448631][ T8716] hsr_slave_0: entered promiscuous mode
[  538.459092][ T8716] hsr_slave_1: entered promiscuous mode
[  538.473931][ T8716] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  538.481556][ T8716] Cannot create hsr debugfs directory
[  538.733879][ T8332] veth1_macvtap: entered promiscuous mode
[  538.803019][   T55] Bluetooth: hci4: command tx timeout
[  539.042836][   T55] Bluetooth: hci5: command tx timeout
[  539.121477][ T8764] chnl_net:caif_netlink_parms(): no params data found
[  539.290172][ T8759] chnl_net:caif_netlink_parms(): no params data found
[  539.369241][ T8332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  539.380219][ T8332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  539.397988][ T8332] batman_adv: batadv0: Interface activated: batadv_slave_0
[  539.426501][ T8478] 8021q: adding VLAN 0 to HW filter on device batadv0
[  539.577667][ T8764] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.586330][ T8764] bridge0: port 1(bridge_slave_0) entered disabled state
[  539.594725][ T8764] bridge_slave_0: entered allmulticast mode
[  539.605671][ T8764] bridge_slave_0: entered promiscuous mode
[  539.689583][ T8332] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  539.700990][ T8332] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  539.715307][ T8332] batman_adv: batadv0: Interface activated: batadv_slave_1
[  539.726528][ T8764] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.738200][ T8764] bridge0: port 2(bridge_slave_1) entered disabled state
[  539.745913][ T8764] bridge_slave_1: entered allmulticast mode
[  539.754998][ T8764] bridge_slave_1: entered promiscuous mode
[  539.948095][ T8764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  539.995682][ T8764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  540.025095][ T8332] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  540.034377][ T8332] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  540.044966][ T8332] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  540.054355][ T8332] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  540.279147][ T8764] team0: Port device team_slave_0 added
[  540.420861][ T8594] 8021q: adding VLAN 0 to HW filter on device bond0
[  540.451906][ T8764] team0: Port device team_slave_1 added
[  540.498915][ T8759] bridge0: port 1(bridge_slave_0) entered blocking state
[  540.508919][ T8759] bridge0: port 1(bridge_slave_0) entered disabled state
[  540.517843][ T8759] bridge_slave_0: entered allmulticast mode
[  540.526950][ T8759] bridge_slave_0: entered promiscuous mode
[  540.667224][ T8759] bridge0: port 2(bridge_slave_1) entered blocking state
[  540.675981][ T8759] bridge0: port 2(bridge_slave_1) entered disabled state
[  540.684798][ T8759] bridge_slave_1: entered allmulticast mode
[  540.693879][ T8759] bridge_slave_1: entered promiscuous mode
[  540.723493][ T8764] batman_adv: batadv0: Adding interface: batadv_slave_0
[  540.730984][ T8764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  540.763053][ T8764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  540.781968][ T8764] batman_adv: batadv0: Adding interface: batadv_slave_1
[  540.789472][ T8764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  540.816390][ T8764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  540.886659][   T55] Bluetooth: hci4: command tx timeout
[  540.955972][ T8594] 8021q: adding VLAN 0 to HW filter on device team0
[  541.049909][ T8759] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  541.074320][ T8759] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  541.095526][   T53] bridge_slave_1: left allmulticast mode
[  541.101237][   T53] bridge_slave_1: left promiscuous mode
[  541.112722][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.123056][   T55] Bluetooth: hci5: command tx timeout
[  541.131966][   T53] bridge_slave_0: left allmulticast mode
[  541.137959][   T53] bridge_slave_0: left promiscuous mode
[  541.144559][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  541.160361][   T53] bridge_slave_1: left allmulticast mode
[  541.167942][   T53] bridge_slave_1: left promiscuous mode
[  541.174499][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.186434][   T53] bridge_slave_0: left allmulticast mode
[  541.192126][   T53] bridge_slave_0: left promiscuous mode
[  541.199158][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.081771][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  542.101637][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  542.115709][   T53] bond0 (unregistering): Released all slaves
[  542.268676][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  542.281752][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  542.299581][   T53] bond0 (unregistering): Released all slaves
[  542.556806][ T8764] hsr_slave_0: entered promiscuous mode
[  542.565481][ T8764] hsr_slave_1: entered promiscuous mode
[  542.578966][ T8764] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  542.587090][ T8764] Cannot create hsr debugfs directory
[  542.609710][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.617052][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  542.633356][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  542.640651][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  542.699736][   T53] hsr_slave_0: left promiscuous mode
[  542.707857][   T53] hsr_slave_1: left promiscuous mode
[  542.714735][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  542.725745][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  542.750047][   T53] hsr_slave_0: left promiscuous mode
[  542.757301][   T53] hsr_slave_1: left promiscuous mode
[  542.764313][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  542.774166][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  542.820904][   T53] veth1_vlan: left promiscuous mode
[  542.826666][   T53] veth0_vlan: left promiscuous mode
[  542.962802][   T55] Bluetooth: hci4: command tx timeout
[  543.202679][   T55] Bluetooth: hci5: command tx timeout
[  543.684720][   T53] team0 (unregistering): Port device team_slave_1 removed
[  543.762002][   T53] team0 (unregistering): Port device team_slave_0 removed
[  544.872661][ T5108] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  544.884633][ T5108] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  544.905164][ T5108] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  544.932892][ T5108] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  544.942336][ T5108] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  544.951921][ T5108] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  545.043177][   T55] Bluetooth: hci4: command tx timeout
[  545.132802][   T53] team0 (unregistering): Port device team_slave_1 removed
[  545.195563][   T53] team0 (unregistering): Port device team_slave_0 removed
[  545.287709][   T55] Bluetooth: hci5: command tx timeout
[  545.897944][ T8759] team0: Port device team_slave_0 added
[  545.911610][ T8759] team0: Port device team_slave_1 added
[  546.169259][ T8759] batman_adv: batadv0: Adding interface: batadv_slave_0
[  546.182345][ T8759] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  546.242884][ T8759] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  546.269717][ T8478] veth0_vlan: entered promiscuous mode
[  546.365090][ T8759] batman_adv: batadv0: Adding interface: batadv_slave_1
[  546.372085][ T8759] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  546.433896][ T8759] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  546.780478][ T8478] veth1_vlan: entered promiscuous mode
[  546.879493][ T8759] hsr_slave_0: entered promiscuous mode
[  546.905406][ T8759] hsr_slave_1: entered promiscuous mode
[  546.923059][ T8759] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  546.930678][ T8759] Cannot create hsr debugfs directory
[  547.043922][   T55] Bluetooth: hci7: command tx timeout
[  547.095712][ T8716] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  547.244602][ T8716] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  547.278651][ T8716] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  547.429025][ T8716] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  547.973884][ T8764] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.196133][ T8764] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.436593][ T8764] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.537254][ T8478] veth0_macvtap: entered promiscuous mode
[  548.634311][ T8764] bond0: (slave netdevsim0): Releasing backup interface
[  548.654851][ T8764] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.706877][ T8478] veth1_macvtap: entered promiscuous mode
[  548.779023][   T53] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  548.998207][   T53] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  549.125811][   T55] Bluetooth: hci7: command tx timeout
[  549.268638][   T53] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  549.308066][ T8478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.329337][ T8478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.352312][ T8478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  549.379018][ T8478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.405915][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_0
[  549.441337][ T8594] 8021q: adding VLAN 0 to HW filter on device batadv0
[  549.682357][   T53] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  549.855535][ T8478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  549.874477][ T8478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.887887][ T8478] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  549.899884][ T8478] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  549.928672][ T8478] batman_adv: batadv0: Interface activated: batadv_slave_1
[  550.072972][ T8478] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  550.092943][ T8478] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  550.114801][ T8478] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  550.132637][ T8478] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  550.434978][ T8783] chnl_net:caif_netlink_parms(): no params data found
[  550.656857][   T53] bridge_slave_1: left allmulticast mode
[  550.664460][   T53] bridge_slave_1: left promiscuous mode
[  550.670287][   T53] bridge0: port 2(bridge_slave_1) entered disabled state
[  550.684568][   T53] bridge_slave_0: left allmulticast mode
[  550.690897][   T53] bridge_slave_0: left promiscuous mode
[  550.697635][   T53] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.203197][   T55] Bluetooth: hci7: command tx timeout
[  551.255424][   T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  551.278854][   T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  551.295177][   T53] bond0 (unregistering): Released all slaves
[  551.342051][ T8716] 8021q: adding VLAN 0 to HW filter on device bond0
[  551.447218][ T8716] 8021q: adding VLAN 0 to HW filter on device team0
[  551.751773][ T8594] veth0_vlan: entered promiscuous mode
[  551.837154][ T5165] bridge0: port 1(bridge_slave_0) entered blocking state
[  551.844637][ T5165] bridge0: port 1(bridge_slave_0) entered forwarding state
[  551.870752][ T5165] bridge0: port 2(bridge_slave_1) entered blocking state
[  551.878141][ T5165] bridge0: port 2(bridge_slave_1) entered forwarding state
[  551.904566][ T8783] bridge0: port 1(bridge_slave_0) entered blocking state
[  551.911885][ T8783] bridge0: port 1(bridge_slave_0) entered disabled state
[  551.922113][ T8783] bridge_slave_0: entered allmulticast mode
[  551.933209][ T8783] bridge_slave_0: entered promiscuous mode
[  551.945087][ T8783] bridge0: port 2(bridge_slave_1) entered blocking state
[  551.952479][ T8783] bridge0: port 2(bridge_slave_1) entered disabled state
[  551.959995][ T8783] bridge_slave_1: entered allmulticast mode
[  551.972364][ T8783] bridge_slave_1: entered promiscuous mode
[  552.008676][   T53] hsr_slave_0: left promiscuous mode
[  552.026815][   T53] hsr_slave_1: left promiscuous mode
[  552.046948][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  552.054494][   T53] batman_adv: batadv0: Removing interface: batadv_slave_0
[  552.071182][   T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  552.080974][   T53] batman_adv: batadv0: Removing interface: batadv_slave_1
[  552.118270][   T53] veth1_macvtap: left promiscuous mode
[  552.125451][   T53] veth0_macvtap: left promiscuous mode
[  552.131303][   T53] veth1_vlan: left promiscuous mode
[  552.137733][   T53] veth0_vlan: left promiscuous mode
[  553.187874][   T53] team0 (unregistering): Port device team_slave_1 removed
[  553.254647][   T53] team0 (unregistering): Port device team_slave_0 removed
[  553.282735][   T55] Bluetooth: hci7: command tx timeout
[  553.914481][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.954251][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.115368][ T8764] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  554.194409][ T8594] veth1_vlan: entered promiscuous mode
[  554.269051][ T8764] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  554.299746][ T8783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  554.388484][ T8764] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  554.410457][ T8764] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  554.451737][ T8783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  554.493650][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  554.501521][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.644104][ T8783] team0: Port device team_slave_0 added
[  554.756330][ T8783] team0: Port device team_slave_1 added
[  554.973652][ T8759] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  555.259978][ T8594] veth0_macvtap: entered promiscuous mode
[  555.279632][ T8759] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  555.321086][ T8759] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  555.362010][ T8759] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  555.912524][   T46] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  556.236167][   T46] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  556.280312][ T8783] batman_adv: batadv0: Adding interface: batadv_slave_0
[  556.302357][   T46] usb 1-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  556.315560][ T8783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.315618][ T8783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  556.319592][ T8783] batman_adv: batadv0: Adding interface: batadv_slave_1
[  556.382741][ T8783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  556.411591][ T8783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  556.422261][   T46] usb 1-1: config 1 interface 0 has no altsetting 0
[  556.426299][   T46] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  556.443619][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  556.451713][   T46] usb 1-1: SerialNumber: syz
[  556.470864][   T46] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  556.488278][ T8594] veth1_macvtap: entered promiscuous mode
[  556.650077][ T8594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  556.668146][ T8594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.679506][ T8594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  556.698076][ T8594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.720830][ T8594] batman_adv: batadv0: Interface activated: batadv_slave_0
[  556.832038][ T8783] hsr_slave_0: entered promiscuous mode
[  556.842090][ T8783] hsr_slave_1: entered promiscuous mode
[  556.854939][ T8783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  556.864156][ T8783] Cannot create hsr debugfs directory
[  556.878664][ T8594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  556.891289][ T8594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.910733][ T8594] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  556.924851][ T8594] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  556.939138][ T8594] batman_adv: batadv0: Interface activated: batadv_slave_1
[  557.002738][ T8716] 8021q: adding VLAN 0 to HW filter on device batadv0
[  557.086007][ T8594] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  557.095806][ T8594] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  557.104824][ T8594] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  557.113746][ T8594] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  557.694404][ T8764] 8021q: adding VLAN 0 to HW filter on device bond0
[  557.964639][   T46] usb 1-1: USB disconnect, device number 9
[  558.211873][ T8764] 8021q: adding VLAN 0 to HW filter on device team0
[  558.666205][ T5168] bridge0: port 1(bridge_slave_0) entered blocking state
[  558.673591][ T5168] bridge0: port 1(bridge_slave_0) entered forwarding state
[  558.685387][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  558.699661][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.327758][ T8716] veth0_vlan: entered promiscuous mode
[  559.781037][ T5168] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.788288][ T5168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  559.887303][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  559.903318][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  559.917557][ T8716] veth1_vlan: entered promiscuous mode
[  560.096501][ T8884] loop0: detected capacity change from 0 to 1024
[  560.205124][ T8759] 8021q: adding VLAN 0 to HW filter on device bond0
[  560.227599][ T8884] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  560.578718][ T8478] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  560.656830][ T8716] veth0_macvtap: entered promiscuous mode
[  560.711894][ T8759] 8021q: adding VLAN 0 to HW filter on device team0
[  560.851542][ T8716] veth1_macvtap: entered promiscuous mode
[  561.218291][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  561.225640][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  561.245759][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  561.253315][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  561.805330][ T8783] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  561.913355][ T8783] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  562.044100][ T8783] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  562.191496][ T8783] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  562.368416][ T5167] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  562.385516][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  562.410376][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.437444][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  562.460349][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.471902][ T8905] loop0: detected capacity change from 0 to 2048
[  562.483047][ T8905] EXT4-fs: Ignoring removed mblk_io_submit option
[  562.489977][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  562.503103][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.517197][ T8716] batman_adv: batadv0: Interface activated: batadv_slave_0
[  562.578177][ T8905] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  562.617741][ T5167] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  562.651088][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  562.654526][ T5167] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  562.661996][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.690453][ T5167] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  562.702240][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  562.714084][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.724786][ T8716] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  562.732336][ T5167] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  562.735496][ T8716] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  562.764894][ T8716] batman_adv: batadv0: Interface activated: batadv_slave_1
[  562.776120][ T5167] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  562.794194][ T5167] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.816339][ T5167] usb 6-1: config 0 descriptor??
[  562.823794][ T8898] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  562.860876][ T8759] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  562.947508][ T8716] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  562.966375][ T8716] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  562.992262][ T8716] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  563.001092][ T8716] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  563.053622][ T8478] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  563.245589][ T8764] 8021q: adding VLAN 0 to HW filter on device batadv0
[  563.269802][ T5167] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd
[  563.311307][ T5167] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  563.395270][ T5167] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  563.560499][ T5167] usb 6-1: USB disconnect, device number 11
[  563.760991][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.781676][ T8918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.886'.
[  563.796277][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  563.826442][ T8918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.886'.
[  563.850750][ T8918] netlink: 'syz.0.886': attribute type 6 has an invalid length.
[  564.113969][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  564.159693][ T8783] 8021q: adding VLAN 0 to HW filter on device bond0
[  564.167233][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  568.079575][ T8783] 8021q: adding VLAN 0 to HW filter on device team0
[  568.315256][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  568.322716][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  568.487724][ T5167] bridge0: port 2(bridge_slave_1) entered blocking state
[  568.495081][ T5167] bridge0: port 2(bridge_slave_1) entered forwarding state
[  568.748971][ T8759] 8021q: adding VLAN 0 to HW filter on device batadv0
[  568.819708][ T8954] loop5: detected capacity change from 0 to 256
[  568.863874][ T8954] vfat: Unknown parameter 'qui€t'
[  569.267002][ T8963] loop1: detected capacity change from 0 to 8
[  569.413736][ T8963] SQUASHFS error: zlib decompression failed, data probably corrupt
[  569.463254][ T8963] SQUASHFS error: Failed to read block 0x9b: -5
[  569.471626][ T8965] netlink: 8 bytes leftover after parsing attributes in process `syz.0.896'.
[  569.474590][ T8963] SQUASHFS error: Unable to read metadata cache entry [99]
[  569.495324][ T8965] netlink: 12 bytes leftover after parsing attributes in process `syz.0.896'.
[  569.510000][ T8965] netlink: 'syz.0.896': attribute type 6 has an invalid length.
[  569.516359][ T8963] SQUASHFS error: Unable to read inode 0x127
[  569.661596][ T8970] loop5: detected capacity change from 0 to 256
[  569.699602][ T8970] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  569.719982][ T8970] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  569.729988][ T8970] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  569.739101][ T8970] UDF-fs: Scanning with blocksize 512 failed
[  569.771195][ T8970] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  569.813070][ T8970] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  570.530253][ T8764] veth0_vlan: entered promiscuous mode
[  571.246185][ T8759] veth0_vlan: entered promiscuous mode
[  572.887842][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  572.894560][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  573.587881][ T8978] loop5: detected capacity change from 0 to 512
[  573.599495][ T8978] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  573.742343][ T8978] UDF-fs: Scanning with blocksize 512 failed
[  573.812397][ T8978] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  573.819864][ T8978] UDF-fs: Scanning with blocksize 1024 failed
[  573.906945][ T8764] veth1_vlan: entered promiscuous mode
[  573.938502][ T8978] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  573.973033][ T8978] UDF-fs: Scanning with blocksize 2048 failed
[  573.997323][ T8759] veth1_vlan: entered promiscuous mode
[  574.031778][ T8978] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  574.113373][ T8978] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  574.564190][ T8759] veth0_macvtap: entered promiscuous mode
[  574.693822][ T8759] veth1_macvtap: entered promiscuous mode
[  574.800007][ T8987] netlink: 20 bytes leftover after parsing attributes in process `syz.5.899'.
[  574.835736][ T8764] veth0_macvtap: entered promiscuous mode
[  574.953609][ T8764] veth1_macvtap: entered promiscuous mode
[  576.419388][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.629974][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.682306][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.746585][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.762305][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.777292][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.808793][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.819752][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.845680][ T8764] batman_adv: batadv0: Interface activated: batadv_slave_0
[  576.888241][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.916302][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  576.954461][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  576.992223][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.002138][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.071528][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.102078][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.116241][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.127983][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  577.152767][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  577.190874][ T8759] batman_adv: batadv0: Interface activated: batadv_slave_0
[  578.408522][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.608267][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.623200][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.634005][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.647844][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.659520][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.680377][ T8759] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.693505][ T8759] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  578.797887][ T8759] batman_adv: batadv0: Interface activated: batadv_slave_1
[  578.823959][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  578.963412][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.304415][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.398897][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.452219][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.511377][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.562236][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.596506][    C1] eth0: bad gso: type: 1, size: 1408
[  579.621472][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.658078][ T8764] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  579.677833][ T8764] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  579.730934][ T8764] batman_adv: batadv0: Interface activated: batadv_slave_1
[  579.825550][ T9032] loop0: detected capacity change from 0 to 16
[  579.841835][ T8764] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  579.860106][ T8764] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  579.863724][ T9032] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  579.902222][ T8764] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  579.922217][ T8764] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  580.057707][ T8783] 8021q: adding VLAN 0 to HW filter on device batadv0
[  580.125787][ T8759] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  580.155179][ T8759] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  580.192321][ T8759] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  580.201120][ T8759] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  580.349040][ T9040] loop5: detected capacity change from 0 to 512
[  580.531454][ T9040] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  580.648105][ T9040] UDF-fs: Scanning with blocksize 512 failed
[  580.775736][ T9040] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  580.823154][ T9040] UDF-fs: Scanning with blocksize 1024 failed
[  582.288820][ T9051] hub 9-0:1.0: USB hub found
[  582.324744][ T9051] hub 9-0:1.0: 8 ports detected
[  583.119126][ T9048] loop1: detected capacity change from 0 to 1024
[  583.129715][ T9048] hfsplus: unable to parse mount options
[  584.504421][ T9040] UDF-fs: warning (device loop5): udf_load_vrs: No VRS found
[  584.582359][ T9040] UDF-fs: Scanning with blocksize 2048 failed
[  584.674454][ T9040] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  584.766171][ T7794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  584.818453][ T9040] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  584.887460][ T7794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  584.971377][ T8783] veth0_vlan: entered promiscuous mode
[  586.161550][ T3784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.252213][ T3784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.371719][ T9064] netlink: 12 bytes leftover after parsing attributes in process `syz.1.921'.
[  586.462761][ T8783] veth1_vlan: entered promiscuous mode
[  586.724120][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.732019][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  587.014430][ T3784] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  587.061927][ T3784] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  587.177731][ T8783] veth0_macvtap: entered promiscuous mode
[  587.187143][   T29] audit: type=1326 audit(1721733309.983:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9073 comm="syz.1.924" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f10b2575f19 code=0x0
[  587.321643][ T8783] veth1_macvtap: entered promiscuous mode
[  587.580273][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  587.684346][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  587.752225][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  588.047526][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  588.158870][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  588.190425][ T9097] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  588.549302][ T9100] hub 9-0:1.0: USB hub found
[  588.560487][ T9100] hub 9-0:1.0: 8 ports detected
[  588.719793][ T9101] loop0: detected capacity change from 0 to 1024
[  588.731233][ T9101] hfsplus: unable to parse mount options
[  589.153721][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.166084][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.230229][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.260691][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.291701][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.322458][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.357596][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.384791][ T9104] loop3: detected capacity change from 0 to 64
[  589.394118][ T8783] batman_adv: batadv0: Interface activated: batadv_slave_0
[  589.646517][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.720498][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.771353][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.827125][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.884684][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.924766][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.957331][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  589.986570][ T9114] loop5: detected capacity change from 0 to 256
[  589.988009][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.031496][ T9114] vfat: Unknown parameter 'qui€t'
[  590.058200][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.096743][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.139321][ T8783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.198444][ T8783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.270360][ T8783] batman_adv: batadv0: Interface activated: batadv_slave_1
[  590.282904][   T46] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  590.412103][ T8783] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  590.455331][ T8783] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  590.490301][ T8783] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  590.532437][   T46] usb 5-1: Using ep0 maxpacket: 8
[  590.544051][ T8783] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  590.579291][   T46] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  590.641316][   T46] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  590.742426][   T46] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  590.813453][   T46] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  590.856815][   T46] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  590.921310][   T46] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  590.963549][   T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.314691][   T46] usb 5-1: GET_CAPABILITIES returned 0
[  591.320304][   T46] usbtmc 5-1:16.0: can't read capabilities
[  591.661732][ T6439] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.711097][ T6439] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.716971][ T9052] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  592.042437][ T9052] usb 6-1: Using ep0 maxpacket: 32
[  592.253943][ T9052] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  592.263766][ T9052] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  592.472080][ T9052] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  592.483795][ T9052] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  592.497022][ T9052] usb 6-1: config 0 interface 0 has no altsetting 0
[  592.585654][ T9052] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  592.624575][ T9052] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  592.714928][ T9141] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.729493][ T9052] usb 6-1: Product: syz
[  592.765508][ T9052] usb 6-1: Manufacturer: syz
[  592.770266][ T9052] usb 6-1: SerialNumber: syz
[  592.798004][ T9141] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.855043][ T9052] usb 6-1: config 0 descriptor??
[  592.889874][ T9052] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  592.944555][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.985582][ T9052] ldusb 6-1:0.0: LD USB Device #1 now attached to major 180 minor 1
[  593.020266][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  594.298359][ T9159] hub 9-0:1.0: USB hub found
[  594.305852][ T9159] hub 9-0:1.0: 8 ports detected
[  594.712444][ T9160] loop0: detected capacity change from 0 to 1024
[  594.753712][ T9160] hfsplus: unable to parse mount options
[  595.981067][ T9052] usb 6-1: USB disconnect, device number 12
[  596.010346][ T9052] ldusb 6-1:0.0: LD USB Device #1 now disconnected
[  596.027801][   T55] Bluetooth: to_multiplier 42238 > 3200
[  596.035223][ T1790] usb 5-1: USB disconnect, device number 9
[  596.298035][ T9172] loop5: detected capacity change from 0 to 256
[  596.333365][ T9172] vfat: Unknown parameter 'qui€t'
[  598.090897][   T55] Bluetooth: hci6: command tx timeout
[  598.104400][ T1790] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  598.348728][ T9187] loop1: detected capacity change from 0 to 2048
[  598.365177][ T1790] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  598.419131][ T1790] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  598.474646][ T1790] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  599.713902][ T9187] EXT4-fs: error -4 creating inode table initialization thread
[  599.728502][ T1790] usb 5-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00
[  599.753604][ T9187] EXT4-fs (loop1): mount failed
[  600.112334][ T1790] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  600.155356][ T1790] usb 5-1: config 0 descriptor??
[  600.167710][ T1790] usb 5-1: can't set config #0, error -71
[  600.176320][ T1790] usb 5-1: USB disconnect, device number 10
[  601.783592][ T5108] Bluetooth: to_multiplier 42238 > 3200
[  602.156841][ T5173] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  602.948579][ T9217] hub 9-0:1.0: USB hub found
[  602.953871][ T9217] hub 9-0:1.0: 8 ports detected
[  603.013748][ T9217] loop0: detected capacity change from 0 to 1024
[  603.024115][ T9217] hfsplus: unable to parse mount options
[  603.036893][ T5173] usb 2-1: Using ep0 maxpacket: 32
[  603.096826][ T5173] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  603.187805][ T5173] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  603.543235][ T5173] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  603.585154][ T5173] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  603.692316][ T5173] usb 2-1: config 0 interface 0 has no altsetting 0
[  603.754409][ T5173] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  603.791517][ T5173] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  603.833333][ T5173] usb 2-1: Product: syz
[  603.842344][ T5108] Bluetooth: hci7: command tx timeout
[  603.882352][ T5173] usb 2-1: Manufacturer: syz
[  603.887029][ T5173] usb 2-1: SerialNumber: syz
[  603.908909][ T9230] loop3: detected capacity change from 0 to 1024
[  603.954728][ T9230] hfsplus: bad catalog entry type
[  604.154968][ T7794] hfsplus: b-tree write err: -5, ino 4
[  604.384280][ T5173] usb 2-1: config 0 descriptor??
[  604.405379][ T5173] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  604.558203][ T5173] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  605.857336][ T1790] usb 2-1: USB disconnect, device number 4
[  605.936458][ T1790] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  606.321187][ T9249] loop5: detected capacity change from 0 to 256
[  607.487352][ T9256] hugetlbfs: Bad value 't' for mount option 'size'
[  607.487352][ T9256] 
[  608.899738][ T9274] hub 9-0:1.0: USB hub found
[  608.912782][ T9274] hub 9-0:1.0: 8 ports detected
[  610.652323][   T55] Bluetooth: hci7: Ignoring HCI_Connection_Complete for existing connection
[  611.568898][ T9298] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  613.047345][ T5167] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  613.132436][ T9305] netlink: 12 bytes leftover after parsing attributes in process `syz.4.991'.
[  613.982976][ T5167] usb 2-1: Using ep0 maxpacket: 32
[  614.054520][ T5167] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  614.073533][ T5167] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  614.134787][ T5167] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  614.151910][ T9314] hugetlbfs: Bad value 't' for mount option 'size'
[  614.151910][ T9314] 
[  614.181261][ T5167] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  614.248493][ T5167] usb 2-1: config 0 interface 0 has no altsetting 0
[  614.280162][ T5167] usb 2-1: string descriptor 0 read error: -71
[  614.324197][ T5167] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  614.388753][ T5167] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  614.543761][ T5167] usb 2-1: config 0 descriptor??
[  614.844513][ T5167] usb 2-1: can't set config #0, error -71
[  614.955069][ T9322] hub 9-0:1.0: USB hub found
[  614.960357][ T9322] hub 9-0:1.0: 8 ports detected
[  615.151288][ T9323] loop2: detected capacity change from 0 to 1024
[  615.161030][ T9323] hfsplus: unable to parse mount options
[  615.958152][ T5167] usb 2-1: USB disconnect, device number 5
[  618.408791][ T9349] loop3: detected capacity change from 0 to 1024
[  618.885397][ T5158] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  619.242627][ T5158] usb 5-1: Using ep0 maxpacket: 8
[  619.294486][ T5158] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  619.385965][ T5158] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  619.422359][ T5158] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  619.532397][ T5158] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  619.621862][ T5158] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  619.682625][ T5158] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  619.747542][ T5158] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.876851][ T5158] usb 5-1: can't set config #16, error -71
[  619.952202][ T5158] usb 5-1: USB disconnect, device number 11
[  620.034781][ T1052] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  620.038950][ T9366] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1010'.
[  620.362287][ T1052] usb 1-1: Using ep0 maxpacket: 32
[  620.395930][ T1052] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  620.597826][ T1052] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  620.822902][ T1052] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  620.861594][ T1052] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  621.047402][ T1052] usb 1-1: config 0 interface 0 has no altsetting 0
[  621.066400][ T1052] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  621.177756][ T1052] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  621.242527][ T1052] usb 1-1: Product: syz
[  621.318223][ T1052] usb 1-1: Manufacturer: syz
[  621.323364][ T1052] usb 1-1: SerialNumber: syz
[  621.344382][ T1052] usb 1-1: config 0 descriptor??
[  621.423149][ T1052] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  621.914908][ T1052] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  623.390731][ T9391] loop5: detected capacity change from 0 to 1024
[  623.412228][ T9391] hfsplus: unable to parse mount options
[  624.158800][ T9388] tty tty23: ldisc open failed (-12), clearing slot 22
[  625.012701][ T1790] usb 1-1: USB disconnect, device number 10
[  625.054220][ T1790] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  625.306877][ T9401] loop0: detected capacity change from 0 to 1024
[  625.522555][ T9407] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1022'.
[  625.862538][ T9413] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1027'.
[  626.562424][   T55] Bluetooth: hci6: command 0x0406 tx timeout
[  626.973947][   T29] audit: type=1326 audit(1721733349.733:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9419 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2775f19 code=0x7fc00000
[  627.069471][ T5167] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  627.708990][   T29] audit: type=1326 audit(1721733349.753:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9419 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f90a2775f19 code=0x7fc00000
[  627.824775][ T5167] usb 6-1: Using ep0 maxpacket: 8
[  627.849025][ T9425] netlink: 'syz.2.1029': attribute type 10 has an invalid length.
[  627.927709][   T29] audit: type=1326 audit(1721733350.113:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9419 comm="syz.3.1028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a2775f19 code=0x7fc00000
[  627.962540][ T5167] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  628.018076][ T5108] Bluetooth: hci7: Received unexpected HCI Event 0x00
[  628.029789][ T5108] Bluetooth: Unexpected continuation frame (len 24)
[  628.054483][ T5167] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  628.166379][ T5167] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  628.247503][ T5167] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  628.320896][ T5167] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  628.357737][ T9425] team0: Port device netdevsim0 added
[  628.404329][ T5167] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  628.462238][ T5167] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  628.798297][ T5167] usb 6-1: usb_control_msg returned -71
[  628.839030][ T5167] usbtmc 6-1:16.0: can't read capabilities
[  628.901494][ T5167] usb 6-1: USB disconnect, device number 13
[  629.149882][ T9052] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  629.372402][ T9052] usb 3-1: Using ep0 maxpacket: 32
[  629.394042][ T9052] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  629.404176][ T9438] loop5: detected capacity change from 0 to 256
[  629.410843][ T9052] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  629.488616][ T9052] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  629.531570][ T9052] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  629.531881][ T9438] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  629.635885][ T9052] usb 3-1: config 0 interface 0 has no altsetting 0
[  629.695907][ T9052] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  629.717684][ T9052] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  629.750204][ T9052] usb 3-1: Product: syz
[  629.760550][ T9052] usb 3-1: Manufacturer: syz
[  629.774308][ T9052] usb 3-1: SerialNumber: syz
[  629.822370][ T9052] usb 3-1: config 0 descriptor??
[  629.884619][ T9052] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  629.942623][ T9052] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  630.084632][ T5108] Bluetooth: hci7: command tx timeout
[  630.176621][ T9434] ldusb 3-1:0.0: Write buffer overflow, 2147479232 bytes dropped
[  630.634578][ T9443] could not allocate digest TFM handle sha256-arm64-neon
[  630.672300][ T5158] usb 3-1: USB disconnect, device number 2
[  630.732595][ T5158] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  631.118742][ T9457] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1039'.
[  631.255431][ T9458] loop1: detected capacity change from 0 to 1024
[  631.741815][ T9463] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1041'.
[  632.532747][   T29] audit: type=1326 audit(1721733355.203:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9462 comm="syz.5.1042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c1375f19 code=0x7fc00000
[  633.192301][   T29] audit: type=1326 audit(1721733355.213:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9462 comm="syz.5.1042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f19c1375f19 code=0x7fc00000
[  633.362745][   T29] audit: type=1326 audit(1721733355.563:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9462 comm="syz.5.1042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c1375f19 code=0x7fc00000
[  633.483366][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  633.508177][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  633.520534][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  633.531066][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  633.545484][   T55] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  633.553997][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  635.300203][ T5158] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  635.326192][ T1244] ieee802154 phy0 wpan0: encryption failed: -22
[  635.387400][ T1244] ieee802154 phy1 wpan1: encryption failed: -22
[  635.606506][   T55] Bluetooth: hci2: command tx timeout
[  635.824969][ T9490] loop1: detected capacity change from 0 to 64
[  636.798399][ T9498] hub 9-0:1.0: USB hub found
[  636.805880][ T9498] hub 9-0:1.0: 8 ports detected
[  637.223997][ T9499] loop0: detected capacity change from 0 to 1024
[  637.235156][ T9499] hfsplus: unable to parse mount options
[  637.683616][ T5108] Bluetooth: hci2: command tx timeout
[  638.495557][ T9502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1052'.
[  638.792888][    T8] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  638.871712][ T9476] chnl_net:caif_netlink_parms(): no params data found
[  639.012322][    T8] usb 4-1: Using ep0 maxpacket: 32
[  639.038843][    T8] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  639.076434][    T8] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  639.108497][    T8] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  639.142366][    T8] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  639.195429][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  639.220764][ T9514] loop0: detected capacity change from 0 to 256
[  639.234004][    T8] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  639.243274][    T8] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  639.251850][    T8] usb 4-1: Product: syz
[  639.256891][    T8] usb 4-1: Manufacturer: syz
[  639.262097][    T8] usb 4-1: SerialNumber: syz
[  639.288024][    T8] usb 4-1: config 0 descriptor??
[  639.292392][ T9514] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  639.299013][    T8] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  639.320996][    T8] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  639.664937][ T9506] ldusb 4-1:0.0: Write buffer overflow, 2147479232 bytes dropped
[  639.762583][   T55] Bluetooth: hci2: command tx timeout
[  640.031698][ T5158] usb 4-1: USB disconnect, device number 8
[  640.105881][ T5158] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  640.267460][ T9476] bridge0: port 1(bridge_slave_0) entered blocking state
[  640.298993][ T9476] bridge0: port 1(bridge_slave_0) entered disabled state
[  640.319792][ T9476] bridge_slave_0: entered allmulticast mode
[  640.680776][   T29] audit: type=1326 audit(1721733363.363:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.5.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c1375f19 code=0x7fc00000
[  640.956915][ T9476] bridge_slave_0: entered promiscuous mode
[  641.567040][   T29] audit: type=1326 audit(1721733363.383:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.5.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f19c1375f19 code=0x7fc00000
[  641.572421][   T55] Bluetooth: hci0: command 0x0406 tx timeout
[  641.638717][   T29] audit: type=1326 audit(1721733363.733:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9519 comm="syz.5.1058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c1375f19 code=0x7fc00000
[  641.643886][ T9476] bridge0: port 2(bridge_slave_1) entered blocking state
[  641.902648][   T55] Bluetooth: hci2: command tx timeout
[  642.632497][ T9476] bridge0: port 2(bridge_slave_1) entered disabled state
[  642.639908][ T9476] bridge_slave_1: entered allmulticast mode
[  643.932397][ T9476] bridge_slave_1: entered promiscuous mode
[  644.226550][ T9476] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  644.329331][ T9476] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  645.016759][ T9549] hub 9-0:1.0: USB hub found
[  645.025389][ T9549] hub 9-0:1.0: 8 ports detected
[  645.188810][ T9549] loop2: detected capacity change from 0 to 1024
[  645.196972][ T9549] hfsplus: unable to parse mount options
[  646.244459][ T9476] team0: Port device team_slave_0 added
[  647.544716][ T9555] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1067'.
[  647.722876][ T9542] could not allocate digest TFM handle sha256-arm64-neon
[  647.743809][ T9476] team0: Port device team_slave_1 added
[  649.955846][ T9476] batman_adv: batadv0: Adding interface: batadv_slave_0
[  650.005046][ T9476] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.161632][ T9476] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  650.259389][ T9476] batman_adv: batadv0: Adding interface: batadv_slave_1
[  650.355765][ T5117] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1
[  650.358114][ T9476] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  650.390034][ T5117] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9
[  650.399392][ T5117] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9
[  650.418439][ T5117] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4
[  650.435475][ T5117] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3
[  650.445414][ T5117] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2
[  650.606552][ T9476] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  651.022627][ T9587] tun0: tun_chr_ioctl cmd 1074025678
[  651.027995][ T9587] tun0: group set to 0
[  651.078535][ T9589] loop3: detected capacity change from 0 to 64
[  651.896017][ T9594] hub 9-0:1.0: USB hub found
[  651.909064][   T55] Bluetooth: hci3: command 0x0406 tx timeout
[  651.917364][ T9594] hub 9-0:1.0: 8 ports detected
[  652.249627][ T9595] loop2: detected capacity change from 0 to 1024
[  652.274704][ T9595] hfsplus: unable to parse mount options
[  652.645142][   T55] Bluetooth: hci8: command tx timeout
[  652.869108][ T9476] hsr_slave_0: entered promiscuous mode
[  653.153275][ T9476] hsr_slave_1: entered promiscuous mode
[  653.210740][ T9476] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  653.241134][ T9476] Cannot create hsr debugfs directory
[  653.444939][   T55] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  653.463262][   T55] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  653.475378][   T55] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  653.485224][   T55] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  653.508132][   T55] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3
[  653.516078][   T55] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  654.078621][ T9604] loop5: detected capacity change from 0 to 512
[  654.167533][ T9604] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  654.230934][ T9604] EXT4-fs (loop5): warning: maximal mount count reached, running e2fsck is recommended
[  654.312338][ T9604] EXT4-fs error (device loop5): ext4_orphan_get:1391: comm syz.5.1079: inode #15: comm syz.5.1079: iget: illegal inode #
[  654.405362][ T9604] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.1079: couldn't read orphan inode 15 (err -117)
[  654.485052][ T9604] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  654.726700][ T5108] Bluetooth: hci8: command tx timeout
[  654.824570][ T8594] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  655.239770][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.546462][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.614075][ T5108] Bluetooth: hci9: command tx timeout
[  655.829427][ T9476] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  655.918566][ T9629] block nbd5: NBD_DISCONNECT
[  655.965732][ T9629] block nbd5: Disconnected due to user request.
[  655.976881][ T9629] block nbd5: shutting down sockets
[  655.994518][ T9620] could not allocate digest TFM handle sha256-arm64-neon
[  656.053735][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.418400][ T9476] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  656.802788][ T5108] Bluetooth: hci8: command tx timeout
[  657.426032][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.647090][ T9476] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  657.762255][ T5108] Bluetooth: hci9: command tx timeout
[  658.010132][ T9476] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  658.418618][ T9639] netlink: 4068 bytes leftover after parsing attributes in process `syz.5.1088'.
[  658.854545][ T9598] chnl_net:caif_netlink_parms(): no params data found
[  658.883011][ T5108] Bluetooth: hci8: command tx timeout
[  658.907571][   T11] bridge_slave_1: left allmulticast mode
[  658.917155][   T11] bridge_slave_1: left promiscuous mode
[  658.925826][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  658.974290][   T11] bridge_slave_0: left allmulticast mode
[  658.993816][   T11] bridge_slave_0: left promiscuous mode
[  659.003444][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  659.842364][ T5108] Bluetooth: hci9: command tx timeout
[  660.283323][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  660.298577][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  660.320393][   T11] bond0 (unregistering): Released all slaves
[  660.348569][ T9575] chnl_net:caif_netlink_parms(): no params data found
[  660.810410][ T9680] block nbd2: NBD_DISCONNECT
[  660.815341][ T9680] block nbd2: Disconnected due to user request.
[  660.823798][ T9680] block nbd2: shutting down sockets
[  661.767561][ T9476] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  661.922655][ T9576] Bluetooth: hci9: command tx timeout
[  662.014657][ T9576] Bluetooth: hci5: command 0x0406 tx timeout
[  662.021219][ T9576] Bluetooth: hci4: command 0x0406 tx timeout
[  662.133708][ T9699] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  662.155442][ T9699] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  662.171262][ T9699] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  662.191409][ T9699] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  662.214414][ T9699] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  662.226430][ T9699] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  662.537910][   T11] hsr_slave_0: left promiscuous mode
[  662.600820][   T11] hsr_slave_1: left promiscuous mode
[  662.628860][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  662.644072][ T9695] could not allocate digest TFM handle sha256-arm64-neon
[  662.682310][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  662.703925][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  662.711406][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  662.888588][   T11] veth1_macvtap: left promiscuous mode
[  662.906920][   T11] veth0_macvtap: left promiscuous mode
[  662.941291][   T11] veth1_vlan: left promiscuous mode
[  662.954730][   T11] veth0_vlan: left promiscuous mode
[  664.308617][ T9699] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  664.322785][ T9699] Bluetooth: hci6: command tx timeout
[  664.333362][ T9699] Bluetooth: Unexpected continuation frame (len 24)
[  664.773717][   T11] team0 (unregistering): Port device team_slave_1 removed
[  664.848152][   T11] team0 (unregistering): Port device team_slave_0 removed
[  665.669286][ T9598] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.677338][ T9598] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.696439][ T9598] bridge_slave_0: entered allmulticast mode
[  665.705812][ T9598] bridge_slave_0: entered promiscuous mode
[  665.715950][ T9476] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  665.733599][ T9476] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  665.750621][ T9575] bridge0: port 1(bridge_slave_0) entered blocking state
[  665.773611][ T9575] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.781010][ T9575] bridge_slave_0: entered allmulticast mode
[  665.795762][ T9575] bridge_slave_0: entered promiscuous mode
[  665.876889][ T9726] netlink: 'syz.5.1104': attribute type 10 has an invalid length.
[  665.940806][ T9726] team0: Port device netdevsim0 added
[  665.962423][ T9598] bridge0: port 2(bridge_slave_1) entered blocking state
[  665.969674][ T9598] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.022844][ T9598] bridge_slave_1: entered allmulticast mode
[  666.032822][ T9598] bridge_slave_1: entered promiscuous mode
[  666.127329][ T9476] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  666.194154][ T9575] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.214624][ T9575] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.234246][ T9575] bridge_slave_1: entered allmulticast mode
[  666.254796][ T9575] bridge_slave_1: entered promiscuous mode
[  666.333218][   T55] Bluetooth: hci0: command 0x0406 tx timeout
[  666.404737][   T55] Bluetooth: hci6: command tx timeout
[  666.498160][ T9575] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  666.537349][ T9598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  666.603332][ T9575] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  666.744003][ T9598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  666.969424][ T9575] team0: Port device team_slave_0 added
[  667.137074][   T55] Bluetooth: hci7: command 0x0406 tx timeout
[  667.465797][ T9741] hub 9-0:1.0: USB hub found
[  667.473501][ T9741] hub 9-0:1.0: 8 ports detected
[  667.623222][ T9742] loop2: detected capacity change from 0 to 1024
[  667.635376][ T9742] hfsplus: unable to parse mount options
[  668.442037][ T9575] team0: Port device team_slave_1 added
[  668.492387][ T9699] Bluetooth: hci6: command tx timeout
[  668.595113][ T9598] team0: Port device team_slave_0 added
[  668.659146][ T9598] team0: Port device team_slave_1 added
[  668.816697][ T9575] batman_adv: batadv0: Adding interface: batadv_slave_0
[  668.834890][ T9751] loop5: detected capacity change from 0 to 8
[  668.843924][ T9575] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  668.888127][ T9751] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  668.911540][ T9575] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  668.931837][ T9751] cramfs: Error -3 while decompressing!
[  668.959254][ T9575] batman_adv: batadv0: Adding interface: batadv_slave_1
[  668.973317][ T9751] cramfs: ffffffff94c93bc8(26)->ffff88805da2d000(4096)
[  668.980340][ T9751] cramfs: Error -3 while decompressing!
[  668.989054][ T9575] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  669.020268][ T9751] cramfs: ffffffff94c93be2(26)->ffff88806ea68000(4096)
[  669.040600][ T9751] cramfs: Error -3 while decompressing!
[  669.051573][ T9751] cramfs: ffffffff94c93bfc(16)->ffff888053fbc000(4096)
[  669.072627][ T9751] cramfs: Error -3 while decompressing!
[  669.078595][ T9575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  669.089852][ T9751] cramfs: ffffffff94c93bc8(26)->ffff88805da2d000(4096)
[  669.274099][ T9699] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585
[  669.285538][ T9699] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9699, name: kworker/u9:2
[  669.294926][ T9699] preempt_count: 0, expected: 0
[  669.299817][ T9699] RCU nest depth: 1, expected: 0
[  669.306394][ T9699] 4 locks held by kworker/u9:2/9699:
[  669.311721][ T9699]  #0: ffff88805c18e948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  669.324389][ T9699]  #1: ffffc9000c53fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[  669.336032][ T9699]  #2: ffff888012688078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[  669.348839][ T9699]  #3: ffffffff8dbb94e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[  669.359890][ T9699] CPU: 0 UID: 0 PID: 9699 Comm: kworker/u9:2 Not tainted 6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  669.370452][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  669.380550][ T9699] Workqueue: hci0 hci_rx_work
[  669.385279][ T9699] Call Trace:
[  669.388583][ T9699]  <TASK>
[  669.391539][ T9699]  dump_stack_lvl+0x16c/0x1f0
[  669.396288][ T9699]  __might_resched+0x3c0/0x5e0
[  669.401107][ T9699]  ? __pfx___might_resched+0x10/0x10
[  669.406444][ T9699]  ? __pfx___lock_acquire+0x10/0x10
[  669.411718][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.417512][ T9699]  ? rcu_is_watching+0x12/0xc0
[  669.422350][ T9699]  __mutex_lock+0xe2/0x9c0
[  669.426829][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.432549][ T9699]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  669.438862][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.444558][ T9699]  ? __pfx___mutex_lock+0x10/0x10
[  669.449635][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  669.454719][ T9699]  ? find_held_lock+0x2d/0x110
[  669.459531][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.465223][ T9699]  ? hci_event_packet+0x438/0x1180
[  669.470398][ T9699]  ? __pfx_lock_release+0x10/0x10
[  669.475499][ T9699]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  669.481884][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.487599][ T9699]  hci_le_create_big_complete_evt+0x387/0xb30
[  669.493747][ T9699]  ? __mutex_unlock_slowpath+0x164/0x650
[  669.499441][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  669.506095][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  669.512133][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.517828][ T9699]  ? skb_pull_data+0x166/0x210
[  669.522655][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  669.527462][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  669.534155][ T9699]  hci_event_packet+0x669/0x1180
[  669.539153][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  669.544475][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  669.550104][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  669.555704][ T9699]  ? mark_held_locks+0x9f/0xe0
[  669.560531][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  669.565684][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  669.570933][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.576640][ T9699]  hci_rx_work+0x2c6/0x1610
[  669.581302][ T9699]  process_one_work+0x9c8/0x1b40
[  669.586332][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  669.591413][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  669.596848][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.602543][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.608221][ T9699]  ? assign_work+0x1a0/0x250
[  669.612871][ T9699]  worker_thread+0x6c8/0xf20
[  669.617507][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.623188][ T9699]  ? __kthread_parkme+0x148/0x220
[  669.628253][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.633976][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  669.639158][ T9699]  kthread+0x2c4/0x3a0
[  669.643276][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  669.648523][ T9699]  ? __pfx_kthread+0x10/0x10
[  669.653157][ T9699]  ret_from_fork+0x48/0x80
[  669.657922][ T9699]  ? __pfx_kthread+0x10/0x10
[  669.662613][ T9699]  ret_from_fork_asm+0x1a/0x30
[  669.667462][ T9699]  </TASK>
[  669.752308][ T9699] 
[  669.754776][ T9699] =============================
[  669.759637][ T9699] [ BUG: Invalid wait context ]
[  669.764500][ T9699] 6.10.0-syzkaller-12030-g66ebbdfdeb09 #0 Tainted: G        W         
[  669.772758][ T9699] -----------------------------
[  669.777615][ T9699] kworker/u9:2/9699 is trying to lock:
[  669.783088][ T9699] ffffffff8f9e3b68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0x387/0xb30
[  669.794075][ T9699] other info that might help us debug this:
[  669.799971][ T9699] context-{4:4}
[  669.803438][ T9699] 4 locks held by kworker/u9:2/9699:
[  669.808734][ T9699]  #0: ffff88805c18e948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x1277/0x1b40
[  669.819285][ T9699]  #1: ffffc9000c53fd80 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1b40
[  669.830948][ T9699]  #2: ffff888012688078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xde/0xb30
[  669.841580][ T9699]  #3: ffffffff8dbb94e0 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0x100/0xb30
[  669.852581][ T9699] stack backtrace:
[  669.856310][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G        W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  669.868410][ T9699] Tainted: [W]=WARN
[  669.872219][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  669.882292][ T9699] Workqueue: hci0 hci_rx_work
[  669.886999][ T9699] Call Trace:
[  669.890285][ T9699]  <TASK>
[  669.893225][ T9699]  dump_stack_lvl+0x116/0x1f0
[  669.897937][ T9699]  __lock_acquire+0x13cc/0x3cb0
[  669.902844][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.908518][ T9699]  ? __pfx___lock_acquire+0x10/0x10
[  669.913759][ T9699]  ? irqentry_exit+0x3b/0x90
[  669.918385][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.924058][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  669.929288][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.934967][ T9699]  lock_acquire+0x1b1/0x560
[  669.939544][ T9699]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  669.945883][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  669.951224][ T9699]  ? dump_stack_lvl+0x1a3/0x1f0
[  669.956195][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.961875][ T9699]  ? add_taint+0x5f/0xd0
[  669.966161][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.971833][ T9699]  ? __might_resched+0x3cc/0x5e0
[  669.976817][ T9699]  ? __pfx___might_resched+0x10/0x10
[  669.982306][ T9699]  ? __pfx___lock_acquire+0x10/0x10
[  669.987730][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  669.993422][ T9699]  __mutex_lock+0x175/0x9c0
[  669.998014][ T9699]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  670.004388][ T9699]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  670.010672][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.016344][ T9699]  ? __pfx___mutex_lock+0x10/0x10
[  670.021406][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  670.026498][ T9699]  ? find_held_lock+0x2d/0x110
[  670.031295][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.036974][ T9699]  ? hci_event_packet+0x438/0x1180
[  670.042128][ T9699]  ? __pfx_lock_release+0x10/0x10
[  670.047293][ T9699]  ? hci_le_create_big_complete_evt+0x387/0xb30
[  670.053574][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.059251][ T9699]  hci_le_create_big_complete_evt+0x387/0xb30
[  670.065383][ T9699]  ? __mutex_unlock_slowpath+0x164/0x650
[  670.071056][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  670.077690][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  670.083711][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.089386][ T9699]  ? skb_pull_data+0x166/0x210
[  670.094902][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  670.099693][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  670.106327][ T9699]  hci_event_packet+0x669/0x1180
[  670.111342][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  670.116695][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  670.122122][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  670.127709][ T9699]  ? mark_held_locks+0x9f/0xe0
[  670.132521][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  670.137657][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  670.142890][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.148572][ T9699]  hci_rx_work+0x2c6/0x1610
[  670.153116][ T9699]  process_one_work+0x9c8/0x1b40
[  670.158126][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  670.163293][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  670.168822][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.174510][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.180187][ T9699]  ? assign_work+0x1a0/0x250
[  670.184832][ T9699]  worker_thread+0x6c8/0xf20
[  670.189631][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.195310][ T9699]  ? __kthread_parkme+0x148/0x220
[  670.200373][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.206057][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  670.211195][ T9699]  kthread+0x2c4/0x3a0
[  670.215297][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  670.220526][ T9699]  ? __pfx_kthread+0x10/0x10
[  670.225159][ T9699]  ret_from_fork+0x48/0x80
[  670.229622][ T9699]  ? __pfx_kthread+0x10/0x10
[  670.234244][ T9699]  ret_from_fork_asm+0x1a/0x30
[  670.239066][ T9699]  </TASK>
[  670.272405][ T9699] ==================================================================
[  670.280538][ T9699] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30
[  670.289630][ T9699] Read of size 8 at addr ffff888057f30000 by task kworker/u9:2/9699
[  670.297644][ T9699] 
[  670.299990][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G        W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  670.312025][ T9699] Tainted: [W]=WARN
[  670.315849][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  670.326110][ T9699] Workqueue: hci0 hci_rx_work
[  670.330838][ T9699] Call Trace:
[  670.334141][ T9699]  <TASK>
[  670.337265][ T9699]  dump_stack_lvl+0x116/0x1f0
[  670.341994][ T9699]  print_report+0xc3/0x620
[  670.346470][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.352158][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.357850][ T9699]  ? __phys_addr+0xc6/0x150
[  670.362405][ T9699]  kasan_report+0xd9/0x110
[  670.366927][ T9699]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  670.373236][ T9699]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  670.379532][ T9699]  hci_le_create_big_complete_evt+0xa62/0xb30
[  670.385651][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  670.392286][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  670.398311][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.403999][ T9699]  ? skb_pull_data+0x166/0x210
[  670.408843][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  670.413636][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  670.420270][ T9699]  hci_event_packet+0x669/0x1180
[  670.425256][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  670.430570][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  670.435989][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  670.441575][ T9699]  ? mark_held_locks+0x9f/0xe0
[  670.446387][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  670.451523][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  670.456761][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.462445][ T9699]  hci_rx_work+0x2c6/0x1610
[  670.466988][ T9699]  process_one_work+0x9c8/0x1b40
[  670.471990][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  670.477075][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  670.482671][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.488353][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.494028][ T9699]  ? assign_work+0x1a0/0x250
[  670.498673][ T9699]  worker_thread+0x6c8/0xf20
[  670.503306][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.509020][ T9699]  ? __kthread_parkme+0x148/0x220
[  670.514144][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  670.519827][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  670.524965][ T9699]  kthread+0x2c4/0x3a0
[  670.529079][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  670.534316][ T9699]  ? __pfx_kthread+0x10/0x10
[  670.538940][ T9699]  ret_from_fork+0x48/0x80
[  670.543407][ T9699]  ? __pfx_kthread+0x10/0x10
[  670.548031][ T9699]  ret_from_fork_asm+0x1a/0x30
[  670.552854][ T9699]  </TASK>
[  670.555879][ T9699] 
[  670.558208][ T9699] Allocated by task 55:
[  670.562372][ T9699]  kasan_save_stack+0x33/0x60
[  670.567087][ T9699]  kasan_save_track+0x14/0x30
[  670.571796][ T9699]  __kasan_kmalloc+0xaa/0xb0
[  670.576421][ T9699]  __hci_conn_add+0x131/0x1a50
[  670.581207][ T9699]  hci_conn_add+0x56/0x70
[  670.585554][ T9699]  hci_le_big_sync_established_evt+0x73f/0xad0
[  670.591738][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  670.596522][ T9699]  hci_event_packet+0x669/0x1180
[  670.601504][ T9699]  hci_rx_work+0x2c6/0x1610
[  670.606040][ T9699]  process_one_work+0x9c8/0x1b40
[  670.611108][ T9699]  worker_thread+0x6c8/0xf20
[  670.615719][ T9699]  kthread+0x2c4/0x3a0
[  670.619815][ T9699]  ret_from_fork+0x48/0x80
[  670.624276][ T9699]  ret_from_fork_asm+0x1a/0x30
[  670.629109][ T9699] 
[  670.631787][ T9699] Freed by task 9699:
[  670.635777][ T9699]  kasan_save_stack+0x33/0x60
[  670.640493][ T9699]  kasan_save_track+0x14/0x30
[  670.645378][ T9699]  kasan_save_free_info+0x3b/0x60
[  670.650450][ T9699]  poison_slab_object+0xf7/0x160
[  670.655422][ T9699]  __kasan_slab_free+0x32/0x50
[  670.660221][ T9699]  kfree+0x12a/0x3b0
[  670.664141][ T9699]  device_release+0xa4/0x240
[  670.668765][ T9699]  kobject_put+0x1fd/0x5b0
[  670.673210][ T9699]  put_device+0x1f/0x30
[  670.677397][ T9699]  hci_conn_del_sysfs+0x151/0x180
[  670.682443][ T9699]  hci_conn_del+0x54e/0xdb0
[  670.686973][ T9699]  hci_le_create_big_complete_evt+0x4ba/0xb30
[  670.693165][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  670.697966][ T9699]  hci_event_packet+0x669/0x1180
[  670.702961][ T9699]  hci_rx_work+0x2c6/0x1610
[  670.707502][ T9699]  process_one_work+0x9c8/0x1b40
[  670.712493][ T9699]  worker_thread+0x6c8/0xf20
[  670.717110][ T9699]  kthread+0x2c4/0x3a0
[  670.721211][ T9699]  ret_from_fork+0x48/0x80
[  670.725674][ T9699]  ret_from_fork_asm+0x1a/0x30
[  670.730482][ T9699] 
[  670.732812][ T9699] The buggy address belongs to the object at ffff888057f30000
[  670.732812][ T9699]  which belongs to the cache kmalloc-8k of size 8192
[  670.746887][ T9699] The buggy address is located 0 bytes inside of
[  670.746887][ T9699]  freed 8192-byte region [ffff888057f30000, ffff888057f32000)
[  670.760631][ T9699] 
[  670.762965][ T9699] The buggy address belongs to the physical page:
[  670.769377][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x57f30
[  670.778158][ T9699] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  670.786677][ T9699] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  670.794240][ T9699] page_type: 0xfdffffff(slab)
[  670.798940][ T9699] raw: 00fff00000000040 ffff888015442280 ffffea00007bcc00 0000000000000002
[  670.807647][ T9699] raw: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
[  670.816266][ T9699] head: 00fff00000000040 ffff888015442280 ffffea00007bcc00 0000000000000002
[  670.824965][ T9699] head: 0000000000000000 0000000000020002 00000001fdffffff 0000000000000000
[  670.833658][ T9699] head: 00fff00000000003 ffffea00015fcc01 ffffffffffffffff 0000000000000000
[  670.842349][ T9699] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  670.851112][ T9699] page dumped because: kasan: bad access detected
[  670.857534][ T9699] page_owner tracks the page as allocated
[  670.863251][ T9699] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 9205, tgid 9204 (syz.4.957), ts 601690076932, free_ts 601614152701
[  670.885967][ T9699]  post_alloc_hook+0x2d1/0x350
[  670.890775][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  670.896363][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  670.901846][ T9699]  alloc_slab_page+0x4e/0xf0
[  670.906487][ T9699]  new_slab+0x84/0x260
[  670.910597][ T9699]  ___slab_alloc+0xdac/0x1870
[  670.915320][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  670.920729][ T9699]  __kmalloc_noprof+0x367/0x400
[  670.925617][ T9699]  bpf_test_init.isra.0+0xa5/0x150
[  670.930758][ T9699]  bpf_prog_test_run_xdp+0x4f6/0x1530
[  670.936162][ T9699]  __sys_bpf+0x10d5/0x4a30
[  670.940621][ T9699]  __x64_sys_bpf+0x78/0xc0
[  670.945149][ T9699]  do_syscall_64+0xcd/0x250
[  670.949694][ T9699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  670.955622][ T9699] page last free pid 5087 tgid 5087 stack trace:
[  670.961966][ T9699]  free_unref_page+0x64a/0xe40
[  670.966780][ T9699]  __folio_put+0x31c/0x3e0
[  670.971323][ T9699]  skb_release_data+0x5df/0x980
[  670.976284][ T9699]  __kfree_skb+0x4f/0x70
[  670.980552][ T9699]  tcp_ack+0x1eb7/0x5ba0
[  670.984904][ T9699]  tcp_rcv_established+0x60f/0x21c0
[  670.990132][ T9699]  tcp_v4_do_rcv+0x5ca/0xa90
[  670.994756][ T9699]  tcp_v4_rcv+0x344c/0x44e0
[  670.999373][ T9699]  ip_protocol_deliver_rcu+0xba/0x4e0
[  671.004785][ T9699]  ip_local_deliver_finish+0x316/0x570
[  671.010290][ T9699]  ip_local_deliver+0x18e/0x1f0
[  671.015194][ T9699]  ip_sublist_rcv_finish+0x2c1/0x620
[  671.020520][ T9699]  ip_list_rcv_finish.constprop.0+0x559/0x720
[  671.026630][ T9699]  ip_list_rcv+0x339/0x450
[  671.031087][ T9699]  __netif_receive_skb_list_core+0x755/0x950
[  671.037115][ T9699]  netif_receive_skb_list_internal+0x753/0xda0
[  671.043313][ T9699] 
[  671.045638][ T9699] Memory state around the buggy address:
[  671.051274][ T9699]  ffff888057f2ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.059362][ T9699]  ffff888057f2ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  671.067445][ T9699] >ffff888057f30000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.075522][ T9699]                    ^
[  671.079686][ T9699]  ffff888057f30080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.087777][ T9699]  ffff888057f30100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.095873][ T9699] ==================================================================
[  671.161320][ T5108] Bluetooth: hci6: command tx timeout
[  671.166926][ T9699] ==================================================================
[  671.175021][ T9699] BUG: KASAN: slab-use-after-free in memcmp+0x1ab/0x1d0
[  671.182026][ T9699] Read of size 1 at addr ffff88802453db54 by task kworker/u9:2/9699
[  671.190163][ T9699] 
[  671.192533][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  671.204664][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  671.209709][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  671.219807][ T9699] Workqueue: hci0 hci_rx_work
[  671.224547][ T9699] Call Trace:
[  671.227848][ T9699]  <TASK>
[  671.230800][ T9699]  dump_stack_lvl+0x116/0x1f0
[  671.235529][ T9699]  print_report+0xc3/0x620
[  671.240009][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.244488][ T9761] loop2: detected capacity change from 0 to 4096
[  671.245681][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.257662][ T9699]  ? __phys_addr+0xc6/0x150
[  671.262220][ T9699]  kasan_report+0xd9/0x110
[  671.266701][ T9699]  ? memcmp+0x1ab/0x1d0
[  671.270913][ T9699]  ? memcmp+0x1ab/0x1d0
[  671.275214][ T9699]  memcmp+0x1ab/0x1d0
[  671.279250][ T9699]  hci_le_create_big_complete_evt+0x1ef/0xb30
[  671.285384][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  671.292059][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  671.298113][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.303816][ T9699]  ? skb_pull_data+0x166/0x210
[  671.308746][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  671.313556][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  671.320306][ T9699]  hci_event_packet+0x669/0x1180
[  671.325314][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  671.330684][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  671.336153][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  671.341762][ T9699]  ? mark_held_locks+0x9f/0xe0
[  671.346595][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  671.351750][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  671.357003][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.359384][ T9751] sctp: failed to load transform for md5: -2
[  671.362679][ T9699]  hci_rx_work+0x2c6/0x1610
[  671.362735][ T9699]  process_one_work+0x9c8/0x1b40
[  671.362820][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  671.362889][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  671.362966][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.363036][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.363095][ T9699]  ? assign_work+0x1a0/0x250
[  671.405250][ T9699]  worker_thread+0x6c8/0xf20
[  671.409927][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.415623][ T9699]  ? __kthread_parkme+0x148/0x220
[  671.420710][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  671.426404][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  671.431663][ T9699]  kthread+0x2c4/0x3a0
[  671.435796][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.441049][ T9699]  ? __pfx_kthread+0x10/0x10
[  671.445712][ T9699]  ret_from_fork+0x48/0x80
[  671.450195][ T9699]  ? __pfx_kthread+0x10/0x10
[  671.455065][ T9699]  ret_from_fork_asm+0x1a/0x30
[  671.459986][ T9699]  </TASK>
[  671.463030][ T9699] 
[  671.465363][ T9699] Allocated by task 9699:
[  671.470140][ T9699]  kasan_save_stack+0x33/0x60
[  671.475155][ T9699]  kasan_save_track+0x14/0x30
[  671.479884][ T9699]  __kasan_slab_alloc+0x89/0x90
[  671.484818][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  671.490765][ T9699]  __alloc_skb+0x2b1/0x380
[  671.495244][ T9699]  __netdev_alloc_skb+0x76/0x900
[  671.500213][ T9699]  hsr_init_skb+0x11c/0x520
[  671.504784][ T9699]  send_hsr_supervision_frame+0xbe/0x9f0
[  671.510577][ T9699]  hsr_announce+0x16a/0x3e0
[  671.515296][ T9699]  call_timer_fn+0x1a3/0x610
[  671.519946][ T9699]  __run_timers+0x74b/0xaf0
[  671.524495][ T9699]  run_timer_base+0x111/0x190
[  671.529223][ T9699]  run_timer_softirq+0x1a/0x40
[  671.534032][ T9699]  handle_softirqs+0x219/0x8f0
[  671.539010][ T9699]  irq_exit_rcu+0xbb/0x120
[  671.543485][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  671.549164][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  671.555178][ T9699] 
[  671.557503][ T9699] Freed by task 9699:
[  671.561484][ T9699]  kasan_save_stack+0x33/0x60
[  671.566211][ T9699]  kasan_save_track+0x14/0x30
[  671.570921][ T9699]  kasan_save_free_info+0x3b/0x60
[  671.576058][ T9699]  poison_slab_object+0xf7/0x160
[  671.581030][ T9699]  __kasan_slab_free+0x32/0x50
[  671.585846][ T9699]  kmem_cache_free+0x12f/0x3a0
[  671.590645][ T9699]  kfree_skbmem+0x10e/0x200
[  671.595193][ T9699]  sk_skb_reason_drop+0x140/0x210
[  671.600241][ T9699]  hsr_forward_skb+0x1446/0x25d0
[  671.605750][ T9699]  send_hsr_supervision_frame+0x4bb/0x9f0
[  671.611525][ T9699]  hsr_announce+0x16a/0x3e0
[  671.616086][ T9699]  call_timer_fn+0x1a3/0x610
[  671.620717][ T9699]  __run_timers+0x74b/0xaf0
[  671.625263][ T9699]  run_timer_base+0x111/0x190
[  671.630025][ T9699]  run_timer_softirq+0x1a/0x40
[  671.634838][ T9699]  handle_softirqs+0x219/0x8f0
[  671.639623][ T9699]  irq_exit_rcu+0xbb/0x120
[  671.644157][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  671.649884][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  671.656117][ T9699] 
[  671.658443][ T9699] The buggy address belongs to the object at ffff88802453db40
[  671.658443][ T9699]  which belongs to the cache skbuff_head_cache of size 240
[  671.673052][ T9699] The buggy address is located 20 bytes inside of
[  671.673052][ T9699]  freed 240-byte region [ffff88802453db40, ffff88802453dc30)
[  671.686908][ T9699] 
[  671.689236][ T9699] The buggy address belongs to the physical page:
[  671.695672][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2453d
[  671.704459][ T9699] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  671.711953][ T9699] page_type: 0xfdffffff(slab)
[  671.716673][ T9699] raw: 00fff00000000000 ffff8880192e0780 ffffea0000b12980 0000000000000003
[  671.725285][ T9699] raw: 0000000000000000 00000000000c000c 00000001fdffffff 0000000000000000
[  671.734137][ T9699] page dumped because: kasan: bad access detected
[  671.740564][ T9699] page_owner tracks the page as allocated
[  671.746289][ T9699] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1052, tgid 1052 (kworker/0:2), ts 653755679170, free_ts 653584499871
[  671.767089][ T9699]  post_alloc_hook+0x2d1/0x350
[  671.771894][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  671.777486][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  671.782815][ T9699]  alloc_slab_page+0x4e/0xf0
[  671.787441][ T9699]  new_slab+0x84/0x260
[  671.791540][ T9699]  ___slab_alloc+0xdac/0x1870
[  671.796259][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  671.801666][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  671.807597][ T9699]  __alloc_skb+0x2b1/0x380
[  671.812053][ T9699]  nsim_dev_trap_report_work+0x2a4/0xc80
[  671.817734][ T9699]  process_one_work+0x9c8/0x1b40
[  671.822719][ T9699]  worker_thread+0x6c8/0xf20
[  671.827324][ T9699]  kthread+0x2c4/0x3a0
[  671.831513][ T9699]  ret_from_fork+0x48/0x80
[  671.835999][ T9699]  ret_from_fork_asm+0x1a/0x30
[  671.840807][ T9699] page last free pid 9582 tgid 9582 stack trace:
[  671.847162][ T9699]  free_unref_folios+0x9e9/0x1390
[  671.852231][ T9699]  folios_put_refs+0x560/0x760
[  671.857045][ T9699]  free_pages_and_swap_cache+0x45f/0x510
[  671.862712][ T9699]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  671.868837][ T9699]  tlb_finish_mmu+0x168/0x7b0
[  671.873543][ T9699]  exit_mmap+0x3d1/0xb20
[  671.877803][ T9699]  __mmput+0x12a/0x480
[  671.881978][ T9699]  mmput+0x62/0x70
[  671.885741][ T9699]  do_exit+0x9bf/0x2bb0
[  671.889933][ T9699]  do_group_exit+0xd3/0x2a0
[  671.894559][ T9699]  __x64_sys_exit_group+0x3e/0x50
[  671.899620][ T9699]  x64_sys_call+0x14a9/0x16a0
[  671.904337][ T9699]  do_syscall_64+0xcd/0x250
[  671.908879][ T9699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.914825][ T9699] 
[  671.917160][ T9699] Memory state around the buggy address:
[  671.922799][ T9699]  ffff88802453da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.930880][ T9699]  ffff88802453da80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  671.938961][ T9699] >ffff88802453db00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  671.947033][ T9699]                                                  ^
[  671.953715][ T9699]  ffff88802453db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  671.961790][ T9699]  ffff88802453dc00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  671.969859][ T9699] ==================================================================
[  671.987780][ T9699] ==================================================================
[  671.995894][ T9699] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30
[  672.004967][ T9699] Read of size 8 at addr ffff88802453db40 by task kworker/u9:2/9699
[  672.013046][ T9699] 
[  672.015380][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  672.027568][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  672.032813][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  672.043439][ T9699] Workqueue: hci0 hci_rx_work
[  672.048152][ T9699] Call Trace:
[  672.051440][ T9699]  <TASK>
[  672.054381][ T9699]  dump_stack_lvl+0x116/0x1f0
[  672.059091][ T9699]  print_report+0xc3/0x620
[  672.063553][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.069224][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.074918][ T9699]  ? __phys_addr+0xc6/0x150
[  672.079473][ T9699]  kasan_report+0xd9/0x110
[  672.083979][ T9699]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  672.090531][ T9699]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  672.096837][ T9699]  hci_le_create_big_complete_evt+0xa62/0xb30
[  672.102965][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  672.109605][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  672.115639][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.121316][ T9699]  ? skb_pull_data+0x166/0x210
[  672.126128][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  672.130921][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  672.137575][ T9699]  hci_event_packet+0x669/0x1180
[  672.142591][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  672.147919][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  672.153347][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  672.158943][ T9699]  ? mark_held_locks+0x9f/0xe0
[  672.163769][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  672.168921][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  672.174168][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.179848][ T9699]  hci_rx_work+0x2c6/0x1610
[  672.184390][ T9699]  process_one_work+0x9c8/0x1b40
[  672.189390][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  672.194468][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  672.199924][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.205614][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.211289][ T9699]  ? assign_work+0x1a0/0x250
[  672.215936][ T9699]  worker_thread+0x6c8/0xf20
[  672.220569][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.226250][ T9699]  ? __kthread_parkme+0x148/0x220
[  672.231311][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.236995][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  672.242144][ T9699]  kthread+0x2c4/0x3a0
[  672.246356][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  672.251594][ T9699]  ? __pfx_kthread+0x10/0x10
[  672.256255][ T9699]  ret_from_fork+0x48/0x80
[  672.260724][ T9699]  ? __pfx_kthread+0x10/0x10
[  672.265366][ T9699]  ret_from_fork_asm+0x1a/0x30
[  672.270196][ T9699]  </TASK>
[  672.273230][ T9699] 
[  672.275556][ T9699] Allocated by task 9699:
[  672.279887][ T9699]  kasan_save_stack+0x33/0x60
[  672.284611][ T9699]  kasan_save_track+0x14/0x30
[  672.289326][ T9699]  __kasan_slab_alloc+0x89/0x90
[  672.294304][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  672.300241][ T9699]  __alloc_skb+0x2b1/0x380
[  672.304703][ T9699]  __netdev_alloc_skb+0x76/0x900
[  672.309751][ T9699]  hsr_init_skb+0x11c/0x520
[  672.314407][ T9699]  send_hsr_supervision_frame+0xbe/0x9f0
[  672.320137][ T9699]  hsr_announce+0x16a/0x3e0
[  672.324690][ T9699]  call_timer_fn+0x1a3/0x610
[  672.329441][ T9699]  __run_timers+0x74b/0xaf0
[  672.333985][ T9699]  run_timer_base+0x111/0x190
[  672.338733][ T9699]  run_timer_softirq+0x1a/0x40
[  672.343550][ T9699]  handle_softirqs+0x219/0x8f0
[  672.348361][ T9699]  irq_exit_rcu+0xbb/0x120
[  672.352822][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  672.358498][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  672.364514][ T9699] 
[  672.366840][ T9699] Freed by task 9699:
[  672.370908][ T9699]  kasan_save_stack+0x33/0x60
[  672.375628][ T9699]  kasan_save_track+0x14/0x30
[  672.380341][ T9699]  kasan_save_free_info+0x3b/0x60
[  672.385392][ T9699]  poison_slab_object+0xf7/0x160
[  672.390364][ T9699]  __kasan_slab_free+0x32/0x50
[  672.395162][ T9699]  kmem_cache_free+0x12f/0x3a0
[  672.399982][ T9699]  kfree_skbmem+0x10e/0x200
[  672.404610][ T9699]  sk_skb_reason_drop+0x140/0x210
[  672.409786][ T9699]  hsr_forward_skb+0x1446/0x25d0
[  672.414755][ T9699]  send_hsr_supervision_frame+0x4bb/0x9f0
[  672.420521][ T9699]  hsr_announce+0x16a/0x3e0
[  672.425086][ T9699]  call_timer_fn+0x1a3/0x610
[  672.429718][ T9699]  __run_timers+0x74b/0xaf0
[  672.434267][ T9699]  run_timer_base+0x111/0x190
[  672.438992][ T9699]  run_timer_softirq+0x1a/0x40
[  672.443812][ T9699]  handle_softirqs+0x219/0x8f0
[  672.448615][ T9699]  irq_exit_rcu+0xbb/0x120
[  672.453098][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  672.458765][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  672.464824][ T9699] 
[  672.467153][ T9699] The buggy address belongs to the object at ffff88802453db40
[  672.467153][ T9699]  which belongs to the cache skbuff_head_cache of size 240
[  672.481751][ T9699] The buggy address is located 0 bytes inside of
[  672.481751][ T9699]  freed 240-byte region [ffff88802453db40, ffff88802453dc30)
[  672.495427][ T9699] 
[  672.497758][ T9699] The buggy address belongs to the physical page:
[  672.504170][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2453d
[  672.512954][ T9699] ksm flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  672.520426][ T9699] page_type: 0xfdffffff(slab)
[  672.525210][ T9699] raw: 00fff00000000000 ffff8880192e0780 ffffea0000b12980 0000000000000003
[  672.533939][ T9699] raw: 0000000000000000 00000000000c000c 00000001fdffffff 0000000000000000
[  672.542632][ T9699] page dumped because: kasan: bad access detected
[  672.549065][ T9699] page_owner tracks the page as allocated
[  672.554830][ T9699] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 1052, tgid 1052 (kworker/0:2), ts 653755679170, free_ts 653584499871
[  672.575726][ T9699]  post_alloc_hook+0x2d1/0x350
[  672.580537][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  672.586216][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  672.591544][ T9699]  alloc_slab_page+0x4e/0xf0
[  672.596308][ T9699]  new_slab+0x84/0x260
[  672.600415][ T9699]  ___slab_alloc+0xdac/0x1870
[  672.605127][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  672.610635][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  672.616664][ T9699]  __alloc_skb+0x2b1/0x380
[  672.621122][ T9699]  nsim_dev_trap_report_work+0x2a4/0xc80
[  672.626804][ T9699]  process_one_work+0x9c8/0x1b40
[  672.631795][ T9699]  worker_thread+0x6c8/0xf20
[  672.636403][ T9699]  kthread+0x2c4/0x3a0
[  672.640501][ T9699]  ret_from_fork+0x48/0x80
[  672.644964][ T9699]  ret_from_fork_asm+0x1a/0x30
[  672.649779][ T9699] page last free pid 9582 tgid 9582 stack trace:
[  672.656206][ T9699]  free_unref_folios+0x9e9/0x1390
[  672.661271][ T9699]  folios_put_refs+0x560/0x760
[  672.666167][ T9699]  free_pages_and_swap_cache+0x45f/0x510
[  672.671830][ T9699]  __tlb_batch_free_encoded_pages+0xf9/0x290
[  672.678365][ T9699]  tlb_finish_mmu+0x168/0x7b0
[  672.683097][ T9699]  exit_mmap+0x3d1/0xb20
[  672.687530][ T9699]  __mmput+0x12a/0x480
[  672.691707][ T9699]  mmput+0x62/0x70
[  672.695448][ T9699]  do_exit+0x9bf/0x2bb0
[  672.699642][ T9699]  do_group_exit+0xd3/0x2a0
[  672.704266][ T9699]  __x64_sys_exit_group+0x3e/0x50
[  672.709765][ T9699]  x64_sys_call+0x14a9/0x16a0
[  672.714485][ T9699]  do_syscall_64+0xcd/0x250
[  672.719022][ T9699]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.724975][ T9699] 
[  672.727736][ T9699] Memory state around the buggy address:
[  672.733375][ T9699]  ffff88802453da00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  672.741452][ T9699]  ffff88802453da80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc
[  672.749527][ T9699] >ffff88802453db00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  672.757610][ T9699]                                            ^
[  672.763776][ T9699]  ffff88802453db80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  672.771853][ T9699]  ffff88802453dc00: fb fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc
[  672.779920][ T9699] ==================================================================
[  672.810023][   T55] Bluetooth: hci0: Opcode 0x206c failed: -110
[  672.816834][ T9699] ==================================================================
[  672.824923][ T9699] BUG: KASAN: slab-use-after-free in memcmp+0x1ab/0x1d0
[  672.832010][ T9699] Read of size 1 at addr ffff888078b1c014 by task kworker/u9:2/9699
[  672.840024][ T9699] 
[  672.842373][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  672.854589][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  672.859722][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  672.869815][ T9699] Workqueue: hci0 hci_rx_work
[  672.874536][ T9699] Call Trace:
[  672.877833][ T9699]  <TASK>
[  672.880789][ T9699]  dump_stack_lvl+0x116/0x1f0
[  672.885506][ T9699]  print_report+0xc3/0x620
[  672.889982][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.895673][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.901367][ T9699]  ? __phys_addr+0xc6/0x150
[  672.905922][ T9699]  kasan_report+0xd9/0x110
[  672.910398][ T9699]  ? memcmp+0x1ab/0x1d0
[  672.914776][ T9699]  ? memcmp+0x1ab/0x1d0
[  672.919077][ T9699]  memcmp+0x1ab/0x1d0
[  672.923110][ T9699]  hci_le_create_big_complete_evt+0x1ef/0xb30
[  672.929252][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  672.935915][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  672.941965][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  672.947645][ T9699]  ? skb_pull_data+0x166/0x210
[  672.952459][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  672.957518][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  672.964174][ T9699]  hci_event_packet+0x669/0x1180
[  672.969175][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  672.974489][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  672.979927][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  672.985518][ T9699]  ? mark_held_locks+0x9f/0xe0
[  672.990331][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  672.995477][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  673.000740][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.006451][ T9699]  hci_rx_work+0x2c6/0x1610
[  673.010995][ T9699]  process_one_work+0x9c8/0x1b40
[  673.016237][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  673.021313][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  673.026835][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.032525][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.038199][ T9699]  ? assign_work+0x1a0/0x250
[  673.042928][ T9699]  worker_thread+0x6c8/0xf20
[  673.047555][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.053230][ T9699]  ? __kthread_parkme+0x148/0x220
[  673.058381][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.064075][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  673.069212][ T9699]  kthread+0x2c4/0x3a0
[  673.073318][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  673.078558][ T9699]  ? __pfx_kthread+0x10/0x10
[  673.083208][ T9699]  ret_from_fork+0x48/0x80
[  673.087676][ T9699]  ? __pfx_kthread+0x10/0x10
[  673.092304][ T9699]  ret_from_fork_asm+0x1a/0x30
[  673.097129][ T9699]  </TASK>
[  673.100418][ T9699] 
[  673.102767][ T9699] Allocated by task 9699:
[  673.107101][ T9699]  kasan_save_stack+0x33/0x60
[  673.111816][ T9699]  kasan_save_track+0x14/0x30
[  673.116525][ T9699]  __kasan_slab_alloc+0x89/0x90
[  673.121409][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  673.127345][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  673.132163][ T9699]  __alloc_skb+0x164/0x380
[  673.136629][ T9699]  __netdev_alloc_skb+0x76/0x900
[  673.141604][ T9699]  __ieee80211_beacon_get+0xc1f/0x16b0
[  673.147087][ T9699]  ieee80211_beacon_get_tim+0xa7/0x280
[  673.152567][ T9699]  mac80211_hwsim_beacon_tx+0x4ea/0xa00
[  673.158142][ T9699]  __iterate_interfaces+0x2d5/0x580
[  673.163382][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  673.170460][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  673.175795][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  673.181024][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  673.186245][ T9699]  handle_softirqs+0x219/0x8f0
[  673.191119][ T9699]  irq_exit_rcu+0xbb/0x120
[  673.195562][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  673.201223][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  673.207234][ T9699] 
[  673.209557][ T9699] Freed by task 9699:
[  673.213543][ T9699]  kasan_save_stack+0x33/0x60
[  673.218258][ T9699]  kasan_save_track+0x14/0x30
[  673.222967][ T9699]  kasan_save_free_info+0x3b/0x60
[  673.228014][ T9699]  poison_slab_object+0xf7/0x160
[  673.233005][ T9699]  __kasan_slab_free+0x32/0x50
[  673.237806][ T9699]  kmem_cache_free+0x12f/0x3a0
[  673.242599][ T9699]  skb_free_head+0x18a/0x1d0
[  673.247226][ T9699]  skb_release_data+0x75c/0x980
[  673.252094][ T9699]  consume_skb+0xd0/0x170
[  673.256450][ T9699]  mac80211_hwsim_tx_frame+0x1f3/0x2a0
[  673.262026][ T9699]  mac80211_hwsim_beacon_tx+0x592/0xa00
[  673.267605][ T9699]  __iterate_interfaces+0x2d5/0x580
[  673.272849][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  673.279918][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  673.285246][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  673.290474][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  673.295610][ T9699]  handle_softirqs+0x219/0x8f0
[  673.300398][ T9699]  irq_exit_rcu+0xbb/0x120
[  673.304837][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  673.310532][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  673.316631][ T9699] 
[  673.318957][ T9699] The buggy address belongs to the object at ffff888078b1c000
[  673.318957][ T9699]  which belongs to the cache skbuff_small_head of size 640
[  673.333635][ T9699] The buggy address is located 20 bytes inside of
[  673.333635][ T9699]  freed 640-byte region [ffff888078b1c000, ffff888078b1c280)
[  673.347389][ T9699] 
[  673.349815][ T9699] The buggy address belongs to the physical page:
[  673.356232][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078b1d200 pfn:0x78b1c
[  673.366415][ T9699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  673.374954][ T9699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  673.383477][ T9699] page_type: 0xfdffffff(slab)
[  673.388174][ T9699] raw: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  673.396793][ T9699] raw: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  673.405402][ T9699] head: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  673.414097][ T9699] head: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  673.422794][ T9699] head: 00fff00000000002 ffffea0001e2c701 ffffffffffffffff 0000000000000000
[  673.431484][ T9699] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  673.440249][ T9699] page dumped because: kasan: bad access detected
[  673.446669][ T9699] page_owner tracks the page as allocated
[  673.452479][ T9699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 300366885720, free_ts 300179460103
[  673.475107][ T9699]  post_alloc_hook+0x2d1/0x350
[  673.479916][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  673.485509][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  673.490841][ T9699]  alloc_slab_page+0x4e/0xf0
[  673.495457][ T9699]  new_slab+0x84/0x260
[  673.499557][ T9699]  ___slab_alloc+0xdac/0x1870
[  673.504316][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  673.509723][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  673.515569][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  673.520366][ T9699]  __alloc_skb+0x164/0x380
[  673.524822][ T9699]  netlink_alloc_large_skb+0x69/0x130
[  673.530227][ T9699]  netlink_sendmsg+0x689/0xd70
[  673.535024][ T9699]  ____sys_sendmsg+0xab8/0xc90
[  673.539828][ T9699]  ___sys_sendmsg+0x135/0x1e0
[  673.544617][ T9699]  __sys_sendmsg+0x117/0x1f0
[  673.549226][ T9699]  do_syscall_64+0xcd/0x250
[  673.553771][ T9699] page last free pid 5117 tgid 5117 stack trace:
[  673.560113][ T9699]  free_unref_page+0x64a/0xe40
[  673.564916][ T9699]  qlist_free_all+0x4e/0x140
[  673.569546][ T9699]  kasan_quarantine_reduce+0x192/0x1e0
[  673.575048][ T9699]  __kasan_slab_alloc+0x69/0x90
[  673.579974][ T9699]  kmem_cache_alloc_noprof+0x121/0x2f0
[  673.585472][ T9699]  skb_clone+0x190/0x3f0
[  673.589735][ T9699]  hci_cmd_work+0x1c5/0x750
[  673.594259][ T9699]  process_one_work+0x9c8/0x1b40
[  673.599280][ T9699]  worker_thread+0x6c8/0xf20
[  673.603915][ T9699]  kthread+0x2c4/0x3a0
[  673.608011][ T9699]  ret_from_fork+0x48/0x80
[  673.612558][ T9699]  ret_from_fork_asm+0x1a/0x30
[  673.617373][ T9699] 
[  673.619700][ T9699] Memory state around the buggy address:
[  673.625515][ T9699]  ffff888078b1bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  673.633887][ T9699]  ffff888078b1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  673.642083][ T9699] >ffff888078b1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  673.650336][ T9699]                          ^
[  673.654935][ T9699]  ffff888078b1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  673.663012][ T9699]  ffff888078b1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  673.671164][ T9699] ==================================================================
[  673.713919][ T9699] ==================================================================
[  673.722199][ T9699] BUG: KASAN: slab-use-after-free in memcmp+0x1ab/0x1d0
[  673.724608][ T9761] NILFS (loop2): error -4 creating segctord thread
[  673.729156][ T9699] Read of size 1 at addr ffff888078b1c015 by task kworker/u9:2/9699
[  673.743728][ T9699] 
[  673.746072][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  673.758101][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  673.763136][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  673.773217][ T9699] Workqueue: hci0 hci_rx_work
[  673.777937][ T9699] Call Trace:
[  673.781230][ T9699]  <TASK>
[  673.784178][ T9699]  dump_stack_lvl+0x116/0x1f0
[  673.788898][ T9699]  print_report+0xc3/0x620
[  673.793373][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.799054][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.805072][ T9699]  ? __phys_addr+0xc6/0x150
[  673.809607][ T9699]  kasan_report+0xd9/0x110
[  673.814065][ T9699]  ? memcmp+0x1ab/0x1d0
[  673.818251][ T9699]  ? memcmp+0x1ab/0x1d0
[  673.822442][ T9699]  memcmp+0x1ab/0x1d0
[  673.826459][ T9699]  hci_le_create_big_complete_evt+0x1ef/0xb30
[  673.832577][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  673.839208][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  673.845233][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.850903][ T9699]  ? skb_pull_data+0x166/0x210
[  673.855714][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  673.860501][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  673.867131][ T9699]  hci_event_packet+0x669/0x1180
[  673.872111][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  673.877436][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  673.882862][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  673.888443][ T9699]  ? mark_held_locks+0x9f/0xe0
[  673.893252][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  673.898385][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  673.903616][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.909291][ T9699]  hci_rx_work+0x2c6/0x1610
[  673.913825][ T9699]  process_one_work+0x9c8/0x1b40
[  673.919534][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  673.924610][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  673.930033][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.935713][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.941382][ T9699]  ? assign_work+0x1a0/0x250
[  673.946101][ T9699]  worker_thread+0x6c8/0xf20
[  673.950737][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.956405][ T9699]  ? __kthread_parkme+0x148/0x220
[  673.961458][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  673.967128][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  673.972260][ T9699]  kthread+0x2c4/0x3a0
[  673.976356][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  673.981587][ T9699]  ? __pfx_kthread+0x10/0x10
[  673.986221][ T9699]  ret_from_fork+0x48/0x80
[  673.990683][ T9699]  ? __pfx_kthread+0x10/0x10
[  673.995313][ T9699]  ret_from_fork_asm+0x1a/0x30
[  674.000131][ T9699]  </TASK>
[  674.003156][ T9699] 
[  674.005481][ T9699] Allocated by task 9699:
[  674.009812][ T9699]  kasan_save_stack+0x33/0x60
[  674.014523][ T9699]  kasan_save_track+0x14/0x30
[  674.019228][ T9699]  __kasan_slab_alloc+0x89/0x90
[  674.024111][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  674.030041][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  674.034835][ T9699]  __alloc_skb+0x164/0x380
[  674.039287][ T9699]  __netdev_alloc_skb+0x76/0x900
[  674.044326][ T9699]  __ieee80211_beacon_get+0xc1f/0x16b0
[  674.049806][ T9699]  ieee80211_beacon_get_tim+0xa7/0x280
[  674.055286][ T9699]  mac80211_hwsim_beacon_tx+0x4ea/0xa00
[  674.060861][ T9699]  __iterate_interfaces+0x2d5/0x580
[  674.066097][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  674.073165][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  674.078490][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  674.083980][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  674.089130][ T9699]  handle_softirqs+0x219/0x8f0
[  674.093922][ T9699]  irq_exit_rcu+0xbb/0x120
[  674.098362][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  674.104021][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  674.110054][ T9699] 
[  674.112380][ T9699] Freed by task 9699:
[  674.116364][ T9699]  kasan_save_stack+0x33/0x60
[  674.121074][ T9699]  kasan_save_track+0x14/0x30
[  674.125789][ T9699]  kasan_save_free_info+0x3b/0x60
[  674.130851][ T9699]  poison_slab_object+0xf7/0x160
[  674.135821][ T9699]  __kasan_slab_free+0x32/0x50
[  674.140622][ T9699]  kmem_cache_free+0x12f/0x3a0
[  674.145417][ T9699]  skb_free_head+0x18a/0x1d0
[  674.150042][ T9699]  skb_release_data+0x75c/0x980
[  674.154998][ T9699]  consume_skb+0xd0/0x170
[  674.159347][ T9699]  mac80211_hwsim_tx_frame+0x1f3/0x2a0
[  674.164834][ T9699]  mac80211_hwsim_beacon_tx+0x592/0xa00
[  674.170408][ T9699]  __iterate_interfaces+0x2d5/0x580
[  674.175647][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  674.182808][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  674.188137][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  674.193361][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  674.198494][ T9699]  handle_softirqs+0x219/0x8f0
[  674.203279][ T9699]  irq_exit_rcu+0xbb/0x120
[  674.207721][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  674.213380][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  674.219387][ T9699] 
[  674.221715][ T9699] The buggy address belongs to the object at ffff888078b1c000
[  674.221715][ T9699]  which belongs to the cache skbuff_small_head of size 640
[  674.236392][ T9699] The buggy address is located 21 bytes inside of
[  674.236392][ T9699]  freed 640-byte region [ffff888078b1c000, ffff888078b1c280)
[  674.250120][ T9699] 
[  674.252444][ T9699] The buggy address belongs to the physical page:
[  674.258855][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078b1d200 pfn:0x78b1c
[  674.268933][ T9699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  674.277448][ T9699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  674.285961][ T9699] page_type: 0xfdffffff(slab)
[  674.290747][ T9699] raw: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  674.299353][ T9699] raw: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  674.308044][ T9699] head: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  674.317082][ T9699] head: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  674.325777][ T9699] head: 00fff00000000002 ffffea0001e2c701 ffffffffffffffff 0000000000000000
[  674.334472][ T9699] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  674.343146][ T9699] page dumped because: kasan: bad access detected
[  674.349557][ T9699] page_owner tracks the page as allocated
[  674.355271][ T9699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 300366885720, free_ts 300179460103
[  674.377625][ T9699]  post_alloc_hook+0x2d1/0x350
[  674.382430][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  674.388014][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  674.393342][ T9699]  alloc_slab_page+0x4e/0xf0
[  674.397953][ T9699]  new_slab+0x84/0x260
[  674.402049][ T9699]  ___slab_alloc+0xdac/0x1870
[  674.406761][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  674.412167][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  674.418006][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  674.422797][ T9699]  __alloc_skb+0x164/0x380
[  674.427248][ T9699]  netlink_alloc_large_skb+0x69/0x130
[  674.432652][ T9699]  netlink_sendmsg+0x689/0xd70
[  674.437449][ T9699]  ____sys_sendmsg+0xab8/0xc90
[  674.442276][ T9699]  ___sys_sendmsg+0x135/0x1e0
[  674.446970][ T9699]  __sys_sendmsg+0x117/0x1f0
[  674.451576][ T9699]  do_syscall_64+0xcd/0x250
[  674.456128][ T9699] page last free pid 5117 tgid 5117 stack trace:
[  674.462464][ T9699]  free_unref_page+0x64a/0xe40
[  674.467261][ T9699]  qlist_free_all+0x4e/0x140
[  674.471879][ T9699]  kasan_quarantine_reduce+0x192/0x1e0
[  674.477382][ T9699]  __kasan_slab_alloc+0x69/0x90
[  674.482268][ T9699]  kmem_cache_alloc_noprof+0x121/0x2f0
[  674.487761][ T9699]  skb_clone+0x190/0x3f0
[  674.492026][ T9699]  hci_cmd_work+0x1c5/0x750
[  674.496556][ T9699]  process_one_work+0x9c8/0x1b40
[  674.501535][ T9699]  worker_thread+0x6c8/0xf20
[  674.506141][ T9699]  kthread+0x2c4/0x3a0
[  674.510233][ T9699]  ret_from_fork+0x48/0x80
[  674.514689][ T9699]  ret_from_fork_asm+0x1a/0x30
[  674.519493][ T9699] 
[  674.521815][ T9699] Memory state around the buggy address:
[  674.527447][ T9699]  ffff888078b1bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.535517][ T9699]  ffff888078b1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  674.543678][ T9699] >ffff888078b1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  674.551749][ T9699]                          ^
[  674.556339][ T9699]  ffff888078b1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  674.564414][ T9699]  ffff888078b1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  674.572504][ T9699] ==================================================================
[  674.591689][ T9699] ==================================================================
[  674.599992][ T9699] BUG: KASAN: slab-use-after-free in memcmp+0x1ab/0x1d0
[  674.606982][ T9699] Read of size 1 at addr ffff888078b1c016 by task kworker/u9:2/9699
[  674.614990][ T9699] 
[  674.617332][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  674.629362][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  674.634394][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  674.644475][ T9699] Workqueue: hci0 hci_rx_work
[  674.649191][ T9699] Call Trace:
[  674.652486][ T9699]  <TASK>
[  674.655437][ T9699]  dump_stack_lvl+0x116/0x1f0
[  674.660157][ T9699]  print_report+0xc3/0x620
[  674.664718][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.670405][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.676090][ T9699]  ? __phys_addr+0xc6/0x150
[  674.680643][ T9699]  kasan_report+0xd9/0x110
[  674.685120][ T9699]  ? memcmp+0x1ab/0x1d0
[  674.689322][ T9699]  ? memcmp+0x1ab/0x1d0
[  674.693530][ T9699]  memcmp+0x1ab/0x1d0
[  674.697656][ T9699]  hci_le_create_big_complete_evt+0x1ef/0xb30
[  674.703797][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  674.710449][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  674.716486][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.722295][ T9699]  ? skb_pull_data+0x166/0x210
[  674.727123][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  674.731928][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  674.738589][ T9699]  hci_event_packet+0x669/0x1180
[  674.743607][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  674.748942][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  674.754379][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  674.759981][ T9699]  ? mark_held_locks+0x9f/0xe0
[  674.764806][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  674.769957][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  674.775254][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.780955][ T9699]  hci_rx_work+0x2c6/0x1610
[  674.785516][ T9699]  process_one_work+0x9c8/0x1b40
[  674.790533][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  674.795622][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  674.801060][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.806759][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.812449][ T9699]  ? assign_work+0x1a0/0x250
[  674.817102][ T9699]  worker_thread+0x6c8/0xf20
[  674.821831][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.827518][ T9699]  ? __kthread_parkme+0x148/0x220
[  674.832604][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  674.838332][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  674.843481][ T9699]  kthread+0x2c4/0x3a0
[  674.847596][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  674.852844][ T9699]  ? __pfx_kthread+0x10/0x10
[  674.857567][ T9699]  ret_from_fork+0x48/0x80
[  674.862044][ T9699]  ? __pfx_kthread+0x10/0x10
[  674.866688][ T9699]  ret_from_fork_asm+0x1a/0x30
[  674.871534][ T9699]  </TASK>
[  674.874599][ T9699] 
[  674.876936][ T9699] Allocated by task 9699:
[  674.881391][ T9699]  kasan_save_stack+0x33/0x60
[  674.886120][ T9699]  kasan_save_track+0x14/0x30
[  674.890851][ T9699]  __kasan_slab_alloc+0x89/0x90
[  674.895755][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  674.901709][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  674.906526][ T9699]  __alloc_skb+0x164/0x380
[  674.911025][ T9699]  __netdev_alloc_skb+0x76/0x900
[  674.916019][ T9699]  __ieee80211_beacon_get+0xc1f/0x16b0
[  674.921521][ T9699]  ieee80211_beacon_get_tim+0xa7/0x280
[  674.927028][ T9699]  mac80211_hwsim_beacon_tx+0x4ea/0xa00
[  674.932915][ T9699]  __iterate_interfaces+0x2d5/0x580
[  674.938176][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  674.945270][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  674.950628][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  674.955906][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  674.961066][ T9699]  handle_softirqs+0x219/0x8f0
[  674.965965][ T9699]  irq_exit_rcu+0xbb/0x120
[  674.968391][   T55] Bluetooth: hci0: Opcode 0x2046 failed: -110
[  674.970398][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  674.982121][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  674.988159][ T9699] 
[  674.990504][ T9699] Freed by task 9699:
[  674.994502][ T9699]  kasan_save_stack+0x33/0x60
[  674.999233][ T9699]  kasan_save_track+0x14/0x30
[  675.003968][ T9699]  kasan_save_free_info+0x3b/0x60
[  675.009036][ T9699]  poison_slab_object+0xf7/0x160
[  675.014075][ T9699]  __kasan_slab_free+0x32/0x50
[  675.018878][ T9699]  kmem_cache_free+0x12f/0x3a0
[  675.023713][ T9699]  skb_free_head+0x18a/0x1d0
[  675.028341][ T9699]  skb_release_data+0x75c/0x980
[  675.033210][ T9699]  consume_skb+0xd0/0x170
[  675.037559][ T9699]  mac80211_hwsim_tx_frame+0x1f3/0x2a0
[  675.043047][ T9699]  mac80211_hwsim_beacon_tx+0x592/0xa00
[  675.048622][ T9699]  __iterate_interfaces+0x2d5/0x580
[  675.053860][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  675.061019][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  675.066345][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  675.071565][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  675.076723][ T9699]  handle_softirqs+0x219/0x8f0
[  675.081511][ T9699]  irq_exit_rcu+0xbb/0x120
[  675.085949][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  675.091626][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  675.097647][ T9699] 
[  675.100059][ T9699] The buggy address belongs to the object at ffff888078b1c000
[  675.100059][ T9699]  which belongs to the cache skbuff_small_head of size 640
[  675.115012][ T9699] The buggy address is located 22 bytes inside of
[  675.115012][ T9699]  freed 640-byte region [ffff888078b1c000, ffff888078b1c280)
[  675.128777][ T9699] 
[  675.131104][ T9699] The buggy address belongs to the physical page:
[  675.137518][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078b1d200 pfn:0x78b1c
[  675.148058][ T9699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  675.156580][ T9699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  675.165099][ T9699] page_type: 0xfdffffff(slab)
[  675.169851][ T9699] raw: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  675.178459][ T9699] raw: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  675.187080][ T9699] head: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  675.195797][ T9699] head: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  675.204494][ T9699] head: 00fff00000000002 ffffea0001e2c701 ffffffffffffffff 0000000000000000
[  675.213192][ T9699] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  675.222043][ T9699] page dumped because: kasan: bad access detected
[  675.228457][ T9699] page_owner tracks the page as allocated
[  675.234172][ T9699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 300366885720, free_ts 300179460103
[  675.256618][ T9699]  post_alloc_hook+0x2d1/0x350
[  675.261422][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  675.267118][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  675.272447][ T9699]  alloc_slab_page+0x4e/0xf0
[  675.277061][ T9699]  new_slab+0x84/0x260
[  675.281158][ T9699]  ___slab_alloc+0xdac/0x1870
[  675.285875][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  675.291303][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  675.297156][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  675.301951][ T9699]  __alloc_skb+0x164/0x380
[  675.306414][ T9699]  netlink_alloc_large_skb+0x69/0x130
[  675.311826][ T9699]  netlink_sendmsg+0x689/0xd70
[  675.316633][ T9699]  ____sys_sendmsg+0xab8/0xc90
[  675.321433][ T9699]  ___sys_sendmsg+0x135/0x1e0
[  675.326133][ T9699]  __sys_sendmsg+0x117/0x1f0
[  675.330743][ T9699]  do_syscall_64+0xcd/0x250
[  675.335292][ T9699] page last free pid 5117 tgid 5117 stack trace:
[  675.341628][ T9699]  free_unref_page+0x64a/0xe40
[  675.346435][ T9699]  qlist_free_all+0x4e/0x140
[  675.351056][ T9699]  kasan_quarantine_reduce+0x192/0x1e0
[  675.356550][ T9699]  __kasan_slab_alloc+0x69/0x90
[  675.361438][ T9699]  kmem_cache_alloc_noprof+0x121/0x2f0
[  675.366937][ T9699]  skb_clone+0x190/0x3f0
[  675.371204][ T9699]  hci_cmd_work+0x1c5/0x750
[  675.375730][ T9699]  process_one_work+0x9c8/0x1b40
[  675.380710][ T9699]  worker_thread+0x6c8/0xf20
[  675.385404][ T9699]  kthread+0x2c4/0x3a0
[  675.389498][ T9699]  ret_from_fork+0x48/0x80
[  675.393969][ T9699]  ret_from_fork_asm+0x1a/0x30
[  675.398859][ T9699] 
[  675.401185][ T9699] Memory state around the buggy address:
[  675.406831][ T9699]  ffff888078b1bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  675.414931][ T9699]  ffff888078b1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  675.423026][ T9699] >ffff888078b1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  675.431099][ T9699]                          ^
[  675.435694][ T9699]  ffff888078b1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  675.443773][ T9699]  ffff888078b1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  675.451867][ T9699] ==================================================================
[  675.474567][ T9699] ==================================================================
[  675.482673][ T9699] BUG: KASAN: slab-use-after-free in memcmp+0x1ab/0x1d0
[  675.489661][ T9699] Read of size 1 at addr ffff888078b1c017 by task kworker/u9:2/9699
[  675.497674][ T9699] 
[  675.500019][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  675.512058][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  675.517093][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  675.527178][ T9699] Workqueue: hci0 hci_rx_work
[  675.531888][ T9699] Call Trace:
[  675.535525][ T9699]  <TASK>
[  675.538466][ T9699]  dump_stack_lvl+0x116/0x1f0
[  675.543176][ T9699]  print_report+0xc3/0x620
[  675.547637][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.553312][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.558982][ T9699]  ? __phys_addr+0xc6/0x150
[  675.563521][ T9699]  kasan_report+0xd9/0x110
[  675.567986][ T9699]  ? memcmp+0x1ab/0x1d0
[  675.572177][ T9699]  ? memcmp+0x1ab/0x1d0
[  675.576371][ T9699]  memcmp+0x1ab/0x1d0
[  675.580564][ T9699]  hci_le_create_big_complete_evt+0x1ef/0xb30
[  675.586682][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  675.593318][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  675.599339][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.605020][ T9699]  ? skb_pull_data+0x166/0x210
[  675.609829][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  675.614623][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  675.621266][ T9699]  hci_event_packet+0x669/0x1180
[  675.626263][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  675.631574][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  675.637006][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  675.642589][ T9699]  ? mark_held_locks+0x9f/0xe0
[  675.647398][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  675.652622][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  675.657937][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.663621][ T9699]  hci_rx_work+0x2c6/0x1610
[  675.668159][ T9699]  process_one_work+0x9c8/0x1b40
[  675.673156][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  675.678226][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  675.683650][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.689333][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.695003][ T9699]  ? assign_work+0x1a0/0x250
[  675.699729][ T9699]  worker_thread+0x6c8/0xf20
[  675.704352][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.710023][ T9699]  ? __kthread_parkme+0x148/0x220
[  675.715122][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  675.720803][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  675.725950][ T9699]  kthread+0x2c4/0x3a0
[  675.730148][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  675.735380][ T9699]  ? __pfx_kthread+0x10/0x10
[  675.740002][ T9699]  ret_from_fork+0x48/0x80
[  675.744468][ T9699]  ? __pfx_kthread+0x10/0x10
[  675.749088][ T9699]  ret_from_fork_asm+0x1a/0x30
[  675.753909][ T9699]  </TASK>
[  675.756938][ T9699] 
[  675.759271][ T9699] Allocated by task 9699:
[  675.763606][ T9699]  kasan_save_stack+0x33/0x60
[  675.768318][ T9699]  kasan_save_track+0x14/0x30
[  675.773138][ T9699]  __kasan_slab_alloc+0x89/0x90
[  675.778030][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  675.783964][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  675.788759][ T9699]  __alloc_skb+0x164/0x380
[  675.793396][ T9699]  __netdev_alloc_skb+0x76/0x900
[  675.798356][ T9699]  __ieee80211_beacon_get+0xc1f/0x16b0
[  675.803837][ T9699]  ieee80211_beacon_get_tim+0xa7/0x280
[  675.809317][ T9699]  mac80211_hwsim_beacon_tx+0x4ea/0xa00
[  675.814904][ T9699]  __iterate_interfaces+0x2d5/0x580
[  675.820148][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  675.827225][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  675.832559][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  675.837787][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  675.842928][ T9699]  handle_softirqs+0x219/0x8f0
[  675.847721][ T9699]  irq_exit_rcu+0xbb/0x120
[  675.852165][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  675.857841][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  675.863887][ T9699] 
[  675.866215][ T9699] Freed by task 9699:
[  675.870202][ T9699]  kasan_save_stack+0x33/0x60
[  675.874916][ T9699]  kasan_save_track+0x14/0x30
[  675.879630][ T9699]  kasan_save_free_info+0x3b/0x60
[  675.884680][ T9699]  poison_slab_object+0xf7/0x160
[  675.889737][ T9699]  __kasan_slab_free+0x32/0x50
[  675.894547][ T9699]  kmem_cache_free+0x12f/0x3a0
[  675.899342][ T9699]  skb_free_head+0x18a/0x1d0
[  675.903973][ T9699]  skb_release_data+0x75c/0x980
[  675.908842][ T9699]  consume_skb+0xd0/0x170
[  675.913192][ T9699]  mac80211_hwsim_tx_frame+0x1f3/0x2a0
[  675.918681][ T9699]  mac80211_hwsim_beacon_tx+0x592/0xa00
[  675.924257][ T9699]  __iterate_interfaces+0x2d5/0x580
[  675.929938][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  675.937018][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  675.942350][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  675.947574][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  675.952711][ T9699]  handle_softirqs+0x219/0x8f0
[  675.957530][ T9699]  irq_exit_rcu+0xbb/0x120
[  675.961975][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  675.967637][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  675.973673][ T9699] 
[  675.976001][ T9699] The buggy address belongs to the object at ffff888078b1c000
[  675.976001][ T9699]  which belongs to the cache skbuff_small_head of size 640
[  675.990682][ T9699] The buggy address is located 23 bytes inside of
[  675.990682][ T9699]  freed 640-byte region [ffff888078b1c000, ffff888078b1c280)
[  676.004416][ T9699] 
[  676.006831][ T9699] The buggy address belongs to the physical page:
[  676.013265][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078b1d200 pfn:0x78b1c
[  676.023344][ T9699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  676.031861][ T9699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  676.040402][ T9699] page_type: 0xfdffffff(slab)
[  676.045106][ T9699] raw: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  676.053716][ T9699] raw: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  676.062324][ T9699] head: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  676.071019][ T9699] head: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  676.079740][ T9699] head: 00fff00000000002 ffffea0001e2c701 ffffffffffffffff 0000000000000000
[  676.088438][ T9699] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  676.097116][ T9699] page dumped because: kasan: bad access detected
[  676.103533][ T9699] page_owner tracks the page as allocated
[  676.109248][ T9699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 300366885720, free_ts 300179460103
[  676.131629][ T9699]  post_alloc_hook+0x2d1/0x350
[  676.136451][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  676.142039][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  676.147372][ T9699]  alloc_slab_page+0x4e/0xf0
[  676.151986][ T9699]  new_slab+0x84/0x260
[  676.156088][ T9699]  ___slab_alloc+0xdac/0x1870
[  676.160797][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  676.166206][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  676.172050][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  676.176851][ T9699]  __alloc_skb+0x164/0x380
[  676.181308][ T9699]  netlink_alloc_large_skb+0x69/0x130
[  676.186711][ T9699]  netlink_sendmsg+0x689/0xd70
[  676.191510][ T9699]  ____sys_sendmsg+0xab8/0xc90
[  676.196305][ T9699]  ___sys_sendmsg+0x135/0x1e0
[  676.201019][ T9699]  __sys_sendmsg+0x117/0x1f0
[  676.205627][ T9699]  do_syscall_64+0xcd/0x250
[  676.210169][ T9699] page last free pid 5117 tgid 5117 stack trace:
[  676.216505][ T9699]  free_unref_page+0x64a/0xe40
[  676.221305][ T9699]  qlist_free_all+0x4e/0x140
[  676.226012][ T9699]  kasan_quarantine_reduce+0x192/0x1e0
[  676.231503][ T9699]  __kasan_slab_alloc+0x69/0x90
[  676.236396][ T9699]  kmem_cache_alloc_noprof+0x121/0x2f0
[  676.241896][ T9699]  skb_clone+0x190/0x3f0
[  676.246166][ T9699]  hci_cmd_work+0x1c5/0x750
[  676.250691][ T9699]  process_one_work+0x9c8/0x1b40
[  676.255676][ T9699]  worker_thread+0x6c8/0xf20
[  676.260284][ T9699]  kthread+0x2c4/0x3a0
[  676.264377][ T9699]  ret_from_fork+0x48/0x80
[  676.268838][ T9699]  ret_from_fork_asm+0x1a/0x30
[  676.273644][ T9699] 
[  676.275970][ T9699] Memory state around the buggy address:
[  676.281603][ T9699]  ffff888078b1bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  676.289685][ T9699]  ffff888078b1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  676.297769][ T9699] >ffff888078b1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  676.305847][ T9699]                          ^
[  676.310442][ T9699]  ffff888078b1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  676.318527][ T9699]  ffff888078b1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  676.326598][ T9699] ==================================================================
[  676.345502][ T9699] ==================================================================
[  676.353597][ T9699] BUG: KASAN: slab-use-after-free in memcmp+0x1ab/0x1d0
[  676.360580][ T9699] Read of size 1 at addr ffff888078b1c018 by task kworker/u9:2/9699
[  676.368586][ T9699] 
[  676.370936][ T9699] CPU: 1 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  676.382979][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  676.388014][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  676.398099][ T9699] Workqueue: hci0 hci_rx_work
[  676.402860][ T9699] Call Trace:
[  676.406159][ T9699]  <TASK>
[  676.409110][ T9699]  dump_stack_lvl+0x116/0x1f0
[  676.413834][ T9699]  print_report+0xc3/0x620
[  676.418297][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.423973][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.429644][ T9699]  ? __phys_addr+0xc6/0x150
[  676.434186][ T9699]  kasan_report+0xd9/0x110
[  676.438653][ T9699]  ? memcmp+0x1ab/0x1d0
[  676.442861][ T9699]  ? memcmp+0x1ab/0x1d0
[  676.447058][ T9699]  memcmp+0x1ab/0x1d0
[  676.451079][ T9699]  hci_le_create_big_complete_evt+0x1ef/0xb30
[  676.457200][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  676.463908][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  676.469941][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.475621][ T9699]  ? skb_pull_data+0x166/0x210
[  676.480431][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  676.485219][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  676.491851][ T9699]  hci_event_packet+0x669/0x1180
[  676.496833][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  676.502144][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  676.507559][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  676.513141][ T9699]  ? mark_held_locks+0x9f/0xe0
[  676.517954][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  676.523087][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  676.528317][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.533998][ T9699]  hci_rx_work+0x2c6/0x1610
[  676.538535][ T9699]  process_one_work+0x9c8/0x1b40
[  676.543534][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  676.548606][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  676.554031][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.559714][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.565389][ T9699]  ? assign_work+0x1a0/0x250
[  676.570024][ T9699]  worker_thread+0x6c8/0xf20
[  676.574648][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.580333][ T9699]  ? __kthread_parkme+0x148/0x220
[  676.585393][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  676.591075][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  676.596215][ T9699]  kthread+0x2c4/0x3a0
[  676.600322][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  676.605557][ T9699]  ? __pfx_kthread+0x10/0x10
[  676.610183][ T9699]  ret_from_fork+0x48/0x80
[  676.614650][ T9699]  ? __pfx_kthread+0x10/0x10
[  676.619278][ T9699]  ret_from_fork_asm+0x1a/0x30
[  676.624100][ T9699]  </TASK>
[  676.627128][ T9699] 
[  676.629460][ T9699] Allocated by task 9699:
[  676.633795][ T9699]  kasan_save_stack+0x33/0x60
[  676.638533][ T9699]  kasan_save_track+0x14/0x30
[  676.643253][ T9699]  __kasan_slab_alloc+0x89/0x90
[  676.648252][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  676.654195][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  676.658993][ T9699]  __alloc_skb+0x164/0x380
[  676.663456][ T9699]  __netdev_alloc_skb+0x76/0x900
[  676.668414][ T9699]  __ieee80211_beacon_get+0xc1f/0x16b0
[  676.673902][ T9699]  ieee80211_beacon_get_tim+0xa7/0x280
[  676.679387][ T9699]  mac80211_hwsim_beacon_tx+0x4ea/0xa00
[  676.684967][ T9699]  __iterate_interfaces+0x2d5/0x580
[  676.690208][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  676.697279][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  676.702619][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  676.707845][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  676.712983][ T9699]  handle_softirqs+0x219/0x8f0
[  676.717772][ T9699]  irq_exit_rcu+0xbb/0x120
[  676.722215][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  676.727887][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  676.733905][ T9699] 
[  676.736230][ T9699] Freed by task 9699:
[  676.740217][ T9699]  kasan_save_stack+0x33/0x60
[  676.744938][ T9699]  kasan_save_track+0x14/0x30
[  676.749673][ T9699]  kasan_save_free_info+0x3b/0x60
[  676.754728][ T9699]  poison_slab_object+0xf7/0x160
[  676.759792][ T9699]  __kasan_slab_free+0x32/0x50
[  676.764593][ T9699]  kmem_cache_free+0x12f/0x3a0
[  676.769481][ T9699]  skb_free_head+0x18a/0x1d0
[  676.774112][ T9699]  skb_release_data+0x75c/0x980
[  676.778984][ T9699]  consume_skb+0xd0/0x170
[  676.783333][ T9699]  mac80211_hwsim_tx_frame+0x1f3/0x2a0
[  676.788825][ T9699]  mac80211_hwsim_beacon_tx+0x592/0xa00
[  676.794402][ T9699]  __iterate_interfaces+0x2d5/0x580
[  676.799642][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  676.806716][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  676.812045][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  676.817270][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  676.822407][ T9699]  handle_softirqs+0x219/0x8f0
[  676.827194][ T9699]  irq_exit_rcu+0xbb/0x120
[  676.831650][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  676.837400][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  676.843413][ T9699] 
[  676.845739][ T9699] The buggy address belongs to the object at ffff888078b1c000
[  676.845739][ T9699]  which belongs to the cache skbuff_small_head of size 640
[  676.860337][ T9699] The buggy address is located 24 bytes inside of
[  676.860337][ T9699]  freed 640-byte region [ffff888078b1c000, ffff888078b1c280)
[  676.874076][ T9699] 
[  676.876405][ T9699] The buggy address belongs to the physical page:
[  676.882818][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078b1d200 pfn:0x78b1c
[  676.892907][ T9699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  676.901432][ T9699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  676.909953][ T9699] page_type: 0xfdffffff(slab)
[  676.914649][ T9699] raw: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  676.923342][ T9699] raw: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  676.931955][ T9699] head: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  676.940685][ T9699] head: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  676.949389][ T9699] head: 00fff00000000002 ffffea0001e2c701 ffffffffffffffff 0000000000000000
[  676.958140][ T9699] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  676.966843][ T9699] page dumped because: kasan: bad access detected
[  676.973262][ T9699] page_owner tracks the page as allocated
[  676.978980][ T9699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 300366885720, free_ts 300179460103
[  677.001337][ T9699]  post_alloc_hook+0x2d1/0x350
[  677.006144][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  677.011730][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  677.017143][ T9699]  alloc_slab_page+0x4e/0xf0
[  677.021757][ T9699]  new_slab+0x84/0x260
[  677.025858][ T9699]  ___slab_alloc+0xdac/0x1870
[  677.030569][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  677.035982][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  677.041829][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  677.046626][ T9699]  __alloc_skb+0x164/0x380
[  677.051085][ T9699]  netlink_alloc_large_skb+0x69/0x130
[  677.056491][ T9699]  netlink_sendmsg+0x689/0xd70
[  677.061285][ T9699]  ____sys_sendmsg+0xab8/0xc90
[  677.066083][ T9699]  ___sys_sendmsg+0x135/0x1e0
[  677.070779][ T9699]  __sys_sendmsg+0x117/0x1f0
[  677.075386][ T9699]  do_syscall_64+0xcd/0x250
[  677.079929][ T9699] page last free pid 5117 tgid 5117 stack trace:
[  677.086296][ T9699]  free_unref_page+0x64a/0xe40
[  677.091129][ T9699]  qlist_free_all+0x4e/0x140
[  677.095768][ T9699]  kasan_quarantine_reduce+0x192/0x1e0
[  677.101265][ T9699]  __kasan_slab_alloc+0x69/0x90
[  677.106159][ T9699]  kmem_cache_alloc_noprof+0x121/0x2f0
[  677.111658][ T9699]  skb_clone+0x190/0x3f0
[  677.115923][ T9699]  hci_cmd_work+0x1c5/0x750
[  677.120456][ T9699]  process_one_work+0x9c8/0x1b40
[  677.125444][ T9699]  worker_thread+0x6c8/0xf20
[  677.130149][ T9699]  kthread+0x2c4/0x3a0
[  677.134251][ T9699]  ret_from_fork+0x48/0x80
[  677.138712][ T9699]  ret_from_fork_asm+0x1a/0x30
[  677.143520][ T9699] 
[  677.145856][ T9699] Memory state around the buggy address:
[  677.151489][ T9699]  ffff888078b1bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  677.159574][ T9699]  ffff888078b1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  677.167661][ T9699] >ffff888078b1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  677.175799][ T9699]                             ^
[  677.180674][ T9699]  ffff888078b1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  677.188893][ T9699]  ffff888078b1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  677.196965][ T9699] ==================================================================
[  677.216956][   T30] INFO: task syz-executor:7092 blocked for more than 143 seconds.
[  677.224866][   T30]       Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  677.233805][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  677.242654][   T30] task:syz-executor    state:D stack:24080 pid:7092  tgid:7092  ppid:1      flags:0x00004004
[  677.246645][ T9699] ==================================================================
[  677.252879][   T30] Call Trace:
[  677.261095][ T9699] BUG: KASAN: slab-use-after-free in memcmp+0x1ab/0x1d0
[  677.261150][ T9699] Read of size 1 at addr ffff888078b1c019 by task kworker/u9:2/9699
[  677.261184][ T9699] 
[  677.261199][ T9699] CPU: 0 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  677.261264][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  677.261280][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  677.261308][ T9699] Workqueue: hci0 hci_rx_work
[  677.261345][ T9699] Call Trace:
[  677.261360][ T9699]  <TASK>
[  677.261376][ T9699]  dump_stack_lvl+0x116/0x1f0
[  677.261423][ T9699]  print_report+0xc3/0x620
[  677.261485][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.261544][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.261603][ T9699]  ? __phys_addr+0xc6/0x150
[  677.261656][ T9699]  kasan_report+0xd9/0x110
[  677.261717][ T9699]  ? memcmp+0x1ab/0x1d0
[  677.261775][ T9699]  ? memcmp+0x1ab/0x1d0
[  677.261833][ T9699]  memcmp+0x1ab/0x1d0
[  677.261886][ T9699]  hci_le_create_big_complete_evt+0x1ef/0xb30
[  677.261956][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  677.262020][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  677.262081][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.262138][ T9699]  ? skb_pull_data+0x166/0x210
[  677.262203][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  677.262245][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  677.262313][ T9699]  hci_event_packet+0x669/0x1180
[  677.262378][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  677.262421][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  677.262484][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  677.262540][ T9699]  ? mark_held_locks+0x9f/0xe0
[  677.262604][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  677.262646][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  677.262697][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.262768][ T9699]  hci_rx_work+0x2c6/0x1610
[  677.262819][ T9699]  process_one_work+0x9c8/0x1b40
[  677.262899][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  677.262964][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  677.263032][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.263096][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.263155][ T9699]  ? assign_work+0x1a0/0x250
[  677.263220][ T9699]  worker_thread+0x6c8/0xf20
[  677.263268][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.263326][ T9699]  ? __kthread_parkme+0x148/0x220
[  677.263377][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  677.263438][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  677.263477][ T9699]  kthread+0x2c4/0x3a0
[  677.263525][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  677.263576][ T9699]  ? __pfx_kthread+0x10/0x10
[  677.263627][ T9699]  ret_from_fork+0x48/0x80
[  677.263693][ T9699]  ? __pfx_kthread+0x10/0x10
[  677.263749][ T9699]  ret_from_fork_asm+0x1a/0x30
[  677.263827][ T9699]  </TASK>
[  677.263841][ T9699] 
[  677.263849][ T9699] Allocated by task 9699:
[  677.263868][ T9699]  kasan_save_stack+0x33/0x60
[  677.267138][   T30]  <TASK>
[  677.274051][ T9699]  kasan_save_track+0x14/0x30
[  677.282091][   T30]  __schedule+0xe37/0x5490
[  677.284395][ T9699]  __kasan_slab_alloc+0x89/0x90
[  677.284451][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  677.284506][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  677.284553][ T9699]  __alloc_skb+0x164/0x380
[  677.284612][ T9699]  __netdev_alloc_skb+0x76/0x900
[  677.284648][ T9699]  __ieee80211_beacon_get+0xc1f/0x16b0
[  677.284690][ T9699]  ieee80211_beacon_get_tim+0xa7/0x280
[  677.284735][ T9699]  mac80211_hwsim_beacon_tx+0x4ea/0xa00
[  677.284785][ T9699]  __iterate_interfaces+0x2d5/0x580
[  677.284845][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  677.284914][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  677.319426][   T30]  ? __pfx___lock_acquire+0x10/0x10
[  677.319940][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  677.329406][   T30]  ? __pfx___schedule+0x10/0x10
[  677.332080][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  677.642987][ T9699]  handle_softirqs+0x219/0x8f0
[  677.647789][ T9699]  irq_exit_rcu+0xbb/0x120
[  677.652230][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  677.657979][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  677.663988][ T9699] 
[  677.666581][ T9699] Freed by task 9699:
[  677.670570][ T9699]  kasan_save_stack+0x33/0x60
[  677.675286][ T9699]  kasan_save_track+0x14/0x30
[  677.679999][ T9699]  kasan_save_free_info+0x3b/0x60
[  677.685049][ T9699]  poison_slab_object+0xf7/0x160
[  677.690020][ T9699]  __kasan_slab_free+0x32/0x50
[  677.694825][ T9699]  kmem_cache_free+0x12f/0x3a0
[  677.699622][ T9699]  skb_free_head+0x18a/0x1d0
[  677.704252][ T9699]  skb_release_data+0x75c/0x980
[  677.709124][ T9699]  consume_skb+0xd0/0x170
[  677.713482][ T9699]  mac80211_hwsim_tx_frame+0x1f3/0x2a0
[  677.718973][ T9699]  mac80211_hwsim_beacon_tx+0x592/0xa00
[  677.724548][ T9699]  __iterate_interfaces+0x2d5/0x580
[  677.729785][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  677.736857][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  677.742198][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  677.747863][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  677.753006][ T9699]  handle_softirqs+0x219/0x8f0
[  677.757800][ T9699]  irq_exit_rcu+0xbb/0x120
[  677.762241][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  677.767902][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  677.773919][ T9699] 
[  677.776251][ T9699] The buggy address belongs to the object at ffff888078b1c000
[  677.776251][ T9699]  which belongs to the cache skbuff_small_head of size 640
[  677.790848][ T9699] The buggy address is located 25 bytes inside of
[  677.790848][ T9699]  freed 640-byte region [ffff888078b1c000, ffff888078b1c280)
[  677.804584][ T9699] 
[  677.806912][ T9699] The buggy address belongs to the physical page:
[  677.813327][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078b1d200 pfn:0x78b1c
[  677.823409][ T9699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  677.831936][ T9699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  677.840453][ T9699] page_type: 0xfdffffff(slab)
[  677.845496][ T9699] raw: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  677.854133][ T9699] raw: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  677.862832][ T9699] head: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  677.871530][ T9699] head: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  677.880227][ T9699] head: 00fff00000000002 ffffea0001e2c701 ffffffffffffffff 0000000000000000
[  677.888922][ T9699] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  677.897601][ T9699] page dumped because: kasan: bad access detected
[  677.904018][ T9699] page_owner tracks the page as allocated
[  677.909735][ T9699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 300366885720, free_ts 300179460103
[  677.932189][ T9699]  post_alloc_hook+0x2d1/0x350
[  677.936999][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  677.942608][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  677.947944][ T9699]  alloc_slab_page+0x4e/0xf0
[  677.952583][ T9699]  new_slab+0x84/0x260
[  677.956686][ T9699]  ___slab_alloc+0xdac/0x1870
[  677.961402][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  677.966809][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  677.972652][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  677.977453][ T9699]  __alloc_skb+0x164/0x380
[  677.982028][ T9699]  netlink_alloc_large_skb+0x69/0x130
[  677.987555][ T9699]  netlink_sendmsg+0x689/0xd70
[  677.992364][ T9699]  ____sys_sendmsg+0xab8/0xc90
[  677.997169][ T9699]  ___sys_sendmsg+0x135/0x1e0
[  678.001865][ T9699]  __sys_sendmsg+0x117/0x1f0
[  678.006491][ T9699]  do_syscall_64+0xcd/0x250
[  678.011040][ T9699] page last free pid 5117 tgid 5117 stack trace:
[  678.017376][ T9699]  free_unref_page+0x64a/0xe40
[  678.022178][ T9699]  qlist_free_all+0x4e/0x140
[  678.026801][ T9699]  kasan_quarantine_reduce+0x192/0x1e0
[  678.032294][ T9699]  __kasan_slab_alloc+0x69/0x90
[  678.037183][ T9699]  kmem_cache_alloc_noprof+0x121/0x2f0
[  678.042690][ T9699]  skb_clone+0x190/0x3f0
[  678.046984][ T9699]  hci_cmd_work+0x1c5/0x750
[  678.051509][ T9699]  process_one_work+0x9c8/0x1b40
[  678.056492][ T9699]  worker_thread+0x6c8/0xf20
[  678.061127][ T9699]  kthread+0x2c4/0x3a0
[  678.065224][ T9699]  ret_from_fork+0x48/0x80
[  678.069686][ T9699]  ret_from_fork_asm+0x1a/0x30
[  678.074535][ T9699] 
[  678.076871][ T9699] Memory state around the buggy address:
[  678.082601][ T9699]  ffff888078b1bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  678.090690][ T9699]  ffff888078b1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  678.098768][ T9699] >ffff888078b1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  678.106869][ T9699]                             ^
[  678.111918][ T9699]  ffff888078b1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  678.120023][ T9699]  ffff888078b1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  678.128114][ T9699] ==================================================================
[  678.151230][ T9699] ==================================================================
[  678.159362][ T9699] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa6c/0xb30
[  678.162169][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.168435][ T9699] Read of size 1 at addr ffff888078b1c03b by task kworker/u9:2/9699
[  678.168471][ T9699] 
[  678.168487][ T9699] CPU: 0 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  678.168550][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  678.168566][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  678.182170][   T30]  ? schedule+0x298/0x350
[  678.184479][ T9699] Workqueue: hci0 hci_rx_work
[  678.184518][ T9699] Call Trace:
[  678.184533][ T9699]  <TASK>
[  678.184548][ T9699]  dump_stack_lvl+0x116/0x1f0
[  678.184596][ T9699]  print_report+0xc3/0x620
[  678.203826][   T30]  ? __pfx_lock_release+0x10/0x10
[  678.211789][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.216221][   T30]  ? mark_lock+0xb5/0xc60
[  678.220835][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.224274][   T30]  ? hlock_class+0x4e/0x130
[  678.227103][ T9699]  ? __phys_addr+0xc6/0x150
[  678.231772][   T30]  ? mark_lock+0xb5/0xc60
[  678.236162][ T9699]  kasan_report+0xd9/0x110
[  678.241200][   T30]  ? __pfx_mark_lock+0x10/0x10
[  678.246799][ T9699]  ? hci_le_create_big_complete_evt+0xa6c/0xb30
[  678.246864][ T9699]  ? hci_le_create_big_complete_evt+0xa6c/0xb30
[  678.246932][ T9699]  hci_le_create_big_complete_evt+0xa6c/0xb30
[  678.247000][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  678.247064][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  678.247125][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.247184][ T9699]  ? skb_pull_data+0x166/0x210
[  678.247247][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  678.247289][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  678.247356][ T9699]  hci_event_packet+0x669/0x1180
[  678.247422][ T9699]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  678.247465][ T9699]  ? __pfx_hci_event_packet+0x10/0x10
[  678.247526][ T9699]  ? __entry_text_end+0x1020c5/0x1020c9
[  678.247583][ T9699]  ? mark_held_locks+0x9f/0xe0
[  678.247647][ T9699]  ? kcov_remote_start+0x3d1/0x6e0
[  678.247689][ T9699]  ? lockdep_hardirqs_on+0x7c/0x110
[  678.252043][   T30]  schedule+0xe7/0x350
[  678.257644][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.262195][   T30]  schedule_timeout+0x258/0x2a0
[  678.266645][ T9699]  hci_rx_work+0x2c6/0x1610
[  678.270942][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  678.275336][ T9699]  process_one_work+0x9c8/0x1b40
[  678.289573][   T30]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.292544][ T9699]  ? __pfx_lock_acquire+0x10/0x10
[  678.292611][ T9699]  ? __pfx_process_one_work+0x10/0x10
[  678.292681][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.292750][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.292808][ T9699]  ? assign_work+0x1a0/0x250
[  678.292873][ T9699]  worker_thread+0x6c8/0xf20
[  678.292922][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.292980][ T9699]  ? __kthread_parkme+0x148/0x220
[  678.293031][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.293091][ T9699]  ? __pfx_worker_thread+0x10/0x10
[  678.293131][ T9699]  kthread+0x2c4/0x3a0
[  678.293179][ T9699]  ? _raw_spin_unlock_irq+0x23/0x50
[  678.293230][ T9699]  ? __pfx_kthread+0x10/0x10
[  678.293280][ T9699]  ret_from_fork+0x48/0x80
[  678.299354][   T30]  ? mark_held_locks+0x9f/0xe0
[  678.305911][ T9699]  ? __pfx_kthread+0x10/0x10
[  678.311900][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  678.317495][ T9699]  ret_from_fork_asm+0x1a/0x30
[  678.324221][   T30]  __wait_for_common+0x3e1/0x5f0
[  678.327003][ T9699]  </TASK>
[  678.340368][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  678.343869][ T9699] 
[  678.343877][ T9699] Allocated by task 9699:
[  678.343896][ T9699]  kasan_save_stack+0x33/0x60
[  678.343950][ T9699]  kasan_save_track+0x14/0x30
[  678.349336][   T30]  ? __pfx___wait_for_common+0x10/0x10
[  678.354845][ T9699]  __kasan_slab_alloc+0x89/0x90
[  678.359715][   T30]  kthread_stop+0x19a/0x670
[  678.364782][ T9699]  kmem_cache_alloc_node_noprof+0x153/0x310
[  678.369991][   T30]  ext4_stop_mmpd+0x4b/0xd0
[  678.374022][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  678.379658][   T30]  ext4_put_super+0x6a4/0xe80
[  678.384471][ T9699]  __alloc_skb+0x164/0x380
[  678.384531][ T9699]  __netdev_alloc_skb+0x76/0x900
[  678.384566][ T9699]  __ieee80211_beacon_get+0xc1f/0x16b0
[  678.384607][ T9699]  ieee80211_beacon_get_tim+0xa7/0x280
[  678.384647][ T9699]  mac80211_hwsim_beacon_tx+0x4ea/0xa00
[  678.384697][ T9699]  __iterate_interfaces+0x2d5/0x580
[  678.384760][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  678.384828][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  678.384892][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  678.384935][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  678.384978][ T9699]  handle_softirqs+0x219/0x8f0
[  678.385019][ T9699]  irq_exit_rcu+0xbb/0x120
[  678.385061][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  678.385108][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  678.385159][ T9699] 
[  678.385167][ T9699] Freed by task 9699:
[  678.385185][ T9699]  kasan_save_stack+0x33/0x60
[  678.385237][ T9699]  kasan_save_track+0x14/0x30
[  678.385289][ T9699]  kasan_save_free_info+0x3b/0x60
[  678.385331][ T9699]  poison_slab_object+0xf7/0x160
[  678.385382][ T9699]  __kasan_slab_free+0x32/0x50
[  678.385437][ T9699]  kmem_cache_free+0x12f/0x3a0
[  678.385488][ T9699]  skb_free_head+0x18a/0x1d0
[  678.385544][ T9699]  skb_release_data+0x75c/0x980
[  678.385580][ T9699]  consume_skb+0xd0/0x170
[  678.385618][ T9699]  mac80211_hwsim_tx_frame+0x1f3/0x2a0
[  678.385666][ T9699]  mac80211_hwsim_beacon_tx+0x592/0xa00
[  678.385720][ T9699]  __iterate_interfaces+0x2d5/0x580
[  678.385780][ T9699]  ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0
[  678.385849][ T9699]  mac80211_hwsim_beacon+0x105/0x200
[  678.385912][ T9699]  __hrtimer_run_queues+0x20f/0xcc0
[  678.390390][   T30]  ? __pfx_ext4_put_super+0x10/0x10
[  678.395723][ T9699]  hrtimer_run_softirq+0x17d/0x350
[  678.395767][ T9699]  handle_softirqs+0x219/0x8f0
[  678.395807][ T9699]  irq_exit_rcu+0xbb/0x120
[  678.395847][ T9699]  sysvec_apic_timer_interrupt+0x95/0xb0
[  678.395894][ T9699]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  678.395944][ T9699] 
[  678.395952][ T9699] The buggy address belongs to the object at ffff888078b1c000
[  678.395952][ T9699]  which belongs to the cache skbuff_small_head of size 640
[  678.395985][ T9699] The buggy address is located 59 bytes inside of
[  678.395985][ T9699]  freed 640-byte region [ffff888078b1c000, ffff888078b1c280)
[  678.396026][ T9699] 
[  678.396035][ T9699] The buggy address belongs to the physical page:
[  678.396049][ T9699] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078b1d200 pfn:0x78b1c
[  678.396088][ T9699] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  678.396124][ T9699] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  678.396160][ T9699] page_type: 0xfdffffff(slab)
[  678.396196][ T9699] raw: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  678.396234][ T9699] raw: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  678.396274][ T9699] head: 00fff00000000240 ffff8880192e0a00 ffffea0001947c10 ffffea0001a61c10
[  678.396313][ T9699] head: ffff888078b1d200 0000000000150010 00000001fdffffff 0000000000000000
[  678.396353][ T9699] head: 00fff00000000002 ffffea0001e2c701 ffffffffffffffff 0000000000000000
[  678.396391][ T9699] head: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000
[  678.396414][ T9699] page dumped because: kasan: bad access detected
[  678.396432][ T9699] page_owner tracks the page as allocated
[  678.396444][ T9699] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5161, tgid 5161 (udevd), ts 300366885720, free_ts 300179460103
[  678.396520][ T9699]  post_alloc_hook+0x2d1/0x350
[  678.396575][ T9699]  get_page_from_freelist+0x1351/0x2e50
[  678.396635][ T9699]  __alloc_pages_noprof+0x22b/0x2460
[  678.396696][ T9699]  alloc_slab_page+0x4e/0xf0
[  678.396744][ T9699]  new_slab+0x84/0x260
[  678.396794][ T9699]  ___slab_alloc+0xdac/0x1870
[  678.396845][ T9699]  __slab_alloc.constprop.0+0x56/0xb0
[  678.396900][ T9699]  kmem_cache_alloc_node_noprof+0xed/0x310
[  678.396957][ T9699]  kmalloc_reserve+0x18b/0x2c0
[  678.416342][   T30]  generic_shutdown_super+0x15c/0x3d0
[  678.417884][ T9699]  __alloc_skb+0x164/0x380
[  678.417942][ T9699]  netlink_alloc_large_skb+0x69/0x130
[  678.417992][ T9699]  netlink_sendmsg+0x689/0xd70
[  678.418040][ T9699]  ____sys_sendmsg+0xab8/0xc90
[  678.418089][ T9699]  ___sys_sendmsg+0x135/0x1e0
[  678.418125][ T9699]  __sys_sendmsg+0x117/0x1f0
[  678.418160][ T9699]  do_syscall_64+0xcd/0x250
[  678.423802][   T30]  kill_block_super+0x3b/0x90
[  678.429366][ T9699] page last free pid 5117 tgid 5117 stack trace:
[  678.429389][ T9699]  free_unref_page+0x64a/0xe40
[  678.429445][ T9699]  qlist_free_all+0x4e/0x140
[  678.429494][ T9699]  kasan_quarantine_reduce+0x192/0x1e0
[  678.434133][   T30]  ext4_kill_sb+0x6a/0xb0
[  678.438774][ T9699]  __kasan_slab_alloc+0x69/0x90
[  678.438831][ T9699]  kmem_cache_alloc_noprof+0x121/0x2f0
[  678.438888][ T9699]  skb_clone+0x190/0x3f0
[  678.445596][   T30]  deactivate_locked_super+0xc1/0x1a0
[  678.449584][ T9699]  hci_cmd_work+0x1c5/0x750
[  678.449622][ T9699]  process_one_work+0x9c8/0x1b40
[  678.449684][ T9699]  worker_thread+0x6c8/0xf20
[  678.449723][ T9699]  kthread+0x2c4/0x3a0
[  678.449766][ T9699]  ret_from_fork+0x48/0x80
[  678.449826][ T9699]  ret_from_fork_asm+0x1a/0x30
[  678.449887][ T9699] 
[  678.449895][ T9699] Memory state around the buggy address:
[  678.449915][ T9699]  ffff888078b1bf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  678.449945][ T9699]  ffff888078b1bf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  678.449974][ T9699] >ffff888078b1c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  678.449995][ T9699]                                         ^
[  678.450017][ T9699]  ffff888078b1c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  678.450045][ T9699]  ffff888078b1c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  678.450068][ T9699] ==================================================================
[  678.457302][ T9699] ==================================================================
[  678.461150][   T30]  deactivate_super+0xde/0x100
[  678.465090][ T9699] BUG: KASAN: slab-use-after-free in hci_le_create_big_complete_evt+0xa62/0xb30
[  678.470420][   T30]  cleanup_mnt+0x222/0x450
[  678.474909][ T9699] Read of size 8 at addr ffff888078b1c000 by task kworker/u9:2/9699
[  678.474945][ T9699] 
[  678.479434][   T30]  task_work_run+0x151/0x250
[  678.484072][ T9699] CPU: 0 UID: 0 PID: 9699 Comm: kworker/u9:2 Tainted: G    B   W          6.10.0-syzkaller-12030-g66ebbdfdeb09 #0
[  678.490112][   T30]  ? __pfx_task_work_run+0x10/0x10
[  678.493882][ T9699] Tainted: [B]=BAD_PAGE, [W]=WARN
[  678.493899][ T9699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  678.493927][ T9699] Workqueue: hci0 hci_rx_work
[  678.493965][ T9699] Call Trace:
[  678.493979][ T9699]  <TASK>
[  678.493995][ T9699]  dump_stack_lvl+0x116/0x1f0
[  678.494042][ T9699]  print_report+0xc3/0x620
[  678.494103][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.494163][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.494219][ T9699]  ? __phys_addr+0xc6/0x150
[  678.494272][ T9699]  kasan_report+0xd9/0x110
[  678.494334][ T9699]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  678.494399][ T9699]  ? hci_le_create_big_complete_evt+0xa62/0xb30
[  678.494468][ T9699]  hci_le_create_big_complete_evt+0xa62/0xb30
[  678.494537][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10
[  678.494601][ T9699]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  678.494662][ T9699]  ? srso_alias_return_thunk+0x5/0xfbef5
[  678.494728][ T9699]  ? skb_pull_data+0x166/0x210
[  678.494793][ T9699]  hci_le_meta_evt+0x2e5/0x5d0
[  678.494834][ T9699]  ? __pfx_hci_le_create_big_complete_evt+0x10/0x10