last executing test programs:

16.652507908s ago: executing program 2 (id=3150):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, 0x0})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
mremap(&(0x7f0000ff1000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ffb000/0x4000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x4000000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r4}, 0x8)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, 0x42, 0xa01, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x8801)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)=@base={0xa, 0x16, 0xeb5, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084)
syz_open_procfs(0x0, &(0x7f0000000180)='totmaps\x00')
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)

9.041661809s ago: executing program 2 (id=3163):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10)
r5 = socket$tipc(0x1e, 0x2, 0x0)
r6 = open(&(0x7f00000000c0)='.\x00', 0x101000, 0x190)
getdents(r6, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r6, &(0x7f0000001fc0)=""/184, 0xb8)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r5, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x10)
setsockopt$TIPC_GROUP_LEAVE(r5, 0x10f, 0x88)
sendmsg$tipc(r4, &(0x7f00000008c0)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x41}, 0x1}}, 0x10, &(0x7f0000000500)=[{&(0x7f0000000580)="64175e9752e9599752fc264a327757fe247d4330e7da03322fee83060b9368ecfd1f76c3ba8e73e1821bd81d042606c5e83bfa7fb139bb31b5b9c52e01ba863ee62bb5613be3618e818c27d48213cf90df798db4aeb6d0601c", 0x59}, {&(0x7f0000000440)="ddb8b04cc9be5be009d9c61f267bd6c5f775de4621ea01570c338d679abead8c67e6dc22f6ca9564c567ea080f90325f53f9b3fb99813c9c8c681e67c401e8ee", 0x40}, {&(0x7f0000000680)}, {0x0}], 0x4, 0x0, 0x0, 0x40000}, 0x20000806)

9.038520709s ago: executing program 0 (id=3164):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r3 = io_uring_setup(0x2f35, &(0x7f0000000000)={0x0, 0xfca1, 0x2, 0x2, 0x1e})
io_uring_register$IORING_REGISTER_RING_FDS(r3, 0x13, &(0x7f0000001bc0), 0x2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001a00010029bd70000000000002202000000000000020000008000200ac14141408000300", @ANYRES32, @ANYBLOB], 0x34}}, 0x0)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
socket$packet(0x11, 0x2, 0x300)
set_mempolicy(0x3, &(0x7f0000000100)=0x3, 0x9)

5.254006668s ago: executing program 2 (id=3166):
r0 = gettid()
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
syz_open_procfs$pagemap(r0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
timer_delete(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
tgkill(0x0, r2, 0x27)
fanotify_init(0x200, 0x0)
pipe2$9p(0x0, 0x84880)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x8, 0x3, 0x2a8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x210, 0xffffff7a, 0xffffffff, 0x210, 0xffffffff, 0x7fffffe, 0x0, {[{{@uncond, 0x6, 0x130, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x88, 0x88, 'bm\x00', "00000100cbd047da9ca965f96ad5801f0514d363ee84bb895919d9490f6785fba3c4a44f1e25ecefef2a2d6054f5260ece5ce1a56a5ef73be11d65bfe8c37674024c183ebacdf741cea92ded3a9ca54de15dd9ec8ef62f9e000000000000000000ffffff7f00", 0x80, 0x0, {0x4}}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x6, 0x3, 0x6, '\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, 0x0, 0xff000000, 'team_slave_0\x00', 'ip6gre0\x00', {0xff}, {}, 0x6, 0x3}, 0x0, 0x70, 0x98}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0x0, 0x0, 0x4}, {0x4, 0x5, 0x6}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x308)
r5 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r5, 0xc1205531, &(0x7f0000000540)={0x1, 0x6, 0x0, 0x0, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"})
mount(0x0, 0x0, &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
chroot(0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x1204081, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

5.243065606s ago: executing program 0 (id=3167):
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0), 0x0, 0x1}, 0x38)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000001"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="1c00000040eb06010600ffff00000000017c000004004280040002807c4bd51dd9a005533818d4e724fcfe1e03a422678874d1040c9432848f2194d2d03a1080f8c55255383b386dad1c81abcc9ff9d448a716a18ffc3a405412d3b046e7515ee4eb1e23668f61fb555f86bc06a3b7902d6442492c6013c5a609854a3c61ee21bd02b7d6839a0b8babe5313f23f26413b621f544197cb352b73e7a79831ce9e66bebb212ff4e3109c7b33a375a659b67a44ad932cac169a2606430aff1318cec765d4c6b951a3d6b01ca407384030b311ac84ac19fa75ac0bff0be3f8bf8d8dc96d8eeface33a4a316f3fb6171b5e50b7c80c2b6c68575b7830f4c8528d5e5288d8a33a4f7ec5179d6964773f3e09052beb8f467fc076ba3356f15e8674b240aa3fac6344c6e270f4a3fff14d69c69572e3b246e1e72b420d5589d7b8b24d9d93ac189fba1ace5e74c1445"], 0x1c}}, 0xc000)
sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300), 0x0, &(0x7f0000002400)=[{0x6a0, 0x1, 0x8, "244df5680b8203b6b985638f2545f2ac042a9aee660edf5459c22ed1ed6026739f79e286a1f42ab62b2270f719c0ea01f4cfde2afa600b46d7d34e10f60c895126a9adf4a9885156ee2178974a935091e8c514514f31db8fcb6395a59a1710c7cff57d7f512eb909c22710e93086e706d2a3e4c1a121465944394844b45ed609c9fabb4edaf37a3df4d37a5ea7e027b1c5b22dd328957ae0b6f90667ae9f43322d694eebddddf7f23f1943855002a99e58c8402393d5a7dfd8d88cd1fcb86fe7aac690f8fcffa5b9dc3fdbb4822e588b7773ff35873a5ea7cc83b006d00e70987f313f1b9ba1b1b93ed3eb0362a138f2fba123982919b7aa914be8ba9c71a8d76f7045daafabfb4a50993005e0686440e9f97cc259b5350c86a0effdea17facf052b6772c96ea5fedb6b9497e591f51bd0e02ac86402d6f3fe7d0e856a69c6e3d49d89ba91e2fe519d5ac2186091766c178f274e81493af54a02f7e0b3e47c0a862bd7af9712e65f74595e8c63c91a45ebd081ad910d95f26192ead1daf401b015eb772f4b91bbacf26157d5d6d626eff439e238a6dd9ebce65fb960ae90ec490d5014589a24d107c8b66a587166ce85e9bffd332defeee0c3333d15ed629874fb3259217911d50a1eec22b3c205b3c2068bdbe9d0145de5536049af47bea81d4cffdc45b277e8c06249510d2d429cb3e606d27f40918bd250818d0a09512ed8a2727c81a38e44366deb7ca5e30556b03305ae54b19cc17f6a543a9d397676d1d18c873c30f02a873c6fe6cb1c21d0ebf78c1bc732ef62cbc92e71d461886c9fa5f04d28dc4c7e3b3ed55fb39603c041d27017322610ac1a16c63c91ed376d9bba0df833d185fff47bad911c26a5918034211a3dbe77663f21a22b4bed8a3cbabfcd5622a1bbc3c015d1890391c5f5f57ff316718f57d7927f41724ee25f274c98a22d8cc1f7348cdd5ff604f4fe21d50f21a1638a75b39c6a5e5c0470812e9e7a663f4f61e6f8b008d31c6e9bd4686a17e0f4fb42c06a19436731d612990f7dbdc2d9b6dd4a5152b8cdbef0906e6f6dd07ad305da2d579fb968b000ad7075c91d35f1af5c3783cbeb9306de0cb3f086a0e2950f564b6e1d0ff9bc785d53ed0176c3feaa5356559ebf4508bccc9202ee45d1c20f768f98f60aed75b7da8dba4f1c36a8b668e3a9a19eb431d4759a7b6840c888774194f60f872790fb243fdb2fb1184bc6dd225bfdb447cc1cfa5277569536d051e8069185956aaa7c34217597ab9c93e3ac647542aab63a11dce2a50d9ae996bb2477afc23d2456f36c58a8ca9308aea7548ea875ed4159d2df58cc3edcc0f1afd5fbed7e8fd540a9e97009a801e6d1397670d528f6c8ebbfce8ac7196efb13d05df6d95942f3a5f7629c857e558f0f408cfe6c5d7b9b3c07ac388904b79ffa7f947c0738b1722e6c817cb87cbee4d26d29ac34205523c121677cf55e891a681e9e4a1847ff29a8f440a427ebb9fa040f212b558c0932ad7f7e1115f48c52adcfbfb13ca9fe08f5507a74b04fee211674865f4ffa3f5cfba2fa7640a055efb6e848f4b6f9222bbe3b26a3721ddabc492c0586ca63fb03cc73007bef0e35606cfc629fa1c551eee50593712449e31c730042128ecdf57b35c79d040c6c23c663c5d30e2f3e711c8a9b9949814afee7117207a2b3ee989dd8edf72d997b3baa3ad5b700a8bf3c29d347094df4864bd4f4c234d5ef682b20f2664f7af13ec91c2490b0ddaff7cb2214d84a0a4486e6c51db48c21b6ef2bccf637bd589204716b019f976491ec9eedea1e67d48521a6e42cbc77c808e597a876226ba352c79e5f485ce3dd499f7eb22831a3951b70c5c869c90596fa211a1b9844c8a80e3fccaef546d08c4599f43b08bf198d8ed3b666088b191103f477bcf885bee9e280c9c126f1a2ddff0963ef5da8136f405dd5479e121fccbfa18c290acbee162a13006fcca07773a3da5db87b29c6ee7d66d2340bc053b83d600b5aaab198965f691aa52be98fda0998bb6a330f54575429a3cb7dcca97db0cdf3a2f1003514b1c213875e5306feb23a152898fd2cd25d4b93867018f713fd5d070846cd9981a489bd1b26ddc9c55a84d2d69d2687c5119cda5dffd0f425205aad0533f1bbef18df707d80422c3ce3f41382bf63906622250d2013552d40d97f2ef8bfca77331262e2989401b7644797bad8525f93754b54ad7098bfccb80540686972f7bc6aae896cd999c7bfdef03d14c013fbe14d2664cedbee82453ce9c0353142b5f8a2914572b1e59c072149b467a52979027666a0659c2e509dd6fd542d2410c42509ceca783d663c5c3813becb351d4a6f1602e40d047fedcbcdffad0c"}], 0x6a0}, 0x40000)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff08"], 0x6f4}}, 0x0)

4.636304356s ago: executing program 0 (id=3169):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
openat$vsock(0xffffffffffffff9c, 0x0, 0x2c0c2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
syz_genetlink_get_family_id$batadv(0x0, r0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000002)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
poll(0x0, 0x0, 0x9)
setitimer(0x2, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094)
prlimit64(0x0, 0x0, 0x0, &(0x7f0000000180))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000002640)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2c, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x10}, [@FRA_GENERIC_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2c}]}, 0x24}}, 0x8800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0], 0x3c}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@updsa={0x104, 0x1a, 0x1, 0x0, 0x0, {{@in=@dev, @in=@private}, {@in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x3c}, @in=@multicast2, {}, {}, {}, 0x0, 0x0, 0xa, 0x1, 0x0, 0x20}, [@coaddr={0x14, 0xe, @in6=@rand_addr=' \x01\x00'}]}, 0x104}}, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, 0x0, 0x4000000)

4.573315924s ago: executing program 2 (id=3170):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0xc2381, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0)
r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, r1)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000400)={'veth1\x00', &(0x7f00000004c0)=@ethtool_cmd={0x20, 0x0, 0x3, 0x6, 0x6, 0xf8, 0x6, 0xff, 0xe2, 0x1, 0x6, 0x2, 0x4, 0x6, 0x8, 0x9, [0x80000, 0x1ff]}})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0xfffffffd, 0x10100, 0x3, 0x17b}, &(0x7f0000000180)=<r3=>0x0, 0x0)
syz_io_uring_submit(r3, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b891"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000006c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='/\x00\x00', @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000001c0)="b69736ec6483aed50a1ae88a6a09c9d74fb0cef2d459b5db77fa9f55e7", 0x1d, r5}, 0x68)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000280)=[@mss={0x2, 0x10001}], 0x1)
io_uring_enter(r2, 0x4d10, 0x2, 0x2, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x8400, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r6)

4.327576459s ago: executing program 2 (id=3171):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, 0x0})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
mremap(&(0x7f0000ff1000/0x2000)=nil, 0x2000, 0x4000, 0x3, &(0x7f0000ffb000/0x4000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x4000000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r4}, 0x8)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, 0x42, 0xa01, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x8801)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)=@base={0xa, 0x16, 0xeb5, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084)
syz_open_procfs(0x0, &(0x7f0000000180)='totmaps\x00')
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)

3.34430852s ago: executing program 1 (id=3178):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, 0x0})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)=@base={0xa, 0x16, 0xeb5, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084)
syz_open_procfs(0x0, &(0x7f0000000180)='totmaps\x00')

2.487828013s ago: executing program 3 (id=3180):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$inet6(0xa, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x0, 0x0, 0x0)

2.340452257s ago: executing program 3 (id=3181):
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0xffffffffffffffc6, 0x0, 0x0, {0x7, 0x1f, 0x2, 0xfffffffff9100f4f, 0xd, 0xe000, 0xe, 0x2, 0x0, 0x0, 0x4, 0xffffffff}}, 0x50)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

2.270630094s ago: executing program 3 (id=3182):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000200)='./bus\x00', 0x4000, &(0x7f0000000240)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB=',codepage=cp862,file_umask=0000000041,iocharset=iso8859-5,\x00'], 0x2, 0x362, &(0x7f00000002c0)="$eJzs3U1rE00AB/D/7G7SzZPS7tP2ofCcpFrwVFo9KB60SPHiF/AgxdqmUBoraAUtiNGziDdB8OjNs+hX0Iv4BRQPBcWTXooHV2Z2Nju7nUm36Uta+/+ByWR3dl4yM5uZlDggoiPr4synl6fX5T9RAeADOAd4AEIgAPAfRsM7K6vWi1tG2G+HBIAgssWfX2nYDofyIcheR/JVgH7zGO2NOI7jz+7TX86rpx/7VyDqCWGOYIMH9MFTI1GdD/e9ZHujJet11BgtLDawgbsY6GVxiIio9/Tnv6c/Jfr1PN7zgHE9Dz/sn/+5+c1G78pxILQ//73kdSzk+zOoTsn13tJqs7GgusCgbH0vXSXa0rL2idhHVQfVswf4dWPKZeRip8ri1RaXmo2JlkrgES5oRrQR9biAtCJqTeoqrS7RmKpYaZ3q3lld1aEi63DKUf7hTjlaF8Bvv+GZPbvZ9yXKJN6JD2JWRHiOhfb8L4iFfHPU+xMVhkpS/kl3iqqWURIrV8us+P+qTP5PW+DNq6yWNdf7GsKH9WuEJBVRnL9HaTmfVt1XYQj5rxWS2k25a6euGgYCYXzhodu0HemX9aqRYl61xUqzMTF/s+nq9LvLuqITT8QVMYbveI0ZY/7vydjjcI/M3CgXKqbuGR3rE6iYjnbMUQP4RvmRWSkd8293ydrQBV/zLx/jOs5i4Pa9tWUBgVsyMNdsNrYfCNHNVZsD6VDp8vJjO8t9UyDpiLo7yiPy2YiDUAZkJ9y1TH/HcWw9FaB0W6D7pkwG1JkXWZXXlueEvuftrILyzlk4Na0CnqW5ZXbTAPSR9I7QTe4P2lf1ZQmWuvynbG11xN4h01Ltcq+zBdKscqd89JUaKTXnqUJ/NgKX7y/PNbu9GdFhkjU6Rq/2ujDUC3LeJZL1n7FemVR3HfkQdVj/xFslbqQ45VgBDanHf9orOGWLNVfdvYKrp4Et1lzHTwInqvkcPaQ5PiwmG+ly4iD+VXL7f8oQM/iIa/z+n4iIiIiIiIiIiIiIiIiIiIiIiIjosNnurxHcPydwB/I5rh/B/3iDiIiIiIiIiIiIiIiIiIiIiIiIiIiIiGhnsv1/2/u7VG37/3baqUnxkx1iQr3/b7Z1hqHs/r9+if1/RatcBYnI6U8AAAD//00uW3Y=")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f00000000c0)='./bus\x00', 0xd680, 0x0, 0xbe, 0x0, &(0x7f00000007c0))
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f0000000140)='.\x00', 0x0, 0x112)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

1.854739248s ago: executing program 1 (id=3183):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x770d3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x800}, 0x20)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000001c0)=0x800, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, 0x0, 0x0)
fstat(r2, 0x0)
shmctl$IPC_SET(0x0, 0x1, 0x0)
bind$xdp(r3, &(0x7f0000000100), 0x10)
r4 = syz_open_dev$usbfs(0x0, 0x77, 0x15b701)
ioctl$USBDEVFS_CONTROL(r4, 0xc0105500, 0x0)

1.775190993s ago: executing program 3 (id=3184):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
open_by_handle_at(r0, &(0x7f0000000000)=@shmem={0x4a, 0x1, {0x20, 0x2}}, 0x80002)

799.931106ms ago: executing program 1 (id=3185):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0xc618, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
syz_emit_ethernet(0xbe2, &(0x7f00000015c0)=ANY=[], 0x0)

795.352095ms ago: executing program 2 (id=3186):
syz_mount_image$jfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x6282, &(0x7f000000f900)="$eJzs3U+PG2cdB/Df+N/+CU2jHqoSIbRtA7SU5m8JgQJtD3DohQPKFSXabquIFFASUFpFZKtcOPAiQEgcAXHkxAvogSs3XgCREiSgpw6a9fNsxsaOdze1x7vz+UjOzM/PzPqZfD1re2fGTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8fb3f3iuiIgrv0h3nIj4XHQjOhFrVb0REWsbJ/LyvYh4Lnaa49mI6K9EFLnx6YjXIuLj4xEPHt7ZrO46v8d+fO9Pf//dj4794G9/6J/5z59vdV+fttzt27/+91/uHnx7AQAAoI3KsiyL9DH/ZPp832m6UwDAQuTX/zLJ96uXrt5esv6o1Wq1+hDWdeVkd+tFRGzX16neMzgcDwCHzHZ80nQXaJD8W60XEcea7gSw1IqmO8BcPHh4Z7NI+Rb114ONYXs+F2Qk/+1i9/qOadNZxs8xWdTz615045kp/VlbUB+WSc6/M57/lWH7IC037/wXZVr+g+GlT62T8++O5z/m6OTfmZh/W+X8e/vKvyt/AAAAAABYYvnv/ycaPv678uSbsiePO/67saA+AAAAAAAAAMBn7UnH/9tVGP8PAAAAllX1Wb3ym+OP7pv2XWzV/ZeLiKfGlgdaZiMiViPWm+4HAAAAAAAAAAAAALRJb3gO7+Uioh8RT62vl2VZ3erG6/160vUPu7ZvP7RZ07/kAQBg6OPjY9fyFzuX9cbl9F1//fX19bJcXVsv18u1lfx+drCyWq7VPtfmaXXfymAPb4h7g7L6Yau19epmfV6e1T7+86rHGpTdPXRsMRoMHAAiYvhq9MAr0hFTlk9H0+9yOBzs/0eP/Z+9aPp5CgAAAMxfWZZlkb7O+2Q65t9pulMAwELk1//x4wILq/sLfjy1Wq1Wq1tc15WT3a0XEbFdX6d6z2A4fgA4ZLbjk6a7QIPk32q9iHiu6U4AS61ougPMxYOHdzaLlG9Rfz3YGLbnc0FG8t8udtbL60+azjJ+jsminl/3ohvPTOnPswvqwzLJ+XfG878ybB+k5ead/6JMy7/azhMN9KdpOf/ueP5jjk7+nYn5t1XOv7ev/LvyBwAAAACAJZb//n9iqY7/Dg66OTM97vjvxtweFQAAAAAAAADm68HDO5v5utd8/P8LE5Zz/efRlPMv5N9KOf90/f/uiTcvjS3Xrc3ff+tR/v96eGfz97f++fk83Wv+K3mmSM+sIj0jivRIRS9ND7hhU9zrdwfVI/WLTreXzvkp++/GtbgeW3F2ZNlO2h8etZ8baa962t9pL7vD9vMj7b3d9rz+hZH2fjrTqVzL7adjM34a1+OdnfaqbWXG9q/OaC9ntOf8u/b/Vsr592q3Kv/11F6MTSv3P+r8335fn056nDevffFXZ+e/OTPdi+7uttVV2/dCA/3Z+T85Noif39y6cfr21Vu3bpyLNBm593ykyWcs599Pt5z/Sy8O2/Pv/fr+ev+jwb7zXxb3ojc1/xdr89X2vrzgvjUh5z9It5z/O6n90f5/bHedw53/9P3/lQb6AwAAAAAAAAAAAAAAAI9TluXOJaJvRsTFdP1PU9dmAgCLlV//yyTfv6i6e9D1/zi6HU31X61ecF3U6mIJ+rPQ+tNy3o/39lJtr/pA9X+XrD9LV9eVk71RLyLir/V1qvcMv5z0wwCAZfZpRPyj6U7QGPm3WP6+v2p6qunOAAt184MPf3z1+vWtGzeb7gkAAAAAAAAAcFB5/M+N2vjPp8qyvDu23Mj4r2/FxpOO/9nLM7sDjE4ZqLq7/216nE5Et1Mbbvz5mDb+d3937nHjf/dmPF5/RvtgRvvKjPbVGe0TL/Soyfk/Xxvv/FREnBwbfn10/OejOf7r+Jj3bZDzf6H2fK7y/8rYcvX8y98e5vw7I/mfufX+z87c/ODDV6+9f/W9rfe2fnLh3LmzFy5evHTp0pl3r13fOjv8t8Eez1fOP4997TzQdsn558zl3y45/y+lWv7tkvP/cqrl3y45//x+T/7tkvPPn33k3y45/5dTLf92yfl/NdUj+c/64xKHXs7/lVTb/9sl5/+1VMu/XXL+r6Za/u2S8z+davm3S87/TKr3mP/avPvFYuT88xEu+3+75PzzmQ3yb5ec//lUy79dcv4XUi3/dsn5v5Zq+bdLzv/rqZZ/u+T8L6Za/u2S8/9GquXfLjn/S6mWf7vk/L+Zavm3S87/W6mWf7vk/F9PtfzbJef/7VTLv11y/t9JtfzbJef/3VTLv11y/m+kWv7t8uj7/82YMWMmzzT9mwkAAAAAAAAAAAAAGLeI04mb3kYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgp79xYj113fAfzM3rxxIDEQUic1YeMYY5xNdn2JL7QuJlwbbiUhFHrBdr1rs+AbXrsEGtWOAiUSRkUVbcNDW0CozUuFVfFAK0B5QK0qVYL2gb4gKlQeoiqggFSVVpCt5pz//78zs7Mzu97xZuacz0dKftmZM3POnPnP7H7tfHcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaHTnG2Y/VcuyrFarFRdsyrIX1ecNE5vyS177wh4fAAAAsHa/yP/93M3pgsMruFHDNv90x7e/urCwsJC9b/hPRz+3sJCumMiy0Q1Zll8XXf3B+2uN2wSPZ+O1oYavh7rsfrjL9SNdrh/tcv1Yl+s3dLl+vMv1S07AEjdktXRn2/L/3FSc0uyWbDS/blubWz1e2zBUP3fptlktv83C6IlsLjuVzWbTTdsX29by7b9+Z31fb83ivoYa9rWlvkJ+8ujxeAy1cI63Ne1r8T6jH70+m/jpTx49/tcXnr2t3ex6GprurzjOHVvrx/mJcElxrLVsQzon8TiHGo5zS5vnZLjpOGv57er/3Xqcz63wOIcXD3NdtT7n49lQ/t/fyc/TSC1rc562hMt+dleWZZcXD7t1myX7yoayjU2XDC0+P+PFiqzfR30pvTQbWdU6vXMF67Q+Z7Y1r9PW10R8/u8MtxtZ5hgan6YfPTbW8Lz/fOFa1mlUf9TLvVZa12CvXyv9sgbjuvhO/qCfaLsGt4XH/+j25ddg27XTZg2mx92wBrd2W4NDY8P5MacnoZbfZnEN7mrafjjfUy2fz2zvvAanLpw+NzX/sY/fM3f62MnZk7Nn9uzaNb1n374DBw5MnZg7NTtd/Psaz3b/25gNpdfA1nDu4mvg1S3bNi7VhS+OLXn/vdbX4XiH1+Gmlm17/TocaX1wtfV5QS5d08Vr4z31kz5+ZShb5jWWPz871/46TI+74XU40vA6bPs9pc3rcGQFr8P6Nud2ruxnlpGGf9odw/LfC9a2Bjc1rMHWn0da12Cvfx7plzU4HtbF93Yu/71gSzjeJyZX+/PI8JI1mB5ueO+pX5J+3h8/kI926/L2+hU3jmUX52fP3/vIsQsXzu/KwlgXL2tYK63rdWPDY8qWrNehVa/Xw3N3PHF7m8s3hXM1fk/9X+PLPlf1bfbe2/m5yr+7tT+fTZfuzsLosfU+n+2+m9fP51iWff5bjz34jUc//4Zlz2c9b35iau0/i6dc2vD+O7rM+2/M/c8X+0t39fjw6Ejx+h1OZ2e06f24+akayd+7avm+n5ta2fvxaPhnvd+Pb+nwfry5Zdtevx+Ptj64+H5c6/anHWvT+nyOh3Vyarrz+3F9m827V7smRzq+H98VZi2c/9eEpJByUcPaWW7dpn2NjIyGxzUS99C8Tvc0bT8asll9X0/tvrZ1uuOu4r6G06NbtF7rdKJl216v0/RnX8ut01q3P327Nq3P53hYF7fs6bxO69s8vXft7503xP9seO8c67YGR4fH6sc8mhZh/n6fLdwQ1+C92fHsbHYqm8mvHcvXUy3f1+R9K1uDY+Gf9X6v3NxhDe5o2bbXazB9H1tu7dVGlj74Hmh9PsfDunjyvs5rsL7NG/f39mfXHeGStE3Dz66tf7623J953d5ymq7XWhkJx/mt/Z3/bLa+zakDq82Znc/T3eGSG9ucp9bX73KvqZlsfc7T5nCczx5Y/jzVj6e+zecOrnA9Hc6y7NJH7s//vDf8/crfXfzuV5v+3qXd3+lc+sj9P37xiX9czfEDMPieL8bG4ntdw99MreTv/wEAAICBEHP/UJiJ/A8AAAClEXN//L/CE/kfAAAASiPm/pEwk4rk/81vfHbu+UtZauYvBPH6dBoeKLaLHdfp8PXEwqL65fd/efa//+HSyvY9lGXZzx/4g7bbb34gHldhIhzn1Tc1X77EV+9Z0b6PPnwp7bexv/6FcP/x8ax0GbSr4E5nWfb1mz+T72fi/Vfy+fQDR/P54OUnHq9v89zB4ut4+2deVmz/F6H8e/jEsabbPxPOww/DnH5b+/MRb/eVK6/Zsv+9i/uLt6ttvSl/2E9+oLjf+HtyPvt4sX08z8sd/zc+/dRX6ts/8qr2x39pqP3xPxXu98th/u8riu0bn4P61/F2nwzHH/cXb3fvl77Z9vivfqrY/tybi+2Ohhn3vyN8ve3Nz841nq9HaseaHlf2lmK7uP/p7/5xfn28v3j/rcc/fuRK0/loXR9P/1txP1Mt28fL436iv2/Zf/1+Gtdn3P9Tf3S06Tx32//VB595Rf1+W/d/d8t25z6yM9//4v01/8amv/zkZ9ruLx7P4b891/R4Dr87vI7D/p/8QFiP4fr/u1rcX+tvVzj67ub3n7j9FzZdano80Vt/Wuz/6utO5nPD+A0bb3zRi2+6/Mr6ucuy72wo7q/b/k/+1dmm4//ircX5iNfHjn7r/pcT93/+o5Nnzs5fnJtJZ/XRm/PfnfP24nji8d4c3ltbvz5y9sIHZ89PTE9MZ9lEeX+F3jX7Upg/LsblzlsvLHkH3flweD5v//Ovb9z+r5+Ol//7e4rLr7yt+L716rDdZ8Plm8Lzt7r9L/Xknbfmr+/a0+EIF5b+vuC12LLtvw6saMPw+Ft/Lojr/dzLP5ifh/p1+feN+Lpe4/F/f6a4n6+F87oQfjPz1lsX99e4ffzdCFceKl7vaz5/4W0uPq9/E57vd/ywuP94XPHxfj/8HPPNzc3vd3F9fO3SUOv957/F43J4P8kuF9fHreL5vvLcrW0PL/4ekuzybfnXf5Lu57ZVPczlzH9sfurU3JmLj0xdmJ2/MDX/sY8fOX324pkLR/Lf5XnkQ91uv/j+tDF/f5qZ3bc3y9+tzhbjOnuhj//cw8dn9k9vn5k9ceziiQsPn5s9f/L4/Pzx2Zn57cdOnJj9aLfbz80c2rX74J79uydPzs0cOnDw4J6Dk3NnztYPozioLvZNf3jyzPkj+U3mD+09uOu++/ZOT54+OzN7aP/09OTFbrfPvzdN1m/9+5PnZ08duzB3enZyfu7js4d2Hdy3b3fX3wZ4+tyJ+Ymp8xfPTF2cnz0/VTyWiQv5xfXvfd1uTznN/0fx82yrWvGL+LJ33b0v/X7Wui8/tuxdFZu0/ALRZ8Pvovnnl5w7sJKvY+4fDTOpSP4HAACAKoi5fyzMRP4HAACA0oi5f0OYifwPAAAApRFz/3iYSUXyf+n6/5svrWj/+v/6/43nS/+/Yv3/h/qt/1+8X+j/98Za+/f6/4H+v/6//r/+v/4/PdBv/f+Y+2/IskrmfwAAAKiCmPs3hpnI/wAAAFAaMfffGGYi/wMAAEBpxNz/ojCTiuR//X/9f/1//X/9//b71/8fTPr/nen/d6H/P5VVq/9/uZfHr/+v/89S/db/j7n/xWEmFcn/AAAAUAUx998UZiL/AwAAQGnE3H9zmIn8DwAAAKURc/+mMJOK5H/9f/1//X/9f/3/9vvX/x9M+v+d6f93of/v8//1//X/6al+6//H3P+SMJOK5H8AAACogpj7XxpmIv8DAABA/xm5tpvF3P+yMJMl+f8adwAAAAC84GLuvyVrKYJX5O//9f/1//u//78hXaf/r/+f9WX/fzjT/+8f+v+d6f93of+v/6//r/9PT/Vb/z/P/dl49vIwk4rkfwAAAKiCmPtvDTOR/wEAAKA0Yu7/pTAT+R8AAABKI+b+zWEmFcn/+v/6//3f//f5//r//d7/9/n//UT/vzP9/y70//X/9f/1/+mpfuv/x9x/W5hJRfI/AAAAVEHM/beHmcj/AAAAUBox9/9ymIn8DwAAAKURc/+WMJOK5H/9/7X1/2Pv/Lr1/2NzVP9f/1//X/9f/39F9P870//vQv9f/1//X/+fnuq3/n/M/a8IM6lI/gcAAIAqiLn/jjAT+R8AAABKI+b+V4aZyP8AAABQGjH3T4SZVCT/6/8PxOf/j/n8f/1//X/9f/3/ldH/70z/vwv9f/3/nvT/Fy7p/+v/U+i3/n/M/XeGmVQk/wMAAEAVxNy/NcxE/gcAAIDSiLn/rjAT+R8AAABKI+b+bWEmFcn/+v8D0f/P9P/1//X/9f/1/1dG/78z/f8u9P/1/33+v/4/PdVv/f+Y+18VZlKR/A8AAABVEHP/9jAT+R8AAABKI+b+V4eZyP8AAABQGjH37wgzqUj+1//X/9f/1//X/2+/f/3/waT/35n+fxf6//r/Pev/L+j/6//Th/3/mPtfE2ZSkfwPAAAAVRBz/84wE/kfAAAASiPm/rvDTOR/AAAAKI2Y+yfDTCqS//X/9f/1//X/9f/b71//fzDp/3em/9+F/r/+v8//1/+np/qt/x9z/z1hJhXJ/wAAAFAFMfffG2Yi/wMAAEBpxNw/FWYi/wMAAEBpxNw/HWZSkfyv/6//r/+v/7+q/v8rF+9X/7+g/99f9P870//vQv9f//8F7/+P6v9TKv3W/4+5f1eYSUXyPwAAAFRBzP27w0zkfwAAACiNmPv3hJnI/wAAAFAaMffvDTOpSP7X/9f/1//X//f5/+33r/8/mPT/O+t9/z8+RP1//X/9f5//r//PUv3W/4+5/74wk4rkfwAAAKiCmPv3hZnI/wAAAFAaMffvDzOR/wEAAKA0Yu4/EGZSkfxf1f5/rdZ8HJH+v/5/foH+v/6//v/A0v/vzOf/d6H/r/+v/6//zxo99IeNX/Vb/z/m/oNhJhXJ/wAAAFAFMfe/NsxE/gcAAIDSiLn/V8JM5H8AAAAojZj7fzXMpCL5v6r9/2U+/7/+cPX/9f/1//X/c/r/g0n/vzP9/y70//X/9f/1/+mpZfv/IXqvd/8/5v5DYSYVyf8AAABQBTH3/1qYifwPAAAApRFz/+vCTOR/AAAAKI2Y+w+HmVQk/+v/+/x//X/9f/3/9vtf7/7/WLxf/f810f/vbH36/7X4tqz/r/+v/6//r/9fcf32+f8x978+zKQi+R8AAACqIOb++8NM5H8AAAAojZj73xBmIv8DAABAacTc/8Ywk4rkf/1//f9B6f/fqP+v/9/yeMrW//f5/72h/9+Zz//vQv9f/1//X/+fnuq3/n/M/W8KM6lI/gcAAIAqiLn/zWEm8j8AAACURsz9bwkzkf8BAACgNGLuf2uYSUXyv/6//v+g9P8z/X/9/5bHo/+v/9+O/n9n+v9d6P/r/+v/6//TU/3W/4+5/9fDTCqS/wEAAKAKYu5/IMxE/gcAAIDSiLn/bWEm8j8AAACURsz9bw8zqUj+1//X/9f/1//X/2+/f/3/waT/39mA9f9/cVO4XP+/oP/f38e/2v7/SMvX16X//4Pl+v8LG1pvr//P9dBv/f+Y+98RZlKR/A8AAABVEHP/O8NM5H8AAAAojZj73xVmIv8DAABAacTc/xthJhXJ//r/9eNYbC/r/5e1/z+k/6//r/9fEfr/nQ1Y/9/n/7fQ/+/v4/f5//r/LNVv/f+Y+98dZlKR/A8AAABVEHP/g2Em8j8AAACURsz9D4WZyP8AAABQGjH3vyfMpCL5X//f5/9Xo//v8/8z/X/9/4rQ/+9M/78L/X/9/37r//+n/j+Drd/6/zH3PxxmUpH8DwAAAFUQc/97w0zkfwAAACiNmPt/M8xE/gcAAIDSiLn/fWEmFcn/+v8r7v9PdLq/69//nxjQ/v9j+v/Xsf9/x03Fdvr/+v8s0v/vTP+/C/1//f9+6//7/H8GXL/1/2Puf3+Yycrz//iKtwQAAABeEDH3/1aYSUX+/h8AAACqIOb+3w4zaZv/u/5vNwAAAEAfirn/d8JMKvL3//r/Pv/f5/8Pbv/f5//r/+v/L7V+/f/4zqP/r/+v/x/p/+v/6//Tqt/6/zH3/26YSUXyPwAAAFRBzP0fCDOR/wEAAGAgtPt/slvF3H8kzET+BwAAgNKIuf9omElF8r/+v/6//n+f9v//bOu/fO/b7zy6S/9f/1//f1XW9fP/6y9+n/+v/6//n+j/6//r/9Oq3/r/MfcfCzOpSP4HAACAKoi5//fCTOR/AAAAKI2Y+4+Hmcj/AAAAUBox98+EmVQk/+v/6//r//dp/3+AP/8/ng/9/2Y96//HN139/7aK/n1aRde3///exZ64/v9q+/9jbS/V/9f/H+Tj1//X/2epfuv/x9w/G2ZSkfwPAAAAVRBy/9CJYi5eIf8DAABAacTcfzLMRP4HAACA0oi5/4NhJhXJ//r/+v/6//r/Pv+//f479f9rIz7/v1+l/v3P8heK/n+L/un/t6f/r/8/yMev/6//z1L91v+PuX8uzKQi+R8AAACqIOb+D4WZyP8AAABQGjH3fzjMRP4HAACA0oi5/1SYSUXyv/6//r/+v/6//n/7/af+f/jW0Def/6//39Fa+/f6/4H+f7X7//+j/6//r/9Pb/Rb/z/m/tNh/j97d/JkWZnWcfwkFlRWYBjuXLgxwqV/Agtda7h24caNEYYLHFBxpnAeUVCcFcF5ABUEERWcB1ARxakbupue54GeaLqJ6iDzeZ6qzDx5bmblvXnPed/PZ8HTZFdybxMVWfzI+vYpnex/AAAA6EHu/lvjFvsfAAAAmpG7/xviFvsfAAAAmpG7/xvjlk72v/7/LP3/1UpZ/3/w/a/u//MVN9j/f6n+/7jX1/+f/fn/g/5/tvT/0/T/K4z3/zcNw9BX/+/5//p//T9rMrf+P3f/N8Utnex/AAAA6EHu/m+OW+x/AAAAaEbu/tviFvsfAAAAmpG7/1vilk72/6H+f2fos//PjNfz/z3/X/+v/9f/L9z59v93vv6VT/9/4v7/oXtWvexM+/8Wn/9/09gHt93Pn9W23/8J+/+Lx32+/p8Wza3/z93/rXFLJ/sfAAAAepC7/9viFvsfAAAAmpG7//a4xf4HAACAZuTu//a4pZP9v77n/1/a+/hC+/+i/9f/731A/6//1/8vluf/T+vp+f+3PX/zrS8/9oWPn+b1O+r/R227n1/6+/f8f/0/R82t/8/d/x1xSyf7HwAAAHqQu/874xb7HwAAAJqRu/+74hb7HwAAAJqRu/+745ZO9v/6+v9FP/+/6P/1/3sf0P/r//X/i6X/n9ZT/389r6//1//r//X/rNfc+v/c/d8Tt3Sy/wEAAKAHufu/N26x/wEAAKAZufvviFvsfwAAAGhG7v7LcUsn+1//v/n+/zX9v/4/rv5f/6//3zz9/zT9/wr6f/2//l//z1rNrf/P3X9n3NLJ/gcAAIAe5O7/vrjF/gcAAIBm5O7//rjF/gcAAIBm5O7/gbilk/2v//f8f/2//l//P/76+v9l0v9P0/+voP8/az9/o/5f/6//51qn7P9fnfiyvZb+P3f/D8Ytnex/AAAA6EHu/h+KW+x/AAAAaEbu/h+OW+x/AAAAaEbu/h+JWzrZ//p//b/+X/9/3f3/0Z96e/T/4/T/50P/P202/f/OhdEP6/8X3/97/r/+X//PAXN7/n/u/h+NWzrZ/wAAANCD3P0/FrdM7P9T/8t8AAAAYKty9/943OL7/wAAALB4WZ3l7v+JuKWT/a//1//r//X/nv8//vpT/f/j17w//f+86P+nzab/P4b+X/+/5Pev/9f/c9Tc+v/c/T8Zt3Sy/wEAAKAHufvvilvsfwAAAGhG7v6filvsfwAAAGhG7v6fjls62f/j/f/V/17/fzL6/4PvX/8//vNjXf1//hX1/5P9/5d5/n+f9P/Tzr//v6j/P/jX1/9v0Lbff+P9/6VVn6//Z8zc+v/c/XfHLZ3sfwAAAOhB7v574hb7HwAAAJqRu/9n4hb7HwAAAJqRu/9n45ZO9r/n/+v/9f/L6/89/3/fNp//P5x7/39B/39C+v9pnv+/gv5f/6//9/x/1mpu/X/u/nvjlk72PwAAAPTg3leGvd3/c8Ng/wMAAMASXft7Bw7/htKQu//n4xb7HwAAAJqRu/8X4pZO9r/+X/+v/9f/6//HX/+0/f+qByN7/v/50P9P0/+voP/fRD9/obH+/77jPn8O/f8d+n9m5kD//+TVj2+r/8/d/4txSyf7HwAAAHqQu/+X4hb7HwAAAJqRu/+X4xb7HwAAAJqRu/9X4pZO9v/G+/+JIFb/r//X/+v/W+r/V9H/nw/9/zT9/wr6f8//9/x//T9rdbX/P/j1cFv9f+7+X41bOtn/AAAA0IPc/b8Wt9j/AAAA0Izc/ffFLfY/AAAANCN3/6/HLZ3sf8//1//r//X/+v/x19f/L5P+f5r+f4X4R0H9v/5f/6//Zz0OPP//Gtvq/3P33x+3dLL/AQAAoAe5+x+IW+x/AAAAaEbu/t+IW+x/AAAAaEbu/t+MWzrZ//r/zfb/+XH9v/5/0P/r//X/56Lb/n9n7Feio47p/5/5ustfcfAjvfb/nv+v/9f/6/9Zq1n0/1eu/tNl7v7fils62f8AAADQg9z9vx232P8AAADQjNz9vxO32P8AAADQjNz9vxu3nHL/f/5a39X50f97/r/+X/+v/x9/ff3/MnXb/5+Q5/+voP/X/+v/9f+s1Sz6/2v+PHf/78Utvv8PAAAAzcjd//txi/0PAAAAzcjd/wdxi/0PAAAAzcjd/4dxSyf7X/+v/9f/6//1/+Ovf739/+4wTv9/PvT/0/T/K+j/m+r/v3IYBv2//p/tmlv/n7v/wbilk/0PAAAAPcjd/1DcYv8DAABAM3L3/1HcYv8DAABAM3L3/3Hc0sn+1//r//X/+n/9//jre/7/Mun/p+n/h2F4eOINjPX/Vy7q/xfa/3v+v/6f7Ztb/5+7/0/ilk72PwAAAPQgd//DcYv9DwAAAM3I3f9I3GL/AwAAQDNy9/9p3NLJ/tf/6//1/1vu/2/Q/+v/9f/rpP+fpv9fwfP/9f/6f/0/azW3/j93/6NxSyf7HwAAAHqQu/+xuMX+BwAAgGbk7v+zuMX+BwAAgGbk7n88bulk/+v/9f/6f8//30j/f1n/f5j+/3xsrv8f9P8b7f9f+7xB/6//X/j71//r/znqvPr/V+Pr/ar+P3f/n8ctnex/AAAA6EHu/ifiFvsfAAAAmpG7/y/iFvsfAAAAmpG7/y/jlk72v/5f/6//1/97/v/46+v/l8nz/6fNt//fp//X/y/5/ev/9f8cdV79/3G9/+E/z93/V3FLJ/sfAAAAepC7/8m4xf4HAACAZuTufypusf8BAACgGbn7/zpu6WT/6//1/wf7/2HQ/+v/9f/7zqH/3x30/2un/5+m/19B/99m/3/D0FD/f+nYz9f/M0dz6/9z9/9N3NLJ/gcAAIAe5O7/27jF/gcAAIBm5O7/u7jF/gcAAIBm5O7/+7ilpf3/2vHp2/L7/4uHPlH/PwzDC7d7/r/+f+L19f+z6f/r76r+f330/9P0/yvo/9vs/z3/X//P1syt/8/d/w9xS0v7HwAAADqXu/8f4xb7HwAAAJqRu/+f4hb7HwAAAJqRu/+f45ZO9v/y+//Dn6j/H870/H/9/94H9P/6f/3/Yp21v79/N35N0//r//X/o/38zjH/3DPo//X/+n9GzK3/z93/L3FLJ/sfAAAAepC7/+m4xf4HAACAZuTufyZusf8BAACgGbn7/zVu6WT/6//1//r/Zfb/u/p//b/+f9Rcnv9/yy1f/pz+X//fYv8/Rf+v/9f/c9jc+v/c/f8Wt3Sy/wEAAKAHufv/PW6x/wEAAKAZufufjVvsfwAAAGjGs3sh5+7wH8PQ5f4/2v/fOOwXqvvG+v9o1PT/19D/H3z/+v/xnx+e/6//1/9v3lz6f8//v773r//X/y/5/Z+q//+io5+v/6dFc+v/c/c/F7d0sv8BAACgB7n7/zNusf8BAACgGbn7/ytusf8BAACgGbn7n49bOtn/nv+v/9f/6//1/+Ovr/9fJv3/NP3/Cvr/s/fz+VVV/7/c5/9/jv6f9Zlb/5+7/7/jlr3h98Wfe53/MwEAAIAZyd3/P3FLJ9//BwAAgB7k7v/fuMX+BwAAgGbk7v+/uKWT/a//1//r//X/+v/x19f/L5P+f5r+f4V++v/dsQ9uu58/q22//2b6f8//Z43m1v/n7v//uKWT/Q8AAABte2Xvj7n73xC32P8AAADQjNz9b4xb7H8AAABoRu7+F+KWTva//l//337//zX6/0Ovr//X/7dM/5+/oo/T/6/QT/8/atv9/NLfv/5f/89Rc+v/c/e/GLd0sv8BAACgB7n73xS32P8AAADQjNz9b45b7H8AAABoRu7+t8QtTez/Cyt/hP6/r/5/Z+ix//f8f/2//r8Dlbwvp/9/YPQXac//1//r/5f7/vX/+n+Omlv/n7v/pZ0LDe5/AAAAaNdXfcnXv3jSH/vS3h93h7fGLfY/AAAANCN3/9viFvsfAAAAmpG7/+1xSyf7X//fV//f5/P/9f/6f/1/T5bT/4/T/+v/9f/Lff/6f/0/R82t/8/d/4645Zrht/r/RQ8AAAA4Vzed7ofn7n9n3NLJ9/8BAACgB7n73xW3HNn/V074u9oBAACAucnd/+64pZPv/+v/Z97/Dxvq/+PH6f/36f/1/2Ovr/9fJv3/tDP2/1d29P/6/wkL6P93N/n+9f/6f46aW/+fu/+JR4cu9z8AAAA06sC/UXjP3h93h/fGLfY/AAAANCN3//viFvsfAAAAmpG7//1xSyf7X/8/8/7/up7/f6n+k+f/d97/37U7+vr6/yb6/52xrzvo/1fx/P8V9P+t9/8bff/6f/0/R52i/98bpJvu/3P3fyBu6WT/AwAAQA9y938wbrH/AQAAoBm5+z8Ut9j/AAAA0Izc/R+OWzrZ//r/LfT/d18cho32/yd4/r/+v4/+/5jXb6f//4KbLz/91V/7yINd9v+e/3+M8+z/8+eC/l//r//fp//X/+v/OWxuz//P3f+RuKWT/Q8AAAA9yN3/ctxi/wMAAEAzcvd/NG55ff8/ta13BQAAAKxT7v6PxS2dfP9f/9/i8/+X2f/n3+st9P+Xl9f/Z1Pce//f9fP/9f/H8Pz/afr/FfT/+n/9v/6ftZpb/5+7/+NxSyf7HwAAAHqQu/8TcUvu/51T/6t7AAAAYGZy938ybvH9fwAAAGhG7v5X4pZO9r/+X/+/gf7/kuf/j//88Px//b/+f/P0/9P0/yvo//X/+n/9P2s1t/4/d/+n4pZO9j8AAAD0IHf/q3GL/Q8AAADNyN3/6bjF/gcAAIBm5O7/TNzSyf7X/+v/5/L8/6T/v/p5+v99+n/9/2no/6fp/1fQ/+v/9f/6f9Zqbv1/7v7PBgAA//+PXGeS")
chdir(&(0x7f0000000240)='./file0\x00')
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)

772.956331ms ago: executing program 0 (id=3187):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc43", 0xf)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000004600)=[{{0x0, 0x0, &(0x7f0000002100)=[{&(0x7f0000000740)=""/217, 0xd9}], 0x1}, 0x3b83}], 0x1, 0x20001000, 0x0)

600.302969ms ago: executing program 3 (id=3188):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x54}, 0x0)
write$binfmt_script(r1, &(0x7f0000000600), 0xfec8)
recvmmsg(r1, &(0x7f0000000fc0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/31, 0x1f}], 0x1}}], 0x1, 0x100, 0x0)

563.327812ms ago: executing program 1 (id=3189):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000480), 0xc2381, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x4000)=nil, 0x930, 0x0, 0x7d7b465c1d30afba, 0xffffffffffffffff, 0x0)
r1 = add_key$keyring(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x3}, 0x0, 0x0, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, r1)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000400)={'veth1\x00', &(0x7f00000004c0)=@ethtool_cmd={0x20, 0x0, 0x3, 0x6, 0x6, 0xf8, 0x6, 0xff, 0xe2, 0x1, 0x6, 0x2, 0x4, 0x6, 0x8, 0x9, [0x80000, 0x1ff]}})
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0)
r2 = syz_io_uring_setup(0x313f, &(0x7f0000000080)={0x0, 0xfffffffd, 0x10100, 0x3, 0x17b}, &(0x7f0000000180)=<r3=>0x0, 0x0)
syz_io_uring_submit(r3, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b891"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000006c0)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB="2f00000010", @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000200)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f00000001c0)="b69736ec6483aed50a1ae88a6a09c9d74fb0cef2d459b5db77fa9f55e7", 0x1d, r5}, 0x68)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000280)=[@mss={0x2, 0x10001}], 0x1)
io_uring_enter(r2, 0x4d10, 0x2, 0x2, 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x8400, 0x0)
r6 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r6)

543.379549ms ago: executing program 0 (id=3190):
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0xffffffffffffffc6, 0x0, 0x0, {0x7, 0x1f, 0x2, 0xfffffffff9100f4f, 0xd, 0xe000, 0xe, 0x2, 0x0, 0x0, 0x4, 0xffffffff}}, 0x50)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x8, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

286.077772ms ago: executing program 1 (id=3191):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="9b0f2bbd7000ffdbdf2d01"], 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x4040100)

188.276064ms ago: executing program 3 (id=3192):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, 0x0})
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)=@base={0xa, 0x16, 0xeb5, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084)
syz_open_procfs(0x0, &(0x7f0000000180)='totmaps\x00')

36.178796ms ago: executing program 0 (id=3193):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_clone(0x0, 0x0, 0xfffffffffffffe7b, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x20)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000280)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="61023300503001000802110000010802110000005050505050506e725c840632aeeaee223136a10531bf492663480c6c5b229bed132c674fd1b19440196a546f52fd000000000000000b3cf7ba67a8104c6606b2b1a4de4b2f3af7042a6f5ac9240ac4d2a6af64dafb3dfa3959fbeb7c97490e16fa8cc40c187b2941b9644160bfced809435fc04b637dc012a637519bba88da85d7aba3884f3a9c3350a498df2a48faeec2505a773a337669b3ec0688d19f8c2e2658f1033ba11a1b3894c8a64a4185d8d015e728a84b2709de7ba2b2219582eb78c7de11e63dd0596c6a47933296011ee5c36fd4bed6e3"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="5e7a4ff08aec3dc9569bd919122c2f72d2f36763961f8f24", @ANYRES16=r1, @ANYBLOB="00012abd7000fedbdf252100000008000300", @ANYRES32, @ANYBLOB="0600eb005f290000"], 0x24}}, 0x804)
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)

0s ago: executing program 1 (id=3194):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x10)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_ONE_REG(r2, 0x4048aecb, &(0x7f0000000040)=@arm64_ccsidr={0x6020000000110009, 0x0})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0}, 0x4000000)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r4}, 0x8)
r5 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)={0x14, 0x42, 0xa01, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x8801)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000000)=@base={0xa, 0x16, 0xeb5, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20040084)
syz_open_procfs(0x0, &(0x7f0000000180)='totmaps\x00')
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

3(vlan2) entered blocking state
[  779.153283][T12502] bridge0: port 3(vlan2) entered disabled state
[  779.161456][T12502] vlan2: entered promiscuous mode
[  779.216926][T12502] dummy0: entered promiscuous mode
[  780.643381][T12523] netlink: 'syz.1.1955': attribute type 12 has an invalid length.
[  782.685307][T12531] ipt_ECN: cannot use operation on non-tcp rule
[  782.737126][T12529] netlink: 1008 bytes leftover after parsing attributes in process `syz.1.1957'.
[  783.034299][T12538] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1960'.
[  784.313832][T12549] netlink: 'syz.1.1965': attribute type 12 has an invalid length.
[  787.403502][ T5858] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  787.616776][ T5858] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[  787.625684][ T5858] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  787.652113][ T5858] usb 4-1: config 0 has no interfaces?
[  787.677099][ T5858] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  787.717883][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  787.922989][ T5858] usb 4-1: config 0 descriptor??
[  788.048885][T12588] netlink: 'syz.2.1975': attribute type 12 has an invalid length.
[  788.252185][ T5823] usb 4-1: USB disconnect, device number 14
[  789.027658][T12606] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1980'.
[  789.075547][T12606] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1980'.
[  791.481442][T12645] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1993'.
[  791.514926][T12645] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1993'.
[  791.778503][T11515] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  791.881578][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  792.083688][T11515] usb 2-1: device descriptor read/64, error -32
[  792.353546][T11515] usb 2-1: new full-speed USB device number 12 using dummy_hcd
[  792.993446][ T5823] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  793.168237][T11515] usb 2-1: config index 0 descriptor too short (expected 28277, got 36)
[  793.184554][T11515] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  793.203256][T11515] usb 2-1: config 0 has no interfaces?
[  793.219254][T11515] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  793.238928][T11515] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.247230][ T5823] usb 4-1: Using ep0 maxpacket: 32
[  793.269312][ T5823] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  793.289558][T11515] usb 2-1: config 0 descriptor??
[  793.303455][ T5823] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  793.328776][ T5823] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  793.341922][ T5823] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  793.357421][T12665] syzkaller1: entered promiscuous mode
[  793.375728][T12665] syzkaller1: entered allmulticast mode
[  793.381244][ T5823] usb 4-1: Product: syz
[  793.396141][ T5823] usb 4-1: Manufacturer: syz
[  793.417683][ T5823] hub 4-1:4.0: USB hub found
[  793.602188][T11515] usb 2-1: USB disconnect, device number 12
[  793.623268][ T5804] usb 1-1: new low-speed USB device number 12 using dummy_hcd
[  793.650931][ T5823] hub 4-1:4.0: 2 ports detected
[  793.846272][ T5804] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  793.855445][ T5823] hub 4-1:4.0: hub_hub_status failed (err = -71)
[  793.867953][ T5804] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  793.879092][ T5823] hub 4-1:4.0: config failed, can't get hub status (err -71)
[  793.896121][ T5804] usb 1-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  793.916985][ T5804] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  793.931251][ T5804] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  793.943576][ T5823] usb 4-1: USB disconnect, device number 15
[  793.954813][ T5804] usb 1-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  793.971161][ T5804] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  793.981820][ T5804] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  793.994384][ T5804] usb 1-1: config 168 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping
[  794.011538][ T5804] usb 1-1: string descriptor 0 read error: -22
[  794.018897][ T5804] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  794.028983][ T5804] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  794.044196][ T5804] adutux 1-1:168.0: interrupt endpoints not found
[  794.303849][T12675] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2005'.
[  794.317117][T12675] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2005'.
[  794.782399][ T5823] usb 1-1: USB disconnect, device number 12
[  797.356299][ T5823] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  797.545015][ T5823] usb 2-1: config index 0 descriptor too short (expected 28277, got 36)
[  797.560364][ T5823] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  797.571112][ T5823] usb 2-1: config 0 has no interfaces?
[  797.583099][ T5823] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  797.598416][ T5823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  797.613459][ T5828] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  797.614070][ T5823] usb 2-1: config 0 descriptor??
[  797.840529][ T5823] usb 2-1: USB disconnect, device number 13
[  797.853690][ T5828] usb 1-1: Using ep0 maxpacket: 32
[  797.866201][ T5828] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  797.879663][ T5828] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  797.908625][ T5828] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  797.918288][ T5828] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  797.927231][ T5828] usb 1-1: Product: syz
[  797.931549][ T5828] usb 1-1: Manufacturer: syz
[  797.957368][ T5828] hub 1-1:4.0: USB hub found
[  798.161571][ T5828] hub 1-1:4.0: config failed, can't read hub descriptor (err -22)
[  798.232700][ T5828] usb 1-1: USB disconnect, device number 13
[  799.837161][T12751] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2032'.
[  799.884145][T12751] vlan2: entered allmulticast mode
[  799.897648][T12751] dummy0: entered allmulticast mode
[  800.002703][T12753] netlink: 'syz.0.2032': attribute type 10 has an invalid length.
[  800.078649][T12753] team0: Port device dummy0 added
[  800.683442][ T5828] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  800.897660][ T5828] usb 1-1: Using ep0 maxpacket: 32
[  800.910080][ T5828] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  800.937387][ T5828] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  800.966372][ T5828] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  800.983224][ T5828] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  801.006940][ T5828] usb 1-1: Product: syz
[  801.011170][ T5828] usb 1-1: Manufacturer: syz
[  801.038208][ T5828] hub 1-1:4.0: USB hub found
[  802.107755][ T5828] hub 1-1:4.0: config failed, can't read hub descriptor (err -22)
[  802.173603][ T5828] usb 1-1: USB disconnect, device number 14
[  806.021490][T12829] syzkaller1: entered promiscuous mode
[  806.027043][T12829] syzkaller1: entered allmulticast mode
[  806.121826][   T27] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  806.180020][T12835] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2064'.
[  806.190213][T12835] netlink: 'syz.3.2064': attribute type 10 has an invalid length.
[  806.217937][T12835] bridge0: port 3(vlan2) entered blocking state
[  806.224592][T12835] bridge0: port 3(vlan2) entered forwarding state
[  806.236197][T12835] team0: Port device dummy0 added
[  806.323260][   T27] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  806.336539][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  806.351882][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  806.362119][   T27] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  806.383114][   T27] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  806.392607][   T27] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  806.401498][   T27] usb 2-1: Manufacturer: syz
[  806.414009][   T27] usb 2-1: config 0 descriptor??
[  807.020132][   T27] appleir 0003:05AC:8243.0005: unknown main item tag 0x0
[  807.109125][   T27] appleir 0003:05AC:8243.0005: No inputs registered, leaving
[  807.321313][   T27] appleir 0003:05AC:8243.0005: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  807.436000][   T27] usb 2-1: USB disconnect, device number 14
[  807.672649][T12853] fido_id[12853]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  808.265833][   T28] audit: type=1326 audit(1773226210.197:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12863 comm="syz.1.2074" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5a6859c799 code=0x0
[  808.627129][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  808.633923][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  808.969430][T12855] netlink: 'syz.2.2070': attribute type 12 has an invalid length.
[  812.848682][T12909] netlink: 'syz.2.2090': attribute type 12 has an invalid length.
[  816.681775][T12984] netlink: 'syz.0.2112': attribute type 10 has an invalid length.
[  819.298914][T13024] ipt_ECN: cannot use operation on non-tcp rule
[  820.626527][T13044] netlink: 'syz.0.2127': attribute type 10 has an invalid length.
[  827.744654][T13113] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2148'.
[  830.204359][T13135] netlink: 'syz.3.2155': attribute type 12 has an invalid length.
[  832.393306][T13162] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.2164'.
[  832.494536][T13159] usb usb9: usbfs: process 13159 (syz.0.2163) did not claim interface 0 before use
[  832.865604][T13182] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2170'.
[  832.876448][T13182] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2170'.
[  836.251445][T13203] netlink: 'syz.1.2177': attribute type 12 has an invalid length.
[  837.929019][T13232] netlink: 'syz.1.2186': attribute type 12 has an invalid length.
[  838.001406][ T5858] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  838.116725][T13238] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2190'.
[  838.148576][T13238] netlink: 'syz.1.2190': attribute type 10 has an invalid length.
[  838.178075][ T5858] usb 1-1: device descriptor read/64, error -71
[  838.221421][T13238] bridge0: port 3(vlan4) entered disabled state
[  838.274064][T13243] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  838.421061][T13246] syzkaller1: entered promiscuous mode
[  838.434019][T13246] syzkaller1: entered allmulticast mode
[  838.496525][ T5858] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  838.674961][ T5858] usb 1-1: device descriptor read/64, error -71
[  838.865633][ T5858] usb usb1-port1: attempt power cycle
[  839.549919][ T5858] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  839.619656][ T5858] usb 1-1: device descriptor read/8, error -71
[  839.869133][T13261] netlink: 'syz.1.2198': attribute type 12 has an invalid length.
[  840.103738][ T5858] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  840.166110][ T5858] usb 1-1: device descriptor read/8, error -71
[  840.301462][T13268] netlink: 'syz.1.2201': attribute type 10 has an invalid length.
[  840.313788][ T5858] usb usb1-port1: unable to enumerate USB device
[  840.490920][T13271] syzkaller1: entered promiscuous mode
[  840.496674][T13271] syzkaller1: entered allmulticast mode
[  841.546513][T13290] netlink: 'syz.3.2210': attribute type 10 has an invalid length.
[  841.619454][T13290] bridge0: port 3(vlan2) entered disabled state
[  841.795276][T13294] syzkaller1: entered promiscuous mode
[  841.801090][T13294] syzkaller1: entered allmulticast mode
[  842.174514][T13298] netlink: 'syz.0.2208': attribute type 12 has an invalid length.
[  842.922239][ T5858] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  843.468008][ T5858] usb 3-1: device descriptor read/64, error -71
[  844.741240][ T5858] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  844.891269][ T5858] usb 3-1: device descriptor read/64, error -71
[  845.013403][ T5858] usb usb3-port1: attempt power cycle
[  845.461193][ T5858] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  845.523129][ T5858] usb 3-1: device descriptor read/8, error -71
[  845.800947][ T5858] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  846.025916][ T5858] usb 3-1: device not accepting address 14, error -71
[  846.094291][ T5858] usb usb3-port1: unable to enumerate USB device
[  846.768775][T13343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  847.540125][ T5804] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  847.983655][ T5804] usb 3-1: device descriptor read/64, error -71
[  848.299660][ T5804] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  848.469392][ T5804] usb 3-1: device descriptor read/64, error -71
[  848.592109][ T5804] usb usb3-port1: attempt power cycle
[  848.929214][ T5823] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  849.009175][ T5804] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  849.051142][ T5804] usb 3-1: device descriptor read/8, error -71
[  849.131905][ T5823] usb 2-1: Using ep0 maxpacket: 16
[  849.207406][ T5823] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  849.253256][ T5823] usb 2-1: config 0 has no interface number 0
[  849.291680][ T5823] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  849.356278][ T5823] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  849.409736][ T5804] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  849.513803][ T5804] usb 3-1: device descriptor read/8, error -71
[  849.538441][ T5823] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  849.570864][ T5823] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  849.606654][ T5823] usb 2-1: Product: syz
[  849.625397][ T5823] usb 2-1: SerialNumber: syz
[  849.779662][ T5804] usb usb3-port1: unable to enumerate USB device
[  849.820743][ T5823] usb 2-1: config 0 descriptor??
[  849.943327][ T5823] cm109 2-1:0.8: invalid payload size 0, expected 4
[  850.029858][ T5823] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input82
[  853.352034][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.361046][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.368973][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.376090][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.383638][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.390749][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.398007][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.405159][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.412399][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.419550][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  853.447589][ T5823] usb 2-1: USB disconnect, device number 15
[  853.453627][    C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  853.532409][ T5823] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  853.606834][   T27] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  853.828136][   T27] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[  853.845086][   T27] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  853.858231][   T27] usb 1-1: config 0 has no interface number 0
[  853.864357][   T27] usb 1-1: config 0 interface 251 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  853.910887][   T27] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  853.920122][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.936428][   T27] usb 1-1: Product: syz
[  853.941205][   T27] usb 1-1: Manufacturer: syz
[  853.945851][   T27] usb 1-1: SerialNumber: syz
[  853.957449][   T27] usb 1-1: config 0 descriptor??
[  853.975803][   T27] asix: probe of 1-1:0.251 failed with error -22
[  854.444057][T13407] block device autoloading is deprecated and will be removed.
[  855.844055][T13412] netlink: 'syz.1.2255': attribute type 10 has an invalid length.
[  856.431647][ T5828] usb 1-1: USB disconnect, device number 19
[  856.698672][T13418] netlink: 'syz.3.2253': attribute type 12 has an invalid length.
[  859.423959][T13435] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  860.603849][T13461] netlink: 'syz.3.2269': attribute type 12 has an invalid length.
[  864.491371][ T5823] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  864.694917][ T5823] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 959
[  864.721979][ T5823] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  864.732369][ T5823] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  864.751687][ T5823] usb 3-1: New USB device found, idVendor=1199, idProduct=b000, bcdDevice=e5.38
[  864.760838][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  864.774780][ T5823] usb 3-1: Product: syz
[  864.781473][ T5823] usb 3-1: Manufacturer: syz
[  864.792879][ T5823] usb 3-1: SerialNumber: syz
[  864.806951][ T5823] usb 3-1: config 0 descriptor??
[  864.826554][T13481] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  865.471251][ T5823] usb 3-1: USB disconnect, device number 19
[  866.263343][T13517] netlink: 'syz.2.2289': attribute type 2 has an invalid length.
[  866.304065][T13517] netlink: 60 bytes leftover after parsing attributes in process `syz.2.2289'.
[  867.420367][   T27] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  867.602361][   T27] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  867.611848][   T27] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  867.622699][   T27] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  867.636325][   T27] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  867.647614][   T27] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  867.661088][   T27] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  867.670488][   T27] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  867.678615][   T27] usb 1-1: Product: syz
[  867.683144][   T27] usb 1-1: Manufacturer: syz
[  867.695968][   T27] cdc_wdm 1-1:1.0: skipping garbage
[  867.701402][   T27] cdc_wdm 1-1:1.0: skipping garbage
[  867.708024][   T27] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  867.714530][   T27] cdc_wdm 1-1:1.0: Unknown control protocol
[  868.604023][T10469] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  868.643937][T10469] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  868.695883][T10469] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  868.705994][T10469] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  868.720740][T10469] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  868.728771][T10469] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  869.019596][ T5828] usb 1-1: USB disconnect, device number 20
[  869.623011][T13545] lo speed is unknown, defaulting to 1000
[  870.019534][T13545] chnl_net:caif_netlink_parms(): no params data found
[  870.035558][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  870.044345][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  870.189467][T13545] bridge0: port 1(bridge_slave_0) entered blocking state
[  870.196928][T13545] bridge0: port 1(bridge_slave_0) entered disabled state
[  870.205125][T13545] bridge_slave_0: entered allmulticast mode
[  870.213518][T13545] bridge_slave_0: entered promiscuous mode
[  870.223618][T13545] bridge0: port 2(bridge_slave_1) entered blocking state
[  870.231412][T13545] bridge0: port 2(bridge_slave_1) entered disabled state
[  870.238945][T13545] bridge_slave_1: entered allmulticast mode
[  870.246722][T13545] bridge_slave_1: entered promiscuous mode
[  870.287294][T13545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  870.300815][T13545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  870.547828][T13545] team0: Port device team_slave_0 added
[  870.572850][T13545] team0: Port device team_slave_1 added
[  870.659089][T13545] batman_adv: batadv0: Adding interface: batadv_slave_0
[  870.659109][T13545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  870.659137][T13545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  870.661491][T13545] batman_adv: batadv0: Adding interface: batadv_slave_1
[  870.661505][T13545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  870.661532][T13545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  870.845266][T13545] hsr_slave_0: entered promiscuous mode
[  870.856961][T13545] hsr_slave_1: entered promiscuous mode
[  870.866342][T13545] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  870.866492][T13545] Cannot create hsr debugfs directory
[  870.908500][T10469] Bluetooth: hci4: command tx timeout
[  871.256954][T13545] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.410854][T13545] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  871.557056][T13545] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  872.691311][T13545] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  872.994752][T10469] Bluetooth: hci4: command tx timeout
[  873.417105][   T27] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  873.503165][T13545] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  873.616862][   T27] usb 1-1: Using ep0 maxpacket: 32
[  873.641742][T13545] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  873.641876][   T27] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  873.666908][   T27] usb 1-1: config 4 has 0 interfaces, different from the descriptor's value: 1
[  873.682657][   T27] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  873.692229][   T27] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  873.700684][   T27] usb 1-1: Product: syz
[  873.705432][   T27] usb 1-1: Manufacturer: syz
[  873.780719][T13545] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  873.825215][T13545] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  873.999012][T13545] 8021q: adding VLAN 0 to HW filter on device bond0
[  874.048794][T13545] 8021q: adding VLAN 0 to HW filter on device team0
[  874.062632][T11789] bridge0: port 1(bridge_slave_0) entered blocking state
[  874.070033][T11789] bridge0: port 1(bridge_slave_0) entered forwarding state
[  874.109977][T11789] bridge0: port 2(bridge_slave_1) entered blocking state
[  874.117239][T11789] bridge0: port 2(bridge_slave_1) entered forwarding state
[  874.445569][T13545] 8021q: adding VLAN 0 to HW filter on device batadv0
[  874.538365][T13545] veth0_vlan: entered promiscuous mode
[  874.569129][T13545] veth1_vlan: entered promiscuous mode
[  874.713441][T13545] veth0_macvtap: entered promiscuous mode
[  874.722566][T13545] veth1_macvtap: entered promiscuous mode
[  874.773239][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  874.773264][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.773276][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  874.773291][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.773301][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  874.773315][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.773326][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  874.773340][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.774940][T13545] batman_adv: batadv0: Interface activated: batadv_slave_0
[  874.814032][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  874.814060][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.814072][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  874.814087][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.814098][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  874.814112][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.814123][T13545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  874.814137][T13545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  874.815635][T13545] batman_adv: batadv0: Interface activated: batadv_slave_1
[  874.830700][T13545] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  874.830783][T13545] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  874.830814][T13545] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  874.830843][T13545] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  874.935978][T11789] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.937579][T11789] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  874.990141][   T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  874.990165][   T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  875.080701][T10469] Bluetooth: hci4: command tx timeout
[  875.324279][T10469] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  875.324395][T10469] CPU: 1 PID: 10469 Comm: kworker/u5:0 Not tainted syzkaller #0
[  875.324417][T10469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  875.324436][T10469] Workqueue: hci4 hci_rx_work
[  875.324476][T10469] Call Trace:
[  875.324485][T10469]  <TASK>
[  875.324496][T10469]  dump_stack_lvl+0x18c/0x250
[  875.324536][T10469]  ? show_regs_print_info+0x20/0x20
[  875.324570][T10469]  ? load_image+0x400/0x400
[  875.324616][T10469]  sysfs_create_dir_ns+0x26e/0x2a0
[  875.324645][T10469]  ? sysfs_warn_dup+0xa0/0xa0
[  875.324670][T10469]  ? do_raw_spin_unlock+0x121/0x230
[  875.324705][T10469]  kobject_add_internal+0x61c/0xcc0
[  875.324744][T10469]  kobject_add+0x164/0x240
[  875.324769][T10469]  ? __rwlock_init+0x150/0x150
[  875.324803][T10469]  ? kobject_init+0x1e0/0x1e0
[  875.324831][T10469]  ? _raw_spin_unlock+0x28/0x40
[  875.324862][T10469]  ? get_device_parent+0x366/0x390
[  875.324896][T10469]  device_add+0x408/0xc20
[  875.324939][T10469]  hci_conn_add_sysfs+0xd5/0x1e0
[  875.324968][T10469]  le_conn_complete_evt+0xf5d/0x1540
[  875.325001][T10469]  ? hci_event_packet+0x4cb/0x1270
[  875.325038][T10469]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  875.325078][T10469]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  875.325114][T10469]  ? skb_pull_data+0xfb/0x200
[  875.325145][T10469]  hci_le_conn_complete_evt+0x187/0x440
[  875.325182][T10469]  ? hci_remote_host_features_evt+0x150/0x150
[  875.325207][T10469]  hci_event_packet+0x7ba/0x1270
[  875.325244][T10469]  ? bis_list+0x290/0x290
[  875.325271][T10469]  ? lockdep_hardirqs_on+0x98/0x150
[  875.325299][T10469]  ? hci_send_to_monitor+0xd7/0x4f0
[  875.325324][T10469]  hci_rx_work+0x43a/0xd60
[  875.325368][T10469]  ? process_scheduled_works+0x96f/0x15d0
[  875.325395][T10469]  process_scheduled_works+0xa5d/0x15d0
[  875.325457][T10469]  ? worker_attach_to_pool+0x380/0x380
[  875.325491][T10469]  ? assign_work+0x3d2/0x5d0
[  875.325525][T10469]  worker_thread+0xa55/0xfc0
[  875.325552][T10469]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  875.325577][T10469]  ? _raw_spin_unlock+0x40/0x40
[  875.325598][T10469]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  875.325647][T10469]  kthread+0x2fa/0x390
[  875.325667][T10469]  ? pr_cont_work+0x560/0x560
[  875.325693][T10469]  ? kthread_blkcg+0xd0/0xd0
[  875.325715][T10469]  ret_from_fork+0x48/0x80
[  875.325740][T10469]  ? kthread_blkcg+0xd0/0xd0
[  875.325761][T10469]  ret_from_fork_asm+0x11/0x20
[  875.325806][T10469]  </TASK>
[  875.328493][T10469] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  875.328541][T10469] Bluetooth: hci4: failed to register connection device
[  876.158977][ T5823] usb 1-1: USB disconnect, device number 21
[  877.145125][ T5770] Bluetooth: hci4: command tx timeout
[  878.790063][T13638] netlink: 'syz.0.2322': attribute type 10 has an invalid length.
[  879.189679][T13646] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2325'.
[  879.189726][T13646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2325'.
[  879.191061][T13646] netlink: 172 bytes leftover after parsing attributes in process `syz.1.2325'.
[  879.191085][T13646] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2325'.
[  879.191111][T13646] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2325'.
[  879.200466][T13645] usb usb8: usbfs: process 13645 (syz.2.2326) did not claim interface 0 before use
[  879.234010][ T5770] Bluetooth: hci4: command tx timeout
[  881.642100][T13671] netlink: 'syz.1.2331': attribute type 10 has an invalid length.
[  883.300508][T13689] ipt_ECN: cannot use operation on non-tcp rule
[  884.397264][T13706] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2343'.
[  884.408668][T13706] netlink: 'syz.1.2343': attribute type 10 has an invalid length.
[  885.841199][T13725] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  886.264630][T13741] ipt_ECN: cannot use operation on non-tcp rule
[  889.190212][T10469] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  889.203144][T10469] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  889.220213][T10469] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  889.240270][T13781] ipt_ECN: cannot use operation on non-tcp rule
[  889.250875][T10469] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  889.297793][T10469] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  889.307275][T10469] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  889.481469][T13777] lo speed is unknown, defaulting to 1000
[  890.463061][ T5764] bond1: (slave vlan2): Releasing active interface
[  890.913891][   T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  890.961204][T13800] netlink: 'syz.2.2374': attribute type 20 has an invalid length.
[  891.035063][   T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.275207][   T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.438051][T10469] Bluetooth: hci1: command tx timeout
[  891.466420][   T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  891.516682][T13777] chnl_net:caif_netlink_parms(): no params data found
[  891.907229][   T49] tipc: Left network mode
[  892.022418][T13777] bridge0: port 1(bridge_slave_0) entered blocking state
[  892.043117][T13777] bridge0: port 1(bridge_slave_0) entered disabled state
[  892.068144][T13777] bridge_slave_0: entered allmulticast mode
[  892.096352][T13777] bridge_slave_0: entered promiscuous mode
[  892.111856][T13777] bridge0: port 2(bridge_slave_1) entered blocking state
[  892.127381][T13777] bridge0: port 2(bridge_slave_1) entered disabled state
[  892.136921][T13777] bridge_slave_1: entered allmulticast mode
[  892.147333][T13777] bridge_slave_1: entered promiscuous mode
[  892.217108][T13777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  892.246890][T13777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  892.313793][T13777] team0: Port device team_slave_0 added
[  892.657104][T13777] team0: Port device team_slave_1 added
[  893.457655][T10469] Bluetooth: hci1: command tx timeout
[  893.527013][   T27] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  893.699303][T13777] batman_adv: batadv0: Adding interface: batadv_slave_0
[  893.718564][T13777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.736775][   T27] usb 3-1: Using ep0 maxpacket: 32
[  893.744540][    C0] vkms_vblank_simulate: vblank timer overrun
[  893.744844][T13777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  893.779460][   T27] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  893.793213][T13777] batman_adv: batadv0: Adding interface: batadv_slave_1
[  893.800501][   T27] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  893.805143][T13777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  893.823724][   T27] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  893.839882][    C0] vkms_vblank_simulate: vblank timer overrun
[  893.844571][T13777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  893.856242][   T27] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  893.916892][   T27] usb 3-1: Product: syz
[  893.921144][   T27] usb 3-1: Manufacturer: syz
[  893.957621][   T27] hub 3-1:4.0: bad descriptor, ignoring hub
[  893.977224][   T27] hub: probe of 3-1:4.0 failed with error -5
[  893.985104][   T27] usbhid 3-1:4.0: couldn't find an input interrupt endpoint
[  894.837837][T13839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2383'.
[  894.853871][T13839] vlan2: entered allmulticast mode
[  894.876256][T13839] dummy0: entered allmulticast mode
[  894.966886][T13839] netlink: 'syz.3.2383': attribute type 10 has an invalid length.
[  895.079347][T13839] team0: Port device dummy0 added
[  895.182569][T13777] hsr_slave_0: entered promiscuous mode
[  895.202353][T13777] hsr_slave_1: entered promiscuous mode
[  895.234064][T13777] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  895.266436][T13777] Cannot create hsr debugfs directory
[  895.536699][T10469] Bluetooth: hci1: command tx timeout
[  895.719386][T10469] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  895.730849][T10469] CPU: 0 PID: 10469 Comm: kworker/u5:0 Not tainted syzkaller #0
[  895.738539][T10469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  895.748698][T10469] Workqueue: hci3 hci_rx_work
[  895.753417][T10469] Call Trace:
[  895.756717][T10469]  <TASK>
[  895.759744][T10469]  dump_stack_lvl+0x18c/0x250
[  895.764446][T10469]  ? show_regs_print_info+0x20/0x20
[  895.769672][T10469]  ? load_image+0x400/0x400
[  895.774204][T10469]  sysfs_create_dir_ns+0x26e/0x2a0
[  895.779330][T10469]  ? sysfs_warn_dup+0xa0/0xa0
[  895.784019][T10469]  ? do_raw_spin_unlock+0x121/0x230
[  895.789331][T10469]  kobject_add_internal+0x61c/0xcc0
[  895.794672][T10469]  kobject_add+0x164/0x240
[  895.799124][T10469]  ? __rwlock_init+0x150/0x150
[  895.803922][T10469]  ? kobject_init+0x1e0/0x1e0
[  895.808613][T10469]  ? _raw_spin_unlock+0x28/0x40
[  895.813502][T10469]  ? get_device_parent+0x366/0x390
[  895.818644][T10469]  device_add+0x408/0xc20
[  895.823000][T10469]  hci_conn_add_sysfs+0xd5/0x1e0
[  895.827957][T10469]  le_conn_complete_evt+0xf5d/0x1540
[  895.833787][T10469]  ? hci_event_packet+0x4cb/0x1270
[  895.838920][T10469]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  895.845183][T10469]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  895.850921][T10469]  ? skb_pull_data+0xfb/0x200
[  895.855634][T10469]  hci_le_conn_complete_evt+0x187/0x440
[  895.861219][T10469]  ? hci_remote_host_features_evt+0x150/0x150
[  895.867484][T10469]  hci_event_packet+0x7ba/0x1270
[  895.872442][T10469]  ? bis_list+0x290/0x290
[  895.876786][T10469]  ? lockdep_hardirqs_on+0x98/0x150
[  895.882008][T10469]  ? hci_send_to_monitor+0xd7/0x4f0
[  895.887224][T10469]  hci_rx_work+0x43a/0xd60
[  895.891667][T10469]  ? process_scheduled_works+0x96f/0x15d0
[  895.897403][T10469]  process_scheduled_works+0xa5d/0x15d0
[  895.902987][T10469]  ? worker_attach_to_pool+0x380/0x380
[  895.908463][T10469]  ? assign_work+0x3d2/0x5d0
[  895.913070][T10469]  worker_thread+0xa55/0xfc0
[  895.917677][T10469]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  895.923756][T10469]  ? _raw_spin_unlock+0x40/0x40
[  895.928612][T10469]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  895.934543][T10469]  kthread+0x2fa/0x390
[  895.938619][T10469]  ? pr_cont_work+0x560/0x560
[  895.943396][T10469]  ? kthread_blkcg+0xd0/0xd0
[  895.948000][T10469]  ret_from_fork+0x48/0x80
[  895.952432][T10469]  ? kthread_blkcg+0xd0/0xd0
[  895.957043][T10469]  ret_from_fork_asm+0x11/0x20
[  895.961835][T10469]  </TASK>
[  895.964934][    C0] vkms_vblank_simulate: vblank timer overrun
[  895.983199][T10469] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  895.997508][T10469] Bluetooth: hci3: failed to register connection device
[  896.236317][   T27] usb 3-1: USB disconnect, device number 20
[  897.165861][T13871] bridge0: port 3(gretap0) entered blocking state
[  897.175217][T13871] bridge0: port 3(gretap0) entered disabled state
[  897.182035][T13871] gretap0: entered allmulticast mode
[  897.211040][T13871] gretap0: entered promiscuous mode
[  897.227137][T13871] bridge0: port 3(gretap0) entered blocking state
[  897.234055][T13871] bridge0: port 3(gretap0) entered forwarding state
[  897.392606][   T49] hsr_slave_0: left promiscuous mode
[  897.424933][   T49] hsr_slave_1: left promiscuous mode
[  897.450303][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  897.468862][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  897.489371][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  897.504575][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  897.513185][   T49] vlan4: left promiscuous mode
[  897.518174][   T49] dummy0: left promiscuous mode
[  897.525795][   T49] bridge0: port 3(vlan4) entered disabled state
[  897.538819][   T49] bridge_slave_1: left allmulticast mode
[  897.544953][   T49] bridge_slave_1: left promiscuous mode
[  897.550837][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  897.586223][   T49] bridge_slave_0: left allmulticast mode
[  897.586303][   T49] bridge_slave_0: left promiscuous mode
[  897.586497][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  897.625824][T10469] Bluetooth: hci1: command tx timeout
[  897.642634][   T49] veth1_macvtap: left promiscuous mode
[  897.642953][   T49] veth0_macvtap: left promiscuous mode
[  897.643141][   T49] veth1_vlan: left promiscuous mode
[  897.643420][   T49] veth0_vlan: left promiscuous mode
[  898.022278][T10469] Bluetooth: hci3: command 0x0406 tx timeout
[  898.206015][T10469] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  898.216583][T10469] CPU: 1 PID: 10469 Comm: kworker/u5:0 Not tainted syzkaller #0
[  898.224282][T10469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  898.234392][T10469] Workqueue: hci2 hci_rx_work
[  898.239136][T10469] Call Trace:
[  898.242460][T10469]  <TASK>
[  898.245425][T10469]  dump_stack_lvl+0x18c/0x250
[  898.250162][T10469]  ? show_regs_print_info+0x20/0x20
[  898.255411][T10469]  ? load_image+0x400/0x400
[  898.260073][T10469]  sysfs_create_dir_ns+0x26e/0x2a0
[  898.265240][T10469]  ? sysfs_warn_dup+0xa0/0xa0
[  898.269968][T10469]  ? do_raw_spin_unlock+0x121/0x230
[  898.275223][T10469]  kobject_add_internal+0x61c/0xcc0
[  898.280475][T10469]  kobject_add+0x164/0x240
[  898.284951][T10469]  ? __rwlock_init+0x150/0x150
[  898.289766][T10469]  ? kobject_init+0x1e0/0x1e0
[  898.294496][T10469]  ? _raw_spin_unlock+0x28/0x40
[  898.299394][T10469]  ? get_device_parent+0x366/0x390
[  898.304562][T10469]  device_add+0x408/0xc20
[  898.308959][T10469]  hci_conn_add_sysfs+0xd5/0x1e0
[  898.313954][T10469]  le_conn_complete_evt+0xf5d/0x1540
[  898.319296][T10469]  ? hci_event_packet+0x4cb/0x1270
[  898.324471][T10469]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  898.330786][T10469]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  898.336465][T10469]  ? skb_pull_data+0xfb/0x200
[  898.341168][T10469]  hci_le_conn_complete_evt+0x187/0x440
[  898.346827][T10469]  ? hci_remote_host_features_evt+0x150/0x150
[  898.352916][T10469]  hci_event_packet+0x7ba/0x1270
[  898.357880][T10469]  ? bis_list+0x290/0x290
[  898.362220][T10469]  ? lockdep_hardirqs_on+0x98/0x150
[  898.367438][T10469]  ? hci_send_to_monitor+0xd7/0x4f0
[  898.372647][T10469]  hci_rx_work+0x43a/0xd60
[  898.377104][T10469]  ? process_scheduled_works+0x96f/0x15d0
[  898.382861][T10469]  process_scheduled_works+0xa5d/0x15d0
[  898.388453][T10469]  ? worker_attach_to_pool+0x380/0x380
[  898.393934][T10469]  ? assign_work+0x3d2/0x5d0
[  898.398552][T10469]  worker_thread+0xa55/0xfc0
[  898.403194][T10469]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  898.409118][T10469]  ? _raw_spin_unlock+0x40/0x40
[  898.413987][T10469]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  898.419936][T10469]  kthread+0x2fa/0x390
[  898.424018][T10469]  ? pr_cont_work+0x560/0x560
[  898.428750][T10469]  ? kthread_blkcg+0xd0/0xd0
[  898.433358][T10469]  ret_from_fork+0x48/0x80
[  898.437875][T10469]  ? kthread_blkcg+0xd0/0xd0
[  898.442478][T10469]  ret_from_fork_asm+0x11/0x20
[  898.447283][T10469]  </TASK>
[  898.459306][T10469] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  898.473707][T10469] Bluetooth: hci2: failed to register connection device
[  898.526935][   T49] bond1 (unregistering): Released all slaves
[  898.794618][T11515] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  899.176296][T11515] usb 3-1: Using ep0 maxpacket: 32
[  899.279875][T11515] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  899.301011][T11515] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  899.330528][T11515] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  899.340373][T11515] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  899.369638][T11515] usb 3-1: Product: syz
[  899.379137][T11515] usb 3-1: Manufacturer: syz
[  899.424904][T11515] hub 3-1:4.0: bad descriptor, ignoring hub
[  899.436642][T11515] hub: probe of 3-1:4.0 failed with error -5
[  899.457254][T11515] usbhid 3-1:4.0: couldn't find an input interrupt endpoint
[  899.667029][   T49] team0 (unregistering): Port device team_slave_1 removed
[  899.737385][   T49] team0 (unregistering): Port device team_slave_0 removed
[  899.829655][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  899.903094][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  900.494317][ T5770] Bluetooth: hci2: command 0x0406 tx timeout
[  901.202678][   T49] team0 (unregistering): Port device dummy0 removed
[  901.289576][   T49] bond0 (unregistering): Released all slaves
[  901.462689][T13879] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2393'.
[  901.465787][T11515] usb 3-1: USB disconnect, device number 21
[  901.486106][T13908] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2404'.
[  901.518577][T13908] vlan2: entered allmulticast mode
[  901.563411][T13909] netlink: 'syz.0.2404': attribute type 10 has an invalid length.
[  901.677869][T13919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  902.229803][T13777] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  902.269845][T13777] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  902.295302][T13777] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  902.309304][T13777] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  902.351642][   T49] IPVS: stop unused estimator thread 0...
[  902.568686][T13777] 8021q: adding VLAN 0 to HW filter on device bond0
[  902.614447][T13777] 8021q: adding VLAN 0 to HW filter on device team0
[  902.637231][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  902.645502][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  902.689261][T11800] bridge0: port 2(bridge_slave_1) entered blocking state
[  902.696539][T11800] bridge0: port 2(bridge_slave_1) entered forwarding state
[  902.736576][T13943] netlink: 'syz.3.2414': attribute type 10 has an invalid length.
[  902.745227][ T5823] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  902.847601][T13943] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  902.963120][ T5823] usb 1-1: Using ep0 maxpacket: 32
[  902.984297][ T5823] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  903.130477][ T5823] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  903.334252][ T5823] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  903.461508][ T5823] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  903.585145][ T5823] usb 1-1: Product: syz
[  903.648220][ T5823] usb 1-1: Manufacturer: syz
[  903.814640][ T5823] hub 1-1:4.0: bad descriptor, ignoring hub
[  903.820654][ T5823] hub: probe of 1-1:4.0 failed with error -5
[  903.848909][T13954] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2416'.
[  903.859641][T13954] netlink: 'syz.3.2416': attribute type 10 has an invalid length.
[  903.873177][ T5823] usbhid 1-1:4.0: couldn't find an input interrupt endpoint
[  904.298813][T13777] 8021q: adding VLAN 0 to HW filter on device batadv0
[  904.413871][T13777] veth0_vlan: entered promiscuous mode
[  904.457607][T13777] veth1_vlan: entered promiscuous mode
[  904.522376][T13777] veth0_macvtap: entered promiscuous mode
[  904.534586][T13777] veth1_macvtap: entered promiscuous mode
[  904.588479][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  904.608188][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.619504][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  904.671391][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.689284][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  904.711752][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.728194][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  904.746011][T13983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  904.751668][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.784486][T13777] batman_adv: batadv0: Interface activated: batadv_slave_0
[  904.804559][T13983] wlan1: authenticate with 50:50:50:50:50:50
[  904.822052][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  904.834248][T13983] wlan1: No legacy rates in association response
[  904.843628][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.863898][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  904.888005][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.918580][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  904.940506][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.956506][T13777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  904.968397][T13777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  904.980527][T13777] batman_adv: batadv0: Interface activated: batadv_slave_1
[  905.009030][T13777] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  905.032009][T13777] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  905.051970][T13777] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  905.060742][T13777] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  905.238994][T13995] netlink: 'syz.2.2424': attribute type 10 has an invalid length.
[  905.275415][T13995] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  905.291803][T11784] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  905.307047][T11784] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  905.384040][T11798] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  905.398542][T11798] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  905.418874][T14001] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2425'.
[  905.444239][T14001] netlink: 'syz.2.2425': attribute type 10 has an invalid length.
[  905.559004][T14001] bridge0: port 3(vlan2) entered blocking state
[  905.565894][T14001] bridge0: port 3(vlan2) entered forwarding state
[  905.619299][T14001] team0: Port device dummy0 added
[  905.661908][ T5823] usb 1-1: USB disconnect, device number 22
[  906.629362][T14027] syzkaller1: entered promiscuous mode
[  906.641441][T14027] syzkaller1: entered allmulticast mode
[  906.993282][T14037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  906.998087][T10469] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  907.020409][T10469] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  907.029172][T10469] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  907.043008][T10469] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  907.052505][T10469] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  907.063223][T10469] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  907.114434][T14042] wlan1: authenticate with 50:50:50:50:50:50
[  907.138621][T14035] lo speed is unknown, defaulting to 1000
[  907.150443][T14042] wlan1: No legacy rates in association response
[  907.498824][T14035] chnl_net:caif_netlink_parms(): no params data found
[  907.844300][T14035] bridge0: port 1(bridge_slave_0) entered blocking state
[  907.852344][T14035] bridge0: port 1(bridge_slave_0) entered disabled state
[  907.860368][T14035] bridge_slave_0: entered allmulticast mode
[  907.868520][T14035] bridge_slave_0: entered promiscuous mode
[  907.902545][T14035] bridge0: port 2(bridge_slave_1) entered blocking state
[  907.924200][T14035] bridge0: port 2(bridge_slave_1) entered disabled state
[  907.956341][T14035] bridge_slave_1: entered allmulticast mode
[  907.971372][T14035] bridge_slave_1: entered promiscuous mode
[  908.100024][T14035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  908.147960][T14035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  908.216827][T14035] team0: Port device team_slave_0 added
[  908.227298][T14035] team0: Port device team_slave_1 added
[  908.235411][T14067] syzkaller1: entered promiscuous mode
[  908.245473][T14067] syzkaller1: entered allmulticast mode
[  908.324049][T14035] batman_adv: batadv0: Adding interface: batadv_slave_0
[  908.331910][T14035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  908.364156][T14035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  908.377759][T14035] batman_adv: batadv0: Adding interface: batadv_slave_1
[  908.385995][T14035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  908.419349][T14035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  908.508898][T14035] hsr_slave_0: entered promiscuous mode
[  908.518349][T14035] hsr_slave_1: entered promiscuous mode
[  908.648635][T14035] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.726780][T14035] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.789268][   T27] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  908.883213][T14035] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  908.989828][T14035] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.043588][   T27] usb 4-1: config 0 has no interfaces?
[  909.051113][   T27] usb 4-1: New USB device found, idVendor=0b05, idProduct=1abe, bcdDevice=dd.00
[  909.061659][   T27] usb 4-1: New USB device strings: Mfr=255, Product=29, SerialNumber=0
[  909.070312][   T27] usb 4-1: Product: syz
[  909.074976][   T27] usb 4-1: Manufacturer: syz
[  909.082944][   T27] usb 4-1: config 0 descriptor??
[  909.131335][ T5770] Bluetooth: hci0: command tx timeout
[  909.212966][T14035] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  909.224382][T14035] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  909.238350][T14035] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  909.250633][T14035] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  910.576241][T11515] usb 4-1: USB disconnect, device number 16
[  910.691645][T14035] 8021q: adding VLAN 0 to HW filter on device bond0
[  910.733582][T14035] 8021q: adding VLAN 0 to HW filter on device team0
[  910.791036][T11800] bridge0: port 1(bridge_slave_0) entered blocking state
[  910.798350][T11800] bridge0: port 1(bridge_slave_0) entered forwarding state
[  910.830403][T11800] bridge0: port 2(bridge_slave_1) entered blocking state
[  910.837740][T11800] bridge0: port 2(bridge_slave_1) entered forwarding state
[  910.873882][T14089] netlink: 'syz.1.2450': attribute type 10 has an invalid length.
[  910.907413][T14089] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  910.949186][T14091] syzkaller1: entered promiscuous mode
[  910.954749][T14091] syzkaller1: entered allmulticast mode
[  911.209871][ T5770] Bluetooth: hci0: command tx timeout
[  911.418651][T14035] 8021q: adding VLAN 0 to HW filter on device batadv0
[  911.605094][T14035] veth0_vlan: entered promiscuous mode
[  911.633621][T14035] veth1_vlan: entered promiscuous mode
[  911.749078][T14035] veth0_macvtap: entered promiscuous mode
[  911.781477][T14035] veth1_macvtap: entered promiscuous mode
[  911.853820][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  911.879338][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  911.897818][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  911.908885][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  911.919315][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  911.932506][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  911.942994][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  911.953980][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  911.964386][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  911.975971][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  911.993472][T14035] batman_adv: batadv0: Interface activated: batadv_slave_0
[  912.015606][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  912.083858][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  912.118950][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  912.160158][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  912.342760][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  912.342787][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  912.342808][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  912.342829][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  912.342846][T14035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  912.342860][T14035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  912.355807][T14035] batman_adv: batadv0: Interface activated: batadv_slave_1
[  912.447160][T14035] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  912.447202][T14035] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  912.449071][T14035] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  912.449102][T14035] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  912.538098][T14115] netlink: 'syz.1.2460': attribute type 10 has an invalid length.
[  912.767951][T11798] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  912.767975][T11798] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  912.837407][T11800] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  912.837433][T11800] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  913.205003][T14120] syzkaller1: entered promiscuous mode
[  913.223727][T14120] syzkaller1: entered allmulticast mode
[  913.297492][ T5770] Bluetooth: hci0: command tx timeout
[  913.672613][T14125] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2464'.
[  913.698436][T14125] netlink: 'syz.1.2464': attribute type 10 has an invalid length.
[  913.763940][T14125] team0: Port device dummy0 added
[  914.393644][T14143] ipt_ECN: cannot use operation on non-tcp rule
[  914.618981][T10469] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  914.636748][T10469] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  914.645731][T10469] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  914.656808][T10469] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  914.664576][T10469] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  914.672441][T10469] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  914.829973][T14147] lo speed is unknown, defaulting to 1000
[  915.219458][T14147] chnl_net:caif_netlink_parms(): no params data found
[  915.366411][T10469] Bluetooth: hci0: command tx timeout
[  915.463057][T14147] bridge0: port 1(bridge_slave_0) entered blocking state
[  915.476323][T14147] bridge0: port 1(bridge_slave_0) entered disabled state
[  915.488028][T14147] bridge_slave_0: entered allmulticast mode
[  915.509587][T14147] bridge_slave_0: entered promiscuous mode
[  915.565512][T14147] bridge0: port 2(bridge_slave_1) entered blocking state
[  915.584906][   T27] usb 1-1: new full-speed USB device number 23 using dummy_hcd
[  915.616278][T14147] bridge0: port 2(bridge_slave_1) entered disabled state
[  915.623875][T14147] bridge_slave_1: entered allmulticast mode
[  915.665138][T14147] bridge_slave_1: entered promiscuous mode
[  915.845453][T14147] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  915.865990][   T27] usb 1-1: config index 0 descriptor too short (expected 28277, got 36)
[  915.874408][   T27] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  915.889632][T14147] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  915.938299][   T27] usb 1-1: config 0 has no interfaces?
[  915.950602][   T27] usb 1-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  915.980528][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.030680][T14147] team0: Port device team_slave_0 added
[  916.062809][   T27] usb 1-1: config 0 descriptor??
[  916.073715][T14147] team0: Port device team_slave_1 added
[  916.195708][T14147] batman_adv: batadv0: Adding interface: batadv_slave_0
[  916.261006][T14147] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  916.305744][T14147] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  916.328862][T14174] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2475'.
[  916.341649][T14147] batman_adv: batadv0: Adding interface: batadv_slave_1
[  916.350395][T14147] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  916.377426][T14147] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  916.396751][T14174] netlink: 'syz.1.2475': attribute type 10 has an invalid length.
[  916.480921][T14147] hsr_slave_0: entered promiscuous mode
[  916.594733][T14147] hsr_slave_1: entered promiscuous mode
[  916.601414][T14147] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  916.609129][T14147] Cannot create hsr debugfs directory
[  916.727654][T10469] Bluetooth: hci2: command tx timeout
[  917.276306][T14147] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.566432][T14147] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.649995][T14199] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  917.697320][T14147] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  917.811615][T14147] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  918.029501][T14147] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  918.052406][T14147] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  918.069113][T14147] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  918.085019][T14147] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  918.149547][ T5823] usb 1-1: USB disconnect, device number 23
[  918.424942][T14147] 8021q: adding VLAN 0 to HW filter on device bond0
[  918.489679][T14147] 8021q: adding VLAN 0 to HW filter on device team0
[  918.532258][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  918.539468][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  918.582606][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  918.589760][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  918.805268][T10469] Bluetooth: hci2: command tx timeout
[  919.186936][T14213] netlink: 'syz.3.2490': attribute type 10 has an invalid length.
[  919.311519][T14147] 8021q: adding VLAN 0 to HW filter on device batadv0
[  919.443483][T14147] veth0_vlan: entered promiscuous mode
[  919.499095][T14147] veth1_vlan: entered promiscuous mode
[  919.606876][T14147] veth0_macvtap: entered promiscuous mode
[  919.636944][T14147] veth1_macvtap: entered promiscuous mode
[  919.670473][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  919.723764][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.752400][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  919.772653][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.791678][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  919.804041][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.823605][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  919.850002][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.863122][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  919.885082][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.903114][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  919.924568][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  919.945789][T14147] batman_adv: batadv0: Interface activated: batadv_slave_0
[  920.051249][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  920.093497][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  920.148254][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  920.191130][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  920.233594][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  920.253733][ T5828] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  920.283143][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  920.327919][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  920.351248][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  920.374645][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  920.400481][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  920.427848][T14147] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  920.468401][T14147] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  920.505357][ T5828] usb 2-1: config index 0 descriptor too short (expected 28277, got 36)
[  920.541978][T14147] batman_adv: batadv0: Interface activated: batadv_slave_1
[  920.551459][ T5828] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  920.603481][ T5828] usb 2-1: config 0 has no interfaces?
[  920.613387][ T5828] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  920.627728][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  920.651878][ T5828] usb 2-1: config 0 descriptor??
[  920.704661][T14147] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  920.839423][T14147] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  920.950411][T10469] Bluetooth: hci2: command tx timeout
[  921.164536][T14147] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  921.602709][T14147] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  921.859321][   T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  921.897890][   T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.041527][ T2879] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  922.054566][ T2879] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.230774][T14251] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2502'.
[  922.245459][T14251] netlink: 'syz.2.2502': attribute type 10 has an invalid length.
[  922.306525][T14251] team0: Port device dummy0 added
[  922.351117][T14252] syzkaller1: entered promiscuous mode
[  922.377632][T14252] syzkaller1: entered allmulticast mode
[  922.992829][T10469] Bluetooth: hci2: command tx timeout
[  923.854414][ T8741] usb 2-1: USB disconnect, device number 16
[  924.363645][T14279] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2513'.
[  924.379529][T14279] netlink: 'syz.2.2513': attribute type 10 has an invalid length.
[  924.472178][T14281] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2514'.
[  924.836343][T14284] syzkaller1: entered promiscuous mode
[  924.871889][T14284] syzkaller1: entered allmulticast mode
[  925.144056][T14295] loop2: detected capacity change from 0 to 4096
[  925.975795][T14304] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2522'.
[  926.045088][T14304] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2522'.
[  926.122781][T14304] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2522'.
[  926.170671][T14304] netlink: 55 bytes leftover after parsing attributes in process `syz.1.2522'.
[  927.049750][T14314] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2525'.
[  927.060731][T14314] netlink: 'syz.1.2525': attribute type 10 has an invalid length.
[  927.615295][T14309] loop3: detected capacity change from 0 to 32768
[  927.662942][T14309] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2524 (14309)
[  927.677164][T14325] syzkaller1: entered promiscuous mode
[  927.706858][T14325] syzkaller1: entered allmulticast mode
[  928.326930][T14297] syz.0.2520 (14297): drop_caches: 2
[  928.347992][T14309] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  928.358912][T14309] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  928.368348][T14309] BTRFS info (device loop3): using free space tree
[  928.770447][T14309] BTRFS info (device loop3): enabling ssd optimizations
[  928.836645][T14309] BTRFS info (device loop3): auto enabling async discard
[  930.110610][ T5804] IPVS: starting estimator thread 0...
[  930.218518][T14355] IPVS: using max 32 ests per chain, 76800 per kthread
[  930.237609][T13545] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  931.455811][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  931.462671][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  931.644698][T10469] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:201'
[  931.654729][T10469] CPU: 0 PID: 10469 Comm: kworker/u5:0 Not tainted syzkaller #0
[  931.662502][T10469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  931.672605][T10469] Workqueue: hci4 hci_rx_work
[  931.677354][T10469] Call Trace:
[  931.680680][T10469]  <TASK>
[  931.683655][T10469]  dump_stack_lvl+0x18c/0x250
[  931.688412][T10469]  ? show_regs_print_info+0x20/0x20
[  931.693658][T10469]  ? load_image+0x400/0x400
[  931.698228][T10469]  sysfs_create_dir_ns+0x26e/0x2a0
[  931.703354][T10469]  ? sysfs_warn_dup+0xa0/0xa0
[  931.708056][T10469]  ? do_raw_spin_unlock+0x121/0x230
[  931.713377][T10469]  kobject_add_internal+0x61c/0xcc0
[  931.718692][T10469]  kobject_add+0x164/0x240
[  931.723126][T10469]  ? __rwlock_init+0x150/0x150
[  931.727909][T10469]  ? kobject_init+0x1e0/0x1e0
[  931.732598][T10469]  ? _raw_spin_unlock+0x28/0x40
[  931.737489][T10469]  ? get_device_parent+0x366/0x390
[  931.742617][T10469]  device_add+0x408/0xc20
[  931.746970][T10469]  hci_conn_add_sysfs+0xd5/0x1e0
[  931.751921][T10469]  le_conn_complete_evt+0xf5d/0x1540
[  931.757226][T10469]  ? hci_event_packet+0x4cb/0x1270
[  931.762445][T10469]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  931.768707][T10469]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  931.774361][T10469]  ? skb_pull_data+0xfb/0x200
[  931.779071][T10469]  hci_le_conn_complete_evt+0x187/0x440
[  931.784643][T10469]  ? hci_remote_host_features_evt+0x150/0x150
[  931.790723][T10469]  hci_event_packet+0x7ba/0x1270
[  931.795689][T10469]  ? bis_list+0x290/0x290
[  931.800028][T10469]  ? lockdep_hardirqs_on+0x98/0x150
[  931.805332][T10469]  ? hci_send_to_monitor+0xd7/0x4f0
[  931.810545][T10469]  hci_rx_work+0x43a/0xd60
[  931.814985][T10469]  ? process_scheduled_works+0x96f/0x15d0
[  931.820723][T10469]  process_scheduled_works+0xa5d/0x15d0
[  931.826320][T10469]  ? worker_attach_to_pool+0x380/0x380
[  931.831798][T10469]  ? assign_work+0x3d2/0x5d0
[  931.836412][T10469]  worker_thread+0xa55/0xfc0
[  931.841015][T10469]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  931.847004][T10469]  ? _raw_spin_unlock+0x40/0x40
[  931.851862][T10469]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  931.857808][T10469]  kthread+0x2fa/0x390
[  931.861958][T10469]  ? pr_cont_work+0x560/0x560
[  931.866646][T10469]  ? kthread_blkcg+0xd0/0xd0
[  931.871253][T10469]  ret_from_fork+0x48/0x80
[  931.875681][T10469]  ? kthread_blkcg+0xd0/0xd0
[  931.880283][T10469]  ret_from_fork_asm+0x11/0x20
[  931.885081][T10469]  </TASK>
[  931.888178][    C0] vkms_vblank_simulate: vblank timer overrun
[  931.904097][T14372] syzkaller1: entered promiscuous mode
[  931.927570][T10469] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  931.952713][T10469] Bluetooth: hci4: failed to register connection device
[  931.976102][T14372] syzkaller1: entered allmulticast mode
[  932.966069][T14383] netlink: 'syz.2.2542': attribute type 10 has an invalid length.
[  933.036036][T14383] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  933.831206][T14396] kAFS: unable to lookup cell '(,c¾Ì'
[  936.976905][T14415] syzkaller1: entered promiscuous mode
[  937.000216][T14415] syzkaller1: entered allmulticast mode
[  939.832511][T14443] syzkaller1: entered promiscuous mode
[  939.872878][T14443] syzkaller1: entered allmulticast mode
[  943.311583][T14492] syzkaller1: entered promiscuous mode
[  943.325535][T14492] syzkaller1: entered allmulticast mode
[  943.356933][T14497] qnx6: unable to read the first superblock
[  945.218303][T14489] loop1: detected capacity change from 0 to 32768
[  945.280092][T14489] 
[  945.280092][T14489]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  945.280092][T14489] 
[  945.525944][T14489] 
[  945.525944][T14489]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  945.525944][T14489] 
[  945.540395][T14489] 
[  945.540395][T14489]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  945.540395][T14489] 
[  945.555402][T14489] 
[  945.555402][T14489]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  945.555402][T14489] 
[  945.630217][T14489] JFS: metapage_get_blocks failed
[  945.657411][T14489] 
[  945.657411][T14489]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  945.657411][T14489] 
[  945.701304][T14536] ERROR: (device loop1): diWrite: ixpxd invalid
[  945.701304][T14536] 
[  945.863266][T14536] ERROR: (device loop1): remounting filesystem as read-only
[  945.894480][T14536] ERROR: (device loop1): txCommit: 
[  945.894480][T14536] 
[  945.922764][T14536] ERROR: (device loop1): diFree: invalid inoext
[  945.922764][T14536] 
[  949.359353][T14574] netlink: 'syz.3.2590': attribute type 10 has an invalid length.
[  949.759147][T11515] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  950.430608][T11515] usb 3-1: config index 0 descriptor too short (expected 28277, got 36)
[  950.454576][T11515] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  950.465484][T11515] usb 3-1: config 0 has no interfaces?
[  950.473189][T11515] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  950.484876][T11515] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.514197][T11515] usb 3-1: config 0 descriptor??
[  951.857329][T14600] netlink: 'syz.3.2599': attribute type 10 has an invalid length.
[  953.577179][ T5828] usb 3-1: USB disconnect, device number 22
[  953.931708][T10469] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  953.942857][T10469] CPU: 1 PID: 10469 Comm: kworker/u5:0 Not tainted syzkaller #0
[  953.950639][T10469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  953.960743][T10469] Workqueue: hci2 hci_rx_work
[  953.965491][T10469] Call Trace:
[  953.968890][T10469]  <TASK>
[  953.971891][T10469]  dump_stack_lvl+0x18c/0x250
[  953.976626][T10469]  ? show_regs_print_info+0x20/0x20
[  953.981878][T10469]  ? load_image+0x400/0x400
[  953.986440][T10469]  sysfs_create_dir_ns+0x26e/0x2a0
[  953.991590][T10469]  ? sysfs_warn_dup+0xa0/0xa0
[  953.996311][T10469]  ? do_raw_spin_unlock+0x121/0x230
[  954.001568][T10469]  kobject_add_internal+0x61c/0xcc0
[  954.006835][T10469]  kobject_add+0x164/0x240
[  954.011301][T10469]  ? __rwlock_init+0x150/0x150
[  954.016111][T10469]  ? kobject_init+0x1e0/0x1e0
[  954.020828][T10469]  ? _raw_spin_unlock+0x28/0x40
[  954.025721][T10469]  ? get_device_parent+0x366/0x390
[  954.026077][T14611] loop1: detected capacity change from 0 to 40427
[  954.030856][T10469]  device_add+0x408/0xc20
[  954.030921][T10469]  hci_conn_add_sysfs+0xd5/0x1e0
[  954.030950][T10469]  le_conn_complete_evt+0xf5d/0x1540
[  954.030981][T10469]  ? hci_event_packet+0x4cb/0x1270
[  954.031017][T10469]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  954.031052][T10469]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  954.069138][T10469]  ? skb_pull_data+0xfb/0x200
[  954.073836][T10469]  hci_le_conn_complete_evt+0x187/0x440
[  954.079408][T10469]  ? hci_remote_host_features_evt+0x150/0x150
[  954.085484][T10469]  hci_event_packet+0x7ba/0x1270
[  954.090448][T10469]  ? bis_list+0x290/0x290
[  954.094794][T10469]  ? lockdep_hardirqs_on+0x98/0x150
[  954.100011][T10469]  ? hci_send_to_monitor+0xd7/0x4f0
[  954.105314][T10469]  hci_rx_work+0x43a/0xd60
[  954.109765][T10469]  ? process_scheduled_works+0x96f/0x15d0
[  954.115504][T10469]  process_scheduled_works+0xa5d/0x15d0
[  954.121086][T10469]  ? worker_attach_to_pool+0x380/0x380
[  954.126583][T10469]  ? assign_work+0x3d2/0x5d0
[  954.131202][T10469]  worker_thread+0xa55/0xfc0
[  954.135892][T10469]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  954.141794][T10469]  ? _raw_spin_unlock+0x40/0x40
[  954.146717][T10469]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  954.152818][T10469]  kthread+0x2fa/0x390
[  954.157008][T10469]  ? pr_cont_work+0x560/0x560
[  954.161705][T10469]  ? kthread_blkcg+0xd0/0xd0
[  954.166308][T10469]  ret_from_fork+0x48/0x80
[  954.170746][T10469]  ? kthread_blkcg+0xd0/0xd0
[  954.175352][T10469]  ret_from_fork_asm+0x11/0x20
[  954.180153][T10469]  </TASK>
[  954.187385][T10469] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  954.202422][T10469] Bluetooth: hci2: failed to register connection device
[  954.226858][T14611] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  954.246452][T14611] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  954.350488][T14611] F2FS-fs (loop1): invalid crc value
[  954.940396][T14611] F2FS-fs (loop1): Found nat_bits in checkpoint
[  955.194814][T14611] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  955.219386][T14611] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  956.226158][T10469] Bluetooth: hci2: command tx timeout
[  960.289106][T14676] qnx6: unable to read the first superblock
[  960.643725][ T8741] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  960.836838][ T8741] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  960.855735][ T8741] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  960.887128][ T8741] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  960.901852][ T8741] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  960.918949][ T8741] usb 4-1: Product: syz
[  960.932691][ T8741] usb 4-1: Manufacturer: syz
[  960.943280][ T8741] usb 4-1: SerialNumber: syz
[  960.961099][ T8741] usb 4-1: config 0 descriptor??
[  960.982673][T14679] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  961.023201][T14679] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  961.035963][ T8741] usb 4-1: ucan: probing device on interface #0
[  961.083437][ T8741] usb 4-1: ucan: invalid EP count (1)
[  961.088892][ T8741] usb 4-1: ucan: probe failed; try to update the device firmware
[  963.452569][T11515] usb 4-1: USB disconnect, device number 17
[  963.652404][T14701] netlink: 'syz.0.2629': attribute type 17 has an invalid length.
[  963.660301][T14701] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2629'.
[  963.688881][T14701] netlink: 'syz.0.2629': attribute type 10 has an invalid length.
[  963.763218][T14701] team0: Port device dummy0 added
[  970.452910][T14779] loop2: detected capacity change from 0 to 512
[  970.617678][T14779] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  970.748360][T14779] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  970.989503][T14147] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  976.761860][T14826] Cannot find add_set index 0 as target
[  977.649477][T14832] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2669'.
[  977.678448][T14832] netlink: 'syz.3.2669': attribute type 10 has an invalid length.
[  980.750008][T14861] loop2: detected capacity change from 0 to 32768
[  980.759526][T14861] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 scanned by syz.2.2678 (14861)
[  980.777671][T14861] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  980.787851][T14861] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  980.798032][T14861] BTRFS info (device loop2): enabling disk space caching
[  980.805626][T14861] BTRFS info (device loop2): force clearing of disk cache
[  980.812846][T14861] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  980.822617][T14861] BTRFS info (device loop2): use zstd compression, level 3
[  980.829860][T14861] BTRFS info (device loop2): disk space caching is enabled
[  980.874198][T14861] BTRFS info (device loop2): enabling ssd optimizations
[  980.881230][T14861] BTRFS info (device loop2): auto enabling async discard
[  980.913148][T14861] BTRFS info (device loop2): rebuilding free space tree
[  980.970705][T14861] BTRFS info (device loop2): disabling free space tree
[  980.977864][T14861] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  980.988107][T14861] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  981.925385][T14147] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  983.110801][T14902] syzkaller0: entered promiscuous mode
[  983.136911][T14902] syzkaller0: entered allmulticast mode
[  984.698794][T14912] loop1: detected capacity change from 0 to 32768
[  984.780325][T14912] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.2690 (14912)
[  984.882246][T14912] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  984.896595][T14912] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  984.924452][T14912] BTRFS info (device loop1): enabling ssd optimizations
[  984.946319][T14912] BTRFS info (device loop1): using spread ssd allocation scheme
[  984.976038][T14912] BTRFS info (device loop1): using free space tree
[  986.497022][T14912] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  986.529092][T14912] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  986.588839][T14912] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  986.649790][T14912] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  986.734275][T14912] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  986.792632][T14912] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  986.959626][T11515] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  987.153954][T14912] BTRFS error (device loop1): open_ctree failed: -12
[  987.270321][T11515] usb 1-1: Using ep0 maxpacket: 8
[  987.301127][T11515] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  987.319922][T11515] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  987.338885][T13785] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by udevd (13785)
[  987.357111][T11515] usb 1-1: Product: syz
[  987.389858][T11515] usb 1-1: Manufacturer: syz
[  987.404840][T11515] usb 1-1: SerialNumber: syz
[  987.456188][T11515] usb 1-1: config 0 descriptor??
[  987.476241][T11515] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  988.312867][T14951] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2699'.
[  988.988863][ T5804] usb 1-1: USB disconnect, device number 24
[  990.110864][T14967] loop3: detected capacity change from 0 to 2048
[  990.179844][T13785] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  991.455866][T14990] net_ratelimit: 1 callbacks suppressed
[  991.455884][T14990] netlink: set zone limit has 8 unknown bytes
[  992.047595][T10469] Bluetooth: hci2: command tx timeout
[  992.188335][ T5804] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  992.711871][ T5804] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  992.865430][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  992.871919][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  992.885800][ T5804] usb 4-1: New USB device found, idVendor=06f8, idProduct=301b, bcdDevice=bb.39
[  992.895066][ T5804] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  992.903257][ T5804] usb 4-1: Product: syz
[  992.907728][ T5804] usb 4-1: Manufacturer: syz
[  992.913236][ T5804] usb 4-1: SerialNumber: syz
[  992.927899][ T5804] usb 4-1: config 0 descriptor??
[  992.938700][ T5804] gspca_main: gspca_pac7302-2.14.0 probing 06f8:301b
[  993.781923][ T5804] input: gspca_pac7302 as /devices/platform/dummy_hcd.3/usb4/4-1/input/input83
[  993.967422][T10469] Bluetooth: hci0: command tx timeout
[  993.982399][ T5804] usb 4-1: USB disconnect, device number 18
[  995.632580][T10469] Bluetooth: hci4: command 0x0406 tx timeout
[  996.903241][T15046] netlink: 'syz.2.2734': attribute type 39 has an invalid length.
[  999.127317][T15049] loop2: detected capacity change from 0 to 32768
[ 1000.191658][T15049] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1000.603294][T15049] XFS (loop2): Ending clean mount
[ 1000.751267][T14147] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[ 1002.098860][T15105] netlink: 'syz.0.2749': attribute type 10 has an invalid length.
[ 1002.170172][T15105] bond0: (slave wlan1): Enslaving as an active interface with an up link
[ 1003.382126][ T5804] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1003.522268][ T3063] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[ 1003.572917][ T5804] usb 2-1: Using ep0 maxpacket: 32
[ 1003.583919][ T5804] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1003.607258][ T5804] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1003.629708][ T5804] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[ 1003.649455][ T5804] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[ 1003.661322][ T5804] usb 2-1: Product: syz
[ 1003.670930][ T5804] usb 2-1: Manufacturer: syz
[ 1003.704301][ T5804] hub 2-1:4.0: USB hub found
[ 1003.715389][ T3063] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[ 1003.752565][ T3063] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1003.785931][ T3063] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1003.826051][ T3063] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1003.840185][ T3063] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1003.850051][ T3063] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1003.895220][ T3063] usb 3-1: config 0 descriptor??
[ 1003.912261][ T5804] hub 2-1:4.0: config failed, can't read hub descriptor (err -22)
[ 1003.977188][ T5804] usb 2-1: USB disconnect, device number 17
[ 1004.344982][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.359394][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.368443][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.376700][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.384968][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.393323][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.401186][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.409880][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.418090][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.426491][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.434746][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.473023][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.480596][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.494282][ T3063] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0
[ 1004.513797][ T3063] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving
[ 1004.556544][ T3063] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1004.695939][   T28] audit: type=1326 audit(1773226406.745:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15122 comm="syz.2.2755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8986f9c799 code=0x7ffc0000
[ 1004.800482][T15139] netlink: 'syz.1.2759': attribute type 16 has an invalid length.
[ 1004.808820][T15139] netlink: 'syz.1.2759': attribute type 17 has an invalid length.
[ 1005.334811][T15139] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1005.374089][   T28] audit: type=1326 audit(1773226406.765:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15122 comm="syz.2.2755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8986f9c799 code=0x7ffc0000
[ 1006.697389][ T5804] usb 3-1: USB disconnect, device number 23
[ 1007.604087][T15159] lo speed is unknown, defaulting to 1000
[ 1008.676333][T15151] loop3: detected capacity change from 0 to 32768
[ 1008.722392][T15151] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.2763 (15151)
[ 1008.795013][T15151] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1008.850097][T15151] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[ 1008.870548][T15151] BTRFS info (device loop3): setting nodatacow, compression disabled
[ 1008.883951][T15151] BTRFS info (device loop3): force clearing of disk cache
[ 1008.893402][T15151] BTRFS info (device loop3): enabling ssd optimizations
[ 1008.902897][T15151] BTRFS info (device loop3): using spread ssd allocation scheme
[ 1008.939103][T15151] BTRFS info (device loop3): turning off barriers
[ 1008.945667][T15151] BTRFS info (device loop3): disabling free space tree
[ 1008.957145][T15151] BTRFS info (device loop3): not using ssd optimizations
[ 1008.964762][T15151] BTRFS info (device loop3): not using spread ssd allocation scheme
[ 1009.202070][T15151] BTRFS info (device loop3): rebuilding free space tree
[ 1009.320199][T15151] BTRFS info (device loop3): disabling free space tree
[ 1009.357169][T15151] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 1009.429934][T15151] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 1009.456651][T15190] loop1: detected capacity change from 0 to 4096
[ 1009.588075][T13545] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[ 1009.646858][T15190] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[ 1009.783100][T15190] ntfs3: loop1: Failed to load $Extend (-22).
[ 1009.808838][T15190] ntfs3: loop1: Failed to initialize $Extend.
[ 1010.223513][T13785] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 11 /dev/loop3 scanned by udevd (13785)
[ 1013.809847][T13992] libceph: connect (1)[c::]:6789 error -101
[ 1013.846475][T13992] libceph: mon0 (1)[c::]:6789 connect error
[ 1014.109232][T13992] libceph: connect (1)[c::]:6789 error -101
[ 1014.115392][T13992] libceph: mon0 (1)[c::]:6789 connect error
[ 1014.651661][T13992] libceph: connect (1)[c::]:6789 error -101
[ 1014.749712][T13992] libceph: mon0 (1)[c::]:6789 connect error
[ 1015.615807][T10469] Bluetooth: hci1: command 0x0406 tx timeout
[ 1015.744326][T11515] libceph: connect (1)[c::]:6789 error -101
[ 1015.750646][T11515] libceph: mon0 (1)[c::]:6789 connect error
[ 1016.045621][T15232] ceph: No mds server is up or the cluster is laggy
[ 1018.740915][T15276] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1020.094910][T15289] 9pnet_virtio: no channels available for device syz
[ 1020.122443][T15289] siw: device registration error -23
[ 1020.176231][T15289] 9pnet_virtio: no channels available for device syz
[ 1024.859647][T15315] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1028.959145][   T27] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1029.149251][   T27] usb 1-1: Using ep0 maxpacket: 32
[ 1029.170928][   T27] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[ 1029.212152][   T27] usb 1-1: config 0 has no interface number 0
[ 1029.258210][   T27] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1029.272583][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1029.283161][   T27] usb 1-1: Product: syz
[ 1029.287458][   T27] usb 1-1: Manufacturer: syz
[ 1029.299875][   T27] usb 1-1: SerialNumber: syz
[ 1029.328268][   T27] usb 1-1: config 0 descriptor??
[ 1029.366436][   T27] smsc95xx v2.0.0
[ 1029.971209][   T27] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1030.008669][   T27] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1030.047556][T15363] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1030.225018][   T27] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 1030.238763][   T27] smsc95xx: probe of 1-1:0.67 failed with error -61
[ 1030.428616][T13992] usb 1-1: USB disconnect, device number 25
[ 1030.748873][T10469] Bluetooth: hci0: command 0x0406 tx timeout
[ 1030.938135][   T27] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[ 1031.198140][   T27] usb 3-1: Using ep0 maxpacket: 8
[ 1031.295833][   T27] usb 3-1: config index 0 descriptor too short (expected 30, got 18)
[ 1031.686404][   T27] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1031.697744][   T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1031.712908][   T27] usb 3-1: Product: syz
[ 1031.717298][   T27] usb 3-1: Manufacturer: syz
[ 1031.723521][   T27] usb 3-1: SerialNumber: syz
[ 1031.740195][   T27] usb 3-1: config 0 descriptor??
[ 1031.748971][   T27] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1031.804542][   T27] usb 3-1: setting power ON
[ 1031.818187][   T27] dvb-usb: bulk message failed: -22 (2/0)
[ 1031.864341][   T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1031.896603][   T27] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1031.917073][   T27] usb 3-1: media controller created
[ 1032.014755][   T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1032.125091][   T27] usb 3-1: selecting invalid altsetting 6
[ 1032.141403][   T27] usb 3-1: digital interface selection failed (-22)
[ 1032.155786][   T27] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1032.182940][   T27] usb 3-1: setting power OFF
[ 1032.197554][   T27] dvb-usb: bulk message failed: -22 (2/0)
[ 1032.207156][   T27] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1032.235372][   T27] (NULL device *): no alternate interface
[ 1032.384810][   T27] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1032.436110][   T27] usb 3-1: USB disconnect, device number 24
[ 1032.541087][ T5804] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1032.767807][ T5804] usb 1-1: Using ep0 maxpacket: 8
[ 1032.810398][ T5804] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[ 1032.858055][ T5804] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[ 1032.910915][ T5804] usb 1-1: Product: syz
[ 1032.936764][ T5804] usb 1-1: Manufacturer: syz
[ 1032.977768][ T5804] usb 1-1: SerialNumber: syz
[ 1033.070003][ T5804] usb 1-1: config 0 descriptor??
[ 1033.154828][ T5804] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[ 1033.354758][T15400] netlink: 'syz.3.2837': attribute type 16 has an invalid length.
[ 1033.378715][T15400] netlink: 'syz.3.2837': attribute type 17 has an invalid length.
[ 1033.493073][T15400] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1034.822984][ T5804] gspca_zc3xx: reg_r err -110
[ 1034.830118][ T5804] gspca_zc3xx: probe of 1-1:0.0 failed with error -110
[ 1035.294154][T15423] ipt_ECN: cannot use operation on non-tcp rule
[ 1036.107551][T13607] usb 1-1: USB disconnect, device number 26
[ 1040.987024][ T5770] Bluetooth: hci2: command 0x0406 tx timeout
[ 1041.284265][T15474] ipt_ECN: cannot use operation on non-tcp rule
[ 1041.357956][T15476] loop3: detected capacity change from 0 to 1024
[ 1041.753408][T15476] hfsplus: trying to free free bnode 0(1)
[ 1041.954797][T11798] hfsplus: b-tree write err: -5, ino 25
[ 1041.983144][T11798] hfsplus: b-tree write err: -5, ino 4
[ 1041.993346][T11798] hfsplus: b-tree write err: -5, ino 2
[ 1042.207458][T15490] loop3: detected capacity change from 0 to 256
[ 1042.371099][T15490] FAT-fs (loop3): Directory bread(block 64) failed
[ 1042.399680][T15490] FAT-fs (loop3): Directory bread(block 65) failed
[ 1042.438614][T15490] FAT-fs (loop3): Directory bread(block 66) failed
[ 1042.466294][T15490] FAT-fs (loop3): Directory bread(block 67) failed
[ 1042.501195][T15490] FAT-fs (loop3): Directory bread(block 68) failed
[ 1042.512461][T15490] FAT-fs (loop3): Directory bread(block 69) failed
[ 1042.527330][T15490] FAT-fs (loop3): Directory bread(block 70) failed
[ 1042.547061][T15490] FAT-fs (loop3): Directory bread(block 71) failed
[ 1042.566144][T15490] FAT-fs (loop3): Directory bread(block 72) failed
[ 1042.589301][T15490] FAT-fs (loop3): Directory bread(block 73) failed
[ 1043.146332][T15505] netlink: 'syz.1.2870': attribute type 10 has an invalid length.
[ 1045.509018][T13992] usb 3-1: new full-speed USB device number 25 using dummy_hcd
[ 1045.831119][T13992] usb 3-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1045.892196][T13992] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1045.954249][T13992] usb 3-1: config 0 has no interfaces?
[ 1045.959825][T13992] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1046.019431][T13992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1046.040915][T13992] usb 3-1: config 0 descriptor??
[ 1046.221952][T15542] ipt_ECN: cannot use operation on non-tcp rule
[ 1046.778420][   T28] audit: type=1326 audit(1773226448.836:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15550 comm="syz.0.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19c739c799 code=0x7fc00000
[ 1046.800796][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1046.836313][   T28] audit: type=1326 audit(1773226448.876:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15550 comm="syz.0.2886" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f19c739c799 code=0x7fc00000
[ 1048.132517][T13992] usb 3-1: USB disconnect, device number 25
[ 1051.099766][T15588] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2896'.
[ 1051.139737][T15588] netlink: 'syz.3.2896': attribute type 10 has an invalid length.
[ 1051.987672][T13992] usb 3-1: new full-speed USB device number 26 using dummy_hcd
[ 1052.117315][T15611] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2906'.
[ 1052.134354][T15611] netlink: 'syz.3.2906': attribute type 10 has an invalid length.
[ 1052.189876][T13992] usb 3-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1052.203233][T13992] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1052.220693][T13992] usb 3-1: config 0 has no interfaces?
[ 1052.421248][T13992] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1052.633067][T15620] Cannot find add_set index 0 as target
[ 1053.595874][T13992] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1053.629289][T13992] usb 3-1: config 0 descriptor??
[ 1053.892638][T15625] loop1: detected capacity change from 0 to 2048
[ 1053.941444][T15625] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=2362, location=2362
[ 1054.047604][T15625] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 1054.157247][T15625] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[ 1054.184886][T15625] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1054.231142][T15628] loop3: detected capacity change from 0 to 4096
[ 1054.260675][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.267132][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.353868][   T28] audit: type=1800 audit(1773226456.420:47): pid=15625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2910" name="file1" dev="loop1" ino=1346 res=0 errno=0
[ 1054.442076][T15628] ntfs3: loop3: failed to replay log file. Can't mount rw!
[ 1055.346029][T15510] usb 3-1: USB disconnect, device number 26
[ 1057.380978][T15666] netlink: 'syz.0.2920': attribute type 16 has an invalid length.
[ 1057.389353][T15666] netlink: 'syz.0.2920': attribute type 17 has an invalid length.
[ 1057.845781][T15666] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1061.312251][T15711] loop2: detected capacity change from 0 to 512
[ 1061.477935][T15711] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1061.500715][T15711] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1061.537282][T15711] EXT4-fs: Remounting file system with no journal so ignoring journalled data option
[ 1061.563474][T15711] EXT4-fs (loop2): changing journal_checksum during remount not supported; ignoring
[ 1061.697452][T15711] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[ 1061.722759][T13607] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1061.888229][T14147] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1061.942508][T13607] usb 2-1: Using ep0 maxpacket: 8
[ 1061.954839][T13607] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[ 1061.992493][T13607] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 1062.035042][T13607] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[ 1062.130385][T13607] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1062.142754][T13607] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1062.184510][T13607] usbtmc 2-1:16.0: bulk endpoints not found
[ 1062.590365][T15719] loop2: detected capacity change from 0 to 32768
[ 1062.617144][T15719] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.2937 (15719)
[ 1062.737370][T15719] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1062.804348][T15719] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1062.816067][T15719] BTRFS info (device loop2): using free space tree
[ 1063.022431][T15719] BTRFS info (device loop2): enabling ssd optimizations
[ 1063.031998][T15719] BTRFS info (device loop2): auto enabling async discard
[ 1064.744555][T14147] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1064.955394][ T3063] usb 2-1: USB disconnect, device number 18
[ 1065.112663][T15760] loop1: detected capacity change from 0 to 512
[ 1065.122606][T15760] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[ 1065.135898][T15760] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1065.251998][T15760] EXT4-fs error (device loop1): ext4_init_orphan_info:621: comm syz.1.2945: orphan file block 0: bad magic
[ 1065.288227][T15763] netlink: 'syz.2.2943': attribute type 10 has an invalid length.
[ 1065.309262][T15760] EXT4-fs (loop1): mount failed
[ 1066.321739][T15768] bridge0: port 3(team0) entered blocking state
[ 1066.539867][T15768] bridge0: port 3(team0) entered disabled state
[ 1066.649405][T15768] team0: entered allmulticast mode
[ 1066.719554][T15768] team_slave_0: entered allmulticast mode
[ 1066.765196][T15768] team_slave_1: entered allmulticast mode
[ 1066.781241][T15768] dummy0: entered allmulticast mode
[ 1066.810772][T15768] team0: entered promiscuous mode
[ 1066.847459][T15768] team_slave_0: entered promiscuous mode
[ 1066.857943][T15768] team_slave_1: entered promiscuous mode
[ 1066.874118][T15768] dummy0: entered promiscuous mode
[ 1066.917359][T15768] bridge0: port 3(team0) entered blocking state
[ 1066.925148][T15768] bridge0: port 3(team0) entered forwarding state
[ 1067.944939][T15784] loop2: detected capacity change from 0 to 1024
[ 1068.024421][T15784] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1068.288012][T14147] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1068.475787][T15798] loop2: detected capacity change from 0 to 2048
[ 1068.487533][T15798] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[ 1068.526182][T15798] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1070.538394][ T5823] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[ 1070.728512][ T5823] usb 2-1: Using ep0 maxpacket: 16
[ 1070.750885][ T5823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1070.882807][T15829] netlink: 'syz.3.2967': attribute type 16 has an invalid length.
[ 1070.892796][T15829] netlink: 'syz.3.2967': attribute type 17 has an invalid length.
[ 1070.963255][ T5823] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1071.039058][ T5823] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1071.331141][ T5823] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1071.397132][ T5823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1071.438802][ T5823] usb 2-1: config 0 descriptor??
[ 1071.453677][T15829] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1071.853747][ T5823] microsoft 0003:045E:07DA.0007: unknown main item tag 0x0
[ 1071.871647][ T5823] microsoft 0003:045E:07DA.0007: ignoring exceeding usage max
[ 1071.969459][T15822] loop2: detected capacity change from 0 to 32768
[ 1071.978293][ T5823] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0007/input/input84
[ 1072.250582][T15822] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[ 1072.665451][T15822] JBD2: Ignoring recovery information on journal
[ 1072.868995][T15822] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[ 1073.035470][ T5823] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1073.144349][ T5823] usb 2-1: USB disconnect, device number 19
[ 1073.369280][T15845] fido_id[15845]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[ 1075.855099][T14147] ocfs2: Unmounting device (7,2) on (node local)
[ 1078.149344][T15874] loop1: detected capacity change from 0 to 512
[ 1078.170539][T15874] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1078.186845][T15874] EXT4-fs error (device loop1): ext4_init_orphan_info:621: comm syz.1.2979: orphan file block 0: bad magic
[ 1078.199275][T15874] EXT4-fs (loop1): mount failed
[ 1080.973547][T15899] random: crng reseeded on system resumption
[ 1082.232117][T15909] Cannot find add_set index 0 as target
[ 1088.396518][T11515] IPVS: starting estimator thread 0...
[ 1088.520383][T15936] IPVS: using max 41 ests per chain, 98400 per kthread
[ 1089.664111][T15947] loop7: detected capacity change from 0 to 16384
[ 1090.169285][T15955] loop7: detected capacity change from 16384 to 0
[ 1091.229044][T15964] Invalid argument reading file caps for ./file0
[ 1091.673162][T15971] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3002'.
[ 1100.043565][ T5823] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1100.263467][ T5823] usb 1-1: Using ep0 maxpacket: 32
[ 1100.277358][ T5823] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1100.296393][ T5823] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1100.331860][ T5823] usb 1-1: config 0 descriptor??
[ 1100.556067][ T5823] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1100.568110][ T5823] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1100.596457][ T5823] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1100.630336][ T5823] usb 1-1: media controller created
[ 1100.705350][ T5823] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1102.706217][T16033] loop3: detected capacity change from 0 to 1024
[ 1102.733021][T16033] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1102.789872][T16033] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1102.815384][ T5823] az6027: usb out operation failed. (-110)
[ 1102.855554][ T5823] az6027: usb out operation failed. (-32)
[ 1102.875930][ T5823] stb0899_attach: Driver disabled by Kconfig
[ 1102.912912][T16038] loop1: detected capacity change from 0 to 512
[ 1102.921892][T16038] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1102.935854][T16038] EXT4-fs error (device loop1): ext4_init_orphan_info:621: comm syz.1.3022: orphan file block 0: bad magic
[ 1102.948428][T16038] EXT4-fs (loop1): mount failed
[ 1102.986755][ T5823] az6027: no front-end attached
[ 1102.986755][ T5823] 
[ 1103.323498][ T5823] az6027: usb out operation failed. (-71)
[ 1103.329435][ T5823] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1103.902887][ T5823] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input85
[ 1104.002793][ T5823] dvb-usb: schedule remote query interval to 400 msecs.
[ 1104.009821][ T5823] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1104.104836][ T5823] usb 1-1: USB disconnect, device number 27
[ 1104.356225][ T5823] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1106.365578][ T3063] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[ 1106.580601][T13545] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1106.994416][T16059] netlink: 'syz.3.3027': attribute type 16 has an invalid length.
[ 1107.002998][T16059] netlink: 'syz.3.3027': attribute type 17 has an invalid length.
[ 1107.014048][T16059] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1107.090048][ T3063] usb 3-1: Using ep0 maxpacket: 32
[ 1107.108763][ T3063] usb 3-1: device descriptor read/all, error -71
[ 1107.599904][T15510] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[ 1108.149487][T15510] usb 2-1: Using ep0 maxpacket: 16
[ 1108.163210][T15510] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1108.175311][T15510] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1108.387575][T15510] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1108.465538][T15510] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[ 1108.509322][T15510] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1108.558007][T15510] usb 2-1: config 0 descriptor??
[ 1109.158420][T15510] HID 045e:07da: Invalid code 65791 type 1
[ 1109.323033][T15510] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0008/input/input86
[ 1109.630511][T15510] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[ 1109.801847][T16095] loop3: detected capacity change from 0 to 2048
[ 1110.141751][T16099] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1110.811944][T15510] usb 2-1: USB disconnect, device number 20
[ 1110.963874][T16101] fido_id[16101]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[ 1112.547069][T16122] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3044'.
[ 1115.903477][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.913425][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[ 1120.764249][T16188] Cannot find add_set index 0 as target
[ 1123.156546][T16206] loop3: detected capacity change from 0 to 512
[ 1123.178189][T16206] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[ 1123.203130][T16206] EXT4-fs error (device loop3): ext4_init_orphan_info:621: comm syz.3.3069: orphan file block 0: bad magic
[ 1123.233117][T16206] EXT4-fs (loop3): mount failed
[ 1124.985239][T16219] loop2: detected capacity change from 0 to 4096
[ 1125.619573][T16219] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[ 1125.861063][T16219] ntfs3: loop2: Failed to load $Extend (-22).
[ 1125.867272][T16219] ntfs3: loop2: Failed to initialize $Extend.
[ 1126.543003][T16226] netlink: 'syz.0.3075': attribute type 16 has an invalid length.
[ 1126.551531][T16226] netlink: 'syz.0.3075': attribute type 17 has an invalid length.
[ 1126.888151][T16226] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1131.953455][T16275] loop2: detected capacity change from 0 to 32768
[ 1131.968960][T16275] (syz.2.3091,16275,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1131.985483][T16275] (syz.2.3091,16275,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[ 1132.038972][T16275] JBD2: Ignoring recovery information on journal
[ 1132.140995][T16275] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[ 1133.770543][T14147] ocfs2: Unmounting device (7,2) on (node local)
[ 1134.549544][T16307] lo speed is unknown, defaulting to 1000
[ 1134.634704][T16308] siw: device registration error -23
[ 1136.115505][T11515] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[ 1136.190628][T16321] loop3: detected capacity change from 0 to 512
[ 1136.239651][T16321] EXT4-fs (loop3): orphan cleanup on readonly fs
[ 1136.259730][T16321] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.3104: ea_inode with extended attributes
[ 1136.280480][T16321] EXT4-fs error (device loop3): ext4_xattr_inode_iget:446: comm syz.3.3104: error while reading EA inode 11 err=-117
[ 1136.327006][T16321] EXT4-fs (loop3): 1 orphan inode deleted
[ 1136.337593][T11515] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1136.355265][T11515] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1136.365974][T11515] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1136.369248][T16321] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[ 1136.382285][T11515] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1136.406665][T11515] usb 2-1: SerialNumber: syz
[ 1136.493829][T16321] overlay: ./bus is not a directory
[ 1136.582920][T13545] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1136.627318][   T27] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 1136.672339][T11515] usb 2-1: 0:2 : does not exist
[ 1136.695420][T11515] usb 2-1: unit 5: unexpected type 0x09
[ 1136.741699][T11515] usb 2-1: USB disconnect, device number 21
[ 1136.813182][T13785] udevd[13785]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1136.835387][   T27] usb 3-1: Using ep0 maxpacket: 8
[ 1136.863456][   T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1136.895809][   T27] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1136.906315][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1136.961123][   T27] usb 3-1: config 0 descriptor??
[ 1137.187878][   T27] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1137.699979][T11515] usb 3-1: USB disconnect, device number 29
[ 1137.960702][T16335] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3110'.
[ 1137.980548][T16337] loop1: detected capacity change from 0 to 2048
[ 1138.012498][T16338] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1138.648952][T16346] process '/file0' started with executable stack
[ 1138.838411][T16354] loop2: detected capacity change from 0 to 164
[ 1138.940730][T16354] isofs: isofs_export_get_parent(): child directory not normalized!
[ 1139.024157][T15510] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[ 1139.453854][T15510] usb 2-1: config 0 has no interfaces?
[ 1139.460031][T15510] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1140.231510][T15510] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.323139][T15510] usb 2-1: config 0 descriptor??
[ 1144.396649][ T5804] usb 2-1: USB disconnect, device number 22
[ 1146.223551][T11515] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1146.435845][T11515] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[ 1146.448785][T11515] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1146.477526][T11515] usb 1-1: Product: syz
[ 1146.482241][T11515] usb 1-1: Manufacturer: syz
[ 1146.486873][T11515] usb 1-1: SerialNumber: syz
[ 1146.494948][T11515] usb 1-1: config 0 descriptor??
[ 1147.287785][T13992] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[ 1147.340028][T11515] usb 1-1: USB disconnect, device number 28
[ 1147.446228][T16439] loop2: detected capacity change from 0 to 512
[ 1147.467925][T13868] udevd[13868]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1147.514839][T13992] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1148.909123][T13992] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1148.974148][T13992] usb 4-1: config 0 has no interfaces?
[ 1148.990660][T16439] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 1149.003524][T13992] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1149.023774][T16439] ext4 filesystem being mounted at /156/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1149.034604][T13992] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1149.045798][T13992] usb 4-1: config 0 descriptor??
[ 1150.259787][T16456] netlink: 'syz.0.3145': attribute type 16 has an invalid length.
[ 1150.267761][T16456] netlink: 'syz.0.3145': attribute type 17 has an invalid length.
[ 1150.385927][T14147] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1150.395335][T16456] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1150.785888][ T5804] usb 4-1: USB disconnect, device number 19
[ 1154.539585][T16491] loop1: detected capacity change from 0 to 2048
[ 1155.970918][T16492] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[ 1157.543397][T16507] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1158.176322][ T5804] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[ 1159.226157][ T5804] usb 2-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1159.361215][ T5804] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1159.983648][T16521] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3164'.
[ 1161.565084][ T5804] usb 2-1: config 0 has no interfaces?
[ 1161.570722][ T5804] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1161.580115][ T5804] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1161.698591][ T5804] usb 2-1: config 0 descriptor??
[ 1163.076664][T16540] syz.0.3169 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 1163.524322][ T5804] usb 2-1: can't set config #0, error -71
[ 1163.543940][ T5804] usb 2-1: USB disconnect, device number 23
[ 1165.315092][T16574] loop3: detected capacity change from 0 to 64
[ 1165.590101][T16574] hfs: request for non-existent node 131072 in B*Tree
[ 1165.627767][T16574] hfs: request for non-existent node 131072 in B*Tree
[ 1167.327811][T16600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3191'.
[ 1167.375624][T16600] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3191'.
[ 1168.110653][T16609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3193'.
[ 1168.133471][T16586] loop2: detected capacity change from 0 to 32768
[ 1168.562940][T16586] 
[ 1168.562940][T16586]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[ 1168.562940][T16586] 
[ 1168.786041][T16586] read_mapping_page failed!
[ 1168.790909][T16586] ERROR: (device loop2): txCommit: 
[ 1168.790909][T16586] 
[ 1168.827994][T16586] read_mapping_page failed!
[ 1168.832898][T16586] ERROR: (device loop2): txCommit: 
[ 1168.832898][T16586] 
[ 1168.867484][T16586] ==================================================================
[ 1168.875614][T16586] BUG: KASAN: slab-out-of-bounds in dtSplitPage+0x1243/0x37d0
[ 1168.883217][T16586] Read of size 1 at addr ffff888052c41275 by task syz.2.3186/16586
[ 1168.891144][T16586] 
[ 1168.893496][T16586] CPU: 0 PID: 16586 Comm: syz.2.3186 Not tainted syzkaller #0
[ 1168.901075][T16586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1168.911504][T16586] Call Trace:
[ 1168.914893][T16586]  <TASK>
[ 1168.917917][T16586]  dump_stack_lvl+0x18c/0x250
[ 1168.922700][T16586]  ? __lock_acquire+0x7d40/0x7d40
[ 1168.927733][T16586]  ? show_regs_print_info+0x20/0x20
[ 1168.932952][T16586]  ? load_image+0x400/0x400
[ 1168.937552][T16586]  ? __virt_addr_valid+0x469/0x540
[ 1168.942673][T16586]  print_report+0xa8/0x210
[ 1168.947102][T16586]  ? dtSplitPage+0x1243/0x37d0
[ 1168.951902][T16586]  kasan_report+0x117/0x150
[ 1168.956502][T16586]  ? dtSplitPage+0x1243/0x37d0
[ 1168.961283][T16586]  dtSplitPage+0x1243/0x37d0
[ 1168.965897][T16586]  ? dbAlloc+0x7b0/0xba0
[ 1168.970242][T16586]  dtInsert+0x1072/0x5de0
[ 1168.974669][T16586]  ? __lock_acquire+0x7d40/0x7d40
[ 1168.979727][T16586]  ? do_raw_spin_lock+0x11f/0x2c0
[ 1168.984776][T16586]  ? UniStrupr+0x2e0/0x2e0
[ 1168.989193][T16586]  ? txLock+0x1154/0x20b0
[ 1168.993530][T16586]  ? txEnd+0x520/0x520
[ 1168.997611][T16586]  jfs_create+0x734/0xac0
[ 1169.001955][T16586]  ? jfs_lookup+0x420/0x420
[ 1169.006467][T16586]  ? jfs_get_parent+0xb0/0xb0
[ 1169.011163][T16586]  ? make_vfsuid+0x51/0xb0
[ 1169.015594][T16586]  ? inode_permission+0xf3/0x480
[ 1169.020540][T16586]  ? bpf_lsm_inode_create+0x9/0x10
[ 1169.025661][T16586]  ? security_inode_create+0xb7/0x100
[ 1169.031045][T16586]  ? jfs_lookup+0x420/0x420
[ 1169.035575][T16586]  path_openat+0x12a0/0x3230
[ 1169.040186][T16586]  ? do_filp_open+0x430/0x430
[ 1169.044871][T16586]  ? __virt_addr_valid+0x18c/0x540
[ 1169.049992][T16586]  do_filp_open+0x1f5/0x430
[ 1169.054502][T16586]  ? vfs_tmpfile+0x490/0x490
[ 1169.059110][T16586]  ? _raw_spin_unlock+0x28/0x40
[ 1169.063971][T16586]  ? alloc_fd+0x58f/0x630
[ 1169.068322][T16586]  do_sys_openat2+0x134/0x1d0
[ 1169.073017][T16586]  ? do_sys_open+0xe0/0xe0
[ 1169.077442][T16586]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1169.083436][T16586]  ? lock_chain_count+0x20/0x20
[ 1169.088295][T16586]  __x64_sys_openat+0x139/0x160
[ 1169.093247][T16586]  do_syscall_64+0x55/0xa0
[ 1169.097672][T16586]  ? clear_bhb_loop+0x40/0x90
[ 1169.102355][T16586]  ? clear_bhb_loop+0x40/0x90
[ 1169.107037][T16586]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1169.112942][T16586] RIP: 0033:0x7f8986f9c799
[ 1169.117364][T16586] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1169.136990][T16586] RSP: 002b:00007f8987e28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1169.145412][T16586] RAX: ffffffffffffffda RBX: 00007f8987215fa0 RCX: 00007f8986f9c799
[ 1169.153390][T16586] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1169.161365][T16586] RBP: 00007f8987032c99 R08: 0000000000000000 R09: 0000000000000000
[ 1169.169343][T16586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1169.177330][T16586] R13: 00007f8987216038 R14: 00007f8987215fa0 R15: 00007ffe21374628
[ 1169.185342][T16586]  </TASK>
[ 1169.188373][T16586] 
[ 1169.190720][T16586] Allocated by task 16586:
[ 1169.195277][T16586]  kasan_set_track+0x4e/0x70
[ 1169.199888][T16586]  __kasan_slab_alloc+0x6c/0x80
[ 1169.204750][T16586]  slab_post_alloc_hook+0x6e/0x4b0
[ 1169.209870][T16586]  kmem_cache_alloc_lru+0x111/0x2d0
[ 1169.215250][T16586]  jfs_alloc_inode+0x28/0x60
[ 1169.219933][T16586]  iget_locked+0x1ad/0x840
[ 1169.224358][T16586]  jfs_iget+0x24/0x440
[ 1169.228430][T16586]  jfs_lookup+0x221/0x420
[ 1169.232771][T16586]  __lookup_slow+0x2a1/0x400
[ 1169.237374][T16586]  lookup_slow+0x53/0x70
[ 1169.241631][T16586]  walk_component+0x2be/0x3f0
[ 1169.246310][T16586]  path_lookupat+0x169/0x440
[ 1169.251174][T16586]  filename_lookup+0x228/0x560
[ 1169.255941][T16586]  user_path_at_empty+0x42/0x60
[ 1169.260804][T16586]  __se_sys_chdir+0x9c/0x280
[ 1169.265399][T16586]  do_syscall_64+0x55/0xa0
[ 1169.269908][T16586]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1169.275807][T16586] 
[ 1169.278133][T16586] The buggy address belongs to the object at ffff888052c40940
[ 1169.278133][T16586]  which belongs to the cache jfs_ip of size 2240
[ 1169.291843][T16586] The buggy address is located 117 bytes to the right of
[ 1169.291843][T16586]  allocated 2240-byte region [ffff888052c40940, ffff888052c41200)
[ 1169.306603][T16586] 
[ 1169.308927][T16586] The buggy address belongs to the physical page:
[ 1169.315604][T16586] page:ffffea00014b1000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x52c40
[ 1169.325757][T16586] head:ffffea00014b1000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1169.334691][T16586] memcg:ffff8880282e3a01
[ 1169.338925][T16586] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1169.346905][T16586] page_type: 0xffffffff()
[ 1169.351240][T16586] raw: 00fff00000000840 ffff888018f56780 dead000000000122 0000000000000000
[ 1169.359826][T16586] raw: 0000000000000000 00000000800d000d 00000001ffffffff ffff8880282e3a01
[ 1169.368491][T16586] page dumped because: kasan: bad access detected
[ 1169.374897][T16586] page_owner tracks the page as allocated
[ 1169.380610][T16586] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d2050(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 16586, tgid 16585 (syz.2.3186), ts 1168759822382, free_ts 943710042088
[ 1169.404772][T16586]  post_alloc_hook+0x1c1/0x200
[ 1169.409568][T16586]  get_page_from_freelist+0x1951/0x19e0
[ 1169.415119][T16586]  __alloc_pages+0x1f0/0x460
[ 1169.419713][T16586]  alloc_slab_page+0x5d/0x160
[ 1169.424398][T16586]  new_slab+0x87/0x2d0
[ 1169.428474][T16586]  ___slab_alloc+0xc5d/0x12f0
[ 1169.433164][T16586]  kmem_cache_alloc_lru+0x1aa/0x2d0
[ 1169.438386][T16586]  jfs_alloc_inode+0x28/0x60
[ 1169.443007][T16586]  iget_locked+0x1ad/0x840
[ 1169.447436][T16586]  jfs_iget+0x24/0x440
[ 1169.451981][T16586]  jfs_fill_super+0x712/0xad0
[ 1169.456665][T16586]  mount_bdev+0x221/0x2d0
[ 1169.460995][T16586]  legacy_get_tree+0xea/0x180
[ 1169.465673][T16586]  vfs_get_tree+0x8c/0x280
[ 1169.470091][T16586]  do_new_mount+0x24b/0xa40
[ 1169.474595][T16586]  __se_sys_mount+0x2e7/0x3d0
[ 1169.479280][T16586] page last free stack trace:
[ 1169.483951][T16586]  free_unref_page_prepare+0x7b2/0x8c0
[ 1169.489769][T16586]  free_unref_page+0x32/0x2e0
[ 1169.494546][T16586]  __unfreeze_partials+0x1cf/0x210
[ 1169.499659][T16586]  put_cpu_partial+0x17c/0x250
[ 1169.504422][T16586]  __slab_free+0x319/0x400
[ 1169.508837][T16586]  qlist_free_all+0x75/0xd0
[ 1169.513345][T16586]  kasan_quarantine_reduce+0x143/0x160
[ 1169.518813][T16586]  __kasan_slab_alloc+0x22/0x80
[ 1169.523668][T16586]  slab_post_alloc_hook+0x6e/0x4b0
[ 1169.528793][T16586]  kmem_cache_alloc+0x11a/0x2d0
[ 1169.533656][T16586]  ptlock_alloc+0x20/0x70
[ 1169.537992][T16586]  pte_alloc_one+0xcc/0x530
[ 1169.542589][T16586]  __pte_alloc+0x22/0x2a0
[ 1169.546920][T16586]  copy_page_range+0x2d96/0x3670
[ 1169.551863][T16586]  copy_mm+0x11cb/0x1d50
[ 1169.556107][T16586]  copy_process+0x16f7/0x3d80
[ 1169.560830][T16586] 
[ 1169.563168][T16586] Memory state around the buggy address:
[ 1169.568804][T16586]  ffff888052c41100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1169.576877][T16586]  ffff888052c41180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1169.584971][T16586] >ffff888052c41200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1169.593037][T16586]                                                              ^
[ 1169.600748][T16586]  ffff888052c41280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1169.608812][T16586]  ffff888052c41300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1169.616870][T16586] ==================================================================
[ 1169.625033][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1169.661532][T16586] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1169.668798][T16586] CPU: 0 PID: 16586 Comm: syz.2.3186 Not tainted syzkaller #0
[ 1169.676288][T16586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[ 1169.686373][T16586] Call Trace:
[ 1169.689674][T16586]  <TASK>
[ 1169.692612][T16586]  dump_stack_lvl+0x18c/0x250
[ 1169.697315][T16586]  ? show_regs_print_info+0x20/0x20
[ 1169.702527][T16586]  ? load_image+0x400/0x400
[ 1169.707048][T16586]  panic+0x2dc/0x730
[ 1169.710951][T16586]  ? bpf_jit_dump+0xd0/0xd0
[ 1169.715463][T16586]  ? _raw_spin_unlock_irqrestore+0x111/0x120
[ 1169.721449][T16586]  ? _raw_spin_unlock+0x40/0x40
[ 1169.726391][T16586]  ? print_memory_metadata+0x314/0x400
[ 1169.731856][T16586]  ? dtSplitPage+0x1243/0x37d0
[ 1169.736624][T16586]  check_panic_on_warn+0x84/0xa0
[ 1169.741574][T16586]  ? dtSplitPage+0x1243/0x37d0
[ 1169.746347][T16586]  end_report+0x6f/0x130
[ 1169.750593][T16586]  kasan_report+0x128/0x150
[ 1169.755102][T16586]  ? dtSplitPage+0x1243/0x37d0
[ 1169.759880][T16586]  dtSplitPage+0x1243/0x37d0
[ 1169.764492][T16586]  ? dbAlloc+0x7b0/0xba0
[ 1169.768749][T16586]  dtInsert+0x1072/0x5de0
[ 1169.773090][T16586]  ? __lock_acquire+0x7d40/0x7d40
[ 1169.778118][T16586]  ? do_raw_spin_lock+0x11f/0x2c0
[ 1169.783159][T16586]  ? UniStrupr+0x2e0/0x2e0
[ 1169.787750][T16586]  ? txLock+0x1154/0x20b0
[ 1169.792177][T16586]  ? txEnd+0x520/0x520
[ 1169.796262][T16586]  jfs_create+0x734/0xac0
[ 1169.800604][T16586]  ? jfs_lookup+0x420/0x420
[ 1169.805112][T16586]  ? jfs_get_parent+0xb0/0xb0
[ 1169.809803][T16586]  ? make_vfsuid+0x51/0xb0
[ 1169.814227][T16586]  ? inode_permission+0xf3/0x480
[ 1169.819174][T16586]  ? bpf_lsm_inode_create+0x9/0x10
[ 1169.824343][T16586]  ? security_inode_create+0xb7/0x100
[ 1169.829814][T16586]  ? jfs_lookup+0x420/0x420
[ 1169.834326][T16586]  path_openat+0x12a0/0x3230
[ 1169.839028][T16586]  ? do_filp_open+0x430/0x430
[ 1169.843797][T16586]  ? __virt_addr_valid+0x18c/0x540
[ 1169.849003][T16586]  do_filp_open+0x1f5/0x430
[ 1169.853508][T16586]  ? vfs_tmpfile+0x490/0x490
[ 1169.858106][T16586]  ? _raw_spin_unlock+0x28/0x40
[ 1169.862968][T16586]  ? alloc_fd+0x58f/0x630
[ 1169.867307][T16586]  do_sys_openat2+0x134/0x1d0
[ 1169.871991][T16586]  ? do_sys_open+0xe0/0xe0
[ 1169.876410][T16586]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[ 1169.882402][T16586]  ? lock_chain_count+0x20/0x20
[ 1169.887257][T16586]  __x64_sys_openat+0x139/0x160
[ 1169.892120][T16586]  do_syscall_64+0x55/0xa0
[ 1169.896549][T16586]  ? clear_bhb_loop+0x40/0x90
[ 1169.901234][T16586]  ? clear_bhb_loop+0x40/0x90
[ 1169.905925][T16586]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1169.911906][T16586] RIP: 0033:0x7f8986f9c799
[ 1169.916325][T16586] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1169.935980][T16586] RSP: 002b:00007f8987e28028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1169.944484][T16586] RAX: ffffffffffffffda RBX: 00007f8987215fa0 RCX: 00007f8986f9c799
[ 1169.952460][T16586] RDX: 000000000000275a RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1169.960439][T16586] RBP: 00007f8987032c99 R08: 0000000000000000 R09: 0000000000000000
[ 1169.968411][T16586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1169.976391][T16586] R13: 00007f8987216038 R14: 00007f8987215fa0 R15: 00007ffe21374628
[ 1169.984369][T16586]  </TASK>
[ 1169.987785][T16586] Kernel Offset: disabled
[ 1169.992098][T16586] Rebooting in 86400 seconds..