last executing test programs:

11.329149693s ago: executing program 3 (id=2676):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090200000300ffe5000d0000000000b702000000000000739af0ff00000000c509000000000000c3aaf0ff00000000bf8600000000000037080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018220000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf9800000000000056080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

11.116070185s ago: executing program 3 (id=2679):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
r1 = dup(r0)
write$uinput_user_dev(r1, &(0x7f0000000380)={'syz0\x00'}, 0x45c)
ioctl$UI_DEV_CREATE(r1, 0x5501)
write$uinput_user_dev(r1, &(0x7f0000000800)={'syz0\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x20000003]}, 0x45c)

10.93412755s ago: executing program 3 (id=2680):
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000100)={[{@compress_force}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@ssd}, {@noenospc_debug}]}, 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000700)='memory.events\x00', 0x26e1, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0x40809440, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}})

8.838272428s ago: executing program 3 (id=2696):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12012000f1048108cd060202d4920000000109021b1901000000d40904150001da40df000905", @ANYRES32], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

7.554688106s ago: executing program 2 (id=2702):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
add_key(0x0, 0x0, 0x0, 0xffffffffffffff9e, 0xfffffffffffffff9)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
gettid()
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r5 = dup2(r4, r4)
accept4$bt_l2cap(r5, 0x0, 0x0, 0x0)

6.107729069s ago: executing program 4 (id=2708):
socket$can_bcm(0x1d, 0x2, 0x2)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000380)={0x0, 0x13, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3200000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)

6.004296678s ago: executing program 3 (id=2709):
unshare(0x2c060000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int]}}, 0x0, 0x2a}, 0x20)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={r4, 0x38, 0x0}, 0x10)
listen(0xffffffffffffffff, 0x0)
epoll_create(0x0)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24)
recvmmsg(r5, &(0x7f0000006340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001740)=""/17, 0x11}}], 0x1, 0x0, 0x0)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x41e, 0x2801, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r6, 0x0, 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
request_key(0x0, 0x0, 0x0, 0x0)
getpid()

4.875339418s ago: executing program 4 (id=2710):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904000a000000fe0000000000000008000f00fd000000", 0x24)
r1 = syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000480)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r0, 0x0, &(0x7f0000000040)="5f73b7288aa0ea86e64745ed4380c11ef5026429", 0x14, 0x12100})
io_uring_enter(r1, 0xe85, 0x0, 0x0, 0x0, 0x0)

4.667647386s ago: executing program 4 (id=2712):
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{}]}, 0x10)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
sendto$inet6(r0, &(0x7f00000000c0)="eb", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r0, 0x1)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x1b, &(0x7f0000000040)={r2}, &(0x7f0000000300)=0x8)

4.389168686s ago: executing program 4 (id=2713):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0xfd47, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x74}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000001440)={{0x12, 0x1, 0x0, 0xab, 0xd1, 0xa0, 0x40, 0x77b, 0x2226, 0xca8b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3a, 0x92, 0xf8}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, &(0x7f0000000240)={0x9, [0xffffffff, 0x4], 0xfff7}, 0x10)
syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000002c0)=ANY=[@ANYBLOB="00006ae16bf03a91e30a4d7365d69dbd27ba30cdd577c78782ed3156fb5b74556b904ec6bfc319ec5c2fb5dba922b9eb5c599815a7c8271230f963f01ce2178211ae444a1c31fb512044ba69889da1bcd46516f8048411693f3ae690441f12bca94fa688c1b067b9dbae06224cf62c80d48d739f4461f820a86cf70e673acb27031bfb2b20a3d3cc9580ef9ad69962eb9ae391368d6128f447ac8ea85fe530369c5617ee9c36e0a28a81cb1f5d8341dcbe40b857756207610133c4f47d58b615850b743b872d753fc7438170a5c1cff0b8d91b989343aea5de6649ac9f43f754de17f91e1996f0308f22bda98d28ed17a2cb1da142ce699156a04ac634f68e8efe2f570976a194cfbd6810f4114e4867fa3447bccceed7c1c2ebc2482c36e3cd043e7813565445c8fe8dfe9b53705b219a880c012738b09a6f2e8c3a91be4f88cb8f307d6106cb8dd785eec2ba99"], 0x0, 0x0, 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140))
syz_usb_ep_write$ath9k_ep2(r2, 0x83, 0x80, &(0x7f00000000c0)=@generic={0x3, 0x2, 0x78, "68e3c376", "a651a939a8357751e76c2b620e193919b2d5bf293975a5da700f279585aaadac2c0524846b32fe4c498342187ce53a6f10aadc7d5c3c693ead885fe7205c8621fd418ea354c8b859dade7ebaf91684e2f2d116e67ed7d1ebf2cc6e58f24074c44ffdaa044b025de5ecdb4021156624ccf3f90461d280e48e"})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0_to_team\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_BURST={0x8}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0xe0a2ff6baa7cc2d2}}}, @TCA_TBF_RATE64={0xfffffffffffffd88}]}}]}, 0x6c}}, 0x0)
syz_open_dev$evdev(&(0x7f0000000180), 0x7f, 0x228081)

3.882476678s ago: executing program 1 (id=2715):
ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x8)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1d}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="440000001000010400100000000000c100000000", @ANYRES32=r2, @ANYBLOB="0100000000000000240012000c000100627269646765"], 0x44}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c000000100001040000eb040100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f31000008000a00", @ANYRES32=r4], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x2, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x305, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c0000001000130400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001400030076657468315f746f5f626f6e64000f0008000a00", @ANYRES32=r7], 0x3c}}, 0x0)

3.244932521s ago: executing program 0 (id=2716):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="100000000000000000000019000000001800000000000000100100000d000000f800004c"], 0x28}, 0x0)

3.098679629s ago: executing program 2 (id=2717):
r0 = openat$uinput(0xffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{}, 'syz1\x00'})
ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x235)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1)
ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

3.071062112s ago: executing program 0 (id=2718):
r0 = io_uring_setup(0x30d7, &(0x7f00000000c0))
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f00000001c0), 0xc)
socket$inet6_dccp(0xa, 0x6, 0x0)
setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000240)=ANY=[], 0x28)
read(r1, &(0x7f0000000180)=""/52, 0xfffffdef)
ioctl$sock_qrtr_TIOCOUTQ(r1, 0x5411, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x5)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='limits\x00')
read$FUSE(r5, &(0x7f00000061c0)={0x2020}, 0x2035)
close_range(r0, 0xffffffffffffffff, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
close(r6)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={<r7=>0xffffffffffffffff})
write$binfmt_elf64(r7, &(0x7f0000000200)=ANY=[], 0x10132)
r8 = creat(0x0, 0x0)
ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000200)={0x3, 0x0, 0x10, 0x6, 0x82, &(0x7f00000004c0)})
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)
dup3(r7, r8, 0x0)

2.815854847s ago: executing program 2 (id=2719):
syz_mount_image$romfs(&(0x7f0000000000), &(0x7f0000000480)='./file0\x00', 0x800000, &(0x7f0000000600)=ANY=[@ANYBLOB="00f3000000be5500200800000000c19e57fc847c52a19b0b247df0690ca7d757194d0335d8e8a065e069e1294e9f28bcee7085d4988309e751e0eec20f77d6c68ae8"], 0x1, 0x143, &(0x7f0000000080)="$eJzs2j9L+0AYB/Bn+EF/dHR0ClSioPmvddVR3NwdQs2lwYspiSDtGxAnQeEcfBOCr8BXIBnddOngm4hce2oaFTJ5Dt/P0i88zeXJHdz0WHmWeqywiDZGVwfTpTxLjX6wPWAeC2luj4gMGcqqurHpi+ePelmR/c0f9Fp5nf/21mKxf8ESHvm6WwIAAAAAAAAAAAAAAAAAAAAAgJbMrgrdoUjPWcIjr1YtxpPjkPMoL4j+a+pQL9NQM1zEBL+V+xMs1Nc7RLQjUyJ2c1l3F5+/VmF1KPhLc3+d03TkFOOJlaRhHMXRie8HfXfTdbd8Z7aW01zRvFM9UVndu7VxMvvxUHZm1ubNntrMm6nz/7eciMuz5ts+zx8BAQHhPbS8Pv++2f03JaJO0HuQ9589yPiRKv7Gdur9fAD4yVsAAAD//21DO3o=")
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)

2.727586463s ago: executing program 1 (id=2720):
socket$can_bcm(0x1d, 0x2, 0x2)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$I2C(0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000380)={0x0, 0x13, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3200000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)

2.48292182s ago: executing program 2 (id=2721):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000002640))
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
syz_mount_image$iso9660(&(0x7f0000000dc0), &(0x7f0000002380)='mnt\x00', 0x3a0c412, &(0x7f00000002c0)=ANY=[@ANYBLOB="756e686964652c636865636b3d72656c617865642c6d61703d6e6f726d616c2c626c6f636b3d3078303030303038303030f93030303830302c680000000000000000636b2c686964652c686964652c756e686964652c6e6f6a6f6c6965742c6e6f636f6d70726573732c6d61703d6f66662c2c"], 0xff, 0x9bc, &(0x7f00000017c0)="$eJzs3c1vHOUdB/Dv+CVxDQoBUpoiIJvQgIHUWTslNOLSxF4npn6pYkciqipCSVJFsUoFrQSoh1SqeipqD1UP9MaxJyQucKlya/+CHipV/Auop7SHbjWz69jGXq+d+o3w+VjjnZffPM/v8czOo13vzhO+zJrNZjXd4/KlP+9ksuw958Y/+/Cj98vpV7eyL715sfgkGUhSS/qSHE76x8Yvzk53KehmciXJ7aRIsj+txw25kuJ3eXBp+XaKP5X1Vi7dY8PYkCZfabt9/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwF5UjI3X6yNFpiZnLr1a66waArzTxp6l8j6tRv0uPu1ab1KUUwYGFof6PnxoafNj5a9jeaK19EQ1IHkG8t4Djx18+dG+nsX910l4M/7bHgx50zu+/e57N19fWLj21hYl8mVzvjEzOTc7OX32fKM2OTdbO3P6dP3khYm52sTkVGPu8tx8Y7o2drFxdn72Ym1o7LnayJkzp2qN4cuzl2bOjw9PNRZXvvTt0Xr9dO2V4R80zl6cm505+crw3NiFyampyZnzVUy5uYx5qTwRvz85X5tvnJ2u1a7fWLh2akVGa5wSZdBIt5aUQaPdgkbro6MjI6OjI6dfPPPiS/V639KK3lQr6l+QVbvcPWnLM3ozf2v2tA96Nhq5tRdw+D/0tPv/TGUyM7mUV1Nb82cs42kWyXSH7W2L/f/xk411613e/y/28oeXNj+eqv9/qrX0VKf+v0MuO/fzdt7Ne7mZ17OQhVzLWyu27r+HEpvN3W/Vxn/Op5GZTGYus5nMdM5Wa2rtNbWcyemcTj2v5UImMpdaJjKZqTQyl8uZy3wa1Rk1lotp5Gzm+8oDXctQxvJcahnJmZzJqdTSyHAuZzaXMpPzGc/ZqpTruVH93U+tk+PdoJGNBI2uE7RO/99esYn+n6+obbiKw71ptvv/fd1Dh8Z2IiEAAABgy33zbzlw6JG//jPpz5PVe+wAAADA/ab6uN4T5UN/OfdkionJqUZ9t9MCAAAAtlBRfceuSDKYI625xW9CeRMAAAAA7hPV//+fKh8Gy7kjKbz+BwAAgPtN93vsd40oTqSWW+Wm2tVW5NV2RPs+v4MT+5KMzU69PJJnqrsMVN80WFVabw4m1dcPns/RVtTRwdbj4MoSB8qokeGXRzKQY+2GDD1dPjw9tEbkaBn5fJ5tRT67GDmQVZGnykgAuN8dW6c/3mj//3xOtCJOPF7dvr3v8TX64LqeFQD2iu5j7HSNKL6zOPxPh9f/j+T6kdZHCobzRt7MQq7mRPVtg+oTB+1Sc7vIUqmDyz6GcKLLuwGDy0Z4ObH4fsCRB8tX+cWt1tIasaM5seodgU7lntr24wAAO+nYqn54nf6/2WzNrXr/f/3X/4M+UggAe8rdEey3cWa32wgArHRPvXTvNiYEAAAAAAAAAAAAAAAAAAAAAAAAAAAA94GduP//npy5lWQPpGFme2cGduYM/9G+ZK80eYtmdvvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE4okt611vck+5O+epKTO5/V9rm12wnssuJO7uSdHNjtPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7jft+//3pPX4QGtV+nqS40muJPnhbue4le7sdgK7bNn9/8tjnmaRvtZhT9E/Nn5xdro8/Nlfbv/sw4/eL6d7qacsoKxhxeAS7Ro67/Vwtdfg+LW3b/78zZ/Vxs9VSZ6bn5ganz5/8XtLgY8VHye1tKZFi/n+smifxStb/nHZ0o3VO1HVO7663m+stffdeo//5fed27ZkKY0bC9dGy5rmG6/O/+KnN95ZFvRIjiZPDyVDK2v6STl1qOlo+tert/i8+E1xIH/Mler4l2kUzaI8RA9V7f/a9RsL14bfeHPhaoecDuZIkqvJwMZzOrL6SCyqzrqe/rLWehVU/jrUpbx1PdB7oNlslTjSoQ0PV6fM4KbaUOvchkqXv3u7jac6ZPRontn0kX6mS41t/2m2tJaKz4t/FBfy9/x62fgfPeXxP56NPDvLmCpy2ZnSuc3Hl1o+unzDa1+M7PisZBv8Nj/Od+8e/55l1//2sdqZ69GyGrfteVG0eqG2av7QF3qk9tWnU5btPA+1ojrk+fW8sHq/Lnm+0OWKskXP/5WKz4sPiqH8K7eM/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOx9RdK71vqe5HiSg0keKpdrSXMr6usZLLaimA3at2rNrR2sfe/ouTtX3MmdvJMDu5oOAAAAAAAAAFvm3PhnH370fjlV/4/vzbeKT5KB1n/6+5IcLP7Qf/XfzeZ0l4L6kytJbpfzA5vLodwvDy4t3y6XDm++LQDAxvwvAAD///7fd9o=")
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000200), 0xc, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYRES16], 0x90}, 0x1, 0x0, 0x0, 0x42}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000040)=""/247, 0x26, 0xf7, 0x1}, 0x20)
socket$packet(0x11, 0x2, 0x300)
mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9506, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1.691669326s ago: executing program 0 (id=2722):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff034}, {0x20, 0x0, 0x0, 0xfffff010}, {0x6}]}, 0x10)
sendmmsg$unix(r0, &(0x7f0000002c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

1.55800541s ago: executing program 1 (id=2723):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x5411, &(0x7f0000000040)={'netdevsim0\x00', 0x0})
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000c900f2ff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000340)={r2, 0xffffffffffffffff, 0x19, 0x0, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0}}, 0x40)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000080)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x0, 0x0, 0x0, 0x20001b30], 0x0, 0x0, &(0x7f0000001b00)=[{}, {0x5000000}, {}]}, 0x108)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000180)="fdff052f", 0x4}], 0x1)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_TIMESTAMP(r4, 0x1, 0x41, &(0x7f0000000000)=0xff, 0x4)
connect$inet6(r4, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x2000018, &(0x7f0000000500)=ANY=[], 0xfe, 0x1c7, &(0x7f0000001100)="$eJzs3bFu00AYB/DPKSQpQ9UZMViwMFXAExShIiEiIYEywAQSTC0LLIGpI6/AW6JO3Q4lZxMcB4kAjgn8fks++e873/ksZ8rl5Y23p5+GsTAeFzE4juO4LOIwBnHzIB8/j5b99iEAYFdcphRfUtb3WACA7fD9DwD/n2fPXzy+P5mcPC3LccTFeVEdn03z58NHk5M75cLhstXFbDbdi/rcuzmfNvOrca1qfy/nZTMfxu1bOZ9nD55MVvJRvO5y4gAAAAAAAAAAAAAAAAAAAAAA0KOj8pvW/j6L/OhHea6+2x9oZf+ez3H9ytamAQAAAAAAAAAAAAAAAAAAADvt/bguPnw8fXV29ubdjhcppTSfzyatRtU9+J2rH/wFc28VEWuieuk36bBu091Q094f7LCcF0VE9LwEv/hEDZurM6hufndDLdY8Est3xKjztxAAAAAAAAAAAAAAAAAAABCNn/33PRIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6M/y//83LNIod/ATJ6+77v6W5wkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC/7WsAAAD//wc2Fgs=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
r5 = open(&(0x7f0000000080)='./file1\x00', 0x0, 0x0)
mknodat$loop(r5, &(0x7f0000000280)='./file2\x00', 0x0, 0x0)
recvmmsg(r4, &(0x7f0000001000)=[{{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f00000001c0)=""/252, 0xfc}], 0x1, &(0x7f0000000cc0)=""/21, 0x15}}], 0x1, 0x0, 0x0)

1.557583292s ago: executing program 0 (id=2724):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xe)
ioctl$TIOCSETD(r0, 0x541b, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000100)={0x80, 0x0, 0xc8, 0x2000000})
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000200)="4000c7", 0x3}], 0x1)
write$binfmt_script(r1, 0x0, 0x0)
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x77)
r4 = accept$alg(r3, 0x0, 0x0)
sendfile(r4, r1, 0x0, 0x8)
mount$nfs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000851000f5060000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=<r5=>0x0)
ptrace$getregs(0xe, r5, 0x8, &(0x7f0000000240)=""/75)

1.36335801s ago: executing program 0 (id=2725):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'macvlan0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000740)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MACADDR_MODE={0x8}]}}}]}, 0x3c}}, 0x0)

1.362268481s ago: executing program 1 (id=2726):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0xff)
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f00000006c0)=0x12)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000180)='page_pool_release\x00', r1}, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000002000000000000000000eb1d95"], &(0x7f0000000040)='GPL\x00'}, 0x90)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000180)='page_pool_release\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2000008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.20761811s ago: executing program 0 (id=2727):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
add_key(0x0, 0x0, 0x0, 0xffffffffffffff9e, 0xfffffffffffffff9)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
gettid()
r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r5 = dup2(r4, r4)
accept4$bt_l2cap(r5, 0x0, 0x0, 0x0)

402.229816ms ago: executing program 4 (id=2728):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="100000000000000000000019000000001800000000000000100100000d000000f800004c"], 0x28}, 0x0)

265.724829ms ago: executing program 2 (id=2729):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x17, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0xbb}, @generic={0xa7}, @initr0, @exit]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35}, 0x90)

249.691697ms ago: executing program 1 (id=2730):
r0 = socket$nl_route(0x10, 0x3, 0x0)
io_submit(0x0, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000140)="96", 0x1}])
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="0c000280060001"], 0x24}}, 0x0)

150.109914ms ago: executing program 4 (id=2731):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000001000)=ANY=[@ANYBLOB="766f6c756d653d3030303030303030303036332c696f636861727365743d6d6163677265656b2c696f636861727365743d6b6f69382d72752c7569643d666f726765742c756d61736b3d30303030303030303030303030303030303030303030322c6e6f7672732c6e6f7672732c66696c657365743d30303030303030303030303030303030303030342c646d6f64653d30303030303030303030303030303030303030303131362c007732be3442cd163f564b8a695afa1b16eefc0b9d590fbf9ab8391b97ea4c0cf06c797f1a493380ce6975738b912f61be3a342f9b9ee8b8bee4aa2b525fd11b2212573ec6e7f3235ad950c58d6bf8d5318071bd000000004c67990370b984f0b3bf4b8ee680536ebf6c9386b8e46872d639e0de679325aa384473cb1be572c7320000000000000000"], 0x1, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir")
openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0)

109.752908ms ago: executing program 3 (id=2732):
r0 = io_uring_setup(0x19ad, &(0x7f0000000080))
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f00000002c0)={<r2=>0xffffffffffffffff})
vmsplice(r2, &(0x7f00000014c0)=[{&(0x7f0000000000)='|', 0x1}], 0xf, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

86.014214ms ago: executing program 2 (id=2733):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_emit_vhci(&(0x7f00000004c0)=ANY=[@ANYBLOB="040e0501460c1f00c7f641737da8c5df97e629d54f8eef8f4b4c287248623393943b5ba71f4c252077dee7cda5f191af639f6bc9ccce6307303924e47e62deed5d1bb5921eea00000c30f73971da9388b9ec29139dedf9d61d113d31eeef342c9d"], 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x2b, &(0x7f0000000040)=0x200000000005)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="0400b100"/19], 0x13)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x1c9100, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x5)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x11)
socket$nl_rdma(0x10, 0x3, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x1a9a81)
ioctl$USBDEVFS_FREE_STREAMS(r4, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"])
syz_emit_vhci(&(0x7f0000000280)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x2, 0x0, 0x45}, @l2cap_cid_signaling={{0x41}, [@l2cap_create_chan_req={{0xc, 0xfb, 0x5}, {0x6, 0xfffe, 0x8}}, @l2cap_create_chan_rsp={{0xd, 0x7f, 0x8}, {0x2, 0x8, 0x0, 0x100}}, @l2cap_create_chan_rsp={{0xd, 0xf8, 0x8}, {0x9, 0xf, 0xa, 0x8}}, @l2cap_move_chan_rsp={{0xf, 0x1, 0x4}, {0x5, 0x7b}}, @l2cap_move_chan_cfm_rsp={{0x11, 0xc, 0x2}, {0x5}}, @l2cap_conn_rsp={{0x3, 0x83, 0x8}, {0x2, 0x0, 0x0, 0x7}}, @l2cap_cmd_rej_unk={{0x1, 0x5b, 0x2}, {0x5}}]}}, 0x4a)
ioctl$USBDEVFS_CONTROL(r4, 0x4008550d, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0x1)
ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000100)={{}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$UI_DEV_DESTROY(r3, 0x5502)
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYRES16=r5, @ANYBLOB="010000000000000000000b00000008000300b855954aff2c2dc08a911d3413d169466806a8c4085bb6cce64dd63a5c4f25f4290f60069147657551acd9fee7e0571a943e147bd5419fa1fe54bab5676a84f159e6639728bdf1b5b08ea46c5395deb5bbbb66cb5fab3b188c2e414f4d25ee0286071b6bcba79d1092a2c195229790d96b8f037cd45b937f4c2bbb6b4c9922995c4c207c47c1aac65ec363afd32e43eefd8fd4", @ANYRESHEX=r2], 0x44}}, 0x0)
userfaultfd(0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
bind$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000000408010100000000000000000000000005000300ff0000000600024000000000409003d3e1025f07eee9e08d73a2d2521b12a3f6e01206fd1571a5610e1af91706c8bc1da94cc118aacaf9b47a516f6383581f3436ba9e6d73845a0cb2543617ab98606c549b897629a1eb5235f046d57e03a44cdc267b91bc61875c7a336e4018d91dc68af2aa844254f32fd548465cf54a571ec2faf3df0a0a932a7c515f5530e9bffc43b3d64ffe4b38e742"], 0x24}}, 0x0)
ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5111)
unshare(0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)

0s ago: executing program 1 (id=2734):
unshare(0x64000600)
syz_mount_image$udf(&(0x7f00000019c0), &(0x7f0000000f40)='./file1\x00', 0xa00010, &(0x7f00000001c0)=ANY=[@ANYBLOB='mode=00000000000000000000006,nostrict,anchor=00000000000000000004,gid=forget,longad,novrs,undele{e,mode=000000000000000f0000000000000000000007,\x00'/159], 0x1, 0xc52, &(0x7f0000001a00)="$eJzs3U9sHNd9B/DfGy3FpdzWTOwqThoHm7ZIZcVy9S+mYhXuqqbZFpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIGMzsW3FJkQktiiIlfz629J2deW/mvZn1DC3ozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xr10+kzaZsORA2gMAPBQXBn70umz2z3/AYDH1tWd/v8fAAAAAAAAAAAAAAA4LFIU8VSkmLuyliaqzx31y+2+23fGh0e2rzaQqppHqvLlr/qZs+fOf+HFoQvdvNye+Tn1H7RPxetjVy81Xpm9NTc/tbAwNdkYn2lfn52c2vUe9lp/q5PVCWjceuP25I0bC42zL5zbtPnO4Af9TxwfvDj03Klnu2XHh0dGxjaK1HvL1+67IR07jfA4GkWcihTPf/tHqRURRez9XNQf7rXfaqDqxMmqE+PDI1VHptutmcVy42j3RBQRjZ5Kze452v5aRK3vofZhZ82IpbL5ZYNPlt0bm2vNt65NTzVGW/OL7cX27Mxo6rS27E8jiriQIpYjYrX/3t31RRG1SPHNJ9fStfzWj+o8fL4aGLxzO4p97OMulO1s9EUsF4/ANTvE+qOI1yLFj989Edfzfaa613wu4rUyvxvxdpkvR6Tyi3E+4v1tvkc8mmpRxF+U1//iWpqs7gfd+8rlLzf+cObGbE/Z7n3lQz4f7rlTHNDzYWBLPhyH/N5UjyJa1R1/Ld3/DzsAAAAAAAAAAAAAAAAAPGgDUcQnI8Wr//7H1bjiqMalP3lx6PcHf7l3zPgzv2A/ZdkXImKp2N2Y3KN5YOBoGk3pgMcSf5TVo4g/yeP/vn7QjQEAAAAAAAAAAAAAAAAAAPhIK+KHkeKl906k5eidU7w9c7NxtXVtujMrbHfu3+6c6evr6+uN1MlmzomcSzmXc67kXM0ZRa7f39lRM3+eyLmUcznnSs7VnHEk18/ZzDmRcynncs6VnKs5o5br52zmnMi5lHM550rO1ZxxSObuBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4nBRRxE8jxTe+upYiRUQzYiI6udJ/0K0DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEr9qYjvRIrGHzTvrqtFRKr+7ThR/nY+mkfL/Hg0h8p8OZqXcraqrDW/fgDtZ2/6UhE/iBT99XfuXvB8/fs6n+5+DeLtr0UM5OVP1Tp5pLtx8IP+J44/eXFo5DPP7LSctmvAycvtmdt3GuPDIyNjPatr+egf71k3mI9bPJiuExELb771Rmt6emr+fhaOVgvlV+C+qj9yC6n2UemphWohaoeiGQfT903qB3WDYl+Vz//3I8Vvv/cf3Qd+5/lfj1/qfLr7hI+f/OnGTwMvbd3RLp//ta318vO/fKZv9/x/qmfdS/mnkb5aRH3x1lzf8Yj6wptvnWrfat2cujk1c/706S8ODX3x3Om+oxH1G+3pqZ6lB3K6AAAAAAAAAAAAAAAAAB6eVMTvRorWD9ZSIyLuVOO1Bi8OPXfq2SNxpBpvtWnc9utjVy81Xpm9NTc/tbAwNdkYn2lfn52c2u3h6tVwr/HhkX3pzC80sM/tH6i/Mjv35nz75h8tbrv9WP3StYXF+db17TfHQBQRzd41J6sGjw+PVI2ebrdmqqqj2w6m//D6UhH/GSmun2+kz+Z1efz/1hH+1fj/7mGXtu7oAY7//8yxjfF/H+spWh4zpSJ+Eil+6y+fic9W7TwW95yzXO5vI8XJC5/O5eJoWa7bhs57BTojA8uy/xsp/vGnm8t2x0M+tVH2zIc6uY+A8vo/GSm+8+ffil/P6za//2H7639s64726f0PT/esO7bpfQV77jr5+p+KFC8/9U78RrXm/3/u+z+679440Sm88X6Ofbr+v9qzbjAf9zcfVOcBAAAAAAAAAAAeYX2piL+LFN8bqaUX87rd/P2/ya072qe///WJnnWTe52vaJcLez6pAAAAAHBI9KUifhgpbi6+c3cM9ebx3z3jP39nY/zncNqytfpzvl+p3hvwIP/8r9dgPu7E3rsNAAAAAAAAAAAAAAAAAAAAh0pKRbyY51OfqMbzT+44n/pKpHj1v5/P5dLxslx3HvjB6vf6ldmZU5emp2frsdi6Nj3VGJtrXZ8q6z4dKdb+5tO5blHNr96db74zx/vGXOzzkWLk77tlO3Oxd+cmf3qj7Jmy7McixX/9w+ayeWrqPHd0VfZsWfavI8VX/nn7ssc3yp4ry34rUnz/K41u2WNl2e77UT+xUfaF67PFPlwVAAAAAAAAAAAAAAAAAAAAPmr6UhF/Fin+59by3bH8ef7/vp6Plbe/1jPf/xZ3qnn+B6v5/3davp/5/6v3CiztdFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg8pSjirUgxd2UtrfSXnzvql9tF3BkfHtm+2kCqah6pype/6mfOnjv/hReHLnTzcnvm9s71H7RPxutjVy81Xpm9NTc/tbAwNdkYn2lfn52c2vUe9lp/q5PVCWjceuP25I0bC42zL5zbtPnO4Af9TxwfvDj03Klnu2XHh0dGxnrK1Pru++j3SDusPxpF/FWkeP7bP0rf648oYu/nov5wr/1WA1UnTladGB8eqToy3W7NLJYbR7snooho9FRqds/RQ7gWe9KMWCqbXzb4ZNm9sbnWfOva9FRjtDW/2F5sz86Mpk5ry/40oogLKWI5Ilb7791dXxTxRqT45pNr6V/6I450z8Pnr4x96fTZndtR7GMfd6FsZ6MvYrnY+ZodPcD2PSr6o4h/ihQ/fvdE/Gt/RC06v+JzEa+V+d2It6NzvVP5xTgf8f423yMeTbUo4v/K639xLb3bX94PuveVy19OSxGzPWW795VH/vnwMB3y50k9ivh+dcdfS//mv2sAAAAAAAAAAAAAAACAQ6SIX4sUL713IlXjg++OKW7P3GxcbV2b7gzr6479646ZXl9fX2+kTjZzTuRcyrmccyXnas4ocv2czTLr6+sT+fNSzuWcKzlXc8aRXD9nM+dEzqWcyzlXcq7mjFqun7OZcyLnUs7lnCs5V3PGIRm7BwAAAAAAAAAAAAAAAAAAPF6K6p8U3/jqWlrv78wvPRGdXDEf6GPvZwEAAP//0Pr2Kw==")
setresuid(0xee00, 0x0, 0x0)
r0 = getuid()
setresuid(0xffffffffffffffff, r0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000080)=0x1e, 0x4)

kernel console output (not intermixed with test programs):

to keep mac addresses unique to avoid problems!
[  564.657639][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  564.668302][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.680303][T11527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  564.691983][T11527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  564.715423][T11527] batman_adv: batadv0: Interface activated: batadv_slave_1
[  564.764137][T11527] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  564.772972][T11527] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  564.786351][T11527] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  564.795297][T11527] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  565.188621][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  566.725297][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  566.759798][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  566.800539][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  566.819007][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  566.892128][    T9] usb 1-1: Using ep0 maxpacket: 32
[  566.899205][    T9] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  566.921322][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  566.956862][    T9] usb 1-1: config 0 descriptor??
[  566.970226][    T9] gspca_main: nw80x-2.14.0 probing 055f:d001
[  568.133557][T11783] loop2: detected capacity change from 0 to 512
[  568.182715][T11783] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  568.308402][T11783] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  568.927145][T11783] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 32: comm syz.2.1862: path /12/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  569.316327][    T9] usb 1-1: USB disconnect, device number 12
[  572.485302][T11387] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.568619][T11843] loop4: detected capacity change from 0 to 512
[  574.679881][T11840] x_tables: duplicate underflow at hook 1
[  574.699827][T11843] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  574.832303][T11843] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  574.974706][T11843] EXT4-fs error (device loop4): ext4_readdir:260: inode #12: block 32: comm syz.4.1883: path /3/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  575.265261][ T5156] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  575.473327][ T5156] usb 2-1: Using ep0 maxpacket: 32
[  575.480896][ T5156] usb 2-1: config 97 has too many interfaces: 97, using maximum allowed: 32
[  575.504051][ T5156] usb 2-1: config 97 has an invalid descriptor of length 97, skipping remainder of the config
[  575.551151][ T5156] usb 2-1: config 97 has 0 interfaces, different from the descriptor's value: 97
[  575.602624][ T5156] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  575.622265][ T5156] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  575.650933][ T5156] usb 2-1: Product: syz
[  575.663454][ T5156] usb 2-1: Manufacturer: syz
[  575.678616][ T5156] usb 2-1: SerialNumber: syz
[  575.697691][T11527] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.806710][   T29] audit: type=1326 audit(2000000484.620:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  575.869483][   T29] audit: type=1326 audit(2000000484.620:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  575.923264][   T29] audit: type=1326 audit(2000000484.620:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  575.989958][ T5156] usb 2-1: USB disconnect, device number 10
[  576.031345][   T29] audit: type=1326 audit(2000000484.620:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  576.152978][   T29] audit: type=1326 audit(2000000484.620:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  577.885046][   T29] audit: type=1326 audit(2000000484.620:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  577.942170][   T29] audit: type=1326 audit(2000000484.650:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  578.058715][   T29] audit: type=1326 audit(2000000484.660:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7c8396cf67 code=0x7ffc0000
[  578.112723][   T29] audit: type=1326 audit(2000000484.660:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7c83911909 code=0x7ffc0000
[  578.145935][   T29] audit: type=1326 audit(2000000484.660:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11874 comm="syz.3.1895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7c8396cf67 code=0x7ffc0000
[  578.319759][T11889] loop4: detected capacity change from 0 to 4096
[  578.362104][T11889] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512).
[  578.382670][T11889] ntfs3: loop4: $Volume is corrupted.
[  578.389652][T11899] loop2: detected capacity change from 0 to 512
[  578.457906][T11899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.486238][T11899] ext4 filesystem being mounted at /20/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  578.587393][T11899] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 32: comm syz.2.1904: path /20/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  579.091349][T11917] netlink: 'syz.4.1909': attribute type 1 has an invalid length.
[  579.691428][T11926] loop4: detected capacity change from 0 to 2048
[  579.700118][T11926] NILFS (loop4): invalid segment: Sequence number mismatch
[  579.707402][T11926] NILFS (loop4): trying rollback from an earlier position
[  579.727551][T11926] NILFS (loop4): recovery complete
[  580.331676][T11931] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  580.504799][T11387] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  581.199638][   T25] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  581.520458][T11949] program syz.2.1913 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  581.666866][   T25] usb 1-1: Using ep0 maxpacket: 8
[  581.682616][   T25] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  581.714041][   T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  581.756505][   T25] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  581.783749][T11957] netlink: 'syz.2.1922': attribute type 1 has an invalid length.
[  582.008165][   T25] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  582.021234][   T25] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  582.030317][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.750819][   T29] kauditd_printk_skb: 59 callbacks suppressed
[  582.750939][   T29] audit: type=1326 audit(2000000491.140:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11954 comm="syz.3.1920" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x0
[  583.272335][   T25] usb 1-1: GET_CAPABILITIES returned 0
[  583.279707][   T25] usbtmc 1-1:16.0: can't read capabilities
[  583.446470][    T9] usb 1-1: USB disconnect, device number 13
[  583.479645][T11974] netlink: zone id is out of range
[  583.499663][T11974] netlink: zone id is out of range
[  583.530492][T11974] netlink: zone id is out of range
[  583.573955][T11974] netlink: zone id is out of range
[  583.686306][T11974] netlink: zone id is out of range
[  583.708696][T11974] netlink: set zone limit has 4 unknown bytes
[  583.894427][T11986] loop2: detected capacity change from 0 to 2048
[  584.019475][T11986] NILFS (loop2): invalid segment: Sequence number mismatch
[  584.030456][T11986] NILFS (loop2): trying rollback from an earlier position
[  584.175160][T11986] NILFS (loop2): recovery complete
[  584.181787][T11991] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  585.304208][T11998] msdos: Unknown parameter 'b±Fs	µÚì'
[  585.567165][T12008] autofs4:pid:12008:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967071.1), cmd(0xc018937e)
[  585.610536][T12005] loop2: detected capacity change from 0 to 4096
[  585.618489][T12008] autofs4:pid:12008:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e)
[  585.632635][T11974] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1925'.
[  585.983705][   T29] audit: type=1800 audit(2000000494.800:694): pid=12016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1934" name="/" dev="fuse" ino=1 res=0 errno=0
[  586.193638][T12019] netlink: 'syz.0.1936': attribute type 1 has an invalid length.
[  586.291880][T12025] input: syz0 as /devices/virtual/input/input28
[  586.327923][    T9] kernel read not supported for file /uinput (pid: 9 comm: kworker/0:1)
[  586.539875][T12037] loop2: detected capacity change from 0 to 2048
[  586.558601][T12037] NILFS (loop2): invalid segment: Sequence number mismatch
[  586.565956][T12037] NILFS (loop2): trying rollback from an earlier position
[  586.581765][T12037] NILFS (loop2): recovery complete
[  586.601319][T12040] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  589.781195][T12059] vlan2: entered promiscuous mode
[  590.221972][T12055] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  590.548076][T12076] input: syz0 as /devices/virtual/input/input29
[  590.577099][   T25] kernel read not supported for file /uinput (pid: 25 comm: kworker/1:0)
[  590.950356][T12086] loop2: detected capacity change from 0 to 2048
[  592.953327][T12086] NILFS (loop2): invalid segment: Sequence number mismatch
[  592.960578][T12086] NILFS (loop2): trying rollback from an earlier position
[  593.085311][T12086] NILFS (loop2): recovery complete
[  593.103148][T12091] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  595.653137][T12103] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  596.035207][T12121] netlink: 'syz.4.1965': attribute type 10 has an invalid length.
[  596.137395][T12121] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  597.437227][T12134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1970'.
[  599.094941][    T9] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  599.306085][    T9] usb 5-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f
[  599.319421][T12172] netlink: 'syz.1.1980': attribute type 10 has an invalid length.
[  599.323123][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  599.391351][    T9] usb 5-1: config 0 descriptor??
[  599.398340][   T29] audit: type=1326 audit(2000000508.200:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.3.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7fc00000
[  599.452616][   T29] audit: type=1326 audit(2000000508.210:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.3.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f7c83975f19 code=0x7fc00000
[  599.698140][    T9] usb 5-1: USB disconnect, device number 8
[  599.724547][T12177] block device autoloading is deprecated and will be removed.
[  599.989039][T12183] autofs4:pid:12183:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(4294967071.1), cmd(0xc018937e)
[  600.026895][T12183] autofs4:pid:12183:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e)
[  600.059035][   T29] audit: type=1326 audit(2000000508.860:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.3.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7fc00000
[  600.134756][   T29] audit: type=1326 audit(2000000508.860:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.3.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7c83975f19 code=0x7fc00000
[  600.197803][T12191] input: syz1 as /devices/virtual/input/input30
[  600.230068][   T29] audit: type=1326 audit(2000000508.860:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.3.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7fc00000
[  600.267112][   T29] audit: type=1326 audit(2000000508.860:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12164 comm="syz.3.1977" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7fc00000
[  600.622713][T12196] loop4: detected capacity change from 0 to 512
[  600.660675][T12196] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  600.692213][T12196] EXT4-fs error (device loop4): ext4_get_journal_inode:5740: comm syz.4.1988: inode #67108864: comm syz.4.1988: iget: illegal inode #
[  600.756502][T12196] EXT4-fs (loop4): no journal found
[  600.868796][T12201] loop2: detected capacity change from 0 to 2048
[  600.894425][T12201] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  601.249447][T12213] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1994'.
[  601.255257][T12218] netlink: 'syz.0.1993': attribute type 10 has an invalid length.
[  601.320129][T11387] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #16: comm syz-executor: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 255(4), depth 0(0)
[  601.425007][T11387] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #16: comm syz-executor: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 255(4), depth 0(0)
[  601.819119][T12225] input: syz1 as /devices/virtual/input/input31
[  601.830327][T11387] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  603.030650][T12213] loop4: detected capacity change from 0 to 40427
[  603.077924][T12213] F2FS-fs (loop4): invalid crc value
[  603.192174][ T2461] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.217037][T12213] F2FS-fs (loop4): Found nat_bits in checkpoint
[  603.467453][T12213] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  603.485364][ T2461] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.602672][T12213] syz.4.1994: attempt to access beyond end of device
[  603.602672][T12213] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  603.705569][ T2461] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.733102][T12213] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  603.804119][T12247] tipc: Started in network mode
[  603.828643][T11194] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  603.833274][T12247] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  603.848894][T11194] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  603.854659][T12247] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  603.864561][T11194] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  603.871159][T12247] tipc: Enabled bearer <udp:syz1>, priority 10
[  603.890150][T11194] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  603.908995][T11194] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  603.918995][T11194] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  604.035610][ T2461] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.987289][ T5154] tipc: Node number set to 1
[  605.546061][ T2461] bridge_slave_1: left allmulticast mode
[  605.558494][ T2461] bridge_slave_1: left promiscuous mode
[  605.565413][ T2461] bridge0: port 2(bridge_slave_1) entered disabled state
[  605.582383][ T2461] bridge_slave_0: left allmulticast mode
[  605.589230][ T2461] bridge_slave_0: left promiscuous mode
[  605.613419][ T2461] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.989576][   T54] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  605.998606][   T54] Bluetooth: hci2: Injecting HCI hardware error event
[  606.009010][   T54] Bluetooth: hci2: hardware error 0x00
[  606.063278][T11194] Bluetooth: hci4: command tx timeout
[  606.326142][ T2461] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  606.341498][ T2461] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  606.362421][ T2461] bond0 (unregistering): Released all slaves
[  606.380977][T12275] bridge0: port 2(bridge_slave_1) entered disabled state
[  606.388419][T12275] bridge0: port 1(bridge_slave_0) entered disabled state
[  606.422638][T12277] bridge_slave_1: left allmulticast mode
[  606.443461][T12277] bridge_slave_1: left promiscuous mode
[  606.449638][T12277] bridge0: port 2(bridge_slave_1) entered disabled state
[  606.491656][T12277] bridge_slave_0: left allmulticast mode
[  606.503349][T12277] bridge_slave_0: left promiscuous mode
[  606.519292][T12277] bridge0: port 1(bridge_slave_0) entered disabled state
[  606.702865][T12284] input: syz1 as /devices/virtual/input/input32
[  607.054108][   T29] audit: type=1326 audit(2000000515.860:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f95375f19 code=0x7fc00000
[  607.073146][    T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  607.583222][    T9] usb 2-1: Using ep0 maxpacket: 16
[  608.063821][   T54] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  608.097668][   T29] audit: type=1326 audit(2000000515.860:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6f95375f19 code=0x7fc00000
[  608.151782][ T2461] hsr_slave_0: left promiscuous mode
[  608.158676][    T9] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  608.163191][   T54] Bluetooth: hci4: command tx timeout
[  608.173085][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.173112][    T9] usb 2-1: Product: syz
[  608.173129][    T9] usb 2-1: Manufacturer: syz
[  608.173144][    T9] usb 2-1: SerialNumber: syz
[  608.175274][    T9] usb 2-1: config 0 descriptor??
[  608.219599][   T29] audit: type=1326 audit(2000000517.030:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12287 comm="syz.4.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f95375f19 code=0x7fc00000
[  608.257612][ T2461] hsr_slave_1: left promiscuous mode
[  608.265342][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  608.272768][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_0
[  608.295099][ T2461] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  608.318968][ T2461] batman_adv: batadv0: Removing interface: batadv_slave_1
[  608.351490][ T2461] veth1_macvtap: left promiscuous mode
[  608.357091][ T2461] veth0_macvtap: left promiscuous mode
[  608.362688][ T2461] veth1_vlan: left promiscuous mode
[  608.368038][ T2461] veth0_vlan: left promiscuous mode
[  608.394235][T12309] loop4: detected capacity change from 0 to 512
[  608.416514][T12309] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  608.429592][T12309] EXT4-fs error (device loop4): ext4_get_journal_inode:5740: comm syz.4.2017: inode #67108864: comm syz.4.2017: iget: illegal inode #
[  608.453793][T12309] EXT4-fs (loop4): no journal found
[  608.497863][    T9] dvb_usb_dtv5100 2-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[  608.512281][    T9] usb 2-1: USB disconnect, device number 11
[  608.973323][ T2461] team0 (unregistering): Port device team_slave_1 removed
[  609.029578][ T2461] team0 (unregistering): Port device team_slave_0 removed
[  609.742866][T12250] chnl_net:caif_netlink_parms(): no params data found
[  610.015911][T12327] input: syz1 as /devices/virtual/input/input33
[  610.070538][T12250] bridge0: port 1(bridge_slave_0) entered blocking state
[  610.103249][T12250] bridge0: port 1(bridge_slave_0) entered disabled state
[  610.110486][T12250] bridge_slave_0: entered allmulticast mode
[  610.124647][T12250] bridge_slave_0: entered promiscuous mode
[  610.146428][T12250] bridge0: port 2(bridge_slave_1) entered blocking state
[  610.163177][T12250] bridge0: port 2(bridge_slave_1) entered disabled state
[  610.170957][T12250] bridge_slave_1: entered allmulticast mode
[  610.184522][T12250] bridge_slave_1: entered promiscuous mode
[  610.233131][   T54] Bluetooth: hci4: command tx timeout
[  610.338712][T12250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  610.398636][T12250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  610.450036][   T29] audit: type=1800 audit(2000000519.260:704): pid=12338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2025" name="/" dev="fuse" ino=1 res=0 errno=0
[  610.550253][T12250] team0: Port device team_slave_0 added
[  610.578568][T12250] team0: Port device team_slave_1 added
[  610.633161][   T58] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  610.677275][   T29] audit: type=1326 audit(2000000519.490:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12334 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  610.692057][T12250] batman_adv: batadv0: Adding interface: batadv_slave_0
[  610.723668][T12250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.728906][   T29] audit: type=1326 audit(2000000519.520:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12334 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  610.781508][T12250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  610.816957][   T58] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  610.826294][   T58] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  610.835095][   T58] usb 4-1: Product: syz
[  610.844544][T12250] batman_adv: batadv0: Adding interface: batadv_slave_1
[  610.852806][   T58] usb 4-1: Manufacturer: syz
[  610.859669][T12250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  610.889335][   T58] usb 4-1: SerialNumber: syz
[  610.891815][T12250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  610.911915][   T58] usb 4-1: config 0 descriptor??
[  611.016381][T12250] hsr_slave_0: entered promiscuous mode
[  611.037225][T12250] hsr_slave_1: entered promiscuous mode
[  611.051815][T12250] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  611.079558][T12250] Cannot create hsr debugfs directory
[  611.225798][T12335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  611.242076][T12335] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  611.253397][   T29] audit: type=1326 audit(2000000520.060:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12334 comm="syz.1.2026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  611.278354][   T58] usb 4-1: ignoring: probably an ADSL modem
[  611.478892][T12351] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2031'.
[  611.540521][   T58] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  611.560325][   T58] usb 4-1: USB disconnect, device number 16
[  612.323248][   T54] Bluetooth: hci4: command tx timeout
[  612.609950][T12359] netlink: 'syz.3.2034': attribute type 10 has an invalid length.
[  612.628100][T12359] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2034'.
[  612.685737][T12359] team0: Port device geneve0 added
[  612.695421][T12360] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  612.701971][T12360] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  612.714277][T12360] vhci_hcd vhci_hcd.0: Device attached
[  612.774490][T12361] vhci_hcd: connection closed
[  612.793235][ T1078] vhci_hcd: stop threads
[  612.833158][ T1078] vhci_hcd: release socket
[  612.837625][ T1078] vhci_hcd: disconnect device
[  612.868186][T12250] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  612.887368][T12250] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  612.910489][T12250] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  612.930899][T12250] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  613.100060][T12351] tipc: Started in network mode
[  613.108534][T12351] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  613.118426][T12351] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  613.127361][T12351] tipc: Enabled bearer <udp:syz1>, priority 10
[  613.159783][T12250] 8021q: adding VLAN 0 to HW filter on device bond0
[  613.202968][T12250] 8021q: adding VLAN 0 to HW filter on device team0
[  613.242442][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  613.249672][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  613.266620][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  613.273733][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  613.436013][T12250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  613.760530][T12385] loop4: detected capacity change from 0 to 128
[  613.788796][   T29] audit: type=1326 audit(2000000522.600:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12376 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  613.839519][T12250] 8021q: adding VLAN 0 to HW filter on device batadv0
[  613.873085][   T29] audit: type=1326 audit(2000000522.630:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12376 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  613.969997][T12250] veth0_vlan: entered promiscuous mode
[  614.019839][T12250] veth1_vlan: entered promiscuous mode
[  614.143954][T12250] veth0_macvtap: entered promiscuous mode
[  614.189236][T12250] veth1_macvtap: entered promiscuous mode
[  614.245868][ T8196] tipc: Node number set to 1
[  614.405252][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.440371][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.440370][   T29] audit: type=1326 audit(2000000523.240:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12376 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  614.440412][   T29] audit: type=1326 audit(2000000523.240:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12376 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  614.457675][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.523188][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.542044][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.552659][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.554139][   T29] audit: type=1326 audit(2000000523.240:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12376 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  614.563297][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.621633][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.637190][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.640962][   T29] audit: type=1326 audit(2000000523.250:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12376 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  614.654115][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.689442][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  614.699223][   T29] audit: type=1326 audit(2000000523.250:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12376 comm="syz.1.2041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6440175f19 code=0x7fc00000
[  614.701738][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  614.782624][T12250] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.080343][   T63] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  615.106498][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.117422][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.127452][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.144050][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.153964][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.166090][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.209098][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.239909][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.250099][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.272545][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.282758][T12250] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  615.313382][T12250] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  615.344158][T12250] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.386535][T12250] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.403432][T12250] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.412230][T12250] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.421295][T12250] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.577005][   T63] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  615.710349][T11194] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  615.761315][T11194] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  615.786760][T11194] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  615.805867][T11194] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  615.819823][T11194] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  615.834596][T11194] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  615.880727][   T63] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.122135][   T63] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  616.449165][ T5807] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.479081][ T5807] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  616.712040][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  616.729543][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  617.959572][   T54] Bluetooth: hci0: command tx timeout
[  619.734270][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  619.809640][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  619.889984][   T63] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  619.925263][T12408] syz.1.2053 (12408): drop_caches: 1
[  619.958832][   T63] bond0 (unregistering): Released all slaves
[  619.993489][   T54] Bluetooth: hci0: command tx timeout
[  620.234322][   T63] tipc: Disabling bearer <udp:syz1>
[  620.265711][   T63] tipc: Left network mode
[  620.356241][T12437] msdos: Unknown parameter 'b±Fs	µÚì'
[  620.491495][T12412] chnl_net:caif_netlink_parms(): no params data found
[  622.063329][   T54] Bluetooth: hci0: command tx timeout
[  623.042428][T12412] bridge0: port 1(bridge_slave_0) entered blocking state
[  623.068735][T12412] bridge0: port 1(bridge_slave_0) entered disabled state
[  623.095951][T12412] bridge_slave_0: entered allmulticast mode
[  623.107676][T12412] bridge_slave_0: entered promiscuous mode
[  623.114816][T12452] overlayfs: missing 'lowerdir'
[  623.125024][T12448] netlink: 'syz.2.2064': attribute type 10 has an invalid length.
[  623.184502][T12448] team0: Device hsr_slave_0 failed to register rx_handler
[  623.284031][   T63] hsr_slave_0: left promiscuous mode
[  623.295235][   T63] hsr_slave_1: left promiscuous mode
[  623.357704][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  623.375407][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  623.402552][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  623.436280][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  623.479820][T12456] loop2: detected capacity change from 0 to 256
[  623.519955][   T63] veth1_macvtap: left promiscuous mode
[  623.526135][   T63] veth0_macvtap: left promiscuous mode
[  623.531863][   T63] veth1_vlan: left promiscuous mode
[  623.540454][   T63] veth0_vlan: left promiscuous mode
[  624.149114][   T54] Bluetooth: hci0: command tx timeout
[  624.189841][T12474] netlink: 209840 bytes leftover after parsing attributes in process `syz.1.2075'.
[  624.556247][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  624.562589][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  624.745171][T12464] loop2: detected capacity change from 0 to 40427
[  624.792556][T12464] F2FS-fs (loop2): invalid crc value
[  624.816756][T12464] F2FS-fs (loop2): Found nat_bits in checkpoint
[  624.918476][T12464] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  625.094736][T12483] f2fs_ckpt-7:2: attempt to access beyond end of device
[  625.094736][T12483] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  625.141192][T12483] F2FS-fs (loop2): Remounting filesystem read-only
[  625.185919][T12250] syz-executor: attempt to access beyond end of device
[  625.185919][T12250] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  625.225467][T12250] syz-executor: attempt to access beyond end of device
[  625.225467][T12250] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  625.442916][   T63] team0 (unregistering): Port device team_slave_1 removed
[  625.538233][   T63] team0 (unregistering): Port device team_slave_0 removed
[  626.127959][T12412] bridge0: port 2(bridge_slave_1) entered blocking state
[  626.135651][T12412] bridge0: port 2(bridge_slave_1) entered disabled state
[  626.142834][T12412] bridge_slave_1: entered allmulticast mode
[  626.150371][T12412] bridge_slave_1: entered promiscuous mode
[  626.499692][T12494] "syz.0.2083" (12494) uses obsolete ecb(arc4) skcipher
[  626.546087][T12412] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  626.604959][T12412] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  626.652628][T12503] fuse: Bad value for 'rootmode'
[  626.762128][T12412] team0: Port device team_slave_0 added
[  626.836642][T12412] team0: Port device team_slave_1 added
[  627.065132][T12412] batman_adv: batadv0: Adding interface: batadv_slave_0
[  627.077858][T12412] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  627.106120][T12412] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  627.125139][T12412] batman_adv: batadv0: Adding interface: batadv_slave_1
[  627.140973][T12412] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  627.167290][T12412] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  627.377010][   T63] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.438590][T12412] hsr_slave_0: entered promiscuous mode
[  627.471887][T12412] hsr_slave_1: entered promiscuous mode
[  627.540316][T12412] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  627.563727][T12412] Cannot create hsr debugfs directory
[  627.800619][   T63] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  627.864352][T11194] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  627.878223][T11194] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  627.893748][T11194] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  627.902891][T11194] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  627.910875][T11194] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  627.921495][T11194] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  628.018910][   T63] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  628.184858][T12533] "syz.0.2097" (12533) uses obsolete ecb(arc4) skcipher
[  628.242101][   T63] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  629.131406][T12549] fuse: Bad value for 'rootmode'
[  629.359589][   T63] bridge_slave_1: left allmulticast mode
[  629.367137][   T63] bridge_slave_1: left promiscuous mode
[  629.387195][   T63] bridge0: port 2(bridge_slave_1) entered disabled state
[  629.419054][   T63] bridge_slave_0: left allmulticast mode
[  629.436128][   T63] bridge_slave_0: left promiscuous mode
[  629.456410][   T63] bridge0: port 1(bridge_slave_0) entered disabled state
[  629.482398][T12557] syz.0.2103 (12557): drop_caches: 1
[  629.983709][   T54] Bluetooth: hci4: command tx timeout
[  630.353205][ T5156] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  630.365854][   T63] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  630.381867][   T63] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  630.401867][   T63] bond0 (unregistering): Released all slaves
[  630.559685][ T5156] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  630.593434][ T5156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.635147][ T5156] usb 1-1: config 0 descriptor??
[  630.682311][T12527] chnl_net:caif_netlink_parms(): no params data found
[  630.873937][T12573] "syz.1.2110" (12573) uses obsolete ecb(arc4) skcipher
[  630.973868][   T63] hsr_slave_0: left promiscuous mode
[  630.990867][   T63] hsr_slave_1: left promiscuous mode
[  631.002498][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  631.033012][   T63] batman_adv: batadv0: Removing interface: batadv_slave_0
[  631.052757][   T63] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  631.061888][   T63] batman_adv: batadv0: Removing interface: batadv_slave_1
[  631.126400][   T63] veth1_macvtap: left promiscuous mode
[  631.132639][   T63] veth0_macvtap: left promiscuous mode
[  631.138572][   T63] veth1_vlan: left promiscuous mode
[  631.144140][   T63] veth0_vlan: left promiscuous mode
[  631.261417][ T5156] [drm] vendor descriptor length:c3 data:3e 0f bd 00 00 00 00 00 00 00 80
[  631.280476][ T5156] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor
[  631.499335][ T5156] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2
[  631.506820][ T5156] [drm] Initialized udl on minor 2
[  631.716241][ T5156] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  631.735055][ T5156] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  631.746130][ T8196] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffe0
[  631.926461][   T63] team0 (unregistering): Port device team_slave_1 removed
[  631.999375][   T63] team0 (unregistering): Port device team_slave_0 removed
[  632.063481][   T54] Bluetooth: hci4: command tx timeout
[  632.341954][ T5154] usb 1-1: USB disconnect, device number 14
[  632.348098][ T8196] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[  632.358912][ T8196] udl 1-1:0.0: [drm] Cannot find any crtc or sizes
[  632.364401][    C0] eth0: bad gso: type: 1, size: 1408
[  632.914780][T12589] syz.0.2116 (12589): drop_caches: 1
[  632.971262][T12527] bridge0: port 1(bridge_slave_0) entered blocking state
[  632.995801][T12527] bridge0: port 1(bridge_slave_0) entered disabled state
[  633.003200][T12527] bridge_slave_0: entered allmulticast mode
[  633.011144][T12527] bridge_slave_0: entered promiscuous mode
[  633.031959][T12527] bridge0: port 2(bridge_slave_1) entered blocking state
[  633.044833][T12527] bridge0: port 2(bridge_slave_1) entered disabled state
[  633.062453][T12527] bridge_slave_1: entered allmulticast mode
[  633.087914][T12527] bridge_slave_1: entered promiscuous mode
[  633.169578][ T8196] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  633.192197][T12412] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  633.240021][T12527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  633.261533][T12412] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  633.282334][T12527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  633.363528][T12412] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  633.377491][ T8196] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  633.398380][ T8196] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  633.416869][ T8196] usb 4-1: Product: syz
[  633.425760][ T8196] usb 4-1: Manufacturer: syz
[  633.430385][ T8196] usb 4-1: SerialNumber: syz
[  633.435974][T12527] team0: Port device team_slave_0 added
[  633.442429][T12412] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  633.460772][ T8196] usb 4-1: config 0 descriptor??
[  633.483788][T12527] team0: Port device team_slave_1 added
[  633.571735][T12527] batman_adv: batadv0: Adding interface: batadv_slave_0
[  633.585247][T12527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  633.615322][T12527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  633.647297][T12608] msdos: Unknown parameter 'b±Fs	µÚì'
[  633.750933][T12527] batman_adv: batadv0: Adding interface: batadv_slave_1
[  633.773430][T12527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  634.475127][   T54] Bluetooth: hci4: command tx timeout
[  634.503994][T12527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  634.770010][T12527] hsr_slave_0: entered promiscuous mode
[  634.776470][ T8196] cx82310_eth 4-1:0.0: probe with driver cx82310_eth failed with error -22
[  634.797835][T12527] hsr_slave_1: entered promiscuous mode
[  634.812731][T12527] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  636.554216][   T54] Bluetooth: hci4: command tx timeout
[  636.604136][T12527] Cannot create hsr debugfs directory
[  636.663443][ T8196] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  636.712559][ T8196] usb 4-1: USB disconnect, device number 17
[  636.865434][T12619] "syz.0.2127" (12619) uses obsolete ecb(arc4) skcipher
[  637.054844][T12412] 8021q: adding VLAN 0 to HW filter on device bond0
[  637.236999][T12412] 8021q: adding VLAN 0 to HW filter on device team0
[  637.313713][ T8196] bridge0: port 1(bridge_slave_0) entered blocking state
[  637.320864][ T8196] bridge0: port 1(bridge_slave_0) entered forwarding state
[  637.363661][ T8196] bridge0: port 2(bridge_slave_1) entered blocking state
[  637.370804][ T8196] bridge0: port 2(bridge_slave_1) entered forwarding state
[  637.484792][T12631] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2134'.
[  637.707604][T12636] msdos: Unknown parameter 'b±Fs	µÚì'
[  639.390853][T12527] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  639.436722][T12527] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  639.474628][T12527] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  639.494489][T12527] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  639.559377][T12412] 8021q: adding VLAN 0 to HW filter on device batadv0
[  639.691788][T12527] 8021q: adding VLAN 0 to HW filter on device bond0
[  639.746524][T12527] 8021q: adding VLAN 0 to HW filter on device team0
[  639.778644][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  639.785850][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  639.843923][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  639.851070][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  640.217522][T12412] veth0_vlan: entered promiscuous mode
[  640.306717][T12412] veth1_vlan: entered promiscuous mode
[  640.405705][T12412] veth0_macvtap: entered promiscuous mode
[  640.441072][T12412] veth1_macvtap: entered promiscuous mode
[  640.496539][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  640.531220][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.552643][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  640.563538][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.575157][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  640.588420][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.598833][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  640.613092][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.623494][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  640.635480][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.651973][T12412] batman_adv: batadv0: Interface activated: batadv_slave_0
[  640.673206][T12527] 8021q: adding VLAN 0 to HW filter on device batadv0
[  640.683650][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  640.710635][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.730735][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  640.743512][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.771412][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  640.784754][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.803248][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  640.823532][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.843467][T12412] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  640.883149][T12412] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  640.915041][T12412] batman_adv: batadv0: Interface activated: batadv_slave_1
[  640.978294][T12412] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  640.997018][T12412] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  641.006260][T12412] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  641.027079][T12412] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  641.043146][ T5157] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  641.181333][T12527] veth0_vlan: entered promiscuous mode
[  641.286323][ T5157] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  641.311225][ T5157] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  641.318057][T12527] veth1_vlan: entered promiscuous mode
[  641.337059][ T5157] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  641.353980][ T5157] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  641.378436][T12684] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  641.561521][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.593515][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.633235][T12527] veth0_macvtap: entered promiscuous mode
[  641.648378][ T1078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  641.660525][T12527] veth1_macvtap: entered promiscuous mode
[  641.675365][T12692] tipc: Started in network mode
[  641.680870][T12692] tipc: Node identity ac1414aa, cluster identity 4711
[  641.693234][ T1078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  641.721060][T12692] tipc: New replicast peer: 172.20.20.170
[  641.744188][T12692] tipc: Enabled bearer <udp:syz1>, priority 10
[  641.857111][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.869060][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.880927][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.893011][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.902995][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.915509][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  641.948797][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  641.988413][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.015222][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  642.039478][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.050136][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  642.052965][T12700] msdos: Unknown parameter 'b±Fs	µÚì'
[  642.073295][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  642.213516][T12527] batman_adv: batadv0: Interface activated: batadv_slave_0
[  643.283933][   T58] tipc: Node number set to 2886997162
[  643.284501][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  643.292742][T12692] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  643.303072][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.033461][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.732755][ T5156] usb 4-1: USB disconnect, device number 18
[  646.763088][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.813398][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.848463][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.872030][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.901369][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.911713][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.922619][T12708] fuse: Bad value for 'rootmode'
[  646.927881][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  646.938203][T12527] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  646.948984][T12527] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  647.024516][T12527] batman_adv: batadv0: Interface activated: batadv_slave_1
[  647.047106][T12698] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2051'.
[  647.107507][T12527] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  647.140340][T12527] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  647.173409][T12527] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  647.225118][T12527] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  647.572831][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  647.578404][T12715] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2157'.
[  647.593599][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  647.750510][T12720] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2158'.
[  647.878866][   T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  647.909678][   T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  648.873275][ T5153] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  648.902065][T12748] msdos: Unknown parameter 'b±Fs	µÚì'
[  653.597499][ T5153] usb 2-1: device descriptor read/all, error -71
[  653.707129][T12759] netlink: 'syz.0.2168': attribute type 29 has an invalid length.
[  653.784639][T12759] netlink: 'syz.0.2168': attribute type 29 has an invalid length.
[  653.826483][T12759] netlink: 'syz.0.2168': attribute type 29 has an invalid length.
[  653.893754][T12759] netlink: 'syz.0.2168': attribute type 29 has an invalid length.
[  653.944063][T12771] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2172'.
[  655.118970][T12783] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2175'.
[  655.136696][T12775] loop4: detected capacity change from 0 to 4096
[  655.492470][T12775] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  655.561608][T12775] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  655.569351][T12775] ntfs3: loop4: Failed to load $Extend (-2).
[  655.592247][T12775] ntfs3: loop4: Failed to initialize $Extend.
[  655.673787][   T29] audit: type=1800 audit(2000000564.490:715): pid=12775 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2174" name="bus" dev="loop4" ino=33 res=0 errno=0
[  656.770171][T12800] loop2: detected capacity change from 0 to 512
[  656.794055][T12800] EXT4-fs: Ignoring removed bh option
[  656.825230][T12800] EXT4-fs (loop2): blocks per group (255) and clusters per group (8192) inconsistent
[  657.652601][T12817] netlink: 'syz.3.2187': attribute type 29 has an invalid length.
[  657.701905][T12819] netlink: 'syz.3.2187': attribute type 29 has an invalid length.
[  658.596621][T12817] netlink: 'syz.3.2187': attribute type 29 has an invalid length.
[  658.630036][T12817] netlink: 'syz.3.2187': attribute type 29 has an invalid length.
[  658.995965][T12831] loop4: detected capacity change from 0 to 2048
[  659.154707][T12846] loop2: detected capacity change from 0 to 256
[  659.163238][T12846] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  659.218510][T12846] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  659.249480][T12756] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  659.258122][T12831] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  659.267640][T12756] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  659.350294][T12831] tipc: Started in network mode
[  659.373360][T12831] tipc: Node identity ac1414aa, cluster identity 4711
[  659.396515][T12831] tipc: New replicast peer: 172.20.20.170
[  659.407345][T12831] tipc: Enabled bearer <udp:syz1>, priority 10
[  660.006926][T12847] kvm: pic: non byte write
[  660.951991][ T5156] tipc: Node number set to 2886997162
[  661.553199][T12873] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2204'.
[  661.588287][   T54] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  661.764881][   T29] audit: type=1326 audit(2000000570.390:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  661.997047][   T29] audit: type=1326 audit(2000000570.390:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.100066][   T29] audit: type=1326 audit(2000000570.390:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.253848][   T29] audit: type=1326 audit(2000000570.390:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.300358][   T29] audit: type=1326 audit(2000000570.390:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.342855][   T29] audit: type=1326 audit(2000000570.390:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.344117][    C0] eth0: bad gso: type: 1, size: 1408
[  662.383901][   T29] audit: type=1326 audit(2000000570.390:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.409092][   T29] audit: type=1326 audit(2000000570.390:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.432159][   T29] audit: type=1326 audit(2000000570.390:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f7c83975f19 code=0x7ffc0000
[  662.488304][   T29] audit: type=1326 audit(2000000570.400:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12870 comm="syz.3.2204" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x0
[  662.726215][T12888] loop2: detected capacity change from 0 to 2048
[  663.595528][T12888] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  663.669082][T12903] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  663.678292][T12896] loop4: detected capacity change from 0 to 2048
[  663.747416][T12896] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[  664.008251][T12914] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  664.108664][T12915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2216'.
[  664.162288][   T54] Bluetooth: hci1: ACL packet for unknown connection handle 0
[  664.860581][T12916] 9pnet_fd: Insufficient options for proto=fd
[  664.906346][T12896] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  664.956490][T12920] netlink: 160 bytes leftover after parsing attributes in process `syz.0.2220'.
[  665.053086][    C0] eth0: bad gso: type: 1, size: 1408
[  666.136548][T12923] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  666.162254][    C0] eth0: bad gso: type: 1, size: 1408
[  668.094206][T12960] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  668.191666][T12968] dccp_invalid_packet: P.type (REQUEST) not Data || [Data]Ack, while P.X == 0
[  668.298857][T12967] loop4: detected capacity change from 0 to 1764
[  668.382468][T12973] 9pnet_fd: Insufficient options for proto=fd
[  668.440021][T12978] netlink: 'syz.2.2235': attribute type 29 has an invalid length.
[  668.471384][T12978] netlink: 'syz.2.2235': attribute type 29 has an invalid length.
[  668.628737][T12982] netlink: 'syz.2.2235': attribute type 29 has an invalid length.
[  668.647234][T12978] netlink: 'syz.2.2235': attribute type 29 has an invalid length.
[  669.636651][T12988] loop4: detected capacity change from 0 to 512
[  669.683889][T12993] netlink: 160 bytes leftover after parsing attributes in process `syz.3.2238'.
[  669.760694][T12988] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  669.853240][T12988] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  670.219950][T13009] xt_CONNSECMARK: invalid mode: 0
[  670.406519][T12412] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  672.129842][T13026] loop2: detected capacity change from 0 to 2048
[  672.359181][T13037] ceph: No mds server is up or the cluster is laggy
[  672.456746][T13046] loop4: detected capacity change from 0 to 1024
[  672.470316][T13046] ext4: Bad value for 'commit'
[  672.709340][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  672.774238][T13058] loop2: detected capacity change from 0 to 512
[  672.836608][T13058] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  672.868097][T13058] ext4 filesystem being mounted at /18/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  672.918896][T13055] xt_CONNSECMARK: invalid mode: 0
[  674.203541][T12527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  674.403064][T13079] loop4: detected capacity change from 0 to 1024
[  674.603679][T13079] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  675.158611][T12412] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  675.363319][ T5185] libceph: connect (1)[c::]:6789 error -101
[  675.381329][ T5185] libceph: mon0 (1)[c::]:6789 connect error
[  675.533689][T13090] ceph: No mds server is up or the cluster is laggy
[  675.623263][ T5157] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  675.835130][ T5157] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  675.852883][ T5157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  675.881291][ T5157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  675.892837][ T5157] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  675.919935][ T5157] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  675.930647][ T5157] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  675.939042][ T5157] usb 3-1: Manufacturer: syz
[  675.944841][ T8196] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  675.946981][ T5157] usb 3-1: config 0 descriptor??
[  676.346807][ T8196] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  676.363114][ T8196] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  676.372900][ T8196] usb 1-1: New USB device found, idVendor=1e7d, idProduct=3138, bcdDevice= 0.00
[  676.582582][ T5157] appleir 0003:05AC:8243.0007: unknown main item tag 0x0
[  676.654036][ T8196] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.888811][ T8196] usb 1-1: config 0 descriptor??
[  677.207896][ T5157] appleir 0003:05AC:8243.0007: No inputs registered, leaving
[  677.239773][ T5157] appleir 0003:05AC:8243.0007: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  677.256647][ T5157] usb 3-1: USB disconnect, device number 14
[  677.312993][T13122] loop4: detected capacity change from 0 to 2048
[  677.373569][T13122] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  677.408981][T13126] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  677.524650][ T8196] ryos 0003:1E7D:3138.0008: unknown main item tag 0x0
[  677.539428][T13129] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  677.541492][ T8196] ryos 0003:1E7D:3138.0008: hidraw0: USB HID v0.00 Device [HID 1e7d:3138] on usb-dummy_hcd.0-1/input0
[  677.909280][ T8196] usb 1-1: USB disconnect, device number 15
[  679.864521][T13162] loop2: detected capacity change from 0 to 128
[  680.353722][T13178] loop2: detected capacity change from 0 to 512
[  680.369590][T13178] EXT4-fs: Ignoring removed nobh option
[  680.382500][T13178] ext4: Unknown parameter 'nouser_xattr'
[  680.584234][T13178] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2297'.
[  681.256151][ T5157] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  681.517283][ T5157] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  681.543688][ T1147] libceph: connect (1)[c::]:6789 error -101
[  681.549726][ T5157] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  681.561057][ T1147] libceph: mon0 (1)[c::]:6789 connect error
[  681.576561][ T5157] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  681.586564][ T5157] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  681.596334][T13196] Bluetooth: hci5: Frame reassembly failed (-84)
[  681.609818][ T5157] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  681.619596][ T5157] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  681.629189][ T5157] usb 5-1: Manufacturer: syz
[  681.640920][ T5157] usb 5-1: config 0 descriptor??
[  681.643248][   T11] Bluetooth: hci5: Frame reassembly failed (-84)
[  681.681050][T13200] loop2: detected capacity change from 0 to 1764
[  681.685602][T13188] ceph: No mds server is up or the cluster is laggy
[  681.950412][T13210] input: syz1 as /devices/virtual/input/input34
[  682.104543][ T5157] appleir 0003:05AC:8243.0009: unknown main item tag 0x0
[  682.126877][ T5157] appleir 0003:05AC:8243.0009: No inputs registered, leaving
[  682.159600][ T5157] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  682.306232][T13219] loop2: detected capacity change from 0 to 512
[  682.380996][T13219] EXT4-fs: Ignoring removed nobh option
[  682.452220][T13219] ext4: Unknown parameter 'nouser_xattr'
[  682.970260][T13219] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2312'.
[  683.035979][ T5185] usb 5-1: USB disconnect, device number 9
[  683.113217][ T5156] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  683.296122][T13225] loop2: detected capacity change from 0 to 2048
[  683.313285][ T5156] usb 1-1: Using ep0 maxpacket: 16
[  683.330346][ T5156] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  683.340258][ T5156] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.349350][ T5156] usb 1-1: Product: syz
[  683.355605][ T5156] usb 1-1: Manufacturer: syz
[  683.361053][ T5156] usb 1-1: SerialNumber: syz
[  683.665744][   T54] Bluetooth: hci5: command 0xfc11 tx timeout
[  683.763682][T11194] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  684.386231][ T5156] r8152-cfgselector 1-1: Unknown version 0x0000
[  684.451107][ T5156] r8152-cfgselector 1-1: config 0 descriptor??
[  684.637354][T13233] ceph: No mds server is up or the cluster is laggy
[  684.735275][ T5156] r8152-cfgselector 1-1: Needed 2 retries to read version
[  684.742466][ T5156] r8152-cfgselector 1-1: Unknown version 0x0000
[  684.792149][ T5156] r8152-cfgselector 1-1: bad CDC descriptors
[  684.840166][T13251] loop2: detected capacity change from 0 to 16
[  684.867542][T13251] erofs: (device loop2): mounted with root inode @ nid 36.
[  684.948415][T11194] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 0] out[9000]
[  684.980862][T13251] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  684.997998][ T5185] r8152-cfgselector 1-1: USB disconnect, device number 16
[  685.013364][T13255] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2324'.
[  685.043973][   T29] kauditd_printk_skb: 10 callbacks suppressed
[  685.043990][   T29] audit: type=1800 audit(2000000593.860:736): pid=13251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2323" name="file3" dev="loop2" ino=89 res=0 errno=0
[  685.162744][   T54] Bluetooth: hci5: sending frame failed (-49)
[  685.170625][T11194] Bluetooth: hci5: Entering manufacturer mode failed (-49)
[  685.186528][T13264] Bluetooth: hci5: Frame reassembly failed (-84)
[  685.513205][ T5157] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  685.715826][ T5157] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  685.785479][ T5157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  685.859231][ T5157] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  685.987555][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  685.993952][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  686.006375][ T5157] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  686.104502][ T5157] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  686.123074][ T5157] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  686.131180][ T5157] usb 3-1: Manufacturer: syz
[  686.165535][ T5157] usb 3-1: config 0 descriptor??
[  687.277770][ T5157] appleir 0003:05AC:8243.000A: unknown main item tag 0x0
[  687.288689][ T5157] appleir 0003:05AC:8243.000A: No inputs registered, leaving
[  687.322425][ T5157] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  687.366652][T13280] ceph: No mds server is up or the cluster is laggy
[  687.563433][ T1147] usb 3-1: USB disconnect, device number 15
[  687.650804][T13303] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2339'.
[  688.695004][T13309] loop4: detected capacity change from 0 to 16
[  688.717466][T13309] erofs: (device loop4): mounted with root inode @ nid 36.
[  688.760590][T13305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2340'.
[  688.834440][T11194] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 0] out[9000]
[  688.848070][T13309] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  688.885974][   T29] audit: type=1800 audit(2000000597.690:737): pid=13309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2341" name="file3" dev="loop4" ino=89 res=0 errno=0
[  688.891813][T13309] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  688.918931][T13309] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  690.309904][T13338] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2352'.
[  691.531562][T13313] loop2: detected capacity change from 0 to 32768
[  691.784234][T13359] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2358'.
[  692.603330][T13313] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  692.649207][T13359] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0001 with DS=0x1
[  692.658450][T13313] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  692.691977][T13313] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  692.691977][T13313]   running recovery passes: check_allocations
[  692.728351][T13313] bcachefs (loop2): bch2_journal_reclaim_start(): error creating journal reclaim thread EINTR
[  692.770781][T13313] bcachefs (loop2): bch2_fs_recovery(): error EINTR
[  692.780454][T13313] bcachefs (loop2): bch2_fs_start(): error starting filesystem EINTR
[  692.788864][T13313] bcachefs (loop2): shutting down
[  692.790965][T13381] Bluetooth: MGMT ver 1.23
[  692.811425][T13313] bcachefs (loop2): shutdown complete
[  692.988864][T13385] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2365'.
[  693.105522][   T25] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  693.186705][ T8196] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  693.729471][ T8196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  693.782079][ T8196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  693.799904][ T8196] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  693.822061][ T8196] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.859445][ T8196] usb 2-1: config 0 descriptor??
[  693.893138][   T25] usb 1-1: Using ep0 maxpacket: 32
[  693.943221][   T25] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  693.972691][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.007417][   T25] usb 1-1: Product: syz
[  694.011628][   T25] usb 1-1: Manufacturer: syz
[  694.075470][   T25] usb 1-1: SerialNumber: syz
[  694.099444][   T25] usb 1-1: config 0 descriptor??
[  694.119648][   T25] cdc_ether 1-1:0.0: probe with driver cdc_ether failed with error -22
[  694.140874][   T25] usb 1-1: unsupported MDLM descriptors
[  694.254514][T13313] bcachefs: bch2_fs_get_tree() error: EINTR
[  694.348577][T13376] binder: 13375:13376 ioctl c0306201 20000580 returned -14
[  694.353279][ T5156] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  694.396516][T13359] netlink: 10 bytes leftover after parsing attributes in process `syz.0.2358'.
[  694.572949][ T5156] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  694.601115][ T5156] usb 5-1: New USB device found, idVendor=0499, idProduct=1038, bcdDevice=5b.36
[  694.615111][ T5156] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.629904][ T5156] usb 5-1: config 0 descriptor??
[  694.664206][ T5156] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2
[  694.751737][   T29] audit: type=1326 audit(2000000603.560:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13397 comm="syz.3.2372" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x0
[  694.960589][   T25] usb 5-1: USB disconnect, device number 10
[  695.055846][ T8196] usb 2-1: string descriptor 0 read error: -71
[  695.062813][ T8196] uclogic 0003:256C:006D.000B: failed retrieving string descriptor #200: -71
[  695.082502][ T8196] uclogic 0003:256C:006D.000B: failed retrieving pen parameters: -71
[  695.101752][ T8196] uclogic 0003:256C:006D.000B: failed probing pen v2 parameters: -71
[  695.118876][ T8196] uclogic 0003:256C:006D.000B: failed probing parameters: -71
[  695.141896][ T8196] uclogic 0003:256C:006D.000B: probe with driver uclogic failed with error -71
[  695.169826][ T8196] usb 2-1: USB disconnect, device number 14
[  695.517348][ T5166] usb 1-1: USB disconnect, device number 17
[  695.780893][T13420] loop4: detected capacity change from 0 to 256
[  695.906330][T13425] netlink: 592 bytes leftover after parsing attributes in process `syz.2.2383'.
[  695.935251][T13425] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2383'.
[  697.308842][T13435] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2388'.
[  697.363242][ T1147] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  697.389513][T13435] ip6_tunnel: non-ECT from fe88:0000:0000:0000:0000:0000:0000:0001 with DS=0x1
[  697.565016][ T1147] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  697.592983][ T1147] usb 3-1: New USB device found, idVendor=0499, idProduct=1038, bcdDevice=5b.36
[  697.602137][ T1147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.631398][ T1147] usb 3-1: config 0 descriptor??
[  697.671344][ T1147] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -2
[  697.693226][   T25] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  697.793327][ T8196] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  697.812485][T13453] netlink: 'syz.0.2392': attribute type 5 has an invalid length.
[  697.864296][ T5157] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  697.893330][   T25] usb 5-1: Using ep0 maxpacket: 32
[  697.959640][   T25] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  697.971318][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  697.971347][   T25] usb 5-1: Product: syz
[  697.971365][   T25] usb 5-1: Manufacturer: syz
[  697.971383][   T25] usb 5-1: SerialNumber: syz
[  697.980183][   T25] usb 5-1: config 0 descriptor??
[  697.990042][   T25] cdc_ether 5-1:0.0: probe with driver cdc_ether failed with error -22
[  697.990259][   T25] usb 5-1: unsupported MDLM descriptors
[  697.998099][ T8196] usb 4-1: Using ep0 maxpacket: 16
[  698.003904][ T8196] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  698.003953][ T8196] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  698.003979][ T8196] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.005664][ T8196] usb 4-1: config 0 descriptor??
[  698.094750][ T5157] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  698.122496][ T1147] usb 3-1: USB disconnect, device number 16
[  698.141784][ T5157] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  698.155275][ T5157] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  698.165331][ T5157] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.210204][ T5157] usb 2-1: config 0 descriptor??
[  698.244259][T13435] netlink: 10 bytes leftover after parsing attributes in process `syz.4.2388'.
[  698.438783][T13446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  698.462788][T13446] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  698.491641][ T8196] hid (null): unknown global tag 0x83
[  698.500465][ T8196] hid (null): unknown global tag 0xc
[  698.522244][ T8196] hid-generic 0003:0158:0100.000C: unknown main item tag 0x1
[  698.539812][ T8196] hid-generic 0003:0158:0100.000C: unexpected long global item
[  698.550904][ T8196] hid-generic 0003:0158:0100.000C: probe with driver hid-generic failed with error -22
[  698.657455][T13450] binder: 13449:13450 ioctl c0306201 20000580 returned -14
[  698.758596][ T8196] usb 4-1: USB disconnect, device number 19
[  699.077749][ T5153] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  699.104169][T13461] loop2: detected capacity change from 0 to 256
[  699.285619][ T5153] usb 1-1: config 6 has an invalid interface number: 51 but max is 0
[  699.320652][ T5153] usb 1-1: config 6 has no interface number 0
[  699.325166][ T5166] usb 5-1: USB disconnect, device number 11
[  699.334803][T13463] tipc: Failed to remove unknown binding: 66,1,1/0:57914639/57914641
[  699.353762][ T5153] usb 1-1: config 6 interface 51 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  699.380172][T13463] tipc: Failed to remove unknown binding: 66,1,1/0:57914639/57914641
[  699.390216][ T5157] usb 2-1: string descriptor 0 read error: -71
[  699.390283][ T5153] usb 1-1: New USB device found, idVendor=0df7, idProduct=0620, bcdDevice=be.fa
[  699.415909][ T5157] uclogic 0003:256C:006D.000D: failed retrieving string descriptor #200: -71
[  699.445052][ T5157] uclogic 0003:256C:006D.000D: failed retrieving pen parameters: -71
[  699.449530][ T5153] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.469829][ T5157] uclogic 0003:256C:006D.000D: failed probing pen v2 parameters: -71
[  699.478444][ T5157] uclogic 0003:256C:006D.000D: failed probing parameters: -71
[  699.493559][ T5157] uclogic 0003:256C:006D.000D: probe with driver uclogic failed with error -71
[  699.503431][ T5153] pl2303 1-1:6.51: required endpoints missing
[  699.505739][ T5157] usb 2-1: USB disconnect, device number 15
[  699.578565][    C0] eth0: bad gso: type: 1, size: 1408
[  699.608756][T13467] loop4: detected capacity change from 0 to 4096
[  699.624826][T13467] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[  699.659993][T13467] ntfs3: loop4: Failed to initialize $Extend/$Reparse.
[  699.769999][T13476] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  700.118516][T13481] netlink: 'syz.3.2404': attribute type 5 has an invalid length.
[  700.388412][T13484] netlink: 592 bytes leftover after parsing attributes in process `syz.1.2406'.
[  700.418566][T13484] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2406'.
[  700.597281][T13488] loop2: detected capacity change from 0 to 256
[  700.797482][T13492] loop2: detected capacity change from 0 to 164
[  700.836090][T13492] isofs_fill_super: get root inode failed
[  700.919191][   T29] audit: type=1326 audit(2000000609.730:739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13489 comm="syz.2.2410" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1551975f19 code=0x0
[  701.034988][T13497] ptrace attach of "./syz-executor exec"[12527] was attempted by "./syz-executor exec"[13497]
[  701.154289][T13499] tipc: Failed to remove unknown binding: 66,1,1/0:3893377651/3893377653
[  701.162757][T13499] tipc: Failed to remove unknown binding: 66,1,1/0:3893377651/3893377653
[  701.303158][ T5153] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  701.507321][ T5153] usb 2-1: Using ep0 maxpacket: 16
[  701.521826][ T5153] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  701.544389][ T5153] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  701.558840][ T5153] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.569692][ T5153] usb 2-1: config 0 descriptor??
[  701.795530][ T5157] usb 1-1: USB disconnect, device number 18
[  701.996809][T13491] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  702.013858][T13491] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  702.056473][ T5153] hid (null): unknown global tag 0x83
[  702.061885][ T5153] hid (null): unknown global tag 0xc
[  702.140386][ T5153] hid-generic 0003:0158:0100.000E: unknown main item tag 0x1
[  702.150218][T13506] loop2: detected capacity change from 0 to 1024
[  702.166948][ T5153] hid-generic 0003:0158:0100.000E: unexpected long global item
[  702.183775][T13506] ext4: Bad value for 'commit'
[  702.192047][ T5153] hid-generic 0003:0158:0100.000E: probe with driver hid-generic failed with error -22
[  702.325357][T13508] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  702.348349][ T5157] usb 2-1: USB disconnect, device number 16
[  702.421617][T13503] overlayfs: failed to resolve './file0': -2
[  704.933325][   T29] audit: type=1326 audit(2000000613.740:740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13511 comm="syz.3.2415" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x0
[  705.343864][T13529] ip6t_srh: unknown srh match flags  4000
[  705.511449][   T29] audit: type=1326 audit(2000000614.320:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13530 comm="syz.3.2423" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x0
[  705.592676][T13536] ptrace attach of "./syz-executor exec"[11547] was attempted by "./syz-executor exec"[13536]
[  706.438523][T11194] Bluetooth: hci4: unexpected event 0x03 length: 47 > 11
[  706.935334][T13558] ip6t_srh: unknown srh match flags  4000
[  707.219329][T13562] TCP: request_sock_TCP: Possible SYN flooding on port 0.0.0.0:20002. Sending cookies.
[  707.249793][T13564] netlink: 'syz.1.2436': attribute type 1 has an invalid length.
[  708.254095][ T5156] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  708.302586][T13592] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2446'.
[  708.476030][ T5156] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  708.493111][ T5156] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  708.512297][ T5156] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  708.570220][ T5156] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  708.593088][ T5156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.615831][ T5156] usb 3-1: Product: syz
[  708.629830][ T5156] usb 3-1: Manufacturer: syz
[  708.648310][ T5156] usb 3-1: SerialNumber: syz
[  708.669707][ T5156] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found
[  708.689359][ T5156] cdc_ncm 3-1:1.0: bind() failure
[  708.810393][T13596] overlayfs: overlapping lowerdir path
[  708.916120][ T5156] usb 3-1: USB disconnect, device number 17
[  708.986022][T13603] TCP: request_sock_TCP: Possible SYN flooding on port 0.0.0.0:20002. Sending cookies.
[  709.219816][   T29] audit: type=1326 audit(2000000618.030:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13608 comm="syz.3.2455" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x0
[  710.484201][T13624] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2458'.
[  710.582856][T13628] pim6reg1: entered promiscuous mode
[  710.615779][T13628] pim6reg1: entered allmulticast mode
[  710.939319][T13631] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2462'.
[  711.271477][   T54] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  711.282978][   T54] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  711.296802][   T54] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  711.306077][   T54] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  711.315116][   T54] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  711.322422][   T54] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  711.494449][   T29] audit: type=1326 audit(2000000620.310:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13638 comm="syz.3.2464" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7c83975f19 code=0x0
[  711.605579][T13643] ptrace attach of "./syz-executor exec"[11547] was attempted by "./syz-executor exec"[13643]
[  711.708121][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.855873][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  711.992078][T13633] loop2: detected capacity change from 0 to 40427
[  712.007638][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  712.087624][T13633] F2FS-fs (loop2): Found nat_bits in checkpoint
[  712.230894][ T1147] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  712.255259][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  712.265795][T13633] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  712.482322][ T1147] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  712.843209][ T1147] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  713.133313][ T1147] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  713.142338][ T1147] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  713.154936][ T1147] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  713.175159][T12527] syz-executor: attempt to access beyond end of device
[  713.175159][T12527] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  713.179322][ T1147] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  713.213872][T12527] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  713.222108][T13636] chnl_net:caif_netlink_parms(): no params data found
[  713.243038][ T1147] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  713.251053][ T1147] usb 1-1: Product: syz
[  713.299614][ T1147] usb 1-1: Manufacturer: syz
[  713.311711][ T1147] cdc_wdm 1-1:1.0: skipping garbage
[  713.318734][ T1147] cdc_wdm 1-1:1.0: skipping garbage
[  713.325847][ T1147] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  713.331946][   T35] bridge_slave_1: left allmulticast mode
[  713.339716][ T1147] cdc_wdm 1-1:1.0: Unknown control protocol
[  713.346089][   T35] bridge_slave_1: left promiscuous mode
[  713.362261][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  713.372896][   T35] bridge_slave_0: left allmulticast mode
[  713.400930][   T35] bridge_slave_0: left promiscuous mode
[  713.406898][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  713.423287][T11194] Bluetooth: hci0: command tx timeout
[  713.607337][T13649] 9pnet_fd: Insufficient options for proto=fd
[  713.628188][ T5166] usb 1-1: USB disconnect, device number 19
[  714.205433][T11194] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  714.310668][T13690] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  714.323235][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  714.329827][T11194] Bluetooth: Wrong link type (-22)
[  714.338856][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  714.357583][T11194] Bluetooth: Wrong link type (-22)
[  714.362756][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  714.370450][T11194] Bluetooth: Wrong link type (-22)
[  714.375797][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0f
[  714.382651][T11194] Bluetooth: Wrong link type (-22)
[  714.388482][T11194] Bluetooth: Unknown BR/EDR signaling command 0x11
[  714.395014][T11194] Bluetooth: Wrong link type (-22)
[  714.400357][T11194] Bluetooth: hci4: link tx timeout
[  714.406358][T11194] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  714.438854][T13690] input: syz0 as /devices/virtual/input/input35
[  715.063719][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  715.122547][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  715.162001][   T35] bond0 (unregistering): Released all slaves
[  715.395889][T13707] pim6reg1: entered promiscuous mode
[  715.401329][T13707] pim6reg1: entered allmulticast mode
[  715.424976][   T35] tipc: Disabling bearer <udp:syz1>
[  715.437101][   T35] tipc: Left network mode
[  715.511252][T11194] Bluetooth: hci0: command tx timeout
[  715.853541][T13636] bridge0: port 1(bridge_slave_0) entered blocking state
[  715.862399][T13723] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2491'.
[  715.882105][T13636] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.903226][T13636] bridge_slave_0: entered allmulticast mode
[  715.931258][T13636] bridge_slave_0: entered promiscuous mode
[  715.968794][T13636] bridge0: port 2(bridge_slave_1) entered blocking state
[  715.998377][T13636] bridge0: port 2(bridge_slave_1) entered disabled state
[  716.018384][T13636] bridge_slave_1: entered allmulticast mode
[  716.044617][T13636] bridge_slave_1: entered promiscuous mode
[  716.063984][T13727] netlink: 5056 bytes leftover after parsing attributes in process `syz.1.2493'.
[  716.114599][T13727] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2493'.
[  716.153080][T13727] netlink: 5056 bytes leftover after parsing attributes in process `syz.1.2493'.
[  716.220400][T13728] fuse: Unknown parameter '0xffffffffffffffff'
[  716.221595][T13718] loop2: detected capacity change from 0 to 32768
[  716.382697][T13718] XFS: ikeep mount option is deprecated.
[  716.471639][T11194] Bluetooth: hci4: command 0x0406 tx timeout
[  716.909639][T13718] XFS: noikeep mount option is deprecated.
[  716.978667][T13718] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  717.099863][T13636] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  717.130702][T13636] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  717.137914][T13718] XFS (loop2): Ending clean mount
[  717.163650][T13718] XFS (loop2): Quotacheck needed: Please wait.
[  717.175141][   T35] hsr_slave_0: left promiscuous mode
[  717.188192][   T35] hsr_slave_1: left promiscuous mode
[  717.195116][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  717.211488][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  717.235314][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  717.242731][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  717.372526][T13718] XFS (loop2): Quotacheck: Done.
[  717.475375][   T35] veth1_macvtap: left promiscuous mode
[  717.480960][   T35] veth0_macvtap: left promiscuous mode
[  717.498653][   T35] veth1_vlan: left promiscuous mode
[  717.510697][   T35] veth0_vlan: left promiscuous mode
[  717.531866][T13749] GUP no longer grows the stack in syz.1.2498 (13749): 20009000-2000c000 (20006000)
[  717.558890][T13749] CPU: 0 UID: 0 PID: 13749 Comm: syz.1.2498 Not tainted 6.10.0-next-20240724-syzkaller #0
[  717.568805][T13749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  717.578852][T13749] Call Trace:
[  717.582121][T13749]  <TASK>
[  717.585049][T13749]  dump_stack_lvl+0x241/0x360
[  717.589738][T13749]  ? __pfx_dump_stack_lvl+0x10/0x10
[  717.594934][T13749]  ? __pfx__printk+0x10/0x10
[  717.599534][T13749]  ? find_vma+0xf9/0x170
[  717.603776][T13749]  ? vma_is_secretmem+0xd/0x50
[  717.608538][T13749]  ? check_vma_flags+0x531/0x5a0
[  717.613463][T13749]  __get_user_pages+0x114d/0x16a0
[  717.618488][T13749]  ? __pfx___get_user_pages+0x10/0x10
[  717.623849][T13749]  ? __pfx_lock_acquire+0x10/0x10
[  717.628868][T13749]  __gup_longterm_locked+0x3ba/0x17d0
[  717.634242][T13749]  pin_user_pages+0x137/0x1f0
[  717.638910][T13749]  ? __pfx_pin_user_pages+0x10/0x10
[  717.644093][T13749]  ? __kmalloc_node_noprof+0x247/0x440
[  717.649548][T13749]  xdp_umem_create+0x955/0xf30
[  717.654308][T13749]  xsk_setsockopt+0x732/0x950
[  717.658980][T13749]  ? __pfx_xsk_setsockopt+0x10/0x10
[  717.664192][T13749]  ? aa_sock_opt_perm+0x79/0x120
[  717.669136][T13749]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  717.674668][T13749]  ? security_socket_setsockopt+0x87/0xb0
[  717.680375][T13749]  ? __pfx_xsk_setsockopt+0x10/0x10
[  717.685558][T13749]  do_sock_setsockopt+0x3af/0x720
[  717.690571][T13749]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  717.696109][T13749]  __sys_setsockopt+0x1ae/0x250
[  717.700947][T13749]  __x64_sys_setsockopt+0xb5/0xd0
[  717.705960][T13749]  do_syscall_64+0xf3/0x230
[  717.710446][T13749]  ? clear_bhb_loop+0x35/0x90
[  717.715107][T13749]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  717.720983][T13749] RIP: 0033:0x7f6440175f19
[  717.725380][T13749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  717.744968][T13749] RSP: 002b:00007f6440ee3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  717.753364][T13749] RAX: ffffffffffffffda RBX: 00007f6440305f60 RCX: 00007f6440175f19
[  717.761319][T13749] RDX: 0000000000000004 RSI: 000000000000011b RDI: 0000000000000004
[  717.769272][T13749] RBP: 00007f64401e4e68 R08: 0000000000000020 R09: 0000000000000000
[  717.777223][T13749] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  717.785179][T13749] R13: 000000000000000b R14: 00007f6440305f60 R15: 00007ffe6191bb18
[  717.793141][T13749]  </TASK>
[  717.833166][   T54] Bluetooth: hci0: command tx timeout
[  717.850502][T12527] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  718.498498][   T35] team0 (unregistering): Port device team_slave_1 removed
[  718.557149][   T35] team0 (unregistering): Port device team_slave_0 removed
[  719.306362][T13751] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2498'.
[  719.418446][T13636] team0: Port device team_slave_0 added
[  719.457735][T13636] team0: Port device team_slave_1 added
[  719.594777][T13765] netlink: 5056 bytes leftover after parsing attributes in process `syz.2.2504'.
[  719.644486][T13765] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2504'.
[  719.709557][T13765] netlink: 5056 bytes leftover after parsing attributes in process `syz.2.2504'.
[  719.768739][T13636] batman_adv: batadv0: Adding interface: batadv_slave_0
[  719.821268][T13636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  719.861847][T13772] hub 6-0:1.0: USB hub found
[  719.869311][T13772] hub 6-0:1.0: 1 port detected
[  719.978337][   T54] Bluetooth: hci0: command tx timeout
[  720.193687][T13636] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  720.453594][T13636] batman_adv: batadv0: Adding interface: batadv_slave_1
[  720.460573][T13636] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  720.627574][T13636] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  720.914896][T13636] hsr_slave_0: entered promiscuous mode
[  720.923734][T13636] hsr_slave_1: entered promiscuous mode
[  720.930794][T13636] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  720.939840][T13636] Cannot create hsr debugfs directory
[  721.834847][T13794] loop2: detected capacity change from 0 to 1024
[  721.854134][   T29] audit: type=1326 audit(2000000630.670:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13788 comm="syz.0.2512" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33ff975f19 code=0x0
[  722.728172][ T1271] hfsplus: b-tree write err: -5, ino 4
[  722.822541][T13805] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2517'.
[  723.074619][T13809] netlink: 5056 bytes leftover after parsing attributes in process `syz.2.2519'.
[  723.108431][T13809] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2519'.
[  723.141402][T13809] netlink: 5056 bytes leftover after parsing attributes in process `syz.2.2519'.
[  723.373338][T11194] Bluetooth: hci4: unexpected event for opcode 0x0c46
[  723.426406][T11194] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  723.507515][T13818] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  723.533988][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  723.540555][T11194] Bluetooth: Wrong link type (-22)
[  723.545925][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  723.552445][T11194] Bluetooth: Wrong link type (-22)
[  723.557786][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  723.564394][T11194] Bluetooth: Wrong link type (-22)
[  723.569556][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0f
[  723.576091][T11194] Bluetooth: Wrong link type (-22)
[  723.581203][T11194] Bluetooth: Unknown BR/EDR signaling command 0x11
[  723.588748][T11194] Bluetooth: Wrong link type (-22)
[  723.640536][T13818] input: syz0 as /devices/virtual/input/input36
[  723.972106][T13636] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  724.011231][T13636] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  724.061132][T13636] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  724.102623][T13636] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  724.330986][T13636] 8021q: adding VLAN 0 to HW filter on device bond0
[  724.391382][T13636] 8021q: adding VLAN 0 to HW filter on device team0
[  724.419885][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.427085][ T5166] bridge0: port 1(bridge_slave_0) entered forwarding state
[  724.447809][ T5166] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.455020][ T5166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  724.503364][ T1147] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  724.562199][T13636] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  724.601713][T13636] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  724.671093][T11194] Bluetooth: hci4: unexpected event 0x03 length: 47 > 11
[  724.715250][ T1147] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  724.748957][T11194] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  724.763632][ T1147] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  724.988439][ T1147] usb 4-1: config 0 descriptor??
[  725.430429][T13636] 8021q: adding VLAN 0 to HW filter on device batadv0
[  725.960175][T13636] veth0_vlan: entered promiscuous mode
[  726.016644][T13636] veth1_vlan: entered promiscuous mode
[  726.089211][T13636] veth0_macvtap: entered promiscuous mode
[  726.130704][T13636] veth1_macvtap: entered promiscuous mode
[  726.198109][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  726.220937][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.250858][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  726.274135][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.293058][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  726.304974][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.323183][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  726.343249][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.360042][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  726.382713][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.403244][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  726.423265][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.444616][T13636] batman_adv: batadv0: Interface activated: batadv_slave_0
[  726.474999][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.515032][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.534748][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.557348][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.584074][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.610216][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.641778][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.657244][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.667218][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.671566][T13871] loop2: detected capacity change from 0 to 32768
[  726.679797][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.696070][T13636] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  726.714351][T13636] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  726.727085][T13636] batman_adv: batadv0: Interface activated: batadv_slave_1
[  726.758234][T13636] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  726.778330][T13636] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  726.789699][T13636] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  726.799408][T13636] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  726.904958][ T5156] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  726.948218][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  726.966517][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  726.983502][ T5185] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  727.069573][T12755] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  727.079281][T12755] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  727.096389][ T5156] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  727.159434][ T5156] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  727.184040][ T5185] usb 2-1: Using ep0 maxpacket: 8
[  727.189343][ T1147] pegasus 4-1:0.0: setup Pegasus II specific registers
[  727.191318][ T5156] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  727.207818][ T5185] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  727.214643][ T5156] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  727.228188][ T5156] usb 1-1: SerialNumber: syz
[  727.243643][ T5185] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  727.258988][ T5156] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  727.273170][ T5185] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  727.290277][ T5156] usb-storage 1-1:1.0: USB Mass Storage device detected
[  727.302574][ T5185] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.327013][ T5185] usb 2-1: config 0 descriptor??
[  727.336123][ T5185] hso 2-1:0.0: Can't find BULK IN endpoint
[  727.342639][ T5156] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  727.344619][ T1147] pegasus 4-1:0.0: can't locate MII phy, using default
[  727.376984][ T5156] scsi host1: usb-storage 1-1:1.0
[  727.397533][ T1147] pegasus 4-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, da:9a:06:55:9b:80
[  727.409525][ T1147] usb 4-1: USB disconnect, device number 20
[  727.544562][ T5185] usb 2-1: USB disconnect, device number 17
[  727.887219][T13909] loop2: detected capacity change from 0 to 512
[  727.950193][T13909] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  727.981769][T13910] loop4: detected capacity change from 0 to 4096
[  727.989698][T13909] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  727.993504][T13910] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512).
[  728.051215][ T5153] usb 1-1: USB disconnect, device number 20
[  728.212589][T12527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  728.422508][T13931] fuse: Unknown parameter '0xffffffffffffffff'
[  729.869704][ T5185] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  730.163366][ T5185] usb 2-1: Using ep0 maxpacket: 8
[  730.215667][T13958] <
[  730.380220][ T5185] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  730.441051][ T5185] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  730.498765][ T5185] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  730.528315][ T5185] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.565223][ T5185] usb 2-1: config 0 descriptor??
[  730.582667][ T5185] hso 2-1:0.0: Can't find BULK IN endpoint
[  730.752734][T13978] loop2: detected capacity change from 0 to 512
[  730.862935][T13978] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.2581: bad orphan inode 4
[  730.882691][ T5185] usb 2-1: USB disconnect, device number 18
[  730.882734][T13978] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  730.977292][T13978] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.2581: bg 0: block 3: invalid block bitmap
[  731.102479][T12527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  731.620152][T13993] hub 6-0:1.0: USB hub found
[  731.627478][T13993] hub 6-0:1.0: 1 port detected
[  732.952901][T13987] loop4: detected capacity change from 0 to 32768
[  733.052961][T13987] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  733.142706][T13987] XFS (loop4): Ending clean mount
[  733.163683][T13987] XFS (loop4): Quotacheck needed: Please wait.
[  733.250989][T13987] XFS (loop4): Quotacheck: Done.
[  733.658413][T13636] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  733.850617][ T8196] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  733.957390][T14043] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  734.043322][ T8196] usb 2-1: Using ep0 maxpacket: 8
[  734.073475][ T8196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  734.098346][ T8196] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  734.123105][ T8196] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  734.152044][ T8196] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.192465][ T8196] usb 2-1: config 0 descriptor??
[  734.199835][T14053] sg_write: data in/out 655360/1 bytes for SCSI command 0xf2-- guessing data in;
[  734.199835][T14053]    program syz.2.2606 not setting count and/or reply_len properly
[  734.224198][ T8196] hso 2-1:0.0: Can't find BULK IN endpoint
[  734.249346][T14053] ebt_among: src integrity fail: 300
[  734.381308][T14059] geneve2: entered promiscuous mode
[  734.395229][T14059] geneve2: entered allmulticast mode
[  734.467270][ T8196] usb 2-1: USB disconnect, device number 19
[  734.607691][T14074] loop4: detected capacity change from 0 to 1024
[  734.625551][T14074] ext4: Unknown parameter 'nouser_xattr'
[  734.649748][T14076] loop2: detected capacity change from 0 to 1024
[  734.683359][T14076] hfsplus: failed to load root directory
[  734.756000][ T5157] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  734.976391][ T5157] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  734.991680][ T5157] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  735.024921][ T5157] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  735.059331][ T5157] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  735.071611][ T5157] usb 1-1: SerialNumber: syz
[  735.098702][ T5157] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  735.126758][ T5157] usb-storage 1-1:1.0: USB Mass Storage device detected
[  735.158557][ T5157] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  735.173119][ T5157] scsi host1: usb-storage 1-1:1.0
[  735.594516][T14091] sg_write: data in/out 655360/1 bytes for SCSI command 0xf2-- guessing data in;
[  735.594516][T14091]    program syz.3.2619 not setting count and/or reply_len properly
[  735.621217][T14091] ebt_among: src integrity fail: 300
[  735.736599][T14090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  735.779743][T14090] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.937578][ T5154] usb 1-1: USB disconnect, device number 21
[  736.185240][T14108] netlink: 'syz.2.2626': attribute type 12 has an invalid length.
[  736.218141][T14108] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.2626'.
[  736.373944][T14113] loop4: detected capacity change from 0 to 164
[  736.404694][T14113] isofs: isofs_export_get_parent(): child directory not normalized!
[  736.748022][T14123] loop4: detected capacity change from 0 to 1024
[  736.821673][T14123] ext4: Unknown parameter 'nouser_xattr'
[  737.565510][T14135] tty tty2: ldisc open failed (-12), clearing slot 1
[  738.099022][   T29] audit: type=1326 audit(2000000646.910:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14148 comm="syz.2.2640" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1551975f19 code=0x0
[  738.232903][T14157] loop2: detected capacity change from 0 to 512
[  738.290046][T14157] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  738.412679][T14157] EXT4-fs (loop2): 1 orphan inode deleted
[  738.442796][T14157] EXT4-fs (loop2): 1 truncate cleaned up
[  738.489639][T14157] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  739.280062][T12527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  740.121973][T14184] geneve2: entered promiscuous mode
[  740.137605][T14184] geneve2: entered allmulticast mode
[  740.473720][ T5154] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  740.735909][T14192] loop2: detected capacity change from 0 to 8192
[  741.043220][ T5156] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  741.395981][   T29] audit: type=1326 audit(2000000650.200:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14211 comm="syz.0.2666" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33ff975f19 code=0x0
[  741.840158][T14198] loop4: detected capacity change from 0 to 32768
[  741.871119][T14198] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  741.958808][T14198] XFS (loop4): Ending clean mount
[  741.978739][T14198] XFS (loop4): Quotacheck needed: Please wait.
[  742.090074][T14198] XFS (loop4): Quotacheck: Done.
[  742.778924][T13636] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  743.590180][T14247] veth0_to_hsr: entered promiscuous mode
[  743.634328][T14251] input: syz0 as /devices/virtual/input/input37
[  743.858105][T14246] veth0_to_hsr: left promiscuous mode
[  745.285405][T14278] input: syz0 as /devices/virtual/input/input38
[  745.624429][   T29] audit: type=1326 audit(2000000654.440:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14283 comm="syz.2.2694" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1551975f19 code=0x0
[  745.746613][T14289] loop2: detected capacity change from 0 to 512
[  745.784289][T14289] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  745.844231][T14289] EXT4-fs (loop2): 1 orphan inode deleted
[  745.852101][T14289] EXT4-fs (loop2): 1 truncate cleaned up
[  745.866220][T14289] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  745.963845][T14274] loop4: detected capacity change from 0 to 32768
[  745.989938][T14274] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2688 (14274)
[  746.048245][T14274] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  746.133969][T14274] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  746.143750][T14274] BTRFS info (device loop4): using free-space-tree
[  746.223328][ T5166] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  746.424342][ T5166] usb 4-1: Using ep0 maxpacket: 8
[  746.449788][T13636] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  746.471999][ T5166] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  746.498567][ T5166] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  746.511727][ T5166] usb 4-1: config 0 has no interface number 0
[  746.545727][ T5166] usb 4-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  746.572824][ T5166] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  746.613034][ T5166] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  746.633680][ T5166] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  746.727500][T12527] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  746.733217][ T5166] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.774280][ T5166] usb 4-1: config 0 descriptor??
[  746.779980][T14296] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  747.122016][T14323] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2701'.
[  747.151048][T14323] bridge0: port 1(bridge_slave_1) entered blocking state
[  747.213751][T14323] bridge0: port 1(bridge_slave_1) entered disabled state
[  747.221074][T14323] bridge_slave_1: entered allmulticast mode
[  747.258205][T14323] bridge_slave_1: entered promiscuous mode
[  747.280889][T14323] bridge0: port 1(bridge_slave_1) entered blocking state
[  747.288227][T14323] bridge0: port 1(bridge_slave_1) entered forwarding state
[  747.437180][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  747.444887][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  747.494269][T14329] loop4: detected capacity change from 0 to 8192
[  747.563749][ T5166] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input39
[  747.580301][T14327] bridge0: port 2(veth1_to_bond) entered blocking state
[  747.604092][T14327] bridge0: port 2(veth1_to_bond) entered disabled state
[  747.644562][T14327] veth1_to_bond: entered allmulticast mode
[  747.809463][T14327] veth1_to_bond: entered promiscuous mode
[  747.910473][T14327] bridge0: port 2(veth1_to_bond) entered blocking state
[  747.917915][T14327] bridge0: port 2(veth1_to_bond) entered forwarding state
[  748.064105][ T5156] usb 4-1: USB disconnect, device number 21
[  748.064103][    C0] keyspan_remote 4-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  750.397155][ T1147] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  750.643780][ T1147] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  750.679357][ T1147] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  750.706146][ T5185] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  750.741953][ T1147] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  750.799677][ T1147] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.855433][ T1147] usb 4-1: config 0 descriptor??
[  750.942562][ T5185] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b
[  750.955489][T14370] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2715'.
[  751.002041][ T5185] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.061769][ T5185] usb 5-1: config 0 descriptor??
[  751.203616][T14370] bridge_slave_1: left allmulticast mode
[  751.209404][T14370] bridge_slave_1: left promiscuous mode
[  751.248768][T14370] bridge0: port 1(bridge_slave_1) entered disabled state
[  751.289630][T14370] bridge1: port 1(bridge_slave_1) entered blocking state
[  751.324463][T14370] bridge1: port 1(bridge_slave_1) entered disabled state
[  751.331672][T14370] bridge_slave_1: entered allmulticast mode
[  751.380313][T14370] bridge_slave_1: entered promiscuous mode
[  751.388445][T14370] bridge1: port 1(bridge_slave_1) entered blocking state
[  751.395635][T14370] bridge1: port 1(bridge_slave_1) entered forwarding state
[  751.421436][T14371] veth1_to_bond: left allmulticast mode
[  751.473671][T14371] veth1_to_bond: left promiscuous mode
[  751.483902][T14371] bridge0: port 2(veth1_to_bond) entered disabled state
[  751.502921][T14371] bridge1: port 2(veth1_to_bond) entered blocking state
[  751.534911][T14371] bridge1: port 2(veth1_to_bond) entered disabled state
[  751.604300][T14371] veth1_to_bond: entered allmulticast mode
[  751.643206][T14371] veth1_to_bond: entered promiscuous mode
[  751.670653][T14371] bridge1: port 2(veth1_to_bond) entered blocking state
[  751.677218][T14376] input: syz1 as /devices/virtual/input/input40
[  751.677817][T14371] bridge1: port 2(veth1_to_bond) entered forwarding state
[  751.877080][T14382] loop2: detected capacity change from 0 to 24
[  751.884388][T14382] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  751.916073][T14382] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  752.134086][ T5185] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  752.154995][ T5185] asix 5-1:0.0: probe with driver asix failed with error -61
[  752.401417][T14366] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2713'.
[  752.713517][ T1147] usbhid 4-1:0.0: can't add hid device: -71
[  752.725823][T14366] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) !
[  752.887521][ T1147] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  752.936568][ T1147] usb 4-1: USB disconnect, device number 22
[  753.029611][ T8196] usb 5-1: USB disconnect, device number 12
[  753.147747][T14394] loop2: detected capacity change from 0 to 1764
[  753.162347][T14394] iso9660: Bad value for 'block'
[  754.514417][    C0] eth0: bad gso: type: 1, size: 1408
[  754.618240][T11194] Bluetooth: hci4: unexpected event for opcode 0x0c46
[  754.665491][T11194] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  754.665783][T14417] loop4: detected capacity change from 0 to 2048
[  754.751522][T14423] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  754.766151][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0c
[  754.772715][T11194] Bluetooth: Wrong link type (-22)
[  754.777963][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  754.788699][T11194] Bluetooth: Wrong link type (-22)
[  754.793986][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0d
[  754.800496][T11194] Bluetooth: Wrong link type (-22)
[  754.804454][T14417] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  754.805679][T11194] Bluetooth: Unknown BR/EDR signaling command 0x0f
[  754.822493][T11194] Bluetooth: Wrong link type (-22)
[  754.827755][T11194] ==================================================================
[  754.835823][T11194] BUG: KASAN: slab-use-after-free in l2cap_send_cmd+0x67b/0x8d0
[  754.843472][T11194] Read of size 4 at addr ffff888027af1810 by task kworker/u9:1/11194
[  754.851539][T11194] 
[  754.853854][T11194] CPU: 0 UID: 0 PID: 11194 Comm: kworker/u9:1 Not tainted 6.10.0-next-20240724-syzkaller #0
[  754.863907][T11194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  754.873953][T11194] Workqueue: hci4 hci_rx_work
[  754.878640][T11194] Call Trace:
[  754.881910][T11194]  <TASK>
[  754.884832][T11194]  dump_stack_lvl+0x241/0x360
[  754.889509][T11194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  754.894701][T11194]  ? __pfx__printk+0x10/0x10
[  754.899281][T11194]  ? _printk+0xd5/0x120
[  754.903428][T11194]  ? __virt_addr_valid+0x183/0x530
[  754.908526][T11194]  ? __virt_addr_valid+0x183/0x530
[  754.913624][T11194]  print_report+0x169/0x550
[  754.918116][T11194]  ? __virt_addr_valid+0x183/0x530
[  754.923228][T11194]  ? __virt_addr_valid+0x183/0x530
[  754.928337][T11194]  ? __virt_addr_valid+0x45f/0x530
[  754.933446][T11194]  ? __phys_addr+0xba/0x170
[  754.937956][T11194]  ? l2cap_send_cmd+0x67b/0x8d0
[  754.942798][T11194]  kasan_report+0x143/0x180
[  754.947301][T11194]  ? l2cap_send_cmd+0x67b/0x8d0
[  754.952144][T11194]  l2cap_send_cmd+0x67b/0x8d0
[  754.956815][T11194]  ? skb_pull+0xc1/0x1e0
[  754.961054][T11194]  l2cap_recv_frame+0x22f1/0x10840
[  754.966164][T11194]  ? validate_chain+0x11e/0x5920
[  754.971108][T11194]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  754.976473][T11194]  ? validate_chain+0x11e/0x5920
[  754.981404][T11194]  ? __pfx_validate_chain+0x10/0x10
[  754.986594][T11194]  ? __pfx_validate_chain+0x10/0x10
[  754.991783][T11194]  ? __pfx_validate_chain+0x10/0x10
[  754.996974][T11194]  ? __pfx_validate_chain+0x10/0x10
[  755.002162][T11194]  ? kasan_save_track+0x51/0x80
[  755.007003][T11194]  ? mark_lock+0x9a/0x360
[  755.011329][T11194]  ? __lock_acquire+0x1384/0x2050
[  755.016354][T11194]  ? mark_lock+0x9a/0x360
[  755.020684][T11194]  ? hci_rx_work+0x4e7/0xca0
[  755.025265][T11194]  ? __pfx_lock_release+0x10/0x10
[  755.030296][T11194]  ? __mutex_unlock_slowpath+0x21d/0x750
[  755.035926][T11194]  ? __pfx_lock_release+0x10/0x10
[  755.040951][T11194]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  755.046925][T11194]  ? hci_conn_enter_active_mode+0x260/0x370
[  755.052834][T11194]  ? l2cap_recv_acldata+0x490/0x1560
[  755.058124][T11194]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  755.064018][T11194]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  755.069995][T11194]  hci_rx_work+0x50f/0xca0
[  755.074410][T11194]  ? process_scheduled_works+0x945/0x1830
[  755.080126][T11194]  process_scheduled_works+0xa2c/0x1830
[  755.085681][T11194]  ? __pfx_process_scheduled_works+0x10/0x10
[  755.091659][T11194]  ? assign_work+0x364/0x3d0
[  755.096243][T11194]  worker_thread+0x86d/0xd40
[  755.100834][T11194]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  755.106730][T11194]  ? __kthread_parkme+0x169/0x1d0
[  755.111755][T11194]  ? __pfx_worker_thread+0x10/0x10
[  755.116872][T11194]  kthread+0x2f0/0x390
[  755.120940][T11194]  ? __pfx_worker_thread+0x10/0x10
[  755.126044][T11194]  ? __pfx_kthread+0x10/0x10
[  755.130624][T11194]  ret_from_fork+0x4b/0x80
[  755.135037][T11194]  ? __pfx_kthread+0x10/0x10
[  755.139624][T11194]  ret_from_fork_asm+0x1a/0x30
[  755.144400][T11194]  </TASK>
[  755.147412][T11194] 
[  755.149722][T11194] Allocated by task 54:
[  755.153858][T11194]  kasan_save_track+0x3f/0x80
[  755.158527][T11194]  __kasan_kmalloc+0x98/0xb0
[  755.163107][T11194]  __kmalloc_cache_noprof+0x19c/0x2c0
[  755.168562][T11194]  l2cap_conn_add+0xa9/0x8e0
[  755.173142][T11194]  l2cap_connect_cfm+0x136/0x1220
[  755.178175][T11194]  hci_remote_features_evt+0x536/0xaf0
[  755.183635][T11194]  hci_event_packet+0xac2/0x1540
[  755.188562][T11194]  hci_rx_work+0x3e8/0xca0
[  755.192965][T11194]  process_scheduled_works+0xa2c/0x1830
[  755.198508][T11194]  worker_thread+0x86d/0xd40
[  755.203093][T11194]  kthread+0x2f0/0x390
[  755.207151][T11194]  ret_from_fork+0x4b/0x80
[  755.211560][T11194]  ret_from_fork_asm+0x1a/0x30
[  755.216341][T11194] 
[  755.218651][T11194] Freed by task 54:
[  755.222440][T11194]  kasan_save_track+0x3f/0x80
[  755.227105][T11194]  kasan_save_free_info+0x40/0x50
[  755.232124][T11194]  poison_slab_object+0xe0/0x150
[  755.237052][T11194]  __kasan_slab_free+0x37/0x60
[  755.241807][T11194]  kfree+0x149/0x360
[  755.245700][T11194]  l2cap_connect_cfm+0x11f/0x1220
[  755.250722][T11194]  hci_conn_failed+0x1f6/0x340
[  755.255478][T11194]  hci_abort_conn_sync+0x583/0xde0
[  755.260579][T11194]  hci_cmd_sync_work+0x22b/0x400
[  755.265509][T11194]  process_scheduled_works+0xa2c/0x1830
[  755.271047][T11194]  worker_thread+0x86d/0xd40
[  755.275636][T11194]  kthread+0x2f0/0x390
[  755.279690][T11194]  ret_from_fork+0x4b/0x80
[  755.284099][T11194]  ret_from_fork_asm+0x1a/0x30
[  755.288852][T11194] 
[  755.291159][T11194] Last potentially related work creation:
[  755.296858][T11194]  kasan_save_stack+0x3f/0x60
[  755.301527][T11194]  __kasan_record_aux_stack+0xac/0xc0
[  755.306887][T11194]  insert_work+0x3e/0x330
[  755.311203][T11194]  __queue_work+0xc8b/0xf50
[  755.315694][T11194]  call_timer_fn+0x18e/0x650
[  755.320268][T11194]  __run_timer_base+0x695/0x8e0
[  755.325107][T11194]  run_timer_softirq+0xb7/0x170
[  755.329940][T11194]  handle_softirqs+0x2c4/0x970
[  755.334692][T11194]  do_softirq+0x11b/0x1e0
[  755.339011][T11194]  __local_bh_enable_ip+0x1bb/0x200
[  755.344202][T11194]  batadv_nc_purge_paths+0x312/0x3b0
[  755.349479][T11194]  batadv_nc_worker+0x365/0x610
[  755.354321][T11194]  process_scheduled_works+0xa2c/0x1830
[  755.359855][T11194]  worker_thread+0x86d/0xd40
[  755.364435][T11194]  kthread+0x2f0/0x390
[  755.368488][T11194]  ret_from_fork+0x4b/0x80
[  755.372891][T11194]  ret_from_fork_asm+0x1a/0x30
[  755.377646][T11194] 
[  755.379952][T11194] Second to last potentially related work creation:
[  755.386516][T11194]  kasan_save_stack+0x3f/0x60
[  755.391185][T11194]  __kasan_record_aux_stack+0xac/0xc0
[  755.396545][T11194]  insert_work+0x3e/0x330
[  755.400863][T11194]  __queue_work+0xb66/0xf50
[  755.405442][T11194]  queue_work_on+0x1c2/0x380
[  755.410020][T11194]  l2cap_connect_cfm+0xec2/0x1220
[  755.415036][T11194]  hci_remote_features_evt+0x536/0xaf0
[  755.420481][T11194]  hci_event_packet+0xac2/0x1540
[  755.425404][T11194]  hci_rx_work+0x3e8/0xca0
[  755.429811][T11194]  process_scheduled_works+0xa2c/0x1830
[  755.435344][T11194]  worker_thread+0x86d/0xd40
[  755.439928][T11194]  kthread+0x2f0/0x390
[  755.443981][T11194]  ret_from_fork+0x4b/0x80
[  755.448390][T11194]  ret_from_fork_asm+0x1a/0x30
[  755.453151][T11194] 
[  755.455466][T11194] The buggy address belongs to the object at ffff888027af1800
[  755.455466][T11194]  which belongs to the cache kmalloc-1k of size 1024
[  755.469506][T11194] The buggy address is located 16 bytes inside of
[  755.469506][T11194]  freed 1024-byte region [ffff888027af1800, ffff888027af1c00)
[  755.483288][T11194] 
[  755.485596][T11194] The buggy address belongs to the physical page:
[  755.492001][T11194] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x27af0
[  755.500751][T11194] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  755.509240][T11194] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  755.517209][T11194] page_type: 0xfdffffff(slab)
[  755.521878][T11194] raw: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001
[  755.530448][T11194] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[  755.539016][T11194] head: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001
[  755.547673][T11194] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[  755.556334][T11194] head: 00fff00000000003 ffffea00009ebc01 ffffffffffffffff 0000000000000000
[  755.564991][T11194] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  755.573644][T11194] page dumped because: kasan: bad access detected
[  755.580045][T11194] page_owner tracks the page as allocated
[  755.585746][T11194] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5097, tgid 5097 (syz-executor), ts 62038554166, free_ts 62022694373
[  755.607179][T11194]  post_alloc_hook+0x1f3/0x230
[  755.611952][T11194]  get_page_from_freelist+0x2e4c/0x2f10
[  755.617485][T11194]  __alloc_pages_noprof+0x256/0x6c0
[  755.622666][T11194]  alloc_slab_page+0x5f/0x120
[  755.627328][T11194]  allocate_slab+0x5a/0x2f0
[  755.631832][T11194]  ___slab_alloc+0xcd1/0x14b0
[  755.636499][T11194]  __slab_alloc+0x58/0xa0
[  755.640817][T11194]  __kmalloc_node_noprof+0x286/0x440
[  755.646089][T11194]  qdisc_alloc+0x97/0xa80
[  755.650403][T11194]  qdisc_create_dflt+0x62/0x4b0
[  755.655243][T11194]  dev_activate+0x3c0/0x1240
[  755.659818][T11194]  __dev_open+0x352/0x450
[  755.664139][T11194]  __dev_change_flags+0x1e2/0x6f0
[  755.669151][T11194]  dev_change_flags+0x8b/0x1a0
[  755.673899][T11194]  do_setlink+0xcd0/0x41f0
[  755.678304][T11194]  rtnl_newlink+0x17a9/0x2070
[  755.682974][T11194] page last free pid 5114 tgid 5114 stack trace:
[  755.689295][T11194]  free_unref_page+0xd22/0xea0
[  755.694050][T11194]  __put_partials+0xeb/0x130
[  755.698630][T11194]  put_cpu_partial+0x17c/0x250
[  755.703386][T11194]  __slab_free+0x2ea/0x3d0
[  755.707784][T11194]  qlist_free_all+0x9e/0x140
[  755.712362][T11194]  kasan_quarantine_reduce+0x14f/0x170
[  755.717808][T11194]  __kasan_slab_alloc+0x23/0x80
[  755.722642][T11194]  kmem_cache_alloc_node_noprof+0x16b/0x320
[  755.728521][T11194]  __alloc_skb+0x1c3/0x440
[  755.732922][T11194]  netlink_sendmsg+0x638/0xcb0
[  755.737668][T11194]  __sock_sendmsg+0x221/0x270
[  755.742333][T11194]  __sys_sendto+0x3a4/0x4f0
[  755.746822][T11194]  __x64_sys_sendto+0xde/0x100
[  755.751577][T11194]  do_syscall_64+0xf3/0x230
[  755.756078][T11194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  755.761964][T11194] 
[  755.764273][T11194] Memory state around the buggy address:
[  755.769913][T11194]  ffff888027af1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  755.777961][T11194]  ffff888027af1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  755.786095][T11194] >ffff888027af1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  755.794140][T11194]                          ^
[  755.798710][T11194]  ffff888027af1880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  755.806753][T11194]  ffff888027af1900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  755.814797][T11194] ==================================================================
[  755.829794][T11194] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  755.836996][T11194] CPU: 0 UID: 0 PID: 11194 Comm: kworker/u9:1 Not tainted 6.10.0-next-20240724-syzkaller #0
[  755.847042][T11194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  755.857081][T11194] Workqueue: hci4 hci_rx_work
[  755.861743][T11194] Call Trace:
[  755.865003][T11194]  <TASK>
[  755.867917][T11194]  dump_stack_lvl+0x241/0x360
[  755.872576][T11194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  755.877757][T11194]  ? __pfx__printk+0x10/0x10
[  755.882341][T11194]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  755.888328][T11194]  ? vscnprintf+0x5d/0x90
[  755.892637][T11194]  panic+0x349/0x870
[  755.896514][T11194]  ? check_panic_on_warn+0x21/0xb0
[  755.901602][T11194]  ? __pfx_panic+0x10/0x10
[  755.906005][T11194]  ? _raw_spin_unlock_irqrestore+0x130/0x140
[  755.911966][T11194]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  755.918273][T11194]  check_panic_on_warn+0x86/0xb0
[  755.923192][T11194]  ? l2cap_send_cmd+0x67b/0x8d0
[  755.928022][T11194]  end_report+0x77/0x160
[  755.932253][T11194]  kasan_report+0x154/0x180
[  755.936766][T11194]  ? l2cap_send_cmd+0x67b/0x8d0
[  755.941631][T11194]  l2cap_send_cmd+0x67b/0x8d0
[  755.946323][T11194]  ? skb_pull+0xc1/0x1e0
[  755.950580][T11194]  l2cap_recv_frame+0x22f1/0x10840
[  755.955711][T11194]  ? validate_chain+0x11e/0x5920
[  755.960678][T11194]  ? __pfx_l2cap_recv_frame+0x10/0x10
[  755.966065][T11194]  ? validate_chain+0x11e/0x5920
[  755.971022][T11194]  ? __pfx_validate_chain+0x10/0x10
[  755.976236][T11194]  ? __pfx_validate_chain+0x10/0x10
[  755.981445][T11194]  ? __pfx_validate_chain+0x10/0x10
[  755.986649][T11194]  ? __pfx_validate_chain+0x10/0x10
[  755.991856][T11194]  ? kasan_save_track+0x51/0x80
[  755.997069][T11194]  ? mark_lock+0x9a/0x360
[  756.001415][T11194]  ? __lock_acquire+0x1384/0x2050
[  756.006465][T11194]  ? mark_lock+0x9a/0x360
[  756.010815][T11194]  ? hci_rx_work+0x4e7/0xca0
[  756.015418][T11194]  ? __pfx_lock_release+0x10/0x10
[  756.020465][T11194]  ? __mutex_unlock_slowpath+0x21d/0x750
[  756.026116][T11194]  ? __pfx_lock_release+0x10/0x10
[  756.031158][T11194]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  756.037160][T11194]  ? hci_conn_enter_active_mode+0x260/0x370
[  756.043072][T11194]  ? l2cap_recv_acldata+0x490/0x1560
[  756.048370][T11194]  ? hci_conn_hash_lookup_handle+0x21/0x240
[  756.054281][T11194]  ? hci_conn_hash_lookup_handle+0x226/0x240
[  756.060297][T11194]  hci_rx_work+0x50f/0xca0
[  756.064730][T11194]  ? process_scheduled_works+0x945/0x1830
[  756.070474][T11194]  process_scheduled_works+0xa2c/0x1830
[  756.076056][T11194]  ? __pfx_process_scheduled_works+0x10/0x10
[  756.082059][T11194]  ? assign_work+0x364/0x3d0
[  756.086667][T11194]  worker_thread+0x86d/0xd40
[  756.091280][T11194]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  756.097363][T11194]  ? __kthread_parkme+0x169/0x1d0
[  756.102408][T11194]  ? __pfx_worker_thread+0x10/0x10
[  756.107531][T11194]  kthread+0x2f0/0x390
[  756.111608][T11194]  ? __pfx_worker_thread+0x10/0x10
[  756.116736][T11194]  ? __pfx_kthread+0x10/0x10
[  756.121339][T11194]  ret_from_fork+0x4b/0x80
[  756.125775][T11194]  ? __pfx_kthread+0x10/0x10
[  756.130379][T11194]  ret_from_fork_asm+0x1a/0x30
[  756.135168][T11194]  </TASK>
[  756.138492][T11194] Kernel Offset: disabled
[  756.142802][T11194] Rebooting in 86400 seconds..