last executing test programs:

12m50.959669429s ago: executing program 2 (id=162):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
syz_mount_image$vfat(&(0x7f0000000780), &(0x7f0000000000)='./file0\x00', 0x90, &(0x7f0000000140)=ANY=[@ANYBLOB='showexec,shortname=winnt,shortname=low\x00r,utf8=1,iocharset=cp865,shortname=win95,uni_xlate=1,shortname=win95,check=strict,shortname=winnt,utf8=0,iocharset=iso8859-5,codepage=874,shortname=mixed,shortname=win95,shortname=mixed,nonumtail=0,shortname=mixed,shortname=mixed,uni_xlate=1,rodir,nnonuni_xlate=1,shortname=win95,shortname=win95,utf8=0,nnonumtail=1,shortname=win95,shortna-e=win95,nnonumtail=1,uni_xlate=1,nfs=nostale_ro,\x00'/444], 0x6, 0x2d7, &(0x7f0000000340)="$eJzs3T9rJGUYAPBnNrN/1GJTWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2Fe4g4h+cu0rsbCz9BILgB7GxsxRsBTsjBEZmdia7m4ybjWQjmt+vSN688zzzPvPOJJkmT957cXpwP4uHTz//JQaDJDqjfsRREtvRicaTWDL6OgCA/7Kjoojfi5mWwz9/tSJ3sMG6AIDNOef3fy2tPt4rI364utoAgM24e+/tN3f39m6/lWWDuDP98nCcRET5eXZ892F8EJN4EDdjGMcR1YtCN6q3hXJ4pyiKPM1K2/HKND8cl5nTd3+sz7/7W0SVvxPD2K6mTt42qvw39m7vZDML+XlZx7P1+qMy/1YM4/mT5KX8Wy35Me7Fqy8v1H8jhvHT+/FRTOJ+VcQ8/4udLHu9+OaPz94pyyvzk/xw3K/i5oqtZvH8iu8RAAAAAAAAAAAAAAAAAAAAAAD/Pzfq3jn9qPr3lFN1/52t4/KLbmSNeX+fDzt50x8oaU407w8UnaIo8iK+bfrr3MyyrKgD5/190nghrRsLAgAAAAAAAAAAAAAAAAAAwDX3+JNPD/YnkwePLmXQdANII+LPuxH/9DyjhZmXYnVwv15zfzLp1MPlmHRxJraamCRiZRnlRVzStpw3eOZMzfXgu+/PBidPZjcujbYTDs5ftNu+1gUHH3dn+9ga0zxdB/tJ+x72T4oflDcuTt+4XrSv3o1TM72/q7B5FNe7nF7roeGFt6X3XDXIV8REsur74rVfZ2UvXMVSTK/a1db0bj1YSD/1bKz1PMdgln72Z0WiWwcAAAAAAAAAAAAAAAAAAGzU/K9/Ww4+XZnaKfobKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArtT8//+vM0iXk9fI6sWjx//WtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9/BUAAP//gxtVEw==")
getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x1000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(0x0, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r5, 0x110, 0x2, &(0x7f0000000340)='\x00', 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_init(0x8, 0x80000)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r6 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
sendfile(r6, r6, 0x0, 0x7f03)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000011000500000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000004001a020000001f6ae70f5ee09cfccb3aa92078917f53b56731"], 0x24}}, 0x0)

12m49.493036812s ago: executing program 2 (id=166):
syz_mount_image$hfsplus(&(0x7f0000007340), &(0x7f0000000000)='./file0\x00', 0x1600008, &(0x7f0000000100)={[{@nodecompose}, {@gid}, {@barrier}, {@nobarrier}, {@nls={'nls', 0x3d, 'macromanian'}}, {@type={'type', 0x3d, "05f2875e"}}, {@type={'type', 0x3d, "eaab9aa0"}}]}, 0x3, 0x632, &(0x7f0000000800)="$eJzs3UtsG2kdAPD/OI4TB9TN7qa7Ba1EtJUWRESbh7IQLpSHUA4rtFoOnKPWbay6aZW4KK0QCi9x4MKh4lwOuXFC6j1SOcMF9ZpjJVAvPaDcjGY8dpy386qd7e8Xjb/v8zfzzX/+9jzsyJoA3lrzE1HciCTmJz5bTdub6zO1zfWZoby7FhFpvRBRbBaRLEUkz5vdN9KHr6VP5vMnB63nSXXuixevN182W8XWwkkprQ0fvNxRmguu5VOMR8RAXu412O2oO8a7eeB4+/nvn/YPshlous1XW4mDXmvssXacxU+83wL9I2meN/cYjRjJztDN64DIjw6FNxvd2TvWUQ4AAAAuqHe2Ymut0Wj0Og4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4SPL7/yf5VGjVxyNp3f+/1DF7qYehnomNXgcAAAAAAAAAACfSGOhsfWMrtmI1LrV7k+x//h9njbHs8SvxMFaiEstxLVZjIepRj+WYiojRjoFKqwv1+vJUF0tO77vk9LluNAAAAAAAAAB82f025rf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0giRhoFtk01qqPRqEYEcMRUUrnW4v4V6t+kW30OgAAAAB4A97Ziq1YjUutdiPJPvN/kH3uH46HsRT1qEY9alGJW9l3Ac1P/YXN9Zna5vrMvXTaO+5f/tfIdBlGNmI0v3vYf81XsjnKcTuq2TPX4mbcj1q5c5QrrXj2j+s3r9Kxf5DrMrJbeZlu+Z/zsj+MZhkZbGdkMo8tzeO7h2fih69OtaapKLS/+Rk7h5yP5GWyq+y93ZmYjkKW79QHh2ci4pvP/vaLxdrS3cXbKxP9s0kn1MxEo9HMxFDWamXiw7cqE5PZtl9ut+fjp/HzmIjx+DyWoxq/jIWoRyXG4ydZbSF/P6ePo7syVdg59I0drc+PiqSUvy7No+jxYvo4W/ZSVONncT9uRSU+zf6mYyq+G7MxG3Mdr/DlLvb6wvH2+qvfyivpIf2Pedkf0ry+25HXzmPuaNbX+cx2lt47+2Nj8et5JV3H7yLix2e4naezOxPpWeLZV5t97x+eib9m1wkrtaW7y4sLD7pc3yd5me5Hf+irs0T6fnkvfbGy1s53R9r3/r59U1nfWLuvsKfvcrvvqD21lF/D7R1pOuv7cN++mazvSkffnuut9vUQAH1s5NsjpfJ/yv8sPy3/vrxY/mz4R0PfG/qoFIP/GPx+cXLgk8JHyd/jafx6+/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwciuPHt9dqNUqy0dWkuzm/xFdzdxRad3O6fCZk/xGPscZWaVWqwxHX4RxrErt3xEdzyS9jqcfKkP99ubv7XEJOH/X6/ceXF959Pg71XsLdyp3KkuDs7Nzk3Ozn85cv12tDUT6WJnsdZTAedg+6fc6EgAAAAAAAAAAAKBbh/8MYDCf63Q/J+jxJgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX3PxEFDciianJa5Npe3N9ppZOrfr2nMWIKERE8quI5HnEjWhOMdoxXHLQep5U57548Xrz5fZYxdb8hcOW685aPsV4RAzk5VmNd/PU4yXtLUwTdrV0uuDgzPw/AAD//4oVCL4=")
setxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0)

12m48.393047789s ago: executing program 2 (id=171):
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000040)='./bus\x00', 0x2000410, &(0x7f00000001c0)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06adb7b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02040000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f6505003cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096746a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd970140495fde085", @ANYRES8=0x0], 0x1, 0x555e, &(0x7f0000005f80)="$eJzs3EtvG1UUAOA7TpPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKKhJ48R9fJ80PjPX12fusUaRzkzkADy15tPff03CxXAmhDATQjifhHw/KbbcSgwvhBAuhRBK/9iSYvzvgbkQwtkQwsVR8pgzKd768srw8vIvb/323Q+nT5376tsfp1c1MG0vhhC6m3F/pxtj1orxTjFeG7bz2L0+LGJ8o3u3OM5i3Gmu5xl2auN5tTxea8X52eZ2fxQ3OrX6KLbaG/n4Zi+esD9sjfPkH7hT28qPG831PLb7WR5be3Fdu3vxb9tefxDzNIp8H+fpw2AwjnG8uduM9WzezWO9NyjGY96s0dwdxWERi9OFetZp5OtYP8o3/Wh7u93b3k2Hza1+O+uly5XqS5XqjXJ1K2s0B83r5Vq3ceN6utDqjKaVB81ad6WVZa1Os1LPuovpQqteL1er6cLN5nq71kur1cq1ytXy8mKxdyV9/fb7aaeRLoziq+3e9ly70083sq00fmIxXapce3kxvVxN311dS9feuXVrde29D29+cPuV1TdfKybdt6x0Yenq0lK5erW8VF18cI1zx13/6AQHrH9wlPo/KxZ9iPqTQ10NcEguMIBDu6//D/p/4OFdPOC8x73/D5Ps/0ctlf7/wf1v6ej9/5H634fs/ydW/wTufzxq9cOR6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5aP81+/Ua+Mx+PzxXjF4qh54rjJIRQCiH8+R9mwty+nDNFntn/mT/7rzV8n4Q8w+gcp4vtbAhhpdj+ePa4vwUAAAB4cn3zyaUvYrceX+anvSBOUrxpUzr/0YTyJSGE2fmfJ5StNHp5fkLJ8uv7VNidULb8BtYzE0oWb7mdmlS2A5kZh08v3BvMC0piKJ3ocgAAgBMxsy+cbBcCAADASfp82gtgOpIwfpQ5fhac/+f9vUebZ/a9BwAAADyGkmkvAAAAADh2ef/v9/8AAADgyRZ//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiLnbvJWRqI4wD8b/uWDz8iMe69ijs4hkdw6VI4gJfgCHgFL8AZcOcRDDW0E5IqJMZObSTPk3TKtOQ3M9DNTJMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAMX2rD5svn95+HppzbobJMxoAAADgllN92LQfVl39ebr+Ml16nepFRJQR8fvMfRlVzHqZVcqpb36/aepf+vA1ok24tDFPx7OIeJeO6tXYvwIAAAA8ruNuv+5m612xmrpD/Evdok354n2mvCIi6tX3TGnlpXiTKax9vp/iY6a0dgFrkSmsW3J7un1vlquRvqp3SiNZbNs/sa2V47QLAABMqT8TuDMLAQAA4AF8mLoDTKO4Ftf3jPPulF4ILns1AAAA4D9UTN0BAAAAYHTt/H/4/n9NM/b+fz/s/wcAAAB/rdv/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDGd6sPmuNuv793f/mHOuRkm34gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Mn+vKNACIRBGOxd35nM/Q8rDRoam1SB8PE3BgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/vzkgIhEARRMGf876Tvf1hJ0DOIEAENjypq0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf9Ltf/k9MjTPJ3Glj6XgkWbtqbF019h40jh6Mt38DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzv38xtFFQcA/Ls7O0tBibWaHqoGEw96kXZBkKMeNI0H/wSTpmyxuogCByGNphc9mZ5J1OjRGBNNvfE/cKYJF7xx6KEmnjXzqww/lA2pM0v7+SRv3nd2J+993+yG8O2bFgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKttvx4vdMk6yw3QRV6/d3Flbzvqt+/rM9Y1bc1nL4s6jJvr6rb1PfrK9VD85Nls7+bL5ZAAAADgYkqq+j4jb6eZi1nen8/o/ra7Jav4fjhZxVc/fX/dv7axNlW/NVfX/77/deX53oulinmzQldXRcOHBVHr/0xIn3jOPvKKX3/n8Zy9J/oF031t/bjvN72fnmxs33unn4aEmsgUAHsfxqi+D6v9DWT9oMzEADoxerfCu6v9kut2cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJqwvR5PVXEnIuZ6d+PM1s7a8sP66xu35qp2+tq1jfqY2RBpRKysjoZpg2uZdJeuXP14aTQaXmw+OBYR7c1eBh+McU3Ef19Tfj2jvVX8e9CZjDRaDbrl5zMp+exlUH339n7klv5BAgBgH0qORlmPp2VdfzvdXMxe68xE/P3jvfX/q7U4xqz/73x4+mZ9xnr9P2hqmRPv2+8izn86f+nK1ddXzy+dG54bfvLGicGbg5NnTp06M5/dq4X5legOF9pOFAAAgCdYv2z1+r878+D+/5FaHGPW/599P/iiPlei/n+ou5t+bWcCAABwEPV3o2df/uvPTv2tqaLr9Pvx+dLlyxcHxXH3/ERxbDzlx3CobPX6P5lpOysAAACgCdvrnXv2/8/W4hhz///pn174pT5mEhGHIy5ExPD48oXR2eaWM9Ga+EXlfKJ+2ysFAACgLYfLVuz/9/L9/zR//r+7+8hDNyJee6WIq791NU79n7z71c/1uerP/59sbokTqTtb3I+8n43ozbadEQAAAPvZVNmyYv+PdHPxo1+PvN/3/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA0/4JAAD//880Myg=")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='./file1\x00', 0x143041, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x200000000000000)

12m46.163110963s ago: executing program 2 (id=176):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x0, 0x0, &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
syz_mount_image$vfat(&(0x7f0000000780), &(0x7f0000000000)='./file0\x00', 0x90, &(0x7f0000000140)=ANY=[@ANYBLOB='showexec,shortname=winnt,shortname=low\x00r,utf8=1,iocharset=cp865,shortname=win95,uni_xlate=1,shortname=win95,check=strict,shortname=winnt,utf8=0,iocharset=iso8859-5,codepage=874,shortname=mixed,shortname=win95,shortname=mixed,nonumtail=0,shortname=mixed,shortname=mixed,uni_xlate=1,rodir,nnonuni_xlate=1,shortname=win95,shortname=win95,utf8=0,nnonumtail=1,shortname=win95,shortna-e=win95,nnonumtail=1,uni_xlate=1,nfs=nostale_ro,\x00'/444], 0x6, 0x2d7, &(0x7f0000000340)="$eJzs3T9rJGUYAPBnNrN/1GJTWInggBZWx+Vamw1yB2Iqjy1OCw3eHUh2Fe4g4h+cu0rsbCz9BILgB7GxsxRsBTsjBEZmdia7m4ybjWQjmt+vSN688zzzPvPOJJkmT957cXpwP4uHTz//JQaDJDqjfsRREtvRicaTWDL6OgCA/7Kjoojfi5mWwz9/tSJ3sMG6AIDNOef3fy2tPt4rI364utoAgM24e+/tN3f39m6/lWWDuDP98nCcRET5eXZ892F8EJN4EDdjGMcR1YtCN6q3hXJ4pyiKPM1K2/HKND8cl5nTd3+sz7/7W0SVvxPD2K6mTt42qvw39m7vZDML+XlZx7P1+qMy/1YM4/mT5KX8Wy35Me7Fqy8v1H8jhvHT+/FRTOJ+VcQ8/4udLHu9+OaPz94pyyvzk/xw3K/i5oqtZvH8iu8RAAAAAAAAAAAAAAAAAAAAAAD/Pzfq3jn9qPr3lFN1/52t4/KLbmSNeX+fDzt50x8oaU407w8UnaIo8iK+bfrr3MyyrKgD5/190nghrRsLAgAAAAAAAAAAAAAAAAAAwDX3+JNPD/YnkwePLmXQdANII+LPuxH/9DyjhZmXYnVwv15zfzLp1MPlmHRxJraamCRiZRnlRVzStpw3eOZMzfXgu+/PBidPZjcujbYTDs5ftNu+1gUHH3dn+9ga0zxdB/tJ+x72T4oflDcuTt+4XrSv3o1TM72/q7B5FNe7nF7roeGFt6X3XDXIV8REsur74rVfZ2UvXMVSTK/a1db0bj1YSD/1bKz1PMdgln72Z0WiWwcAAAAAAAAAAAAAAAAAAGzU/K9/Ww4+XZnaKfobKwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAArtT8//+vM0iXk9fI6sWjx//WtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB9/BUAAP//gxtVEw==")
getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x1000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(0x0, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEYRING(r5, 0x110, 0x2, &(0x7f0000000340)='\x00', 0x1)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_init(0x8, 0x80000)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r6 = open(&(0x7f0000000580)='./file1\x00', 0x80342, 0x1df2a23c5997fa5f)
sendfile(r6, r6, 0x0, 0x7f03)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="2400000011000500000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000004001a020000001f6ae70f5ee09cfccb3aa92078917f53b56731"], 0x24}}, 0x0)

12m43.583131803s ago: executing program 2 (id=181):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
syz_mount_image$msdos(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000000200)={[{@dots}, {@fat=@discard}, {@fat=@uid}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@dots}, {@nodots}, {@fat=@gid}, {@nodots}, {@nodots}, {@dots}, {@dots}, {@nodots}, {@nodots}, {}, {@nodots}, {@dots}, {@nodots}, {@fat=@showexec}, {@fat=@flush}, {@fat=@umask={'umask', 0x3d, 0x7}}, {@dots}, {@dots}]}, 0x1, 0x1f0, &(0x7f0000000300)="$eJzs3cFqE1EUANCbmiYTcdGdIAgjLnRV1C+oSAUxIFSy0J2gK7NqN6mb9jP8Bf/LD5CuspEncSadGNMYBjKj9ZxN7uS+l/fuDJlkk5sUha+3P0eWdWLnIA5i2om92Im58wAArpNpSvEtFdreCwDQjA0+/783vCUAYMtev3n78ulweHiU51nExflkNBkVj0X++Yvh4aP8p71q1sVkMrpxmX+cL393mOV342aZf1LMzy/TvYgY9eLh/SI/yz17Ncx/nd+P91uuHQAAAAAAAAAAAAAAAAAAAAAA2nI38rmV/X3295fzgzJfHC30B1rq39ONO93ysGoPlM6aKAoAAAAAAAAAAAAAAAAAAAD+MSennz6+G48/HFdBPyIWn+muGHN10ClfeKPB7Qc7UW/6oCyzxqKd8hRtt8DB6ou7SRDdv+Xq1A3yBtYarD29Kc2C1e+CeVuMK6f3ImL96g+O6m5+mlIaf7l3fHIaae3g6h7Rb/SOBAAAAAAAAAAAAAAAAAAA/6+FX33/JmtjQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQgur//2sEZxFxK/44eL7WbmTtFgsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC19SMAAP//j3Mj5w==")
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

12m42.784616716s ago: executing program 2 (id=184):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)={0x0, <r0=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = semget$private(0x0, 0x6, 0x0)
semop(r2, &(0x7f00000000c0), 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, 0x0, &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f00000006c0), &(0x7f00000003c0)=""/14, 0x2}, 0x20)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, 0x0, 0x80)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
connect$inet(r3, 0x0, 0x0)

12m26.040411925s ago: executing program 32 (id=184):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000100)={0x0, <r0=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r2 = semget$private(0x0, 0x6, 0x0)
semop(r2, &(0x7f00000000c0), 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, 0x0, &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f00000006c0), &(0x7f00000003c0)=""/14, 0x2}, 0x20)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r7, 0x0, 0x80)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
connect$inet(r3, 0x0, 0x0)

2m39.279882843s ago: executing program 0 (id=1368):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_buf(r1, 0x1, 0x38, &(0x7f0000001640)=""/170, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000b00)={'tunl0\x00', &(0x7f0000000a00)={'syztnl2\x00', <r3=>0x0, 0x40, 0x7800, 0x0, 0x4, {{0x1c, 0x4, 0x3, 0x1c, 0x70, 0x65, 0x0, 0x6, 0x29, 0x0, @local, @loopback, {[@generic={0x0, 0xa, "b617d835f6aba0b7"}, @noop, @timestamp_addr={0x44, 0xc, 0x4e, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x9, 0x0}, 0xb13}]}, @timestamp={0x44, 0x8, 0x7d, 0x0, 0x3, [0x5]}, @rr={0x7, 0x7, 0x4c, [@loopback]}, @timestamp_addr={0x44, 0xc, 0xed, 0x1, 0x1, [{@empty, 0x1ff}]}, @timestamp={0x44, 0x8, 0xe1, 0x0, 0x6, [0x7]}, @rr={0x7, 0x1f, 0x6, [@multicast1, @broadcast, @broadcast, @broadcast, @dev={0xac, 0x14, 0x14, 0x3e}, @rand_addr=0x64010100, @local]}]}}}}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000b40)={<r4=>0x0, @local, @initdev}, &(0x7f0000000b80)=0xc)
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000001140)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001100)={&(0x7f0000001740)=ANY=[@ANYBLOB="2c050000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="1c02028040000100240001006c625f936f72af745f737461740700000000000000ffff00ea0068946e5efdd38a0000004000000500000008000600393c4c7b42b1329f9a", @ANYRES32=0x0, @ANYBLOB="64000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b00000034000400810008fd090000000002010a0500000004008c10010000800b00099ff00900000e005403030000008100918b0d00000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000200000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000500030003000000080004000100008040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000000000008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000044000100240001006d6f646500"/40, @ANYRES32=0x0, @ANYBLOB="7800028038000100240001006d636173745f72656a6f696e5f696e74657276616c000000000000000000000005000300030000000800040095b1ffff3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="2801028038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000f0000003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000900000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000900000008000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="80000280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004007304000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="b40002803800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r4, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004000300000008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400ad0e00"], 0x52c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
recvfrom(r1, &(0x7f00000030c0)=""/4117, 0x1015, 0x1, 0x0, 0x0)
sendmsg$802154_raw(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="ebe60a435125d7", 0x7}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r6, &(0x7f00000001c0)={0x0, 0xd5, 0x0, 0x1, 0x0, 0x0, 0x24008081}, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100000000000000000003000000300001"], 0x44}}, 0x0)
r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
accept4(r8, 0x0, 0x0, 0x0)
connect$netrom(r8, 0x0, 0x0)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002e000100000000000000000004"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c000000090601020000000000000000030000000900020073797a31000000000500010007000000240007800c00018008000140ffffffff0c00148008000140ac1414bb08000940fffffa01"], 0x4c}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000440)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000100)="90", 0x1}], 0x1}}], 0x1, 0x20008050)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16=r0], 0x1000f)

2m38.907031139s ago: executing program 0 (id=1371):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
mmap(&(0x7f00003d6000/0x4000)=nil, 0x4000, 0xb635773f05ebbee9, 0x100010, 0xffffffffffffffff, 0x963ac000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000004c0)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
ioctl$RTC_IRQP_READ(0xffffffffffffffff, 0x8008700b, 0x0)
mount(&(0x7f0000000040)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='squashfs\x00', 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0c003920"], 0xf)

2m37.926364664s ago: executing program 0 (id=1372):
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x60200, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x101800, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(0xffffffffffffffff, 0x0, 0x4008000)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4004091}, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair(0x25, 0x1, 0x0, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000180)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\x00\x00\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
ioctl$int_in(r3, 0x5421, &(0x7f0000000080)=0x2)

2m34.498091508s ago: executing program 0 (id=1378):
pidfd_send_signal(0xffffffffffffffff, 0x0, 0x0, 0x3)
prlimit64(0x0, 0xe, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={&(0x7f0000000240)={0x40, 0x8, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x800}, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xa0602, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r3 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x4, 0x1a2}, &(0x7f0000000600), &(0x7f00000005c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
io_uring_enter(r3, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2m34.122728043s ago: executing program 0 (id=1381):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$sock_buf(r1, 0x1, 0x38, &(0x7f0000001640)=""/170, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000b00)={'tunl0\x00', &(0x7f0000000a00)={'syztnl2\x00', <r3=>0x0, 0x40, 0x7800, 0x0, 0x4, {{0x1c, 0x4, 0x3, 0x1c, 0x70, 0x65, 0x0, 0x6, 0x29, 0x0, @local, @loopback, {[@generic={0x0, 0xa, "b617d835f6aba0b7"}, @noop, @timestamp_addr={0x44, 0xc, 0x4e, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x9, 0x0}, 0xb13}]}, @timestamp={0x44, 0x8, 0x7d, 0x0, 0x3, [0x5]}, @rr={0x7, 0x7, 0x4c, [@loopback]}, @timestamp_addr={0x44, 0xc, 0xed, 0x1, 0x1, [{@empty, 0x1ff}]}, @timestamp={0x44, 0x8, 0xe1, 0x0, 0x6, [0x7]}, @rr={0x7, 0x1f, 0x6, [@multicast1, @broadcast, @broadcast, @broadcast, @dev={0xac, 0x14, 0x14, 0x3e}, @rand_addr=0x64010100, @local]}]}}}}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000b40)={<r4=>0x0, @local, @initdev}, &(0x7f0000000b80)=0xc)
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000001140)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000001100)={&(0x7f0000001740)=ANY=[@ANYBLOB="2c050000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf250100000008000100", @ANYRES32=0x0, @ANYBLOB="1c02028040000100240001006c625f936f72af745f737461740700000000000000ffff00ea0068946e5efdd38a0000004000000500000008000600393c4c7b42b1329f9a", @ANYRES32=0x0, @ANYBLOB="64000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b00000034000400810008fd090000000002010a0500000004008c10010000800b00099ff00900000e005403030000008100918b0d00000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000200000040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000038000100240001006e6f746966795f70656572735f636f756e7400000000000000000000000000000500030003000000080004000100008040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000000000008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000044000100240001006d6f646500000000000000000000000000000000000000000000000000000000050003000500000011000400", @ANYRES32=0x0, @ANYBLOB="7800028038000100240001006d636173745f72656a6f696e5f696e74657276616c000000000000000000000005000300030000000800040095b1ffff3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="2801028038000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000f0000003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="38000100240001006e6f746966795f70656572735f696e74657276616c00000000000000000000000500030003000000080004000900000040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000900000008000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="80000280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004007304000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="b40002803800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r4, @ANYBLOB="40000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004000300000008000600", @ANYRES32=0x0, @ANYBLOB="38000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400ad0e00"], 0x52c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
recvfrom(r1, &(0x7f00000030c0)=""/4117, 0x1015, 0x1, 0x0, 0x0)
sendmsg$802154_raw(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)="ebe60a435125d7", 0x7}, 0x1, 0x0, 0x0, 0x8008040}, 0x30008080)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r6, &(0x7f00000001c0)={0x0, 0xd5, 0x0, 0x1, 0x0, 0x0, 0x24008081}, 0x0)
r7 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100000000000000000003000000300001"], 0x44}}, 0x0)
r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
accept4(r8, 0x0, 0x0, 0x0)
connect$netrom(r8, 0x0, 0x0)
sendmsg$netlink(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="140100002e000100000000000000000004"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYBLOB="4c000000090601020000000000000000030000000900020073797a31000000000500010007000000240007800c00018008000140ffffffff0c00148008000140ac1414bb08000940fffffa01"], 0x4c}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000440)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000004c0)=[{&(0x7f0000000100)="90", 0x1}], 0x1}}], 0x1, 0x20008050)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYRES16=r0], 0x1000f)

2m29.87556723s ago: executing program 0 (id=1385):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x20000014)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r2, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e01", 0xf4}, {&(0x7f0000000040)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f80882907ab089ee65d16a6c6f5c666dad3125", 0x26}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34cea42a4292e2fbaa8", 0xea}, {&(0x7f0000000200)="057322e18609ed78266492c2a2ae3f0c0f3f6394c53de2727898d209dcb274efec9fc9995189ead7bf00148d091675fa045479985e4f644d258d0a", 0x3b}], 0x4}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000000000200000088e0e022b04dbd50d36f3c02", 0x47}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a", 0x91}], 0x2}}], 0x2, 0xc0)
sendto$inet(r2, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
listen(r0, 0x81)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000004000000000000000000000850000007a00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)

2m14.277741793s ago: executing program 33 (id=1385):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x20000014)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r2, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746ccb492175fc9e01", 0xf4}, {&(0x7f0000000040)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f80882907ab089ee65d16a6c6f5c666dad3125", 0x26}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34cea42a4292e2fbaa8", 0xea}, {&(0x7f0000000200)="057322e18609ed78266492c2a2ae3f0c0f3f6394c53de2727898d209dcb274efec9fc9995189ead7bf00148d091675fa045479985e4f644d258d0a", 0x3b}], 0x4}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000000000200000088e0e022b04dbd50d36f3c02", 0x47}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a", 0x91}], 0x2}}], 0x2, 0xc0)
sendto$inet(r2, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
listen(r0, 0x81)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="18020000004000000000000000000000850000007a00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r3, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)

51.515240666s ago: executing program 1 (id=1586):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x10, 0x6, 0x4e0, 0x0, 0x0, 0x340, 0x0, 0x0, 0x410, 0x410, 0x410, 0x410, 0x410, 0x6, 0x0, {[{{@ipv6={@private2, @remote, [0xffffffff, 0xffffff00, 0x0, 0xff], [0xffffff, 0xffffffff, 0xffffffff, 0xffffffff], 'veth1_macvtap\x00', 'ip6_vti0\x00', {0xff}, {0xff}, 0x5e, 0x6e, 0x3}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@ipv6={@loopback, @loopback, [0x0, 0x0, 0xff000000], [0x0, 0x0, 0xffffffff], 'lo\x00', 'dvmrp0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CONNSECMARK={0x28, 'CONNSECMARK\x00', 0x0, {0x2}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x33}, @private2={0xfc, 0x2, '\x00', 0x1}, [0x7f8000ff, 0xffffff00, 0xffffff00, 0xff000000], [0xffffff00, 0xffffff00, 0xff000000, 0xffff00], 'macsec0\x00', 'macvtap0\x00', {}, {0xff}, 0x88, 0xb, 0x7, 0x7c}, 0x0, 0xa8, 0x410}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @local}, @local, [0xff, 0xffffff00, 0x0, 0xff], [0xff, 0xff000000, 0xff000000], 'veth1_to_hsr\x00', 'geneve0\x00', {}, {}, 0x73, 0xe, 0x6, 0x58}, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0x3, 0x9}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
sendmsg$nl_crypto(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x118}, 0x1, 0x0, 0x0, 0x20044010}, 0x4000000)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0xf, 0x9, &(0x7f0000000400)=ANY=[], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xd, 0x9})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a2c000000060a01010000000000000000000000090900010073797a31000000000c00034000000000000000050c010000180a01020000000000000000000000000900020073797a30000000001400038008000240000000070800024000000558"], 0x1d4}, 0x1, 0x0, 0x0, 0x4000}, 0x4004090)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8}, @NFTA_PAYLOAD_DREG={0x8}, @NFTA_PAYLOAD_OFFSET={0x8}, @NFTA_PAYLOAD_BASE={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "df"}]}], {0x14}}, 0x94}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xc0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xe, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

50.765935848s ago: executing program 1 (id=1587):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
kexec_load(0xf5, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(0xffffffffffffffff)
io_submit(0x0, 0x3, &(0x7f0000000440)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x6, 0x0, r1, 0x0}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x8, 0xdd04, r0, &(0x7f0000000480), 0x0, 0x2, 0x0, 0x1}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x1, r2}])
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', r2}, 0x18)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140))

49.388925639s ago: executing program 1 (id=1588):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000341000/0x6000)=nil, 0x6000, 0x200000c, 0x810, r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000002240), &(0x7f0000002280)={'enc=', 'pkcs1', ' hash=', {'hmac(sha256-avx2)\x00'}}, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$unix(0x1, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
readv(r1, &(0x7f0000000e40)=[{&(0x7f0000000f40)=""/250, 0xfa}, {&(0x7f0000003300)=""/4095, 0xfff}], 0x2)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040), 0x1000040, &(0x7f0000000100)={[{@mpol={'mpol', 0x3d, {'prefer', '=static', @val={0x3a, [0x31]}}}}]})

48.294211416s ago: executing program 1 (id=1591):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000dc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[], 0x40, 0x12}], 0x1, 0x1c000884)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x14)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = fcntl$dupfd(r3, 0x0, r4)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000280)={'dummy0\x00', 0x4})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

47.322754291s ago: executing program 1 (id=1594):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_emit_ethernet(0x46, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x34}, {[@ssrr={0x89, 0xf, 0xce, [@broadcast, @multicast1, @empty]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x1}}}}}}, 0x0)
mkdir(&(0x7f0000001c00)='./file0\x00', 0x8)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
link(&(0x7f00000000c0)='./file0/file1\x00', &(0x7f0000000180)='./file1\x00')

46.057958181s ago: executing program 1 (id=1599):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4080c}, 0x2000c845)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[], 0x17)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000400)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001580)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
read(r5, 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f00000001c0)={0x3, 0xa07, 0x2})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES32=r0, @ANYRES8=r5, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8], 0x50)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff58056ac", 0xffd7, 0x1)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r6, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xd3)
syz_io_uring_setup(0x4000592, &(0x7f0000000880)={0x0, 0xa943, 0x800, 0x0, 0x321}, &(0x7f0000000900), &(0x7f0000000940))
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_ifreq(r7, 0x89a2, &(0x7f0000000280)={'bridge0\x00', @ifru_settings={0x43, 0x0, @sync=0x0}})
socket$kcm(0x10, 0x0, 0x10)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r8, 0x545c, 0x7cb7562f2d67)
ioctl$TIOCMSET(r8, 0x5418, &(0x7f0000000140)=0xfffffdfb)

30.422228955s ago: executing program 34 (id=1599):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4080c}, 0x2000c845)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[], 0x17)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
r2 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000400)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001580)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
read(r5, 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f00000001c0)={0x3, 0xa07, 0x2})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES32=r0, @ANYRES8=r5, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES8], 0x50)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff58056ac", 0xffd7, 0x1)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')
r6 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000380)='/proc/asound/card1/oss_mixer\x00', 0x1, 0x0)
write$proc_mixer(r6, &(0x7f0000000000)=ANY=[@ANYBLOB], 0xd3)
syz_io_uring_setup(0x4000592, &(0x7f0000000880)={0x0, 0xa943, 0x800, 0x0, 0x321}, &(0x7f0000000900), &(0x7f0000000940))
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_ifreq(r7, 0x89a2, &(0x7f0000000280)={'bridge0\x00', @ifru_settings={0x43, 0x0, @sync=0x0}})
socket$kcm(0x10, 0x0, 0x10)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCMIWAIT(r8, 0x545c, 0x7cb7562f2d67)
ioctl$TIOCMSET(r8, 0x5418, &(0x7f0000000140)=0xfffffdfb)

17.622827495s ago: executing program 4 (id=1645):
setsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DAEMON(r0, 0x0, 0x487, &(0x7f0000002b40), &(0x7f0000002b80)=0x30)

17.372100669s ago: executing program 4 (id=1646):
r0 = memfd_create(&(0x7f00000005c0)=' \xc76\xbe\x91\x8d\x182)!\x9a%\xa2\xd28\xd6\x06\a\x0e\xfc\xfe\x12\x8f&\x13\xae%@T\xa3\xb0>\\\xec\xa9\xf9Q@6A\x10\x8cn|\x00\x00\x00\x00\x00\x00\x00\x00r\xbb\xdd\xe8\x87\x05=\xfb\x8b}\xfc\x1d\x03\xe1\xfcm\x9b\xf7fo\"i\xa1hk\x1f\xf5z\xc1\x7f\xa4\\]\xc4\xbe3\xf9\xa8\t?:\xd8\xda\x84\xeepI[\x1c\x00\x00\x00\x00\xf9v\x00\x00\x00\x00\x00T\xb6\xbe\x0f~\xc0\x92\xe9O{\xa8\x81(\x01\x14\xfc\x83\xf9\xfb\x05\x94T\x81@Lq]\xf9\x15zj\x87\xc4\x8e\xe8/\xb9-&R\x8e\xb2\xb3bBx\x1e1\x18\x8f\x19\xf7]#\xed,\xc7\x11\tp\xf4\xa3\xee\x00\x00\x00\x00\'}\x18\xe8O\xa8#K\xb6\xe4U\x92\xd2\x9d\xb8<X\xfa\xdd\x8a6\xa1\x82\xf7r\xd8z\x85\x8do\xa5\xed\xd4\xbc8U\x1e\xf2tl8\xfe\xd0\x94\xfe\xf5\x1c+\x00U\te\xfa6\xca\xb9\xb4Q\xd9\xee\r6\x861h{\xc7z\'F\xc7\x91\x06x\xe1`\xf1:\xcf+\xd5\f\xb2\xce\xa4\x06\x90\x90\x9b\x1d\xcaa\xf7\x8f\x9e\x80\x93\xafT\xdfl\xec\xc6\x8e\x96\r[n\xc6\x99\x1fr<\x06\xb3\xbcT\x00\xda6\x18/\x18l\xc1\x81\x8e8L\xcb*S_\xd0:\xa4V\xbd\xf1\xa4\x955\xa9\x9d\xe0\x9b\xd3\x95\xc88n:\x89>?2\xc8\xe7kovd\xa4\x1bl+\x14\x17\x14\x17C2! U\x04:\xd93F\xb9\xfc\x1b\xfd}\x05\xf9\x11\xf3)>q\x10\xd3\xf0\xaf>\xf8t(bX\xe3g\x05\xfe\b\xbcy\x95*\xca\a\xaf\xbb\xf9\xc3Y\xa2\x91\x90.\xc8\xbe\xb0\xa6\xbd\xbd\xfd\xfaf*\xb2&\x82\xa0\x17\xe7)\xf5\xa2\xccv\n\x1b\xd4\xf4\x11*\xc9\xc6*\xa4.\x94[$\xb8\xb3Q\xde\xd8A\xa4~c,`\x02\xb8\x01r\x89\x82\x13\xd0}C7\xfb\xf2\tM\x1e\xe9\xa5\v\xc5\xba(\x89\xb0l\x92H\x1cR\x1f>\xc4ie\xe0B\xf0[\xe2\xe1\x12\x1d\x8fR&\xd1\xa6#\xda.\x0f\xd7\xd7\xa4\x90\x14\x92I\xf82&\x16<\xf2RR\xc2\x02.Q\xef\x85\xef\xf9\xe5\x00\xe9\xca\xb1\x8c\x11\x11l\x9f\xc8\b\xf7A\xa6\x81\xad\xdc\x95\xc8\xef\x102\xa8\x87\x01\x00\\\xfee \n0F\xbc\x85\xc5C\xd0\x99\xe4\t\xab`\'t\xc2\xe9\x13\xcag\xea\xb3\xb5\x92\x00J\xc6y\x05\xcc\xde\xa0\xf6\xb9 \xe5\xdd\f\x18\xfc\xe0\xc3(\xd8\xeb\x1a6\xe6\xfa\x93\xc07R\x0f-\x9e\xf3\x87E\xa3\xd5o\x1bA\x88L/\xe7>45Q?\be\x7f\xa9\x9a\xcae\xd8Y\xdf]\x1bS\x825\xcb\x00\xa4}\x97\x84T\xad\x9b\x1e!\x8a\xbc\x02+#Q\xa9 \xe9\x05r\xe1\xec\x0f\xa7\xe6Of\x95\x02{', 0x4)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xd5e, 0x240000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x400000bde)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r3, &(0x7f0000000900)=ANY=[@ANYRES32=0x0, @ANYRES32=0xee01, @ANYRES32=0xee01], 0x20e)
ftruncate(r0, 0x400000)
finit_module(r0, 0x0, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000006c0)=ANY=[], 0xff2e)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x189, 0x0, &(0x7f0000000740)="6fd92f5c3fbecb0c72abdb6e3b92894fd70652cee2d9151356a81cccb527a2a318936ccee5adddb48f843b64e9e5cb87c8861a986afbcae602174c76e46c3d7ee59b50f9ada99335650fae3f0d7039b5a1644dd70bb59e1ac681d61adb8f59cbefc26cbc9cbc8ae922f3cb67922283890b914456c8f6f27d71903b6e59f19ec24d61ff563788e43b4bf6fb356d43902fc3d477c1750b0754b99892599e5e9007c7c30df968c334ae2888ee8596c4282e238e7123d6bd706d2492258caa0cfe9a6ab7a4a3912a2d9facf1f92720d6503fbb72a25141d56b18b9768485254f32c3d7e90db5164a34132e2fd627c34d79f3cb113ef57557468c1f65dac76638172f0402b8a169297a6357adbf67215fdd18a21c202875b2f834c0ba5ed2e85e2d8f9be1a6e4e1760e4437aa9c1dae353e9938a5fbde0efdba98f9f14b0439307e3338064b6ef2f311b8340215fadbb14cb3f1702fd475223a3e442b760057a879329c8c7d63187894361387e1e4bdf97888c96fecef3b47d3258f0a404d7dd7d8868f3ea58b8389a447b5", 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, 0x0, 0x0)

16.101187959s ago: executing program 4 (id=1648):
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000200)={0x0, 0x5cad, 0x0, [0x10000, 0xd8, 0x8, 0xd7, 0x7fffffff], [0x8, 0x100000000, 0x6, 0x3311, 0x7b0, 0x8, 0xffffffff00000000, 0x1000, 0x6, 0x1fe0000000000000, 0x7fffffffffffffff, 0x7f, 0x9, 0x7, 0x8, 0x8000, 0xffffffffffffff80, 0x0, 0x100000000, 0x8000000000000000, 0xfed5, 0x0, 0x7, 0x5, 0xad, 0x51b, 0x7fffffff, 0x9, 0x8002, 0x6, 0x7, 0x200, 0x3, 0xfffffffffffffffc, 0x4, 0x1ff, 0x101, 0x6, 0xaf20, 0x9c56, 0x10, 0x0, 0x5, 0xcbf, 0x2, 0x401, 0x7f, 0x7ff, 0xd, 0x7cb, 0x1, 0x4, 0x9, 0x3, 0x4, 0x4ffb, 0xfa, 0xffffffffffffe72c, 0x8, 0xfffffffeffffffff, 0x5c7, 0x6, 0x4, 0x0, 0xe51, 0x9, 0x6, 0x7, 0x31d, 0x7, 0x3, 0xff4, 0xc3fa, 0x200, 0xa1a, 0x101, 0x4, 0x3, 0x6, 0x4, 0x2, 0x681, 0x2, 0x8, 0x3, 0x7fffffff, 0x1, 0x4, 0x37e8, 0x0, 0x5, 0x2, 0x8, 0x5, 0x8, 0x954, 0x5526, 0xffffffffffffe5df, 0xfff, 0x3, 0x80000001, 0x300, 0x9, 0x8001, 0x50000000000000, 0x1, 0x9, 0xfffffffffffff121, 0xffffffffffffffff, 0x9, 0x3, 0x5, 0x2, 0x8, 0x6, 0x8001, 0x8, 0x2, 0x0, 0x2, 0xf1a]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x30, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x4}]}], {0x14}}, 0x58}}, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000200)=""/78, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000680)=""/185, &(0x7f0000000140)=""/92, 0x3000})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000ac0))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=""/253, 0x0, &(0x7f0000000600)=""/91})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f00000001c0)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

13.052142286s ago: executing program 4 (id=1651):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000280)={r0}, 0xc)
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x5, 0xee6, &(0x7f0000001ec0)="$eJzs3U9sHFf9APA3639p7Mbrtr9f3ZYmoaWkDeAEJ4dyS6UIpKqqeuHeKo2TCDdEpBxaJYrLKUgcClEvRRyKmhtSOCDRCglFSEj86YEzpwouIBSkSLkQKTay8956/eJh12N71t79fKSv3755s/P9jjdyZmZn3wZgYDVWfh4/Pl2E8MGn105+68rir5eXHWitcXDlZxF7zRDCSFu/yLb3eVxw7/alU8vtYtYWYXblZxoPr95qPXc8hLAQDoaboRkOHG7euTr0ytz1Dz87dPnCy2e3afcBAGCg3PjT/F9f+Mcfvzp198b+E2GstTwdnzdjfzwe9x+Nx/fpuL8R1vaLtmg3mq03FKORrTeUrTec5RkuyTeSbWekZL3RDvmG2patt58AAACwG6Xz2mYoGjNr+o3GzMz98/5ln0+OFjPnz83PXexRoQAAAEBld66s3HQrhBBCCCGEEEKIPo6lyV5fgQAAAAAGTZp3oDU/WG4hn1lgc1pba3aX/9ZLjfWfD1ug7n//8u+u/B+/5y8OAADV9evRZNqvdByd5jHI5xEcyp630eP/Rrad4Q3WWTav4G6Zb7Cszvz3ulOV1b/R17FXyurP58Pcqcrqz+fp3KnK6h+ruY6qyurfU3MdVZXV/1DNdVRVVv/emuuoqqz+8ZrrqKqs/oma66iqrP6Ha66jqrL699VcR1Vl9e+W22rL6m/WXEdVZfVP1VxHVWX1P1JzHVWV1f9ozXVUVVb/YzXX0StPxzb9HvZn4+3nz/k53W45xwMAAIBB9x/z/4ltias7oIatjZX3dHdAHUIIIYQQQghRJa70+gIEAAAA0HPpcwHpU+9LURof6jA+3GF8pMP4aIfxsQ7jAAAAQAi/uTr3xPvF6uf8NzsfXpo3Ks2/tNF5jPL5CDeaf7Pznm02/26ZtwwAAIDBUnzz5uLhkx+9PXX3xv4TbWe/i/F8N80DOhyvDXwS++m+gImsX6Rz6BNr8zRK1suvDzxctr3XNrmjAAAAMMAm4h36zVA0ZtrOu5uh0ZiZWT0fnw4jxdy5+dNHYz99P8sfJkfGlpd/vfbKAQAAgG6tnu+vf/6fvsd3OowWM+fPzc9dvN+faC0fabRfF5hcXV60XxdoZstnS5Yfi/30/Z1nJx9aWT5z6rvzb271zgMAAMCAuPjOu995Y37+9Pc88MADD1oPev2XCQAA2GrX/37tz98/NvHb+5//X53/Ln3+/2DsN+Pcfn+JK6T7BNLnAB74vP7ra/NMlq13Ye16zWy9oRhjWd172rYT2uYbTM+bKsvXXLud0ZJ841m+iSxfPk/BcLZ+yrcvW57PT5jWm8yW5/MwDmc5iiz/MwEAAADKHXn7rQtHLr7z7tfOvfXGmdNnTp8/dnT2G7Mvzs4enz2ycl//kfa7+wEAAIDdaPWm315XAgAAAAAAAAAAAAAAAAAAAIOrjq8T6/U+AgAAwKD795UQwoIQQgghhOh17A29r0GInsal4d7XIEQfx9JS/k3zAAAAANvr3u1Lp9rbBywUW5qvtbXm/WYx5k3t75/72XPLkVa79dLa6yV7t7QaBl3d//7l3135P35va/PvSQ+6/vvXWLuBE9XyfvnH/3y+Pf+Tw13mz/f/tWr5D2X5D4Xu8i99lOV/vVr+57P8e7vM/8D+X6iW/4WYfzrV82y3+de+/mOxTfvxUJf5D2f7/2boNn+2/80uE2a+EvMDwCBq9LqAbZKOEtJx9Hjsp/2Nh5shv/tho8f/jWw7w5uufO1203HQ47GfjpcmsrzJRusfz7b3cMU6c7vlrpKy+rfqddxuZfWP1FxHVWX1j9ZcR1Vl9Y/VXEdVZfXvqbmOqsrq7/Y8tNfK6t8t15XL6h+vuY6qyuqfqLmOqsrq3+j/471SVv++muuoqqz+yZrrqKqs/oqX1WpXVv9UzXVUVVb/IzXXUVVZ/Y/WXEdVZfU/VnMdvfJUbMvOh9P552QcS/1m1h9b53fZr9cWAAAAYLf5V9v8fyvvGe6AOQmEEEIMXvxkB9QghNgpEd+Z6nkdQgjRX7G01OMLEPTU9n6aGYCdyt//web1H2xe/8Hm9ed/SffwF1k/GeowPtxhfKTD+Gg2nv97Hesw/mi23aUojT/WYfz/Oozv6zD++Lrjq59One7w/Cc6jD/ZYfypDuMAAAAMhv+PrfNDAAAA6F+Xf/HJj3516PXbU3dv7D8RRh+Yd/5o7I/F99avxn4+730yEt/z/0Hs/zy2v4vt37L13X8CAAAA2y99T4z3/wEAAKB/pe8pdf4PAAAA/Wsqts7/AQAAoH89Elvn/wAAANDHij3rL45tui7wTGy7ndcPANj5vhDbp2O7P7YHYvvF2KbjgGdj+6Wa6gMAts5Pv/3DF98vVuf7P5aN34vLU/uAhftXCorG2pn80zfc743tc13Wk38fQLf5k31d5tmu/JObzA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9I/Gys/jx6eLED749NrJycsnzywvO9Ba4+DKzyL2miGEkdbz0uhq/5dxxXu3L51abhdjuxTbIsyGIhSt8fDqrVam8RDCQjgYboZmOHC4eefq0Ctz1z/87NDlCy+f3cZfAQAAAPS9/wYAAP//6KMnVA==")
r1 = syz_open_procfs(0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0x541b, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x3800844, &(0x7f0000000340)=ANY=[@ANYBLOB='nfs,nonumtail=0,uni_xlate=0,iocharset=cp950,utf8=0,uni_xlate=0,shortname=lower,codepage=866,umask=00000000000000000100002,shortname=win95,shortname=lower,uni_xlate=0,\x00aS'], 0x3, 0x366, &(0x7f0000000840)="$eJzs3U9om2UYAPAn+9KkHdT2IAwF4dOboGWteNBTy+hgmItK8M9BDK5TaeqgwWB3aFov4lHwqCdvCnrwsLMIinjz4NUJMhUPutvA4SfJl79N2nVg68p+v0N48rzPs/f99n00XxPy9tXlWL84FZdu3Lge09OFKC6fW46bhZiPJHp2YlxpQg4AOBluZln8leUO1zFVOOo1AQBHq/P6//rsUObdbw6qz7z6A8CJ1/39fyZ/lkysmd6v+fKRLQsAOEJj7/8/MjJcGv2ov7jPHQIAcJI8/9LLz6xUIp5L0+mIjfea1WY1nh6Mr1yKN6Mea3E25uJWRH6j0H4odB7PX6isnk3TtBW/zke13dGsRmy0mtX8TmEl6fSXYzHmYr7b373byLIsOf9lZXUxTdO087nCTqszf2wUmtWpON2d/6fTsRZLkcb9Y/0RFyqrS2kuqhu9/lbE7uB9i/b6F2IufngtLkc9Lka7t3dbU1ndXkzTc1llpL9ZLXfqctPx2eyxnRIAAAAAAAAAAAAAAAAAAAAAAO4BC2nffH//m2ywf8/CwoTxzv44eX93f6DdfH+grJxFlv35zuPV95MY2R9o7/48zWoxTv2/hw4AAAAAAAAAAAAAAAAAAAB3jcZWKWr1+tpmY+vK+nDQ2mxsnYqIduat7z7/eibGa24TFLtzDA2l3dSV9VqW9IqzJK+ZGWlP2pP3Mp9e7a94uKbcP4qJyyjvP1Svzz78y0eDzENJ71/+Z1CTxOQDTPYsYzjYuC9f0p38R/WDpdvUXMuybL/27VfGu6IQUbzzE3dwkLWDb6+/8cATjTNPdjJfZblHH5t74dqHn/y+Xqu3Z47OGSxtNm5l67Xu88kX2/5BMnT9FCIPCsNXQvGg9t3RTC358Y8XH/zg+8PNng0yhfrbE2qS/HC+2DtUyoP2MvcM9a/w0tCVORXFgy/j/yY48/Fy7er2z78dtmvoh4SNOgAAAAAAAAAAAAAAAAAA4FgMfVe8q/tl36mDup569uhXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHZ/D3/4eC3bHMeFCOvZm/WzFeXF7bbESUJk++c9xHCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAverfAAAA//+Gb2jU")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000100)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rt_sigtimedwait(0x0, 0x0, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', &(0x7f00000005c0), 0x100)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000380)='hfsplus\x00', 0x8008, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @func={0x1, 0x0, 0x0, 0x12}, @ptr={0x0, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x2e, 0x0, 0x0, 0x61]}}, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

10.574991255s ago: executing program 3 (id=1653):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080c}, 0x2000c845)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[], 0x17)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000400)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), 0x0, 0x0, 0x1)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')

10.393900688s ago: executing program 6 (id=1654):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000dc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x40, 0x12}], 0x1, 0x1c000884)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x14)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = fcntl$dupfd(r3, 0x0, r4)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000280)={'dummy0\x00', 0x4})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

9.679209229s ago: executing program 5 (id=1655):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000800000000000000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)

9.236721036s ago: executing program 3 (id=1656):
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x4008040)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'})
ioctl$SIOCSIFHWADDR(r2, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="01000000008d"})

9.01009733s ago: executing program 6 (id=1657):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
kexec_load(0xf5, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(0xffffffffffffffff)
io_submit(0x0, 0x3, &(0x7f0000000440)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x6, 0x0, r1, 0x0}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x8, 0xdd04, r0, &(0x7f0000000480)="2fef3588e252727babb210249a10e7", 0xf, 0x2, 0x0, 0x1}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x1, r2}])
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', r2}, 0x18)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140))

8.913266601s ago: executing program 5 (id=1658):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0xa, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f00000000c0)={0x0, 0x59555956, 0x2, @stepwise={0x3, 0x7fff, 0x3, 0x6, 0x1000, 0x6}})
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="0100000004000000040000000700000000000000", @ANYRES32, @ANYBLOB="000000000000409674f4d893e3484b97cd000000", @ANYRES32=0x0, @ANYRES32=r4, @ANYBLOB="0200000001"], 0x50)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

8.064965264s ago: executing program 6 (id=1659):
socket$xdp(0x2c, 0x3, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="beef915d564c90c200"/23, 0x17)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000004180), 0xff77)
recvmmsg(0xffffffffffffffff, &(0x7f0000000780), 0x0, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc0105502, 0x0)

7.624474771s ago: executing program 3 (id=1660):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x3, 0x6576, 0xd})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, 0xffffffffffffffff, 0x100000000)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
set_mempolicy(0x6005, &(0x7f0000000080)=0xfffffffffffffffd, 0x4)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='numa_maps\x00')
read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2020)

6.809414744s ago: executing program 6 (id=1661):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x3d, 0x2, 0x3}]}, 0x4b)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
close(0x3)
bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 0000409'], 0x2a, 0xfffffffffffffffc)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

5.436137325s ago: executing program 6 (id=1662):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f0000000200)='m', 0x1)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
r3 = syz_io_uring_setup(0x2cb1, &(0x7f0000000140)={0x0, 0xb26e, 0x0, 0x7ffffffb, 0x35e}, &(0x7f0000000300)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r2})
io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)

5.304966597s ago: executing program 3 (id=1663):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@sack_info={0x0, 0x6, 0x3}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = socket$nl_crypto(0x10, 0x3, 0x15)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$audion(&(0x7f0000000240), 0x3c000000000, 0x200000)
r5 = memfd_secret(0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000740)=ANY=[@ANYBLOB="61124c000000000061138c0000000000bf200000000000000703000008ff0200ad0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070500000419311f2d3001000000000095000000000000000500000000000000950000000000000032ed3c5be95e76b67754bb12dc8c27df8ecf264e0f84f9f17d3c30e3c72fe9751f008554bb4f2278af6d71d79a5e12810a089dc1d4681d295c45a674f888a08034b7dd399703d6c4f633a9a4f16d0a3e1282ee45a010fb94fa9de56c9d8a814261bdb94a65f78238b89dc6c60bf70d742a81b72bab8395fa64810b5b1bfd3782519518c505000000b8fab4d4d897db2c544c0e0895a9044f50c50b8eac8c63d2b1cd06a39702bd547f5ebaa69520bbb15f4f01cef3c9bacec15e2e3b2bd352e93a22adfe8efe33ff2f8ee5476d4ef7a6f0c4704403b9bad2b648e90fff24f69a5ef05f5408ea197ed09a9510ee6063229de2984abdd46ea3ec78e3127002ed37c2564bd98a621483fb2a5ff221e0d831f24759d17b8c59d0f2b0727f6b7958fb5b939af4be5e55a95f8c6d785a91c7c3f0c17ae7f9ac5ff05f5ecddf0cef90d50e763be96496661c749e21ab63a1f50b30a65a9027ba357bf8c614497ee59b68bf6a5d45c81c567e347d54574164bbea3e7b7f8a13cce7014137f250370b8a70ae3eaf6d6f17759c3886871e97d063b7f26eed3226bb0b9ee6320a2b02fea7a06a0e37182adf4b1be6f29358d4f5dfec405bde000000000000000000000000000000902e647cc5962eccaad64429335f3ce2a10ce72da82875427c1d16db24dca08487ba41a3fb337f8432d8176a515229e32ee11a1dd23dac038f989eafdd67f60b63f7be4d1bf325b57335b9973c73bfa89517a98b1fc15f8a2713718feb01059d570a0000e3b2a93bd745a74f9bf7f7abc5d15d56331055cc0820c5c9d676d92557c4e47cfbe27f91e0eb18e21dfdab3c84ec11377fbb00000000848060962bcbc47cefd1a2a7bd3b646614bf7cd3495663de5b63f6b5910daee8ebb7ba84a8b5b6f2d1fbc22a51a500f94c871d5e1d31ab5d7a89965bbdbf355a8544e1688a61f459f3618b3a5416eb143180d3d2c5f4e0b1a556422038801703e109e23944e53f230a3537a5412c7d0bf278c6c1684dd8de90aaa33f47dc2c7b5e4f73784fd31aa2f9d1b1623734f9cf84718b2bad31f651e3607f3ac6c427cb6c0652d21ecd4b29e96c0a3781ee820faab71040768f6b08a69fdfd0b2b7be25f19500c1b8330994efb57a53c1a67bda909630f75738ab40e7ab63d527d6c1e8cf611f05c1b6d0da1ba84d405b4d834162c88022a4625a5f7c431c39f3f9a7789f9b668ec4da9f1a981086dcf4c5a940691f9638ce34dba904483f2ed4e7a713b7eac29c5e122f1b6acd6f1da2"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r7 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000280)={r6, r5, 0x2e, 0x4608, @void}, 0x10)
bpf$LINK_DETACH(0x22, &(0x7f0000000080)=r7, 0x4)

5.036563692s ago: executing program 4 (id=1664):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
kcmp(r1, r1, 0x2, r3, r2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
keyctl$unlink(0x9, 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000140)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
sendmsg$NLBL_CALIPSO_C_REMOVE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16, @ANYBLOB="010025bd7000ffdbdf2502000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x40005}, 0x8000)

3.939176289s ago: executing program 5 (id=1665):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080c}, 0x2000c845)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[], 0x17)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sched_setaffinity(r0, 0x8, &(0x7f0000000400)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), 0x0, 0x0, 0x1)
removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000240)=@known='user.incfs.metadata\x00')

3.346236398s ago: executing program 6 (id=1666):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000dc0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="14000000000000001701000004"], 0x40, 0x12}], 0x1, 0x1c000884)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x14)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r5 = fcntl$dupfd(r3, 0x0, r4)
ioctl$SIOCSIFMTU(r5, 0x8922, &(0x7f0000000280)={'dummy0\x00', 0x4})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000)

2.099038147s ago: executing program 3 (id=1667):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000800000000000000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)

2.095551728s ago: executing program 5 (id=1668):
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
kexec_load(0xf5, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(0xffffffffffffffff)
io_submit(0x0, 0x3, &(0x7f0000000440)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x6, 0x0, r1, 0x0}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x8, 0xdd04, r0, &(0x7f0000000480)="2fef3588e252727babb210249a10e7", 0xf, 0x2, 0x0, 0x1}, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0, 0x1, r2}])
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, 0x0, 0x1)
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', r2}, 0x18)
ioctl$VHOST_SET_OWNER(r3, 0xaf01, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000140))

1.102013963s ago: executing program 3 (id=1669):
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={0x0, 0x0, 0x4a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r2)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x4008040)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'})
ioctl$SIOCSIFHWADDR(r2, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="01000000008d"})

1.002095785s ago: executing program 5 (id=1670):
socket$xdp(0x2c, 0x3, 0x0)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000000)=@unlock_all, 0x7)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="beef915d564c90c200"/23, 0x17)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000004180), 0xff77)
recvmmsg(0xffffffffffffffff, &(0x7f0000000780), 0x0, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000380)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a0000000086d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f6853772b21a140efb76cba37ff3111d6847e8b9398a646717af75fc008daefba68e6222103472bc55704cdb737ae996ed831f3b802549db3a8ffff7d34171113d806726615380fe65a6a0a72e1ac2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be500e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef1d7ee686be0fc58e384f93a13f4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe363590d1f600"})
ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc0105502, 0x0)

961.100555ms ago: executing program 4 (id=1671):
syz_open_procfs(0x0, 0x0)
socket$inet(0x10, 0x3, 0xb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r3 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
ftruncate(r3, 0xffff)
fcntl$addseals(r3, 0x409, 0x7)
r4 = ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000140)={r3, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r4, 0x0)
syz_clone3(&(0x7f0000002a40)={0x24888100, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0x58)

0s ago: executing program 5 (id=1672):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x3d, 0x2, 0x3}]}, 0x4b)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
close(0x3)
bpf$MAP_LOOKUP_ELEM(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 0000409'], 0x2a, 0xfffffffffffffffc)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

kernel console output (not intermixed with test programs):

6] Bluetooth: hci0: command 0x0406 tx timeout
[  288.769499][ T4294] Bluetooth: hci3: command 0x0406 tx timeout
[  288.775949][ T4292] Bluetooth: hci1: command 0x0406 tx timeout
[  288.783817][ T5447] netlink: 8 bytes leftover after parsing attributes in process `syz.3.287'.
[  288.879400][ T5447] device gre1 entered promiscuous mode
[  289.010982][ T5181] device veth0_vlan entered promiscuous mode
[  289.028279][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  289.056187][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  289.070850][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  289.125168][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  289.171901][ T5453] Can't find a SQUASHFS superblock on nullb0
[  289.188644][ T4286] Bluetooth: hci0: unexpected cc 0x2039 length: 9 > 1
[  289.532099][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  289.715810][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  289.767200][ T5181] device veth1_vlan entered promiscuous mode
[  290.004905][ T5181] device veth0_macvtap entered promiscuous mode
[  290.046371][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  290.102721][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  290.131978][ T5181] device veth1_macvtap entered promiscuous mode
[  290.145186][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  290.459234][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  290.762449][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.012999][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.097919][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.170018][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.234851][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.264042][ T5449] loop0: detected capacity change from 0 to 32768
[  291.281140][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  291.334225][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  291.521603][ T5181] batman_adv: batadv0: Interface activated: batadv_slave_0
[  291.611160][   T27] audit: type=1326 audit(1750463330.961:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5448 comm="syz.0.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54d8e929 code=0x7ffc0000
[  292.008909][   T27] audit: type=1326 audit(1750463330.971:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5448 comm="syz.0.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fca54d8e929 code=0x7ffc0000
[  292.033509][   T27] audit: type=1326 audit(1750463330.971:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5448 comm="syz.0.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54d8e929 code=0x7ffc0000
[  292.070128][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  292.087484][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  292.139696][   T27] audit: type=1326 audit(1750463330.971:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5448 comm="syz.0.288" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca54d8e929 code=0x7ffc0000
[  292.178591][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.196948][ T5476] delete_channel: no stack
[  292.217363][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.273785][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.339624][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.369182][ T5479] loop1: detected capacity change from 0 to 4096
[  292.405317][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.454065][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.474137][ T5485] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  292.493405][ T5483] loop0: detected capacity change from 0 to 4096
[  292.529084][ T5181] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  292.768069][ T5181] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  292.890706][ T5181] batman_adv: batadv0: Interface activated: batadv_slave_1
[  292.899706][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  292.951068][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  293.065310][ T5489] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  293.265258][ T4286] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  293.274375][ T4286] Bluetooth: hci0: Injecting HCI hardware error event
[  293.292645][ T4294] Bluetooth: hci0: hardware error 0x00
[  293.305804][ T5181] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  293.389506][ T5181] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  293.576584][ T5181] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  293.612757][ T5181] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  293.899275][ T4787] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  293.955086][ T4787] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  294.015253][ T4787] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  294.095252][    T7] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  294.129145][ T4787] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  294.196560][ T4787] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  294.262797][ T4369] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  294.328532][    T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  294.375163][    T7] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  294.453014][    T7] usb 2-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  294.483257][    T7] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  294.513187][    T7] usb 2-1: Manufacturer: syz
[  294.646146][    T7] usb 2-1: config 0 descriptor??
[  295.801658][ T4294] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  297.806274][ T5495] syz.1.297 (5495): drop_caches: 2
[  299.662855][   T14] usb 2-1: USB disconnect, device number 6
[  299.806298][ T4347] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  299.932037][ T5544] loop1: detected capacity change from 0 to 2048
[  300.005283][ T4347] usb 6-1: Using ep0 maxpacket: 8
[  300.020375][ T4347] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  300.130220][ T4347] usb 6-1: config 179 has no interface number 0
[  300.232147][ T4347] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  300.274550][ T4347] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  300.306057][ T5551] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  300.356564][ T4347] usb 6-1: config 179 interface 65 altsetting 12 has an invalid endpoint with address 0xFF, skipping
[  300.425369][ T4347] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  300.500528][ T4347] usb 6-1: config 179 interface 65 has no altsetting 0
[  300.578675][ T4347] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  300.791317][ T4347] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.079844][   T27] audit: type=1800 audit(1750463340.431:39): pid=5561 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.309" name="file1" dev="loop1" ino=2097152 res=0 errno=0
[  301.630040][   T14] usb 6-1: USB disconnect, device number 2
[  302.038748][ T5574] netlink: 8 bytes leftover after parsing attributes in process `syz.4.313'.
[  303.875415][ T4294] Bluetooth: hci5: command 0x0405 tx timeout
[  304.646991][ T5595] loop3: detected capacity change from 0 to 4096
[  304.715246][ T4322] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  304.931548][ T4322] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  305.010716][ T5598] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  305.112004][ T4322] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.325200][ T4322] usb 6-1: Product: syz
[  305.518006][ T4322] usb 6-1: Manufacturer: syz
[  305.523933][ T4322] usb 6-1: SerialNumber: syz
[  305.560757][ T4322] usb 6-1: config 0 descriptor??
[  305.606717][ T4322] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 003
[  307.635531][ T4322]  (null): failure setting delay to 10us
[  307.643275][ T4322] i2c-tiny-usb: probe of 6-1:0.0 failed with error -5
[  307.657058][ T5617] loop0: detected capacity change from 0 to 128
[  307.688508][ T5617] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  307.813106][   T14] usb 6-1: USB disconnect, device number 3
[  308.132848][ T5620] loop1: detected capacity change from 0 to 2048
[  308.831302][ T5625] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  308.846284][ T5629] netlink: 8 bytes leftover after parsing attributes in process `syz.5.327'.
[  309.473876][ T5636] loop3: detected capacity change from 0 to 1024
[  310.675464][ T4347] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  310.932858][ T4347] usb 2-1: config 1 interface 0 has no altsetting 0
[  310.992062][ T4347] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  311.186575][ T4347] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.296500][ T5650] netlink: 44 bytes leftover after parsing attributes in process `syz.5.333'.
[  311.315830][ T4347] usb 2-1: Product: syz
[  311.345333][ T4347] usb 2-1: Manufacturer: syz
[  311.350570][ T4347] usb 2-1: SerialNumber: syz
[  311.452195][ T5651] netlink: 44 bytes leftover after parsing attributes in process `syz.5.333'.
[  311.571264][ T5658] Can't find a SQUASHFS superblock on nullb0
[  312.841545][ T5674] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  313.613126][ T4347] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  313.723855][ T4347] usb 2-1: USB disconnect, device number 7
[  313.788274][ T4347] usblp0: removed
[  315.145464][ T4322] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  315.385562][ T4322] usb 5-1: Using ep0 maxpacket: 8
[  315.414660][ T4322] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  315.424808][ T4322] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.438205][ T4322] usb 5-1: Product: syz
[  315.442691][ T4322] usb 5-1: Manufacturer: syz
[  315.513964][ T4322] usb 5-1: SerialNumber: syz
[  315.542323][ T4322] usb 5-1: config 0 descriptor??
[  315.575016][ T5698] Can't find a SQUASHFS superblock on nullb0
[  315.795305][   T14] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  315.954479][ T4322] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  316.067189][   T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.589432][ T4322] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71
[  316.625383][ T4322] usb 5-1: USB disconnect, device number 5
[  316.839393][   T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.850471][   T14] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  316.860087][   T14] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.881297][   T14] usb 2-1: config 0 descriptor??
[  317.255283][ T4325] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  317.396978][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  317.403996][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  317.483450][ T4325] usb 4-1: config 1 interface 0 has no altsetting 0
[  317.557540][ T4325] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  317.709771][ T4325] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.826925][ T4325] usb 4-1: Product: syz
[  317.918632][ T4325] usb 4-1: Manufacturer: syz
[  317.937953][   T14] uclogic 0003:256C:006D.0008: interface is invalid, ignoring
[  318.012579][ T4325] usb 4-1: SerialNumber: syz
[  318.662306][ T5730] loop5: detected capacity change from 0 to 4096
[  319.698491][ T4323] usb 2-1: USB disconnect, device number 8
[  319.713933][ T5733] loop4: detected capacity change from 0 to 2048
[  319.793816][ T5733] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  319.909732][ T4321] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  320.238138][ T5752] /dev/nullb0: Can't open blockdev
[  320.965298][ T4321] usb 1-1: Using ep0 maxpacket: 32
[  320.974897][ T4321] usb 1-1: config index 0 descriptor too short (expected 82, got 18)
[  320.997919][ T4325] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  321.016599][ T4321] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.073955][ T4325] usb 4-1: USB disconnect, device number 7
[  321.128772][ T4321] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  321.307246][ T4321] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  321.478372][ T4321] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.881063][ T4325] usblp0: removed
[  321.885306][ T4321] usb 1-1: config 0 descriptor??
[  324.367166][ T4321] usb 1-1: string descriptor 0 read error: -71
[  324.575712][ T4321] usb 1-1: USB disconnect, device number 6
[  326.277002][ T5799] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  326.977445][ T5804] loop1: detected capacity change from 0 to 4096
[  327.235194][ T4321] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  327.567096][ T4321] usb 6-1: config 1 interface 0 has no altsetting 0
[  327.577210][ T5783] loop0: detected capacity change from 0 to 40427
[  327.586948][ T4321] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  327.610940][ T5783] F2FS-fs (loop0): invalid crc value
[  327.691074][ T4321] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.693375][ T5783] F2FS-fs (loop0): Found nat_bits in checkpoint
[  327.700256][ T4321] usb 6-1: Product: syz
[  327.710585][ T4321] usb 6-1: Manufacturer: syz
[  327.715755][ T4321] usb 6-1: SerialNumber: syz
[  327.819466][ T5783] F2FS-fs (loop0): Start checkpoint disabled!
[  327.845475][ T5783] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  327.923620][ T5819] loop3: detected capacity change from 0 to 256
[  327.931388][ T5819] FAT-fs (loop3): Unrecognized mount option "shortname=low" or missing value
[  329.536900][ T5833] Cannot find add_set index 0 as target
[  329.565253][ T4325] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  330.559094][ T4325] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  330.571407][ T4325] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.585170][ T4325] usb 5-1: Product: syz
[  330.589587][ T4325] usb 5-1: Manufacturer: syz
[  330.598241][ T4325] usb 5-1: SerialNumber: syz
[  330.619167][ T4325] usb 5-1: config 0 descriptor??
[  330.638484][ T4325] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 006
[  330.650147][ T5833] libceph: resolve '4..' (ret=-3): failed
[  330.700480][ T4321] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  330.795394][ T4321] usb 6-1: USB disconnect, device number 4
[  330.852343][ T4321] usblp0: removed
[  331.121988][ T4325]  (null): failure setting delay to 10us
[  331.133916][ T4325] i2c-tiny-usb: probe of 5-1:0.0 failed with error -5
[  331.168460][ T5857] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  331.190387][ T4325] usb 5-1: USB disconnect, device number 6
[  331.543424][ T5861] loop5: detected capacity change from 0 to 4096
[  334.616357][ T5876] overlayfs: failed to resolve './file0': -2
[  336.208134][ T4294] Bluetooth: hci2: unexpected cc 0x2039 length: 9 > 1
[  337.282808][ T5909] Can't find a SQUASHFS superblock on nullb0
[  337.294804][ T4294] Bluetooth: hci5: unexpected cc 0x2039 length: 9 > 1
[  339.094060][ T5919] loop1: detected capacity change from 0 to 1024
[  339.138790][ T5908] loop3: detected capacity change from 0 to 4096
[  339.841293][   T75] hfsplus: b-tree write err: -5, ino 4
[  339.944650][ T5927] loop5: detected capacity change from 0 to 2048
[  340.110509][ T5933] Can't find a SQUASHFS superblock on nullb0
[  340.120911][ T4294] Bluetooth: hci1: unexpected cc 0x2039 length: 9 > 1
[  340.276896][ T4294] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  340.295507][ T4294] Bluetooth: hci2: Injecting HCI hardware error event
[  340.309956][ T4286] Bluetooth: hci2: hardware error 0x00
[  340.786881][ T5937] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  341.318685][ T4294] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  341.333994][ T4294] Bluetooth: hci5: Injecting HCI hardware error event
[  341.360788][ T4285] Bluetooth: hci5: hardware error 0x00
[  342.086488][ T5951] loop3: detected capacity change from 0 to 2048
[  342.929464][ T4286] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  343.295129][ T4325] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  343.475281][ T4285] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  343.535144][ T4325] usb 1-1: Using ep0 maxpacket: 32
[  344.259718][ T4285] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  344.269970][ T4285] Bluetooth: hci1: Injecting HCI hardware error event
[  344.280490][ T4286] Bluetooth: hci1: hardware error 0x00
[  344.299285][ T4325] usb 1-1: config index 0 descriptor too short (expected 82, got 18)
[  344.338940][ T4325] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  344.388426][ T4325] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  344.426303][ T5976] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  344.442024][ T4325] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  344.485926][ T4325] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.141645][ T5970] ALSA: mixer_oss: invalid OSS volume ''
[  345.384563][ T4325] usb 1-1: config 0 descriptor??
[  347.518255][ T4286] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  347.715293][ T4286] Bluetooth: hci3: command 0x0405 tx timeout
[  347.837844][ T6007] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  348.123488][ T6012] loop1: detected capacity change from 0 to 2048
[  348.153352][ T4325] usb 1-1: string descriptor 0 read error: -71
[  348.796513][ T4325] usb 1-1: USB disconnect, device number 7
[  348.908795][ T6014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.421'.
[  349.221974][ T3623] Alternate GPT is invalid, using primary GPT.
[  349.296750][ T3623]  loop1: p1 p2 p3
[  349.919167][ T6028] loop4: detected capacity change from 0 to 128
[  349.995460][ T6028] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  352.074497][ T6031] ALSA: mixer_oss: invalid OSS volume ''
[  352.492453][ T4359] udevd[4359]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[  352.492927][ T4997] udevd[4997]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[  352.518764][ T4358] udevd[4358]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory
[  352.606225][ T6053] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  354.651464][ T6072] loop4: detected capacity change from 0 to 512
[  355.166854][ T6077] loop3: detected capacity change from 0 to 128
[  355.288991][ T6079] netlink: 'syz.0.438': attribute type 4 has an invalid length.
[  355.369143][ T6077] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  355.442920][ T6072] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  355.453605][ T6072] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  355.975877][   T14] lo speed is unknown, defaulting to 1000
[  356.797273][ T4276] EXT4-fs (loop4): unmounting filesystem.
[  357.135104][ T4321] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  358.591464][ T6111] ALSA: mixer_oss: invalid OSS volume ''
[  358.840254][ T4321] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  358.856347][ T6121] loop3: detected capacity change from 0 to 1024
[  358.926905][ T4321] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.009253][ T4321] usb 6-1: Product: syz
[  359.013718][ T4321] usb 6-1: Manufacturer: syz
[  359.071410][ T4321] usb 6-1: SerialNumber: syz
[  359.112788][ T4330] hfsplus: b-tree write err: -5, ino 4
[  359.152371][ T4321] usb 6-1: config 0 descriptor??
[  359.197929][ T4321] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 005
[  360.628101][ T4321]  (null): failure setting delay to 10us
[  360.634079][ T4321] i2c-tiny-usb: probe of 6-1:0.0 failed with error -5
[  360.675938][ T4321] usb 6-1: USB disconnect, device number 5
[  360.745397][ T6135] loop1: detected capacity change from 0 to 4096
[  361.010425][ T6152] netlink: 'syz.4.454': attribute type 4 has an invalid length.
[  361.175356][ T4325] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  361.317875][ T6161] netlink: 4 bytes leftover after parsing attributes in process `syz.5.455'.
[  361.380532][ T4325] usb 4-1: Using ep0 maxpacket: 8
[  361.393489][ T4325] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  361.427669][ T4325] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.454400][ T4325] usb 4-1: Product: syz
[  361.468361][ T4325] usb 4-1: Manufacturer: syz
[  361.479238][ T4325] usb 4-1: SerialNumber: syz
[  361.505478][ T4325] usb 4-1: config 0 descriptor??
[  361.662898][ T6127] syz.0.448 (6127): drop_caches: 2
[  361.721688][ T4325] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  361.953909][ T6168] loop1: detected capacity change from 0 to 1024
[  362.081287][ T6170] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  362.768429][ T4344] hfsplus: b-tree write err: -5, ino 4
[  362.813481][ T4325] dvb_usb_rtl28xxu: probe of 4-1:0.0 failed with error -71
[  362.823286][ T4325] usb 4-1: USB disconnect, device number 8
[  364.876382][ T6195] loop4: detected capacity change from 0 to 4096
[  364.995162][ T4323] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  365.309094][ T4323] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  367.082762][ T4323] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.101711][ T4323] usb 2-1: Product: syz
[  367.106387][ T4323] usb 2-1: Manufacturer: syz
[  367.111219][ T4323] usb 2-1: SerialNumber: syz
[  367.121709][ T4323] usb 2-1: config 0 descriptor??
[  367.170763][ T4323] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 009
[  367.434317][ T6213] ALSA: mixer_oss: invalid OSS volume ''
[  367.709983][ T4323]  (null): failure setting delay to 10us
[  367.716771][ T4323] i2c-tiny-usb: probe of 2-1:0.0 failed with error -5
[  367.752970][ T4323] usb 2-1: USB disconnect, device number 9
[  367.921542][ T6226] netlink: 4 bytes leftover after parsing attributes in process `syz.0.474'.
[  368.065180][ T4321] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  368.125193][ T4347] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  368.214123][ T6234] loop4: detected capacity change from 0 to 1024
[  368.405323][ T4347] usb 6-1: Using ep0 maxpacket: 32
[  368.461855][ T4347] usb 6-1: config index 0 descriptor too short (expected 82, got 18)
[  368.756724][ T4347] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  369.027446][ T4347] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  369.108495][ T4347] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  369.136962][ T4321] usb 4-1: config 1 interface 0 has no altsetting 0
[  369.147949][ T4321] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  369.167534][ T4321] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.177911][ T4321] usb 4-1: Product: syz
[  369.182242][ T4321] usb 4-1: Manufacturer: syz
[  369.187059][ T4321] usb 4-1: SerialNumber: syz
[  369.192311][ T4347] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.246664][ T4509] hfsplus: b-tree write err: -5, ino 4
[  369.264843][ T4347] usb 6-1: config 0 descriptor??
[  371.070733][ T4321] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  371.217943][ T4321] usb 4-1: USB disconnect, device number 9
[  371.309076][ T4321] usblp0: removed
[  371.356834][ T6256] netlink: 32 bytes leftover after parsing attributes in process `syz.1.482'.
[  371.709848][ T6262] loop3: detected capacity change from 0 to 512
[  371.886388][ T6262] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  371.895902][ T6262] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  372.143536][ T4347] usb 6-1: string descriptor 0 read error: -71
[  372.283019][ T4347] usb 6-1: USB disconnect, device number 6
[  372.457991][ T6259] loop0: detected capacity change from 0 to 4096
[  372.522897][ T4282] EXT4-fs (loop3): unmounting filesystem.
[  374.072231][ T6286] loop3: detected capacity change from 0 to 1024
[  374.387727][ T6289] Can't find a SQUASHFS superblock on nullb0
[  375.842122][   T27] audit: type=1800 audit(1750463415.141:40): pid=6286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.487" name="file1" dev="loop3" ino=20 res=0 errno=0
[  375.998907][ T6293] netlink: 4 bytes leftover after parsing attributes in process `syz.0.488'.
[  376.055738][ T4509] hfsplus: b-tree write err: -5, ino 4
[  378.355535][ T4285] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  378.365427][ T4285] Bluetooth: hci3: Injecting HCI hardware error event
[  378.377328][ T4286] Bluetooth: hci3: hardware error 0x00
[  378.839912][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  378.846590][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  379.605117][ T4326] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  380.292664][ T6326] loop1: detected capacity change from 0 to 40427
[  380.335168][ T4326] usb 6-1: Using ep0 maxpacket: 32
[  380.392739][ T6326] F2FS-fs (loop1): invalid crc value
[  380.517628][ T4326] usb 6-1: config index 0 descriptor too short (expected 82, got 18)
[  380.576712][ T6326] F2FS-fs (loop1): Found nat_bits in checkpoint
[  380.623476][ T6326] F2FS-fs (loop1): Start checkpoint disabled!
[  380.685995][ T6326] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  380.815172][ T4326] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  380.861298][ T4326] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  380.916753][  T129] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  380.925344][ T4286] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  380.946805][ T6328] loop4: detected capacity change from 0 to 4096
[  381.105102][  T129] usb 1-1: Using ep0 maxpacket: 8
[  381.115691][ T4326] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  381.125197][ T4326] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.133097][  T129] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  381.135782][ T4326] usb 6-1: config 0 descriptor??
[  381.214713][  T129] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.082510][  T129] usb 1-1: Product: syz
[  382.087183][  T129] usb 1-1: Manufacturer: syz
[  382.091909][  T129] usb 1-1: SerialNumber: syz
[  382.102605][  T129] usb 1-1: config 0 descriptor??
[  383.266272][   T27] audit: type=1800 audit(1750463422.631:41): pid=6346 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.498" name="file1" dev="loop4" ino=33 res=0 errno=0
[  383.314864][  T129] usb 1-1: can't set config #0, error -71
[  383.361613][  T129] usb 1-1: USB disconnect, device number 8
[  383.392459][   T27] audit: type=1800 audit(1750463422.651:42): pid=6328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.498" name="file1" dev="loop4" ino=33 res=0 errno=0
[  384.017061][ T4326] usb 6-1: string descriptor 0 read error: -71
[  384.577978][ T4326] usb 6-1: USB disconnect, device number 7
[  384.949801][ T4577] kworker/u4:17: attempt to access beyond end of device
[  384.949801][ T4577] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  388.278715][ T6400] Cannot find add_set index 0 as target
[  388.450924][ T4323] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  389.835124][ T4323] usb 5-1: Using ep0 maxpacket: 8
[  389.844556][ T4323] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  389.854481][ T4323] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.862851][ T4323] usb 5-1: Product: syz
[  389.867404][ T4323] usb 5-1: Manufacturer: syz
[  389.877873][ T4323] usb 5-1: SerialNumber: syz
[  389.896123][ T4323] usb 5-1: config 0 descriptor??
[  390.157117][ T6423] bridge0: port 3(netdevsim0) entered blocking state
[  390.165091][ T6423] bridge0: port 3(netdevsim0) entered disabled state
[  390.173493][ T6423] device netdevsim0 entered promiscuous mode
[  390.181793][ T6423] bridge0: port 3(netdevsim0) entered blocking state
[  390.188699][ T6423] bridge0: port 3(netdevsim0) entered forwarding state
[  390.475560][ T6426] loop3: detected capacity change from 0 to 40427
[  390.488923][ T6426] F2FS-fs (loop3): invalid crc value
[  390.537190][ T6426] F2FS-fs (loop3): Found nat_bits in checkpoint
[  390.586824][ T6426] F2FS-fs (loop3): Start checkpoint disabled!
[  390.605463][ T6426] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  391.005585][ T4323] dvb_usb_rtl28xxu 5-1:0.0: chip type detection failed -110
[  391.013335][ T4323] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -110
[  391.143200][ T4326] usb 5-1: USB disconnect, device number 7
[  392.308529][ T6440] loop4: detected capacity change from 0 to 256
[  392.317761][ T6440] FAT-fs (loop4): Unrecognized mount option "shortname=low" or missing value
[  392.372029][ T4358] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  392.801844][ T4531] kworker/u4:14: attempt to access beyond end of device
[  392.801844][ T4531] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  394.309525][ T4326] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  394.752794][ T6459] loop1: detected capacity change from 0 to 40427
[  394.806759][ T4326] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  395.577153][ T6465] vivid-000: kernel_thread() failed
[  395.715605][ T4326] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.726802][ T4326] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  395.736363][ T4326] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.748071][ T4326] usb 5-1: config 0 descriptor??
[  395.768269][ T6459] F2FS-fs (loop1): invalid crc value
[  395.788416][ T6459] F2FS-fs (loop1): Found nat_bits in checkpoint
[  395.832807][ T6459] F2FS-fs (loop1): Start checkpoint disabled!
[  395.890876][ T6459] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  397.166451][ T4326] uclogic 0003:256C:006D.0009: v1 frame probing failed: -71
[  397.283937][ T4326] uclogic 0003:256C:006D.0009: failed probing parameters: -71
[  397.322850][ T4326] uclogic: probe of 0003:256C:006D.0009 failed with error -71
[  397.358070][ T4326] usb 5-1: USB disconnect, device number 8
[  397.843436][ T6489] loop5: detected capacity change from 0 to 256
[  398.580440][ T4390] kworker/u4:10: attempt to access beyond end of device
[  398.580440][ T4390] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  398.873696][ T6495] loop4: detected capacity change from 0 to 40427
[  399.020138][ T6495] F2FS-fs (loop4): invalid crc value
[  399.042848][ T6495] F2FS-fs (loop4): Found nat_bits in checkpoint
[  399.088665][ T6495] F2FS-fs (loop4): Start checkpoint disabled!
[  399.122030][ T6495] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  400.103493][ T6509] loop5: detected capacity change from 0 to 256
[  400.120793][ T6509] FAT-fs (loop5): Unrecognized mount option "shortname=low" or missing value
[  401.295292][ T4326] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  401.612975][ T4326] usb 2-1: Using ep0 maxpacket: 8
[  401.623110][ T4326] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  401.650259][ T4326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  402.176536][ T4326] usb 2-1: Product: syz
[  402.497746][ T4326] usb 2-1: Manufacturer: syz
[  402.502774][ T4326] usb 2-1: SerialNumber: syz
[  402.584122][ T4326] usb 2-1: config 0 descriptor??
[  403.535552][ T4326] usb 2-1: can't set config #0, error -71
[  403.543940][ T4326] usb 2-1: USB disconnect, device number 10
[  404.806413][   T41] kworker/u4:2: attempt to access beyond end of device
[  404.806413][   T41] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  404.833556][ T6553] Cannot find add_set index 0 as target
[  406.665612][ T6551] ALSA: mixer_oss: invalid OSS volume ''
[  410.047952][ T6575] loop4: detected capacity change from 0 to 40427
[  410.061405][ T6575] F2FS-fs (loop4): invalid crc value
[  410.098859][ T6575] F2FS-fs (loop4): Found nat_bits in checkpoint
[  410.137513][ T6575] F2FS-fs (loop4): Start checkpoint disabled!
[  410.145483][ T6575] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  411.590938][ T6592] Can't find a SQUASHFS superblock on nullb0
[  412.073396][ T4555] kworker/u4:15: attempt to access beyond end of device
[  412.073396][ T4555] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  413.503886][ T6624] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  413.745379][ T6630] bridge0: port 3(netdevsim0) entered blocking state
[  413.753902][ T6630] bridge0: port 3(netdevsim0) entered disabled state
[  413.774377][ T6630] device netdevsim0 entered promiscuous mode
[  413.782600][ T6630] bridge0: port 3(netdevsim0) entered blocking state
[  413.789731][ T6630] bridge0: port 3(netdevsim0) entered forwarding state
[  414.246613][ T6619] ALSA: mixer_oss: invalid OSS volume ''
[  414.876895][ T6638] vivid-000: kernel_thread() failed
[  415.545643][ T6652] loop1: detected capacity change from 0 to 512
[  417.357056][ T6652] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  417.366486][ T6652] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  417.473828][ T6660] netlink: 'syz.0.562': attribute type 4 has an invalid length.
[  417.652077][ T4275] EXT4-fs (loop1): unmounting filesystem.
[  417.655036][ T6663] loop3: detected capacity change from 0 to 256
[  417.666354][ T6663] FAT-fs (loop3): Unrecognized mount option "shortname=low" or missing value
[  417.752485][ T4359] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  419.788203][ T6674] loop0: detected capacity change from 0 to 4096
[  420.279694][ T6682] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  420.534817][ T6681] netlink: 4 bytes leftover after parsing attributes in process `syz.4.569'.
[  422.475344][ T6699] vivid-000: kernel_thread() failed
[  423.436546][ T6714] loop4: detected capacity change from 0 to 512
[  424.866424][ T6713] netlink: 'syz.3.576': attribute type 4 has an invalid length.
[  424.986855][ T6714] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  424.996465][ T6714] ext4 filesystem being mounted at /114/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  425.204595][ T6723] loop5: detected capacity change from 0 to 256
[  425.212181][ T6723] FAT-fs (loop5): Unrecognized mount option "shortname=low" or missing value
[  425.335491][ T4358] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  425.393939][ T4276] EXT4-fs (loop4): unmounting filesystem.
[  428.665148][ T6428] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  429.485528][ T6765] loop0: detected capacity change from 0 to 4096
[  429.587914][ T6769] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  429.708906][ T6428] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  429.824735][ T6428] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.884138][ T6428] usb 5-1: Product: syz
[  429.905247][ T6428] usb 5-1: Manufacturer: syz
[  429.920214][ T6428] usb 5-1: SerialNumber: syz
[  429.942768][ T6428] usb 5-1: config 0 descriptor??
[  430.095075][ T6428] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 009
[  430.781232][ T6781] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  431.233009][ T6428]  (null): failure setting delay to 10us
[  431.239108][ T6428] i2c-tiny-usb: probe of 5-1:0.0 failed with error -5
[  431.341823][ T6428] usb 5-1: USB disconnect, device number 9
[  431.699966][ T6790] Can't find a SQUASHFS superblock on nullb0
[  433.431352][ T6802] vivid-007: kernel_thread() failed
[  438.675773][ T6840] Can't find a SQUASHFS superblock on nullb0
[  438.786290][   T14] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  439.059619][   T14] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  439.089656][   T14] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.624137][   T14] usb 2-1: Product: syz
[  439.631020][   T14] usb 2-1: Manufacturer: syz
[  439.644635][   T14] usb 2-1: SerialNumber: syz
[  440.290030][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  440.296788][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  442.533954][   T14] usb 2-1: config 0 descriptor??
[  442.963598][   T14] usb 2-1: can't set config #0, error -71
[  442.974613][   T14] usb 2-1: USB disconnect, device number 11
[  444.579694][ T6883] loop0: detected capacity change from 0 to 256
[  444.587044][ T6883] FAT-fs (loop0): Unrecognized mount option "shortname=low" or missing value
[  445.625769][ T4358] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  447.305222][   T14] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  447.538059][   T14] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  447.623450][   T14] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.671381][   T14] usb 4-1: Product: syz
[  447.708572][   T14] usb 4-1: Manufacturer: syz
[  447.730654][   T14] usb 4-1: SerialNumber: syz
[  447.990061][   T14] usb 4-1: config 0 descriptor??
[  448.756797][   T14] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 010
[  448.836490][   T14]  (null): failure setting delay to 10us
[  448.842745][   T14] i2c-tiny-usb: probe of 4-1:0.0 failed with error -5
[  448.903492][   T14] usb 4-1: USB disconnect, device number 10
[  449.203228][ T6926] loop1: detected capacity change from 0 to 512
[  449.997529][ T6927] netlink: 4 bytes leftover after parsing attributes in process `syz.4.634'.
[  451.309875][ T6926] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  451.319642][ T6926] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  451.688548][ T4275] EXT4-fs (loop1): unmounting filesystem.
[  453.477128][ T6944] netlink: 20 bytes leftover after parsing attributes in process `syz.0.637'.
[  456.464802][ T6959] netlink: 8 bytes leftover after parsing attributes in process `syz.4.641'.
[  457.604925][ T6968] netlink: 4 bytes leftover after parsing attributes in process `syz.1.642'.
[  459.746795][ T6981] loop3: detected capacity change from 0 to 1024
[  459.864306][ T6961] loop0: detected capacity change from 0 to 32768
[  462.752200][ T7014] netlink: 4 bytes leftover after parsing attributes in process `syz.0.651'.
[  466.715113][ T7026] netlink: 8 bytes leftover after parsing attributes in process `syz.4.656'.
[  469.387363][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.663'.
[  469.443946][ T7037] loop4: detected capacity change from 0 to 32768
[  470.178563][ T7059] vivid-007: kernel_thread() failed
[  470.205742][ T7058] Cannot find add_set index 0 as target
[  470.336664][ T7063] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  470.487365][ T7037] XFS (loop4): Mounting V5 Filesystem
[  471.930175][ T7037] XFS (loop4): Ending clean mount
[  472.262378][ T7071] ALSA: mixer_oss: invalid OSS volume ''
[  472.422446][ T7037] XFS (loop4): Quotacheck needed: Please wait.
[  472.578699][ T7037] XFS (loop4): Quotacheck: Done.
[  473.557714][ T4276] XFS (loop4): Unmounting Filesystem
[  475.281635][ T7093] Can't find a SQUASHFS superblock on nullb0
[  475.434110][ T7094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.671'.
[  475.935267][ T6863] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  476.241114][ T6863] usb 6-1: Using ep0 maxpacket: 8
[  476.265626][ T6863] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  476.401206][ T6863] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  476.413320][ T6863] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  476.424161][ T6863] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  476.440719][ T6863] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  476.461233][ T6863] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  476.528078][ T6863] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.809058][ T7103] netlink: 4 bytes leftover after parsing attributes in process `syz.4.668'.
[  478.212823][ T6863] usb 6-1: usb_control_msg returned -32
[  478.218661][ T6863] usbtmc 6-1:16.0: can't read capabilities
[  479.199315][ T7113] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  480.014481][ T6863] usb 6-1: USB disconnect, device number 8
[  486.316788][ T7146] Can't find a SQUASHFS superblock on nullb0
[  486.426984][ T7149] netlink: 8 bytes leftover after parsing attributes in process `syz.1.684'.
[  487.653268][ T7157] loop3: detected capacity change from 0 to 256
[  487.661255][ T7157] FAT-fs (loop3): Unrecognized mount option "shortname=low" or missing value
[  487.707064][ T4358] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  489.848564][ T7167] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  490.593890][ T7173] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  492.412408][ T7182] overlayfs: failed to resolve './file0': -2
[  493.852360][ T7199] netlink: 8 bytes leftover after parsing attributes in process `syz.1.698'.
[  494.789149][ T7205] loop1: detected capacity change from 0 to 256
[  494.798033][ T7205] FAT-fs (loop1): Unrecognized mount option "shortname=low" or missing value
[  494.964725][ T4358] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  496.382995][ T7228] Can't find a SQUASHFS superblock on nullb0
[  496.713785][ T7231] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  497.871049][ T7235] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  498.842180][ T7238] netlink: 'syz.0.709': attribute type 4 has an invalid length.
[  500.718727][ T7251] netlink: 8 bytes leftover after parsing attributes in process `syz.3.711'.
[  501.595453][ T7258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.713'.
[  501.718473][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  501.726003][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  502.397281][ T7262] vivid-000: kernel_thread() failed
[  502.859616][ T7272] loop4: detected capacity change from 0 to 256
[  502.867383][ T7272] FAT-fs (loop4): Unrecognized mount option "shortname=low" or missing value
[  504.352120][ T7286] Can't find a SQUASHFS superblock on nullb0
[  505.055461][ T7291] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  505.238178][ T7271] loop5: detected capacity change from 0 to 32768
[  505.395237][ T7294] netlink: 'syz.4.722': attribute type 4 has an invalid length.
[  505.492035][ T7271] XFS (loop5): Mounting V5 Filesystem
[  507.579327][ T7271] XFS (loop5): Ending clean mount
[  508.519001][ T4419] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  508.566916][ T7271] XFS (loop5): Quotacheck needed: Please wait.
[  508.965308][ T7271] XFS (loop5): Quotacheck: Done.
[  509.006031][ T5181] XFS (loop5): Unmounting Filesystem
[  509.979838][ T7321] vivid-000: kernel_thread() failed
[  510.821120][ T7333] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  510.945070][ T4324] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  511.468986][ T7343] netlink: 8 bytes leftover after parsing attributes in process `syz.5.729'.
[  511.515043][ T4324] usb 5-1: Using ep0 maxpacket: 32
[  512.244529][ T4324] usb 5-1: config index 0 descriptor too short (expected 82, got 18)
[  512.254808][ T4324] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  512.266944][ T4324] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  512.276774][ T4324] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  512.286752][ T4324] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.298220][ T4324] usb 5-1: config 0 descriptor??
[  512.747156][ T7348] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  515.586353][ T4324] usb 5-1: string descriptor 0 read error: -71
[  515.764222][ T4324] usb 5-1: USB disconnect, device number 10
[  516.017865][ T7366] netlink: 'syz.1.740': attribute type 4 has an invalid length.
[  516.590554][ T7378] loop4: detected capacity change from 0 to 2048
[  516.870670][ T7381] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  516.896901][ T7382] Can't find a SQUASHFS superblock on nullb0
[  517.636650][ T7392] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  518.452270][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.5.747'.
[  520.001584][ T7413] netlink: 4 bytes leftover after parsing attributes in process `syz.0.751'.
[  520.419183][ T7417] netlink: 'syz.5.755': attribute type 4 has an invalid length.
[  522.914996][ T7459] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  526.780639][ T7471] loop1: detected capacity change from 0 to 2048
[  527.915355][ T7481] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  529.444204][ T7493] Can't find a SQUASHFS superblock on nullb0
[  532.438431][ T7531] loop0: detected capacity change from 0 to 256
[  532.448500][ T7531] FAT-fs (loop0): Unrecognized mount option "shortname=low" or missing value
[  532.497030][ T4358] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  533.730942][ T7535] loop5: detected capacity change from 0 to 2048
[  533.792667][ T7542] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  537.939993][ T7567] loop3: detected capacity change from 0 to 1024
[  538.936161][ T7565] ALSA: mixer_oss: invalid OSS volume ''
[  539.114317][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  539.130604][ T4509] hfsplus: b-tree write err: -5, ino 4
[  540.973853][ T7582] QAT: Device 7 not found
[  541.150488][ T7045] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  541.961047][ T7597] Can't find a SQUASHFS superblock on nullb0
[  542.104164][ T7598] loop4: detected capacity change from 0 to 2048
[  542.217591][ T7604] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  545.527887][ T7611] vivid-000: kernel_thread() failed
[  546.060233][ T7620] loop5: detected capacity change from 0 to 128
[  546.186436][ T7620] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  546.292356][ T7618] loop4: detected capacity change from 0 to 40427
[  546.303383][ T7618] F2FS-fs (loop4): invalid crc value
[  546.332333][ T7618] F2FS-fs (loop4): Found nat_bits in checkpoint
[  546.376283][ T7618] F2FS-fs (loop4): Start checkpoint disabled!
[  546.415386][ T7618] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  548.279026][ T7641] loop1: detected capacity change from 0 to 256
[  548.287320][ T7641] FAT-fs (loop1): Unrecognized mount option "shortname=low" or missing value
[  549.518969][ T6208] kworker/u4:21: attempt to access beyond end of device
[  549.518969][ T6208] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  549.845483][   T14] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  549.891067][ T7654] loop0: detected capacity change from 0 to 2048
[  550.055142][   T14] usb 2-1: Using ep0 maxpacket: 32
[  550.068699][   T14] usb 2-1: config 0 has an invalid interface number: 202 but max is 0
[  550.091360][ T7659] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  550.143883][   T14] usb 2-1: config 0 has no interface number 0
[  550.190744][   T14] usb 2-1: config 0 interface 202 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64
[  550.309819][   T14] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  550.388784][   T14] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  550.641086][   T14] usb 2-1: Product: syz
[  550.681611][   T14] usb 2-1: Manufacturer: syz
[  550.968381][   T14] usb 2-1: SerialNumber: syz
[  551.265706][   T14] usb 2-1: config 0 descriptor??
[  551.390810][   T14] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  552.109666][ T6208] usb 2-1: Failed to submit usb control message: -71
[  552.117352][ T6208] usb 2-1: unable to send the bmi data to the device: -71
[  552.126924][   T14] usb 2-1: USB disconnect, device number 12
[  552.133852][ T6208] usb 2-1: unable to get target info from device
[  552.147468][ T6208] usb 2-1: could not get target info (-71)
[  552.154177][ T6208] usb 2-1: could not probe fw (-71)
[  553.174909][ T7679] vivid-000: kernel_thread() failed
[  560.314799][ T7730] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  560.625489][ T7740] loop1: detected capacity change from 0 to 128
[  560.688450][ T7743] loop0: detected capacity change from 0 to 1024
[  560.732190][ T7740] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  561.256472][ T7745] lo speed is unknown, defaulting to 1000
[  561.279694][ T7745] caif0 speed is unknown, defaulting to 1000
[  562.268532][ T4436] hfsplus: b-tree write err: -5, ino 4
[  563.653672][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  563.660235][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  565.344464][ T7769] sctp: failed to load transform for md5: -2
[  570.296699][ T7815] Bluetooth: MGMT ver 1.22
[  570.763652][ T4324] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  571.555236][ T4324] usb 6-1: Using ep0 maxpacket: 32
[  571.562668][ T4324] usb 6-1: config 0 has an invalid interface number: 54 but max is 0
[  571.600360][ T4324] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  571.631552][ T4324] usb 6-1: config 0 has no interface number 0
[  571.684597][ T4324] usb 6-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=46.42
[  571.711864][ T4324] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  571.875129][ T4324] usb 6-1: Product: syz
[  571.879621][ T4324] usb 6-1: Manufacturer: syz
[  571.894302][ T4324] usb 6-1: SerialNumber: syz
[  571.909691][ T4324] usb 6-1: config 0 descriptor??
[  572.133693][ T4324] ums_eneub6250 6-1:0.54: USB Mass Storage device detected
[  572.158895][ T7844] loop1: detected capacity change from 0 to 128
[  572.386789][ T7844] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  572.472946][ T4324] usb 6-1: USB disconnect, device number 9
[  573.139135][ T7858] Can't find a SQUASHFS superblock on nullb0
[  575.935895][ T7882] loop5: detected capacity change from 0 to 1024
[  576.705365][    T9] hfsplus: b-tree write err: -5, ino 4
[  576.813008][ T7890] process 'syz.4.859' launched './file0/file0' with NULL argv: empty string added
[  577.982473][ T7903] Can't find a SQUASHFS superblock on nullb0
[  578.297865][ T7890] 8021q: adding VLAN 0 to HW filter on device bond0
[  578.460215][ T7890] bond0: (slave rose0): Enslaving as an active interface with an up link
[  578.491582][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  578.756878][ T7912] loop4: detected capacity change from 0 to 256
[  578.765229][ T7912] FAT-fs (loop4): Unrecognized mount option "shortname=low" or missing value
[  578.837830][ T4358] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  580.100237][ T7916] loop5: detected capacity change from 0 to 4096
[  580.996216][ T7931] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  581.454524][ T7936] loop0: detected capacity change from 0 to 256
[  581.767399][ T7936] FAT-fs (loop0): Directory bread(block 64) failed
[  581.835104][ T7936] FAT-fs (loop0): Directory bread(block 65) failed
[  581.939843][ T7936] FAT-fs (loop0): Directory bread(block 66) failed
[  581.985220][ T7936] FAT-fs (loop0): Directory bread(block 67) failed
[  581.999569][ T7945] loop1: detected capacity change from 0 to 128
[  582.026130][ T7936] FAT-fs (loop0): Directory bread(block 68) failed
[  582.153289][ T7948] loop4: detected capacity change from 0 to 1024
[  582.335366][ T7945] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  582.491364][ T7936] FAT-fs (loop0): Directory bread(block 69) failed
[  583.225164][ T7936] FAT-fs (loop0): Directory bread(block 70) failed
[  583.305082][ T7936] FAT-fs (loop0): Directory bread(block 71) failed
[  583.312967][ T7936] FAT-fs (loop0): Directory bread(block 72) failed
[  583.346237][ T4436] hfsplus: b-tree write err: -5, ino 4
[  583.460975][ T7936] FAT-fs (loop0): Directory bread(block 73) failed
[  588.321171][ T7993] loop5: detected capacity change from 0 to 4096
[  588.493895][ T8002] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  591.190082][   T52] block nbd5: Attempted send on invalid socket
[  591.214597][   T52] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 1
[  594.711776][ T8069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.896'.
[  595.327155][ T8073] loop4: detected capacity change from 0 to 4096
[  595.421415][ T8079] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  595.765173][ T8083] loop5: detected capacity change from 0 to 1024
[  596.578634][ T4390] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  597.003569][ T8074] loop0: detected capacity change from 0 to 4096
[  597.078386][ T6208] hfsplus: b-tree write err: -5, ino 4
[  597.597895][ T8090] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  599.075835][ T8109] overlayfs: failed to resolve './file1': -2
[  600.259894][ T8119] netlink: 8 bytes leftover after parsing attributes in process `syz.0.904'.
[  603.165073][ T8144] overlayfs: failed to resolve './bus/file0': -2
[  604.261205][ T8148] cgroup2: Unknown parameter 'trxns'
[  604.957176][ T8155] loop5: detected capacity change from 0 to 4096
[  604.988856][ T8143] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  605.087211][ T8160] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  606.299760][ T8172] loop1: detected capacity change from 0 to 4096
[  606.369817][  T126] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  606.456093][ T8183] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  606.699627][  T126] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  606.758668][  T126] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.045161][  T126] usb 5-1: Product: syz
[  607.073661][  T126] usb 5-1: Manufacturer: syz
[  607.082685][ T8190] netlink: 8 bytes leftover after parsing attributes in process `syz.5.918'.
[  607.112588][  T126] usb 5-1: SerialNumber: syz
[  607.156331][  T126] usb 5-1: config 0 descriptor??
[  608.079923][  T126] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 011
[  608.689878][  T126]  (null): failure setting delay to 10us
[  608.740523][  T126] i2c-tiny-usb: probe of 5-1:0.0 failed with error -5
[  608.832205][  T126] usb 5-1: USB disconnect, device number 11
[  609.205341][ T8201] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  612.602442][ T8220] loop4: detected capacity change from 0 to 4096
[  612.700808][ T8237] Can't find a SQUASHFS superblock on nullb0
[  613.359441][ T8240] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  613.943020][ T8220] NILFS (loop4): error -4 creating segctord thread
[  614.005122][ T4347] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[  614.042500][ T8248] netlink: 8 bytes leftover after parsing attributes in process `syz.3.933'.
[  614.236968][ T4347] usb 1-1: config 1 interface 0 has no altsetting 0
[  615.465960][ T4347] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  615.490203][ T4347] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  615.499695][ T4347] usb 1-1: Product: syz
[  615.503937][ T4347] usb 1-1: Manufacturer: syz
[  615.509438][ T4347] usb 1-1: SerialNumber: syz
[  616.086908][ T4347] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 9 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  617.236375][ T4347] usb 1-1: USB disconnect, device number 9
[  617.244238][ T4347] usblp0: removed
[  617.399953][ T8268] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  618.458777][ T8279] loop1: detected capacity change from 0 to 7
[  618.480604][ T8279] Dev loop1: unable to read RDB block 7
[  618.487585][ T8279]  loop1: unable to read partition table
[  618.499716][ T8279] loop1: partition table beyond EOD, truncated
[  618.508974][ T8279] loop_reread_partitions: partition scan of loop1 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨�â·û
[  618.508974][ T8279] 
) failed (rc=-5)
[  620.519355][ T8295] loop1: detected capacity change from 0 to 4096
[  620.711900][ T8304] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  622.289532][ T8305] netlink: 8 bytes leftover after parsing attributes in process `syz.0.946'.
[  624.605476][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  624.611910][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  625.923184][ T8345] Can't find a SQUASHFS superblock on nullb0
[  628.425150][ T8366] loop3: detected capacity change from 0 to 4096
[  628.465889][ T8370] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  629.493375][ T8369] netlink: 8 bytes leftover after parsing attributes in process `syz.4.960'.
[  629.516130][ T8372] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  629.771870][ T4619] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  632.006070][ T8396] Can't find a SQUASHFS superblock on nullb0
[  632.775304][ T8399] fuse: Bad value for 'fd'
[  634.467544][ T8413] loop0: detected capacity change from 0 to 40427
[  634.477248][ T8413] F2FS-fs (loop0): invalid crc value
[  634.517193][ T8413] F2FS-fs (loop0): Found nat_bits in checkpoint
[  634.551302][ T8413] F2FS-fs (loop0): Start checkpoint disabled!
[  634.580451][ T8413] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  634.906149][ T8420] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  635.902993][ T4419] kworker/u4:11: attempt to access beyond end of device
[  635.902993][ T4419] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  636.166659][ T8424] loop5: detected capacity change from 0 to 1024
[  636.362449][ T8426] loop4: detected capacity change from 0 to 4096
[  636.624532][ T8427] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  637.156932][ T4555] wlan1: Trigger new scan to find an IBSS to join
[  637.641801][ T8434] loop0: detected capacity change from 0 to 4096
[  637.838763][ T8440] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  638.490915][ T4419] wlan1: Creating new IBSS network, BSSID 12:42:72:49:6e:33
[  638.714320][ T8449] Can't find a SQUASHFS superblock on nullb0
[  641.797219][ T8466] loop1: detected capacity change from 0 to 40427
[  641.831376][ T8466] F2FS-fs (loop1): invalid crc value
[  641.887212][ T8466] F2FS-fs (loop1): Found nat_bits in checkpoint
[  641.919681][ T8466] F2FS-fs (loop1): Start checkpoint disabled!
[  641.946248][ T8466] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  642.178366][ T8451] ALSA: mixer_oss: invalid OSS volume ''
[  644.127400][ T4577] hfsplus: b-tree write err: -5, ino 4
[  644.265420][ T4619] kworker/u4:18: attempt to access beyond end of device
[  644.265420][ T4619] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  644.349264][ T8482] loop4: detected capacity change from 0 to 4096
[  644.395403][ T8487] netlink: 4 bytes leftover after parsing attributes in process `syz.5.989'.
[  644.499557][ T8488] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  646.146415][ T8502] netlink: 8 bytes leftover after parsing attributes in process `syz.1.988'.
[  646.462311][ T8507] Can't find a SQUASHFS superblock on nullb0
[  651.176656][ T8544] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  651.402540][ T8539] loop1: detected capacity change from 0 to 2048
[  651.412076][ T8541] loop5: detected capacity change from 0 to 4096
[  651.498401][ T8546] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  651.554817][ T8547] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  652.853492][ T8557] Can't find a SQUASHFS superblock on nullb0
[  653.777476][ T8552] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1004'.
[  654.036722][ T8569] loop5: detected capacity change from 0 to 128
[  654.084929][ T8573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1006'.
[  655.648691][ T8569] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  656.801962][ T8587] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  660.136427][ T8610] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1015'.
[  660.475583][ T8625] Can't find a SQUASHFS superblock on nullb0
[  661.641758][ T8617] ALSA: mixer_oss: invalid OSS volume ''
[  661.925136][ T8637] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1021'.
[  662.007462][ T8626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1018'.
[  663.189349][ T8642] loop0: detected capacity change from 0 to 40427
[  663.258104][ T8642] F2FS-fs (loop0): invalid crc value
[  663.329527][ T8642] F2FS-fs (loop0): Found nat_bits in checkpoint
[  663.376845][ T8642] F2FS-fs (loop0): Start checkpoint disabled!
[  663.764233][ T4619] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  664.100143][ T8642] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  664.406957][ T4577] kworker/u4:17: attempt to access beyond end of device
[  664.406957][ T4577] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  665.155231][ T8671] loop0: detected capacity change from 0 to 2048
[  665.256077][ T8678] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  666.365070][ T8684] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  666.579519][ T8688] loop5: detected capacity change from 0 to 128
[  666.654328][ T8677] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1031'.
[  666.681878][ T8688] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  670.036587][ T8707] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1035'.
[  671.316362][ T4555] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  672.778104][ T8734] Can't find a SQUASHFS superblock on nullb0
[  672.794780][    T9] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  673.820485][ T8744] loop4: detected capacity change from 0 to 40427
[  673.886682][ T8744] F2FS-fs (loop4): invalid crc value
[  673.900036][ T8744] F2FS-fs (loop4): Found nat_bits in checkpoint
[  673.948607][ T8744] F2FS-fs (loop4): Start checkpoint disabled!
[  673.977651][ T8744] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  675.102252][ T8752] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1046'.
[  677.037523][ T8762] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1049'.
[  677.063409][    T9] kworker/u4:0: attempt to access beyond end of device
[  677.063409][    T9] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  678.483393][ T8777] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  679.059250][ T8784] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  680.053473][ T8786] loop5: detected capacity change from 0 to 128
[  680.077750][ T8786] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  681.322949][ T8807] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1062'.
[  681.490307][ T4436] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  683.463222][ T8811] Invalid ELF header magic: != ELF
[  685.474317][ T8832] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  685.951083][ T8836] loop5: detected capacity change from 0 to 40427
[  685.969837][ T8836] F2FS-fs (loop5): invalid crc value
[  686.076060][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  686.082821][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  686.132896][ T8836] F2FS-fs (loop5): Found nat_bits in checkpoint
[  686.163447][ T8836] F2FS-fs (loop5): Start checkpoint disabled!
[  686.175446][ T8836] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  686.610413][ T8850] loop3: detected capacity change from 0 to 40427
[  686.651160][ T8850] F2FS-fs (loop3): invalid crc value
[  686.667972][ T8850] F2FS-fs (loop3): Found nat_bits in checkpoint
[  686.716792][ T8853] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1077'.
[  686.726358][ T8850] F2FS-fs (loop3): Start checkpoint disabled!
[  686.796829][ T8850] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  687.065001][ T4347] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  687.113293][ T8859] loop4: detected capacity change from 0 to 2048
[  687.117235][ T4330] kworker/u4:5: attempt to access beyond end of device
[  687.117235][ T4330] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  687.151579][ T4436] kworker/u4:12: attempt to access beyond end of device
[  687.151579][ T4436] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  687.235034][ T4347] usb 1-1: device descriptor read/64, error -71
[  687.379630][ T8864] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  687.505128][ T4347] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  687.685326][ T4347] usb 1-1: device descriptor read/64, error -71
[  687.817136][ T4347] usb usb1-port1: attempt power cycle
[  688.115152][ T4662] wlan1: Trigger new scan to find an IBSS to join
[  688.265157][ T4347] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  688.327097][ T4347] usb 1-1: device descriptor read/8, error -71
[  688.615699][ T8872] loop3: detected capacity change from 0 to 2048
[  688.675106][ T4347] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  688.715245][ T8872] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  688.725520][ T4347] usb 1-1: device descriptor read/8, error -71
[  688.973814][ T4347] usb usb1-port1: unable to enumerate USB device
[  689.210303][ T4330] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  689.321203][ T8885] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1080'.
[  690.842837][ T8896] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  692.663361][ T8909] loop5: detected capacity change from 0 to 40427
[  692.765057][ T8909] F2FS-fs (loop5): invalid crc value
[  693.228003][ T8915] loop0: detected capacity change from 0 to 40427
[  693.258697][ T8915] F2FS-fs (loop0): invalid crc value
[  693.339355][ T4282] EXT4-fs (loop3): unmounting filesystem.
[  693.359507][ T8915] F2FS-fs (loop0): Found nat_bits in checkpoint
[  693.403584][ T8915] F2FS-fs (loop0): Start checkpoint disabled!
[  693.425113][ T8909] F2FS-fs (loop5): Found nat_bits in checkpoint
[  693.472558][ T8909] F2FS-fs (loop5): Start checkpoint disabled!
[  693.695065][ T8909] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  693.745483][ T8915] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  695.387371][ T4619] kworker/u4:18: attempt to access beyond end of device
[  695.387371][ T4619] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  695.685046][   T26] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  696.442647][   T26] usb 5-1: device descriptor read/64, error -71
[  696.585752][ T4555] kworker/u4:15: attempt to access beyond end of device
[  696.585752][ T4555] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  696.715019][   T26] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  696.761669][ T8944] loop3: detected capacity change from 0 to 4096
[  696.875113][   T26] usb 5-1: device descriptor read/64, error -71
[  696.906718][ T8948] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  697.058624][   T26] usb usb5-port1: attempt power cycle
[  697.465106][   T26] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  697.564566][   T26] usb 5-1: device descriptor read/8, error -71
[  697.645177][ T4555] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  697.855163][   T26] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  697.981467][   T22] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  698.054425][   T26] usb 5-1: device descriptor read/8, error -71
[  698.175188][   T26] usb usb5-port1: unable to enumerate USB device
[  698.185048][   T22] usb 6-1: Using ep0 maxpacket: 32
[  698.194292][   T22] usb 6-1: config index 0 descriptor too short (expected 82, got 18)
[  698.235279][   T22] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  698.270355][   T22] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  698.295242][   T22] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  698.347725][   T22] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  698.421609][   T22] usb 6-1: config 0 descriptor??
[  700.548749][ T8989] Can't find a SQUASHFS superblock on nullb0
[  701.219633][   T22] usb 6-1: string descriptor 0 read error: -71
[  701.246273][   T22] usb 6-1: USB disconnect, device number 10
[  701.270357][ T8987] Cannot find add_set index 0 as target
[  701.359649][ T8990] libceph: resolve '4..' (ret=-3): failed
[  701.500580][ T8999] loop5: detected capacity change from 0 to 1024
[  702.826834][ T9001] loop1: detected capacity change from 0 to 4096
[  702.978452][ T9005] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  703.730806][ T4555] hfsplus: b-tree write err: -5, ino 4
[  704.975150][  T126] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  705.235796][ T4371] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  705.294972][  T126] usb 4-1: device descriptor read/64, error -71
[  705.565034][  T126] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  706.115470][ T4577] wlan1: Trigger new scan to find an IBSS to join
[  706.440088][ T9025] loop1: detected capacity change from 0 to 2048
[  706.558073][ T9031] Can't find a SQUASHFS superblock on nullb0
[  707.209243][  T126] usb 4-1: device descriptor read/64, error -71
[  707.302140][ T9032] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  707.345180][  T126] usb usb4-port1: attempt power cycle
[  707.525704][   T46] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  707.774203][ T9036] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1124'.
[  710.926640][ T9051] loop4: detected capacity change from 0 to 1024
[  710.947758][ T9050] loop5: detected capacity change from 0 to 4096
[  711.013541][ T9053] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  713.982001][ T9072] Can't find a SQUASHFS superblock on nullb0
[  715.354984][   T22] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  715.476193][ T4555] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  715.505154][   T22] usb 1-1: device descriptor read/64, error -71
[  715.685021][   T26] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  715.705054][ T4419] hfsplus: b-tree write err: -5, ino 4
[  715.787143][   T22] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  716.005002][   T26] usb 6-1: Using ep0 maxpacket: 32
[  716.699119][ T9078] ALSA: mixer_oss: invalid OSS volume ''
[  717.368064][ T9089] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1140'.
[  718.361694][   T26] usb 6-1: config index 0 descriptor too short (expected 82, got 18)
[  718.421856][   T22] usb 1-1: device descriptor read/64, error -71
[  718.588832][   T26] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  718.695796][   T22] usb usb1-port1: attempt power cycle
[  718.727797][ T9087] Cannot find add_set index 0 as target
[  718.833122][   T26] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  718.945094][   T26] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  719.098496][   T26] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  719.109487][   T26] usb 6-1: config 0 descriptor??
[  719.115262][   T26] usb 6-1: can't set config #0, error -71
[  719.148276][ T9087] libceph: resolve '4..' (ret=-3): failed
[  719.160296][   T26] usb 6-1: USB disconnect, device number 11
[  720.233020][ T9099] loop5: detected capacity change from 0 to 40427
[  720.247456][ T9099] F2FS-fs (loop5): invalid crc value
[  720.310518][ T9099] F2FS-fs (loop5): Found nat_bits in checkpoint
[  720.341087][ T9099] F2FS-fs (loop5): Start checkpoint disabled!
[  720.366051][ T9099] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  721.302067][ T4531] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  721.457329][ T9115] Can't find a SQUASHFS superblock on nullb0
[  724.187922][ T4436] kworker/u4:12: attempt to access beyond end of device
[  724.187922][ T4436] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  724.419129][ T9129] loop1: detected capacity change from 0 to 1024
[  725.075555][ T9123] ALSA: mixer_oss: invalid OSS volume ''
[  725.465001][ T4347] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  725.668424][ T4347] usb 4-1: Using ep0 maxpacket: 32
[  725.679698][ T4347] usb 4-1: config index 0 descriptor too short (expected 82, got 18)
[  725.731411][ T4347] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  725.801152][ T4347] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  725.846391][ T4347] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.4d
[  725.886894][ T4347] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.989712][ T9136] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  726.089908][ T4347] usb 4-1: config 0 descriptor??
[  726.174978][   T26] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  726.415000][   T26] usb 1-1: Using ep0 maxpacket: 8
[  726.432020][   T26] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  726.628544][ T4347] usb 4-1: string descriptor 0 read error: -71
[  726.635302][   T26] usb 1-1: config 0 has no interfaces?
[  726.649343][   T26] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  726.659158][   T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  726.681995][ T4347] usb 4-1: USB disconnect, device number 14
[  726.724377][   T26] usb 1-1: Product: syz
[  726.765285][   T26] usb 1-1: Manufacturer: syz
[  726.770135][   T26] usb 1-1: SerialNumber: syz
[  726.805835][   T26] usb 1-1: config 0 descriptor??
[  727.157233][ T4419] hfsplus: b-tree write err: -5, ino 4
[  727.711901][ T9150] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1156'.
[  729.722972][   T26] usb 1-1: USB disconnect, device number 17
[  730.195248][ T4531] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  731.156822][ T9161] loop5: detected capacity change from 0 to 40427
[  731.208472][ T9164] Can't find a SQUASHFS superblock on nullb0
[  731.858609][ T9161] F2FS-fs (loop5): invalid crc value
[  731.919919][ T9161] F2FS-fs (loop5): Found nat_bits in checkpoint
[  731.962453][ T9161] F2FS-fs (loop5): Start checkpoint disabled!
[  731.997683][ T9161] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  732.177866][ T9178] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1163'.
[  734.659880][ T9201] loop0: detected capacity change from 0 to 1024
[  735.496204][ T4531] kworker/u4:14: attempt to access beyond end of device
[  735.496204][ T4531] loop5: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  736.494672][ T9213] vivid-007: kernel_thread() failed
[  737.103743][ T9225] Can't find a SQUASHFS superblock on nullb0
[  737.412711][ T4436] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  738.804991][ T4347] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  738.885540][ T4509] hfsplus: b-tree write err: -5, ino 4
[  739.006563][ T4347] usb 5-1: config 0 has no interfaces?
[  739.014544][ T4347] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  739.024682][ T4347] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.033430][ T4347] usb 5-1: Product: syz
[  739.038516][ T4347] usb 5-1: Manufacturer: syz
[  739.044474][ T4347] usb 5-1: SerialNumber: syz
[  739.062758][ T4347] usb 5-1: config 0 descriptor??
[  739.125019][   T26] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  739.302165][ T4347] usb 5-1: USB disconnect, device number 16
[  739.314954][   T26] usb 6-1: Using ep0 maxpacket: 8
[  739.322578][   T26] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  739.334116][   T26] usb 6-1: config 0 has no interfaces?
[  739.350707][   T26] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04
[  739.361374][   T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.371103][   T26] usb 6-1: Product: syz
[  739.376875][   T26] usb 6-1: Manufacturer: syz
[  739.382005][   T26] usb 6-1: SerialNumber: syz
[  739.408359][   T26] usb 6-1: config 0 descriptor??
[  739.939968][ T9247] Can't find a SQUASHFS superblock on nullb0
[  740.862475][ T9259] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1182'.
[  741.058302][ T9253] loop0: detected capacity change from 0 to 40427
[  741.074459][ T9253] F2FS-fs (loop0): invalid crc value
[  741.090809][ T9253] F2FS-fs (loop0): Found nat_bits in checkpoint
[  741.133946][ T9253] F2FS-fs (loop0): Start checkpoint disabled!
[  741.142310][ T9253] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  741.787007][ T4347] usb 6-1: USB disconnect, device number 12
[  742.850913][ T9273] loop5: detected capacity change from 0 to 2048
[  743.058628][ T4330] kworker/u4:5: attempt to access beyond end of device
[  743.058628][ T4330] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  743.115976][ T9278] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  743.159091][ T9279] Can't find a SQUASHFS superblock on nullb0
[  745.480583][ T9294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1191'.
[  746.117590][ T4662] wlan1: Trigger new scan to find an IBSS to join
[  747.477706][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  747.484344][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  748.324269][ T6208] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00
[  749.395513][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  749.985253][ T9313] loop1: detected capacity change from 0 to 40427
[  749.995959][ T9313] F2FS-fs (loop1): invalid crc value
[  750.005220][   T26] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  750.083088][ T9313] F2FS-fs (loop1): Found nat_bits in checkpoint
[  750.114595][ T9313] F2FS-fs (loop1): Start checkpoint disabled!
[  750.134395][ T9313] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  750.340905][   T26] usb 1-1: config 1 interface 0 has no altsetting 0
[  750.658791][   T26] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  750.774150][   T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.996355][   T26] usb 1-1: Product: syz
[  751.017994][   T26] usb 1-1: Manufacturer: syz
[  751.060035][   T26] usb 1-1: SerialNumber: syz
[  751.728427][   T26] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 18 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  751.741572][ T4531] kworker/u4:14: attempt to access beyond end of device
[  751.741572][ T4531] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  752.100078][ T9329] Can't find a SQUASHFS superblock on nullb0
[  753.081262][ T4347] usb 1-1: USB disconnect, device number 18
[  753.133245][ T4347] usblp0: removed
[  753.236252][ T4619] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  753.478082][ T9336] bridge0: port 3(netdevsim0) entered blocking state
[  753.485168][ T9336] bridge0: port 3(netdevsim0) entered disabled state
[  753.494528][ T9336] device netdevsim0 entered promiscuous mode
[  753.501350][ T9336] bridge0: port 3(netdevsim0) entered blocking state
[  753.508674][ T9336] bridge0: port 3(netdevsim0) entered forwarding state
[  753.521429][ T9335] ALSA: mixer_oss: invalid OSS volume ''
[  754.107254][ T9348] Can't find a SQUASHFS superblock on nullb0
[  756.979272][ T9382] Can't find a SQUASHFS superblock on nullb0
[  758.235895][ T9391] Can't find a SQUASHFS superblock on nullb0
[  758.349533][ T9386] bridge0: port 3(netdevsim0) entered blocking state
[  758.358013][ T9386] bridge0: port 3(netdevsim0) entered disabled state
[  758.367166][ T9386] device netdevsim0 entered promiscuous mode
[  758.374650][ T9386] bridge0: port 3(netdevsim0) entered blocking state
[  758.382218][ T9386] bridge0: port 3(netdevsim0) entered forwarding state
[  758.433589][ T9384] ALSA: mixer_oss: invalid OSS volume ''
[  758.851251][   T26] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  759.192799][   T26] usb 6-1: config 1 interface 0 has no altsetting 0
[  759.205879][ T9396] loop1: detected capacity change from 0 to 4096
[  759.212530][   T26] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  759.212562][   T26] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  759.212583][   T26] usb 6-1: Product: syz
[  759.212599][   T26] usb 6-1: Manufacturer: syz
[  759.212614][   T26] usb 6-1: SerialNumber: syz
[  759.393380][ T9400] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  759.569974][ T9406] loop4: detected capacity change from 0 to 2048
[  759.659125][ T9409] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  759.867169][   T26] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  760.069067][ T9412] loop0: detected capacity change from 0 to 1024
[  760.764938][  T126] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  760.967160][  T126] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  760.992994][  T126] usb 5-1: config 0 has no interfaces?
[  761.033879][  T126] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  761.072525][  T126] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.136659][  T126] usb 5-1: Product: syz
[  761.160814][  T126] usb 5-1: Manufacturer: syz
[  761.174659][  T126] usb 5-1: SerialNumber: syz
[  761.194567][  T126] usb 5-1: config 0 descriptor??
[  761.389446][ T4347] usb 6-1: USB disconnect, device number 13
[  761.447407][ T4347] usblp0: removed
[  761.474685][  T126] usb 5-1: USB disconnect, device number 17
[  761.847402][ T9420] loop5: detected capacity change from 0 to 40427
[  761.884668][ T9420] F2FS-fs (loop5): invalid crc value
[  761.892935][ T9420] F2FS-fs (loop5): Found nat_bits in checkpoint
[  761.936796][ T9420] F2FS-fs (loop5): Start checkpoint disabled!
[  761.964429][ T9420] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  763.214988][ T4531] kworker/u4:14: attempt to access beyond end of device
[  763.214988][ T4531] loop5: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  763.848772][ T7045] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  763.950880][ T9431] ALSA: mixer_oss: invalid OSS volume ''
[  764.638562][ T4662] hfsplus: b-tree write err: -5, ino 4
[  765.367452][ T9453] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  765.708371][ T9454] loop0: detected capacity change from 0 to 2048
[  765.916912][ T9460] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  767.581812][ T9470] loop4: detected capacity change from 0 to 40427
[  767.610847][ T9470] F2FS-fs (loop4): invalid crc value
[  767.653018][ T9470] F2FS-fs (loop4): Found nat_bits in checkpoint
[  767.697221][ T9470] F2FS-fs (loop4): Start checkpoint disabled!
[  767.706320][ T9470] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  768.588550][ T4662] kworker/u4:19: attempt to access beyond end of device
[  768.588550][ T4662] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  768.673754][ T9476] loop5: detected capacity change from 0 to 4096
[  768.831755][ T9479] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  769.245188][ T4577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  769.774916][ T9484] ALSA: mixer_oss: invalid OSS volume ''
[  774.632796][ T9520] loop4: detected capacity change from 0 to 40427
[  775.323144][ T9520] F2FS-fs (loop4): invalid crc value
[  775.363847][ T9520] F2FS-fs (loop4): Found nat_bits in checkpoint
[  775.406779][ T9520] F2FS-fs (loop4): Start checkpoint disabled!
[  775.425801][ T9520] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  775.922843][ T9533] libceph: resolve '4..' (ret=-3): failed
[  776.191253][ T4531] kworker/u4:14: attempt to access beyond end of device
[  776.191253][ T4531] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  779.686872][ T9553] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  781.395660][ T4531] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  784.395939][ T9571] loop4: detected capacity change from 0 to 40427
[  784.419257][ T9573] loop1: detected capacity change from 0 to 1024
[  784.500384][ T9571] F2FS-fs (loop4): invalid crc value
[  784.558149][ T9571] F2FS-fs (loop4): Found nat_bits in checkpoint
[  784.602112][ T9571] F2FS-fs (loop4): Start checkpoint disabled!
[  784.625768][ T9571] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  785.215916][    T9] hfsplus: b-tree write err: -5, ino 4
[  785.693544][ T7045] kworker/u4:22: attempt to access beyond end of device
[  785.693544][ T7045] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  785.834957][ T9588] overlayfs: failed to resolve './file1': -2
[  787.199726][ T9594] loop1: detected capacity change from 0 to 4096
[  787.277127][ T9597] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  788.665658][ T4347] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  788.877782][ T4347] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  788.915143][ T4347] usb 4-1: config 27 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  788.955544][ T4347] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  788.984121][ T4347] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.092384][ T4347] snd-usb-audio: probe of 4-1:27.0 failed with error -2
[  789.279639][ T4358] udevd[4358]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  789.295056][ T9615] Cannot find add_set index 0 as target
[  789.361926][ T9615] libceph: resolve '4..' (ret=-3): failed
[  791.094201][ T9626] loop0: detected capacity change from 0 to 40427
[  791.232421][ T9626] F2FS-fs (loop0): invalid crc value
[  791.276155][ T9626] F2FS-fs (loop0): Found nat_bits in checkpoint
[  791.327097][ T9626] F2FS-fs (loop0): Start checkpoint disabled!
[  791.753754][ T9626] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  792.270509][ T4347] usb 4-1: USB disconnect, device number 15
[  792.430599][ T4531] kworker/u4:14: attempt to access beyond end of device
[  792.430599][ T4531] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  793.195338][ T9637] overlayfs: failed to resolve './file1': -2
[  795.485462][ T7045] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  797.247184][ T9663] vivid-007: kernel_thread() failed
[  797.304250][ T9642] loop3: detected capacity change from 0 to 32768
[  798.012868][ T9678] loop3: detected capacity change from 0 to 40427
[  798.027855][ T9678] F2FS-fs (loop3): invalid crc value
[  798.055000][ T9678] F2FS-fs (loop3): Found nat_bits in checkpoint
[  798.088003][ T9678] F2FS-fs (loop3): Start checkpoint disabled!
[  798.206996][ T9678] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  798.910097][ T9686] Invalid ELF header magic: != ELF
[  799.441420][ T4662] kworker/u4:19: attempt to access beyond end of device
[  799.441420][ T4662] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  799.892385][ T9695] overlayfs: failed to resolve './file1': -2
[  801.762622][ T4436] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  803.337017][ T9712] Can't find a SQUASHFS superblock on nullb0
[  808.079703][ T9726] loop3: detected capacity change from 0 to 32768
[  808.546946][ T9750] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  809.040555][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  809.047308][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  809.191265][ T9753] block nbd5: NBD_DISCONNECT
[  810.399123][ T9759] loop0: detected capacity change from 0 to 40427
[  810.449446][ T9759] F2FS-fs (loop0): invalid crc value
[  810.482222][ T9759] F2FS-fs (loop0): Found nat_bits in checkpoint
[  810.513371][ T9759] F2FS-fs (loop0): Start checkpoint disabled!
[  810.531233][ T9759] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  811.947920][ T9762] Cannot find add_set index 0 as target
[  812.055560][ T9768] libceph: resolve '4..' (ret=-3): failed
[  812.111797][    T9] kworker/u4:0: attempt to access beyond end of device
[  812.111797][    T9] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  814.674938][ T4577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  814.943341][ T9800] loop3: detected capacity change from 0 to 2048
[  815.099701][ T9800] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  815.315512][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  816.595610][ T9809] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  816.869632][ T9813] netlink: 'syz.5.1322': attribute type 4 has an invalid length.
[  821.478859][ T9850] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1332'.
[  822.922296][ T9844] Invalid ELF header magic: != ELF
[  823.998849][ T9855] Can't find a SQUASHFS superblock on nullb0
[  825.334143][ T9860] netlink: 'syz.5.1335': attribute type 4 has an invalid length.
[  825.372950][ T4282] EXT4-fs (loop3): unmounting filesystem.
[  826.615391][ T9871] loop4: detected capacity change from 0 to 1024
[  826.718361][ T4531] hfsplus: b-tree write err: -5, ino 4
[  827.105060][   T22] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  827.317485][   T22] usb 1-1: config 0 has no interfaces?
[  827.354894][   T22] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  827.366680][   T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  827.376112][   T22] usb 1-1: Product: syz
[  827.381026][   T22] usb 1-1: Manufacturer: syz
[  827.390030][   T22] usb 1-1: SerialNumber: syz
[  827.448243][   T22] usb 1-1: config 0 descriptor??
[  827.475097][ T4662] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  827.669547][ T4347] usb 1-1: USB disconnect, device number 19
[  828.699438][ T9894] loop1: detected capacity change from 0 to 2048
[  829.073265][ T9902] Can't find a SQUASHFS superblock on nullb0
[  829.962279][ T9894] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  830.030537][ T9907] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1347'.
[  832.938123][ T4275] EXT4-fs (loop1): unmounting filesystem.
[  834.571232][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  837.086772][ T9949] Can't find a SQUASHFS superblock on nullb0
[  839.173763][ T9961] loop4: detected capacity change from 0 to 40427
[  839.183801][ T9961] F2FS-fs (loop4): invalid crc value
[  839.344170][ T9961] F2FS-fs (loop4): Found nat_bits in checkpoint
[  839.388089][ T9961] F2FS-fs (loop4): Start checkpoint disabled!
[  839.435917][ T9961] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  841.476249][ T9976] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1364'.
[  845.890472][ T6208] kworker/u4:21: attempt to access beyond end of device
[  845.890472][ T6208] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  846.330825][ T9998] Can't find a SQUASHFS superblock on nullb0
[  847.315073][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  848.349521][T10009] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  849.534455][ T4619] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  851.075818][T10029] loop3: detected capacity change from 0 to 40427
[  851.506396][T10034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1379'.
[  852.408148][T10029] F2FS-fs (loop3): invalid crc value
[  852.442009][T10029] F2FS-fs (loop3): Found nat_bits in checkpoint
[  852.692044][T10029] F2FS-fs (loop3): Start checkpoint disabled!
[  852.730670][T10029] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  854.519442][T10046] Can't find a SQUASHFS superblock on nullb0
[  855.155380][ T4531] kworker/u4:14: attempt to access beyond end of device
[  855.155380][ T4531] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  855.249720][T10048] loop1: detected capacity change from 0 to 4096
[  856.978827][T10056] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  857.747681][T10067] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  860.197984][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  861.425941][T10084] loop3: detected capacity change from 0 to 1024
[  863.054283][ T4619] hfsplus: b-tree write err: -5, ino 4
[  864.829177][T10107] Can't find a SQUASHFS superblock on nullb0
[  865.817690][T10113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1397'.
[  867.452805][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  867.924474][T10119] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  870.340973][T10127] Invalid ELF header magic: != ELF
[  870.501834][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  870.508349][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  873.550087][T10161] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  873.672167][T10162] Can't find a SQUASHFS superblock on nullb0
[  876.123479][T10172] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1414'.
[  878.613691][ T4292] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  878.634366][ T4292] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  878.650892][ T4292] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  878.661697][ T4292] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  878.676318][ T4292] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  878.797901][T10179] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  879.019696][ T4286] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  879.041191][ T4286] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  879.056472][ T4286] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  879.091058][ T4286] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  879.109132][ T4286] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  879.121790][ T4286] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  879.638324][T10177] lo speed is unknown, defaulting to 1000
[  879.645688][T10177] caif0 speed is unknown, defaulting to 1000
[  880.071752][T10191] loop3: detected capacity change from 0 to 40427
[  880.095558][T10191] F2FS-fs (loop3): invalid crc value
[  880.125642][T10191] F2FS-fs (loop3): Found nat_bits in checkpoint
[  880.158366][T10191] F2FS-fs (loop3): Start checkpoint disabled!
[  880.315013][T10191] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  880.607445][ T4330] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  881.440145][T10179] Bluetooth: hci1: command 0x0409 tx timeout
[  881.471122][ T4577] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  881.810473][T10177] chnl_net:caif_netlink_parms(): no params data found
[  882.114565][T10211] Can't find a SQUASHFS superblock on nullb0
[  882.869659][T10177] bridge0: port 1(bridge_slave_0) entered blocking state
[  882.885095][T10177] bridge0: port 1(bridge_slave_0) entered disabled state
[  882.900570][T10177] device bridge_slave_0 entered promiscuous mode
[  882.916255][T10177] bridge0: port 2(bridge_slave_1) entered blocking state
[  882.924348][T10177] bridge0: port 2(bridge_slave_1) entered disabled state
[  882.933257][T10177] device bridge_slave_1 entered promiscuous mode
[  882.975711][T10177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  883.009020][T10177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  883.221093][ T4619] kworker/u4:18: attempt to access beyond end of device
[  883.221093][ T4619] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  883.268696][T10177] team0: Port device team_slave_0 added
[  883.287908][T10177] team0: Port device team_slave_1 added
[  883.377190][T10177] batman_adv: batadv0: Adding interface: batadv_slave_0
[  883.405136][T10177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  883.494866][T10179] Bluetooth: hci1: command 0x041b tx timeout
[  883.510786][T10177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  883.585400][T10177] batman_adv: batadv0: Adding interface: batadv_slave_1
[  883.592522][T10177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  883.600459][T10226] loop1: detected capacity change from 0 to 4096
[  883.684494][T10229] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  883.940695][T10177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  885.548125][T10177] device hsr_slave_0 entered promiscuous mode
[  885.555007][T10179] Bluetooth: hci1: command 0x040f tx timeout
[  885.568182][T10177] device hsr_slave_1 entered promiscuous mode
[  885.584876][T10177] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  885.664464][T10177] Cannot create hsr debugfs directory
[  886.124066][T10246] Can't find a SQUASHFS superblock on nullb0
[  887.007741][T10254] loop5: detected capacity change from 0 to 128
[  889.301898][T10179] Bluetooth: hci1: command 0x0419 tx timeout
[  889.375472][T10254] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  889.625091][T10257] lo speed is unknown, defaulting to 1000
[  889.632302][T10257] caif0 speed is unknown, defaulting to 1000
[  891.450789][T10274] loop3: detected capacity change from 0 to 40427
[  891.463133][T10274] F2FS-fs (loop3): invalid crc value
[  891.512572][T10274] F2FS-fs (loop3): Found nat_bits in checkpoint
[  891.582500][T10274] F2FS-fs (loop3): Start checkpoint disabled!
[  891.591981][T10177] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  891.595371][T10274] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  892.563738][T10177] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  892.602749][T10177] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  892.707610][T10177] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  893.015100][ T7045] kworker/u4:22: attempt to access beyond end of device
[  893.015100][ T7045] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  893.331420][T10177] 8021q: adding VLAN 0 to HW filter on device bond0
[  893.408233][T10293] Can't find a SQUASHFS superblock on nullb0
[  893.429651][ T4371] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  893.925150][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  893.956024][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  894.059463][T10177] 8021q: adding VLAN 0 to HW filter on device team0
[  894.143009][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  894.171987][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  894.234414][ T6208] bridge0: port 1(bridge_slave_0) entered blocking state
[  894.242434][ T6208] bridge0: port 1(bridge_slave_0) entered forwarding state
[  894.483733][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  894.628527][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  894.789112][ T6208] bridge0: port 2(bridge_slave_1) entered blocking state
[  894.796502][ T6208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  894.950367][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  895.019626][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  895.056253][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  895.165429][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  895.225564][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  895.258722][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  895.365969][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  895.440726][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  895.762324][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  895.862767][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  895.901350][T10312] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1451'.
[  895.947534][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  895.984227][ T4531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  896.034489][T10177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  896.052005][T10308] Invalid ELF header magic: != ELF
[  897.793748][T10339] loop1: detected capacity change from 0 to 128
[  897.853588][T10339] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  899.082444][T10351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1461'.
[  899.165321][    T9] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  900.588031][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  900.669975][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  900.702173][T10177] 8021q: adding VLAN 0 to HW filter on device batadv0
[  901.539390][T10383] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  902.773493][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  902.803504][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  902.951030][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  902.977333][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  903.058312][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  903.086376][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  905.794633][T10177] device veth0_vlan entered promiscuous mode
[  905.822045][T10177] device veth1_vlan entered promiscuous mode
[  905.870476][T10177] device veth0_macvtap entered promiscuous mode
[  905.880720][T10177] device veth1_macvtap entered promiscuous mode
[  905.898483][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  905.910154][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  905.921962][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  905.933275][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  905.944914][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  905.964245][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  905.994910][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  906.023989][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  906.057506][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  906.089030][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  906.165261][T10177] batman_adv: batadv0: Interface activated: batadv_slave_0
[  906.213738][T10413] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1471'.
[  906.265117][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  906.300966][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  906.376371][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  906.415894][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  906.441003][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  906.475528][ T4619] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  906.705292][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  906.724690][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  906.745346][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  906.924263][T10435] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  907.123050][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  907.460660][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  907.471531][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  907.505256][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  907.516604][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  907.527422][T10177] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  907.537968][T10177] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  907.549752][T10177] batman_adv: batadv0: Interface activated: batadv_slave_1
[  907.562192][T10177] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  907.571389][T10177] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  907.580423][T10177] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  907.592590][T10177] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  907.616498][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  907.627241][ T4371] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  907.763380][T10439] loop3: detected capacity change from 0 to 4096
[  907.905003][T10443] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  908.687936][ T4619] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  908.708374][ T4619] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  908.947655][ T4330] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  910.247202][ T7045] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  910.297914][ T7045] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  910.376904][ T6208] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  910.504523][T10475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1486'.
[  912.011734][T10492] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  912.827457][T10477] Cannot find add_set index 0 as target
[  913.007343][T10477] libceph: resolve '4..' (ret=-3): failed
[  913.297354][T10499] loop3: detected capacity change from 0 to 4096
[  913.407300][ T4371] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  913.985271][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  914.111783][T10504] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  917.701780][T10535] fuse: Bad value for 'fd'
[  921.207288][T10553] loop1: detected capacity change from 0 to 4096
[  921.759410][T10565] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  924.873438][T10580] fuse: Bad value for 'fd'
[  925.399239][ T4419] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  927.044980][   T22] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  927.259067][   T22] usb 4-1: config 0 has no interfaces?
[  927.285237][   T22] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  927.331697][   T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  927.421282][   T22] usb 4-1: Product: syz
[  927.427131][   T22] usb 4-1: Manufacturer: syz
[  927.441118][   T22] usb 4-1: SerialNumber: syz
[  927.465894][   T22] usb 4-1: config 0 descriptor??
[  927.474661][T10610] loop6: detected capacity change from 0 to 32768
[  927.701292][T10622] loop1: detected capacity change from 0 to 4096
[  927.704247][   T27] audit: type=1326 audit(1750463967.061:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.6.1518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa200b8e929 code=0x7ffc0000
[  927.822584][   T22] usb 4-1: USB disconnect, device number 16
[  927.830800][   T27] audit: type=1326 audit(1750463967.061:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.6.1518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa200b8e929 code=0x7ffc0000
[  928.022406][   T27] audit: type=1326 audit(1750463967.061:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.6.1518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=86 compat=0 ip=0x7fa200b8e929 code=0x7ffc0000
[  928.049079][   T27] audit: type=1326 audit(1750463967.061:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.6.1518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa200b8e929 code=0x7ffc0000
[  928.080528][   T27] audit: type=1326 audit(1750463967.061:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10606 comm="syz.6.1518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa200b8e929 code=0x7ffc0000
[  928.262020][T10629] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  930.515785][ T6208] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  931.797266][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  931.803855][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  932.072455][T10663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1532'.
[  932.660103][T10675] fuse: Bad value for 'fd'
[  933.544568][T10683] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1536'.
[  933.736883][T10673] loop4: detected capacity change from 0 to 4096
[  933.835751][T10694] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  934.858110][T10692] vivid-007: kernel_thread() failed
[  938.185776][T10738] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1551'.
[  939.385753][T10745] loop4: detected capacity change from 0 to 4096
[  940.500662][T10762] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  943.140136][T10791] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1565'.
[  947.872814][ T7045] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  947.884375][T10797] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  948.195803][T10823] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  957.524243][   T46] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  958.994900][   T14] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  961.363731][   T14] usb 4-1: device not accepting address 17, error -71
[  964.683095][T10970] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  965.275875][ T4555] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  967.342468][T10980] loop4: detected capacity change from 0 to 4096
[  967.559402][T10984] lo speed is unknown, defaulting to 1000
[  967.573742][T10984] caif0 speed is unknown, defaulting to 1000
[  968.568412][T10985] mmap: syz.5.1614 (10985) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  969.846171][T10980] NILFS (loop4): error -4 creating segctord thread
[  971.720862][T10996] Invalid ELF header magic: != ELF
[  973.177026][ T4348] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  973.392571][ T4348] usb 7-1: config 0 has no interfaces?
[  973.416461][ T4348] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  973.477341][ T4348] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.516571][ T4348] usb 7-1: Product: syz
[  973.619190][ T4348] usb 7-1: Manufacturer: syz
[  973.764292][ T4348] usb 7-1: SerialNumber: syz
[  973.998491][ T4348] usb 7-1: config 0 descriptor??
[  974.363888][ T4348] usb 7-1: USB disconnect, device number 2
[  974.766260][T11028] loop3: detected capacity change from 0 to 4096
[  974.838380][T11031] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  977.618140][ T4286] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  977.630413][ T4286] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  977.640319][ T4286] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  977.657666][ T4286] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  977.715720][ T4286] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  977.725542][ T4286] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  978.045978][    T9] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  978.681979][    T9] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  979.277891][T11043] lo speed is unknown, defaulting to 1000
[  979.796706][T10179] Bluetooth: hci0: command 0x0409 tx timeout
[  980.071271][    T9] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  980.289819][T11059] Invalid ELF header magic: != ELF
[  980.434004][T11043] caif0 speed is unknown, defaulting to 1000
[  980.492210][    T9] bridge0: port 3(netdevsim0) entered disabled state
[  980.599633][    T9] device netdevsim0 left promiscuous mode
[  980.667426][    T9] bridge0: port 3(netdevsim0) entered disabled state
[  980.766040][    T9] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  981.875037][T10179] Bluetooth: hci0: command 0x041b tx timeout
[  982.563619][T11077] loop4: detected capacity change from 0 to 4096
[  983.185124][T11082] Cannot find add_set index 0 as target
[  983.492523][T11085] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  983.955018][T10179] Bluetooth: hci0: command 0x040f tx timeout
[  983.963250][T10797] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  983.975257][ T4436] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  984.620969][T11088] overlayfs: missing 'lowerdir'
[  986.034890][T10179] Bluetooth: hci0: command 0x0419 tx timeout
[  987.425117][T11043] chnl_net:caif_netlink_parms(): no params data found
[  988.476802][T11111] Invalid ELF header magic: != ELF
[  989.084069][T11043] bridge0: port 1(bridge_slave_0) entered blocking state
[  989.095091][T11043] bridge0: port 1(bridge_slave_0) entered disabled state
[  989.194603][T11043] device bridge_slave_0 entered promiscuous mode
[  991.317025][ T4555] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  991.699472][T11043] bridge0: port 2(bridge_slave_1) entered blocking state
[  991.744248][T11043] bridge0: port 2(bridge_slave_1) entered disabled state
[  991.786153][T11043] device bridge_slave_1 entered promiscuous mode
[  993.238156][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  993.245098][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  993.446385][T11154] o2cb: This node has not been configured.
[  993.452921][T11154] o2cb: Cluster check failed. Fix errors before retrying.
[  993.460872][T11154] (syz.3.1652,11154,1):user_dlm_register:674 ERROR: status = -22
[  993.468810][T11154] (syz.3.1652,11154,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[  994.450432][T11153] loop4: detected capacity change from 0 to 4096
[  994.581443][T11043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  994.637041][T11043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  994.765116][T11159] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  994.794542][T11043] team0: Port device team_slave_0 added
[  994.865260][T11043] team0: Port device team_slave_1 added
[  994.959721][T11043] batman_adv: batadv0: Adding interface: batadv_slave_0
[  994.981773][T11043] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  995.046713][T11043] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  996.910724][T11043] batman_adv: batadv0: Adding interface: batadv_slave_1
[  996.930501][T11043] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  997.044822][T11043] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  997.076454][ T4531] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  997.686737][T11043] device hsr_slave_0 entered promiscuous mode
[  997.999646][T11043] device hsr_slave_1 entered promiscuous mode
[  998.013722][T11043] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  998.021846][T11043] Cannot create hsr debugfs directory
[  999.508307][    T9] device hsr_slave_0 left promiscuous mode
[  999.525058][    T9] device hsr_slave_1 left promiscuous mode
[  999.580909][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  999.597022][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  999.627472][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  999.684910][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  999.725626][    T9] device bridge_slave_1 left promiscuous mode
[  999.734239][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  999.776800][    T9] device bridge_slave_0 left promiscuous mode
[  999.783346][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  999.991065][    T9] device veth1_macvtap left promiscuous mode
[ 1000.005113][    T9] device veth0_macvtap left promiscuous mode
[ 1004.015878][    T9] team0 (unregistering): Port device team_slave_1 removed
[ 1004.129994][    T9] team0 (unregistering): Port device team_slave_0 removed
[ 1004.309582][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1004.412320][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1005.149112][T11249] page:ffffea000149c640 refcount:4 mapcount:1 mapping:ffff88807da49658 index:0x2 pfn:0x52719
[ 1005.160713][T11249] memcg:ffff888079cdc000
[ 1005.165463][T11249] aops:shmem_aops ino:5f4
[ 1005.169862][T11249] flags: 0xfff60000080015(locked|uptodate|lru|swapbacked|node=0|zone=1|lastcpupid=0x7ff)
[ 1005.180334][T11249] raw: 00fff60000080015 ffffea000149c608 ffffea000149c688 ffff88807da49658
[ 1005.189814][T11249] raw: 0000000000000002 0000000000000000 0000000400000000 ffff888079cdc000
[ 1005.199021][T11249] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio))
[ 1005.207228][T11249] page_owner tracks the page as allocated
[ 1005.214549][T11249] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 11252, tgid 11249 (syz.4.1671), ts 1004448994965, free_ts 1002790603999
[ 1005.233721][T11249]  post_alloc_hook+0x173/0x1a0
[ 1005.239429][T11249]  get_page_from_freelist+0x1a26/0x1ac0
[ 1005.245167][T11249]  __alloc_pages+0x1df/0x4e0
[ 1005.250162][T11249]  __folio_alloc+0xe/0x30
[ 1005.254640][T11249]  vma_alloc_folio+0x4a3/0x900
[ 1005.259632][T11249]  shmem_alloc_and_acct_folio+0x42e/0xb60
[ 1005.265672][T11249]  shmem_get_folio_gfp+0x1361/0x3400
[ 1005.271111][T11249]  shmem_read_mapping_page_gfp+0x99/0x2b0
[ 1005.277427][T11249]  udmabuf_create+0x981/0xf90
[ 1005.282163][T11249]  udmabuf_ioctl+0x1d1/0x2c0
[ 1005.287028][T11249]  __se_sys_ioctl+0xfa/0x170
[ 1005.291685][T11249]  do_syscall_64+0x4c/0xa0
[ 1005.296420][T11249]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1005.302547][T11249] page last free stack trace:
[ 1005.307348][T11249]  free_unref_page_prepare+0x8b4/0x9a0
[ 1005.312879][T11249]  free_unref_page_list+0xbb/0x8e0
[ 1005.318139][T11249]  release_pages+0x1f92/0x2200
[ 1005.323150][T11249]  __pagevec_release+0x6d/0xe0
[ 1005.328343][T11249]  shmem_undo_range+0x75b/0x2050
[ 1005.333441][T11249]  shmem_evict_inode+0x248/0xa40
[ 1005.338719][T11249]  evict+0x485/0x870
[ 1005.342767][T11249]  __dentry_kill+0x431/0x650
[ 1005.347619][T11249]  dentry_kill+0xb8/0x290
[ 1005.352127][T11249]  dput+0xfa/0x1d0
[ 1005.355922][T11249]  __fput+0x5e0/0x920
[ 1005.359965][T11249]  task_work_run+0x1ca/0x250
[ 1005.365063][T11249]  do_exit+0x936/0x2400
[ 1005.370232][T11249]  do_group_exit+0x217/0x2d0
[ 1005.375752][T11249]  __x64_sys_exit_group+0x3b/0x40
[ 1005.380926][T11249]  do_syscall_64+0x4c/0xa0
[ 1005.385570][T11249] ------------[ cut here ]------------
[ 1005.391098][T11249] kernel BUG at mm/filemap.c:153!
[ 1005.396216][T11249] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 1005.402434][T11249] CPU: 1 PID: 11249 Comm: syz.4.1671 Not tainted 6.1.141-syzkaller #0
[ 1005.411438][T11249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1005.422857][T11249] RIP: 0010:filemap_unaccount_folio+0x5cf/0xa80
[ 1005.429617][T11249] Code: 07 38 c1 0f 8c 19 fe ff ff 4c 89 e7 e8 4a 71 27 00 e9 0c fe ff ff e8 b0 f8 d5 ff 48 89 df 48 c7 c6 60 0d 75 8a e8 a1 e1 11 00 <0f> 0b e8 9a f8 d5 ff 48 89 df 48 c7 c6 c0 12 75 8a e8 8b e1 11 00
[ 1005.450421][T11249] RSP: 0018:ffffc9000386f618 EFLAGS: 00010046
[ 1005.457134][T11249] RAX: 1d40cd113c45e500 RBX: ffffea000149c640 RCX: 1d40cd113c45e500
[ 1005.465591][T11249] RDX: 0000000000000002 RSI: ffffffff8a6c1160 RDI: ffffffff8abf1360
[ 1005.474053][T11249] RBP: ffffc9000386f778 R08: dffffc0000000000 R09: fffffbfff1bfd0b6
[ 1005.482716][T11249] R10: fffffbfff1bfd0b6 R11: 1ffffffff1bfd0b5 R12: dffffc0000000000
[ 1005.491282][T11249] R13: dffffc0000000000 R14: ffff88807da49658 R15: ffff88807da49660
[ 1005.499995][T11249] FS:  000055555b37d500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1005.509235][T11249] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1005.516130][T11249] CR2: 000000110c43c5cb CR3: 00000000603a6000 CR4: 00000000003506e0
[ 1005.524429][T11249] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1005.532769][T11249] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1005.540790][T11249] Call Trace:
[ 1005.544196][T11249]  <TASK>
[ 1005.547353][T11249]  __filemap_remove_folio+0xbb/0x860
[ 1005.552780][T11249]  ? __rwlock_init+0x140/0x140
[ 1005.557739][T11249]  ? __bpf_trace_file_check_and_advance_wb_err+0x30/0x30
[ 1005.565159][T11249]  ? _raw_spin_lock_irq+0xab/0xe0
[ 1005.570276][T11249]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[ 1005.575993][T11249]  filemap_remove_folio+0xed/0x2c0
[ 1005.581523][T11249]  truncate_inode_folio+0x59/0x70
[ 1005.586901][T11249]  shmem_undo_range+0x4d2/0x2050
[ 1005.592373][T11249]  ? shmem_truncate_range+0xb0/0xb0
[ 1005.598007][T11249]  ? do_raw_spin_lock+0x11d/0x280
[ 1005.603975][T11249]  ? __rwlock_init+0x140/0x140
[ 1005.608809][T11249]  shmem_evict_inode+0x248/0xa40
[ 1005.613828][T11249]  ? _raw_spin_unlock+0x24/0x40
[ 1005.618759][T11249]  ? inode_wait_for_writeback+0x1b0/0x200
[ 1005.624717][T11249]  ? shmem_free_in_core_inode+0xb0/0xb0
[ 1005.630584][T11249]  ? do_raw_spin_lock+0x11d/0x280
[ 1005.636098][T11249]  ? bit_waitqueue+0x30/0x30
[ 1005.640925][T11249]  ? preempt_schedule+0xa7/0xb0
[ 1005.645845][T11249]  ? do_raw_spin_unlock+0x11d/0x230
[ 1005.651369][T11249]  ? shmem_free_in_core_inode+0xb0/0xb0
[ 1005.657278][T11249]  evict+0x485/0x870
[ 1005.661229][T11249]  ? __lock_acquire+0x7c50/0x7c50
[ 1005.666439][T11249]  ? proc_nr_inodes+0x2f0/0x2f0
[ 1005.672058][T11249]  ? _raw_spin_unlock+0x36/0x40
[ 1005.677316][T11249]  ? iput+0x768/0x980
[ 1005.681725][T11249]  __dentry_kill+0x431/0x650
[ 1005.686555][T11249]  dentry_kill+0xb8/0x290
[ 1005.691277][T11249]  ? dput+0x37/0x1d0
[ 1005.695232][T11249]  dput+0xfa/0x1d0
[ 1005.699223][T11249]  __fput+0x5e0/0x920
[ 1005.703351][T11249]  task_work_run+0x1ca/0x250
[ 1005.708103][T11249]  ? task_work_cancel+0x230/0x230
[ 1005.713447][T11249]  ? __close_range+0x1c5/0x730
[ 1005.718465][T11249]  exit_to_user_mode_loop+0xe6/0x110
[ 1005.724155][T11249]  exit_to_user_mode_prepare+0xb1/0x140
[ 1005.729947][T11249]  syscall_exit_to_user_mode+0x16/0x40
[ 1005.735562][T11249]  do_syscall_64+0x58/0xa0
[ 1005.740223][T11249]  ? clear_bhb_loop+0x60/0xb0
[ 1005.745124][T11249]  ? clear_bhb_loop+0x60/0xb0
[ 1005.750033][T11249]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1005.756350][T11249] RIP: 0033:0x7f80fcf8e929
[ 1005.760936][T11249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1005.781246][T11249] RSP: 002b:00007ffe322ec808 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1005.790000][T11249] RAX: 0000000000000000 RBX: 00007f80fd1b7ba0 RCX: 00007f80fcf8e929
[ 1005.798207][T11249] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1005.806253][T11249] RBP: 00007f80fd1b7ba0 R08: 0000000000000110 R09: 00000010322ecaff
[ 1005.814382][T11249] R10: 00007f80fd1b7ac0 R11: 0000000000000246 R12: 00000000000f55ab
[ 1005.822858][T11249] R13: 00007f80fd1b6080 R14: ffffffffffffffff R15: 00007ffe322ec920
[ 1005.831162][T11249]  </TASK>
[ 1005.834419][T11249] Modules linked in:
[ 1005.838457][T11249] ---[ end trace 0000000000000000 ]---
[ 1005.844137][T11249] RIP: 0010:filemap_unaccount_folio+0x5cf/0xa80
[ 1005.850631][T11249] Code: 07 38 c1 0f 8c 19 fe ff ff 4c 89 e7 e8 4a 71 27 00 e9 0c fe ff ff e8 b0 f8 d5 ff 48 89 df 48 c7 c6 60 0d 75 8a e8 a1 e1 11 00 <0f> 0b e8 9a f8 d5 ff 48 89 df 48 c7 c6 c0 12 75 8a e8 8b e1 11 00
[ 1005.871502][T11249] RSP: 0018:ffffc9000386f618 EFLAGS: 00010046
[ 1005.877789][T11249] RAX: 1d40cd113c45e500 RBX: ffffea000149c640 RCX: 1d40cd113c45e500
[ 1005.885808][T11249] RDX: 0000000000000002 RSI: ffffffff8a6c1160 RDI: ffffffff8abf1360
[ 1005.890373][ T4531] wlan1: Trigger new scan to find an IBSS to join
[ 1005.894024][T11249] RBP: ffffc9000386f778 R08: dffffc0000000000 R09: fffffbfff1bfd0b6
[ 1005.894044][T11249] R10: fffffbfff1bfd0b6 R11: 1ffffffff1bfd0b5 R12: dffffc0000000000
[ 1005.894059][T11249] R13: dffffc0000000000 R14: ffff88807da49658 R15: ffff88807da49660
[ 1005.894073][T11249] FS:  000055555b37d500(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[ 1005.894092][T11249] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1005.894106][T11249] CR2: 000000110c43c5cb CR3: 00000000603a6000 CR4: 00000000003506e0
[ 1005.894123][T11249] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1005.894134][T11249] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1005.894162][T11249] Kernel panic - not syncing: Fatal exception
[ 1005.894468][T11249] Kernel Offset: disabled
[ 1005.977472][T11249] Rebooting in 86400 seconds..