last executing test programs:

1m17.803964568s ago: executing program 2 (id=558):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="580000000206030000000000000000000300000705000100070000000900020073797a31000000000c00078008001240000000050500050002000000050004000100000011000300686173683a69702c706f"], 0x58}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90)
sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20080)

1m17.530000603s ago: executing program 2 (id=560):
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
setresuid(0x0, 0xee00, 0x0)
bind$qrtr(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
r4 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r4, &(0x7f0000000100)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000000080))
ioctl$PPPOEIOCSFWD(r4, 0x4008b100, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0x0, 0x0, 0x54}, 0x9c)

1m16.38805976s ago: executing program 2 (id=561):
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000100)="5b1faec333b1bee91574963f28d8f7946a1a4145828fcdf08ee5f32ac4f674d09ddcce04499d938b36a98ee66f086cfe77a329c34083aad1bc9ecb69374fdaa4df48ce00ed142bfd3227cc5246cb494d71e560aa7cc26d91d1d335bef7a4e21455d789af41e3ea4f43c49a76c6c8e7f7b4629d12ed19340329c3e7c17ae829d8711262c4933d2eb5a8bd42945fd0fe1a1f7f46a5c95b237545244368f849f2b7ce1907c07bb31276a2b5655c135f7b732fb572f9b9e01c77322370f45d888744e5a9ffc423fd05702e81c369cdbc56154564bec25dbd35f0bab962183ccdd41cb89e86687add670223504297ea2f781622824ad3a9048fbe834fef9d8cbbdf80e83b26883e10ff8bd22b2e13c0a55b48a82fa0f0df078139540ad546f0762c11f438a1c95f2d4b1db086d4813ac986c85e7a1aee3268a0aab46537c36b954ce5af462d5c7fdf266c6d1635928137e05cae05c1131a0a7d2733d8232d4f9c9b7ad2268d66ba64f9220f13ec9cc3889fa63f1d2ae306c26896ea28687d02048138558ce6851479f57d53304aecd1637bea36f7d0e8b916d6f8f6ab39e7bba5b15c88d1e75e7b496403b2fce9659d1e6840284eab0a57a0c09b587c7e7e4decaad74baad5c84d61605d5be39fa66e0ac9fe77075a78fff28d06ed487055b50bd64ecc82c220ba513157be27b6f947ecebb8a6cf273de806018e0885fe4574e01a48d3e6a983741caf5eb17fc4a36b62ee17a0354e7ad663de57476f93c67cbaf896ac6b26a35498be25591f02d8e7e3ab8eea986b1e1495749e75838b03a8f12cbe14afe83004b3481288006992a809324da440c29ca737ada24e8afa0b7b995e3c7c5dc8f5c5d9f4939cca184c0547300695146b0ff687548808033db09338583d820d2173819a4e9e40780fd7856f02f9db7f4f2708bf4ab21c1f9a813cac085b3204f8bdfde4130820c3fd7fb205f32341e87c6320e9db36d6e7bae0098033be18b1fdecee41f0045ff2f3444734e35e39e9bcc2e282658a2142a5198f97e23b11daccedb52da735c42fddd026b426f6ce12288b7bdec6767b0290ae433aa3b9d1ad90a3f1fa7ca4436de212a5ef5449fd46df62649193e2812173222cf2a6d4c19ffa7277dbd30dd80ad86083d3d03efb6b2e83618a8978debb383fa6bc00642d7001e6fc7b9897eeb81b753221074f415f8291359471cb62789ef54e878a1a88cac800ada6c280ce7d9ebab0d6e1076b1c4ea7fc4612489e721008c33258243e37ddcb3d41a5050fdc84787a1a00b6b89dfc54dc21440204783b7b6dd154b13f08dbce062f2cb8c851b11bb91c08b660f41712c77a0c47e144f04d1b4d7fc649ce4f36c71a0cea49c2847d69a92773db429504af56d7da2dc76ff548c86c39ea206ed13bd800b9bb6b2e777d0a811832e1c385038b269ee0fd179875d810aec8b571a3d5e0e1797265682dcdab7bcb077db8e843b295d520c2ec2ffe4fc79ff3d30f2dc4c4eeeec621c8e22cf5f11edc1b17f96405e2c15549608e6c59229cc1bd8be9d592e148a095b5802b9175a63454ade9ecfe0aa01cedfd8f564d6adb35ebe2f7aee4f2234b271b09583d9f2a50d6449e648bfe09ef61441b74a96d8e7291c0a23fbb6b6b68a14bf8ec6ec042bdaa55f260b1df1a899bdf2d69a6d91566a1ce00072434cd036d0ae4849f1ff8f101a58306b4d27b42c35c2cb41758851428e9dcebbb0da812fa90f6944c5315dab5de45be1ca314ed877318b5c2e6a981fcb6169ffef518533c9ff5654bc148b83a477790868a1cd855ed6b238565b41c2b9fc06a17944661de7dc99d69fb52974419928db016b7612c4672ae0069937d056aa62a34b6f5c713063463e2ae0088b095f1af2a4f0f316c3b577a0f3103f9a809cc270b3aa7f1321986439350f0aee94807c79c095d4a3044f8bacf4b4754c4f79ee368a24d0efe00a37faa976721154d468841c77445bf4947fcff1161ca4a48bc7a3898d614c8c2c7ef44e868f9a115212cc9334a27a1e0f1b5ecd2edb3be90526df848ced3a410124f71f51a75e832039579f09645a163586c0fbaa8c3ba02532ac934a0f9e17d0d03961ec3a162cfe623fe04ac1b22035328ec71924cb8811b876322b3f071ffed33b6799f477d519338e400f9908eb70cc7b9fd015093084da7bd3e536d8a70a6882c3cc5a8343d663b765f768b512b98171d2f4520e77be1ac999a5f7ae6aaaf1bd57344d612091afd020fe3bc37094ffcd01b9820f781d1caafe30a7b60e4b861fc2764e4bc2e0d584daa1ba409cb8f5f544218a61f8d1de7a8157bc2b35e11a3359b52c40cad3b50793ec210fa2dfef346498a3b3042120b76308e950da1763dee1dee7ce244adc25dfaee1f75572f2111e1a925858aeab40e11d3dfdc210c822b92064260a77c50779864bcd134675fb94c2b0557dfe0e8879d3cbe61abbb950c3a0b7e085966de28d324013dfcf1b67024915561050fa18e6a6c4d661befc1e92f2e3da2aae2cc677eab4ed09e69940cccdf40157d59b76db104679a733cace6b2ef02f6160f0179388116cab625bee0b150ee92112922491f71701b47bfe46b320afbff2d3afe50ae88e7edfe6072027ff4418c29a918f21a62205b2d6e9abe18d4d2676f125755ccbc5f69cb083ec7b0448f837d9925ed940bf921d368f85aa6da5dbfb11acefd6077a708250c120dc918582fb2d76f076e06d6162e91e1a147d23bd022f13d5a8661fad1651b856ef1179786af6cb9fc04eb2039fc9ac271028f926e8c5186bd6c5c0423d4dcdbcd72e6cb39ff8be5f3c5a763bc74b411f6216e40539d6822affce2fb07a9a8baa76d0555c7c5d49f77fee7edc305eb369ed91e326b8331d9d5d9910d2d58d0db94d6e2edcef418da153652505fe2eedb8a2741c7731812d2a803f7a5cbf2df4c678e76a9044940d83619316293d7babcdda453b3bd78342827f53b94746f70ac56fd7ec27c1ab59e20049ffae7db3116eba1c671931f628d19ecaaf1d768f42897bf6868dbb516cf95a83946d00f53347b8d5879cdeab81084631f5d25baea8627a0c7c1d8a15eb4695dda5d52b840e285519f2a6249b0d97eeb2b3edf652b61fd3967c9bca2eda1206402c2de89c718add2d6d3c59407ba6318a9f4ecc85bef048aa8af208c74fa9c392e0f62357712762037f37975500524b6d5a190bb68fa5b815c9f8366a8de533e92f09c7ee696d895eae79a74873199651e5d44f227fd1747fea3bc553840eba9b86e2f3adafc6e9b1942944a45907379f22385c641a728b52c99a753009a6fe4c158518688ec86720d7e026b2869ab5a1a6f5f858d2ae06efab5b8cd1ac3929342a1b0643159db843b206d5ee71c1dcc526f9851703ee3cae2dbefecd7cf3f1d5344641315dbdb86c25f7eeab78f0817bf04fdf6ce34e6cb7bea8af70d012ff6d43ba5e59f55b8329bc6ef129faf63f144c85bb22a43617a932c540b62a2f4e10b876b4e00ea79d10ccf38cef9426ddcc46b8de7c88ec8f26259515fb9f54e6e12cac755c0b696dee768613b5a715b13e037356f4784dc8f7966a650e458742a8cecd0229c09422dbc2cc275a30365b5386356b8035588ef2c7096062d843585865859dfb499ffa7da6d300edcf6ac47addc420c16a86e55665342203038561addae9839d738c896f680370f76b09652dfc901f94130598bc8d443d60ba0689347dd744abc2c04fea16539eaa6ef9c24a170f98140c530bd7109158539fc526f1db251872cfa65259255f302bf80d336c31e37445f7c695130c6a9bfc2eda8397953dbb7b2abd8397f3963be1f34f66b8b49aa1591f55337f418e1a4b0c0b302eb2ca48dc915e527ec264cb6997c8e9ed2e2f0607798a9e239e7844f9e8feaa723957be01b431c216b2f44096f3e586ecc3785b2dbe8565da0c009bff0c4ce357033ef7551cdd67cbadbb0562a63439f686c52fc839a43a9f778cfaf16c467687717ed1dd0b0285ec3f2049dc0909cdf7a7220b4ceb923a856faf9a409782fdb571011ba1e8dc9a548dfc8932554ee2cbc6e69013433b9243679e6dfeecaee29437c47e8901ac543736249cb08a40686f08cd09c48d37302a25eba712a91985592d1aad47dae60490006545a16ad764593a278932e54b091be3aa9f49c2f64948f15a5c030e6ee77d03332d1296e48c2a9d9d869e2931ad3ee37067d82b2c8390c3baddc6e6d7a8e586277c9c1ce8c0672847d14cbade0c702db132485d89ae2e337f6053b521f6b41b8d23cdea6a6aaac208b4a14020f980bf526510b9f342daa711d2408941bf1248fd3a96f53b613fecce51ab9b2476aa80ee713f81e444e27d3bb53e6fd6b4f793047c8f184a02cd304feb5ac99a38ab81452be930fffafa942c7e16a65980a10b7365416648b10138c80593ffa1c430cee30aceb997f7b188d90060a76617551f8ee8ae3547f278c99354b3e1909f2b40969774f3e2a8cdf496b8435477b4e70d36c9767d7d94631d4ddc17deb03c79c432684936cc853f32cdc50cbf6eba612f54a1fa53381445e910ee7f08a72b64c130a3e71910190a01e239595e691bb382821ad6d1ed66aa906bceda19e2beb986ee8b0c6143da9b8c40ba90f30d2731cf6ded2a4580e5d011b7b5581a4a44f32eb78952987df20fd87d83ef5ed3b8ed16fb446", 0xcf3, 0xfffffffffffffffc)
socket$packet(0x11, 0x3, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f0000"], 0x48)
r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x4600, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000880)={0x0, 0x2, 0x1, [0x1, 0xeb5b, 0x6, 0x3, 0x100000000], [0x1, 0x3, 0x4, 0x2ca, 0x4, 0x200, 0x5, 0x5631, 0x7, 0x5, 0xfffffffffffffff7, 0xaf, 0x100000001, 0x7, 0x6e0, 0x86e, 0x2, 0x4, 0x1, 0x2, 0xfffffffffffffff7, 0x7c, 0x8, 0x4, 0x8000, 0x157b84ad, 0x0, 0xa, 0x80000001, 0x9, 0x3, 0xfffffffffffffff9, 0x5, 0x3, 0x1, 0x1, 0x1001, 0x1, 0x4, 0x3, 0x8, 0x7, 0xb, 0x3, 0x0, 0x9, 0x10000, 0x1000, 0x2, 0x8, 0x64, 0x280000000000, 0x1, 0x4, 0x7, 0xa, 0x3, 0x8, 0x2, 0x0, 0xa0000000000, 0xfffffffffffffff5, 0x7, 0x3, 0x176, 0x15f, 0x0, 0x5, 0x5, 0xfc72, 0x9, 0x7, 0x7, 0x2, 0x6, 0x81, 0x2, 0x4, 0x10000000100, 0x0, 0x9, 0x2ce1, 0x7f, 0x8, 0xeab5, 0xffffffffffffffff, 0xeffffffffffffffe, 0x6, 0x10001, 0x2b6, 0x1, 0x2e06ffea, 0x10001, 0xf2d5, 0xffffffffffffffff, 0x2b6b, 0x1, 0x4, 0x5ac, 0x7f95, 0x20000d13, 0x2c, 0x1ff, 0x1000, 0xd05, 0x1, 0x9e, 0x8000000000000000, 0x3, 0x0, 0x3, 0x5, 0xc, 0x6, 0x6281, 0x10, 0x7f, 0x7, 0x3, 0x3, 0x7]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}}, 0x20008000)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000280)={r2, 0x0, {0x0, 0x0, 0x0, 0x32, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0x3, 0x6]}})
ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_GET_TSC(0x43, 0x0)
sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0)

1m14.740727374s ago: executing program 2 (id=562):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000000)='./file0\x00', 0x2000898, &(0x7f00000003c0), 0x1, 0x55ae, &(0x7f000000abc0)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000400)={{{@in=@empty, @in=@empty}}, {{@in6=@ipv4={""/10, ""/2, @dev}}, 0x0, @in6=@mcast2}}, &(0x7f0000000640)=0xfffffffffffffcbd)
setrlimit(0x1, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff})
truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000)
add_key$keyring(&(0x7f0000000140), 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$set_reqkey_keyring(0xe, 0x1)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$getregset(0x4205, r1, 0x202, 0x0)
sendmsg$IPSET_CMD_ADD(r0, 0x0, 0x0)
open(&(0x7f0000000040)='./file1\x00', 0x66842, 0x21)
syz_emit_vhci(&(0x7f0000000380)=ANY=[@ANYBLOB="043e1a0f"], 0x1d)
r2 = open(&(0x7f0000000240)='./file1\x00', 0x14d142, 0x0)
sendfile(r2, r2, 0x0, 0x800000009)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x13, 0xe, &(0x7f0000000c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)

1m12.934832316s ago: executing program 2 (id=565):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x12, 0xf1, 0x3, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x800000, 0x43, 0x2000001, 0x0, 0x2004cb, 0x7, 0x1000000, 0x1000000068ff, 0x5, 0x9, 0x3], 0xffffffffffffffff, 0x202})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x1})
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000140)={[{0x7, 0x1, 0x2, 0x4, 0x2, 0x4, 0x8, 0x1, 0x7, 0x1, 0x4, 0x3, 0x3}, {0x80, 0x4966, 0xff, 0x0, 0x8, 0x8, 0x40, 0xd6, 0x4, 0x0, 0x2, 0x5, 0x5}, {0x94b5, 0x4, 0x0, 0xc, 0x9, 0x6, 0x1, 0x3, 0x4, 0x5, 0x4, 0x0, 0xa}], 0x3})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1m11.048385902s ago: executing program 2 (id=573):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
sendfile(r4, r3, 0x0, 0x7ffffffd)

1m9.587604584s ago: executing program 32 (id=573):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pipe2$watch_queue(&(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
sendfile(r4, r3, 0x0, 0x7ffffffd)

10.324394503s ago: executing program 4 (id=723):
socket(0x1, 0x5, 0x9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa0d, 0xffffffff}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r2, r2, 0x0, 0x2000fb)

9.42844985s ago: executing program 0 (id=726):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r0, 0x4b3a, 0x1)
ioctl$TCXONC(r0, 0x4b3a, 0x2)

8.98445559s ago: executing program 1 (id=729):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000001280)=ANY=[@ANYBLOB="12010003001f66088f0510660548020003010902120001049570810904008100ffffff02"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
writev(r1, &(0x7f0000000180)=[{&(0x7f0000000040)="e2", 0x1}], 0x1)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000400)={0x40, 0xe}, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x20, 0x83, 0x1, '\a'}, 0x0, 0x0})

8.354114221s ago: executing program 0 (id=730):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r0, &(0x7f00000006c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2}}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000001b80)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000740)="b3", 0x1}], 0x1, &(0x7f0000000640)=ANY=[], 0xf0}}], 0x1, 0x24004c41)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x80000001, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x7, 0x5, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x8, 0x8000100, 0x3, 0x0, 0x11000, 0x10000008, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x7, 0xf, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0xf7, 0x5, 0x2, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x0, 0x4, 0x100002, 0x8, 0x752, 0x9, 0x3, 0x0, 0x10001, 0x10000002, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x2, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0x8, 0x4, 0x4, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0x1fc, 0xc5c, 0xffffffff]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

8.160385642s ago: executing program 0 (id=731):
syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r0, &(0x7f0000000d00)=[{0x0}, {&(0x7f0000000900)="a0f1", 0x2}], 0x2)

8.031048106s ago: executing program 4 (id=732):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000800000034030000020000838500000073000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
geteuid()
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r6, 0x0, 0x0, 0x60010000, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004900010928bd700018dcdf250a00", @ANYRES32, @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0)

6.397189782s ago: executing program 4 (id=733):
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0xc)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/nfsfs\x00')
syz_usb_connect(0x4, 0x1b, &(0x7f0000000800)=ANY=[], 0x0)
socket$kcm(0xa, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet(r3, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
r4 = syz_io_uring_setup(0x10d2, &(0x7f0000000540)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f0000000600)=<r5=>0x0, &(0x7f00000005c0)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_SEND={0x1a, 0x31, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8054})
io_uring_enter(r4, 0x47bc, 0x0, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

5.459518292s ago: executing program 3 (id=736):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x4, 0x8, 0x101, 0x0, 0x0, {0xa}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x7fe2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x4000090)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
getrlimit(0x2, &(0x7f0000000040))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r3, 0x1, 0xffffff80, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xd, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, 0x0, 0x4000080)
preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x1a, 0x20f5)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x192}}, 0x20}}, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x6000001, 0x3032, 0xffffffffffffffff, 0x0)
fcntl$F_SET_RW_HINT(r7, 0x40c, 0x0)

5.123248264s ago: executing program 1 (id=737):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0500000004000000080000000c00000000000000", @ANYRES32, @ANYBLOB="0009df6187ea928a3385a8ba1400000000000000000000001d000000", @ANYRES32=0x0, @ANYRES32], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={&(0x7f0000000180)="484a1e9f0a296a1edda568735b175adba4a3682cabf4e8373bb7e7daf0dce87850ec769df0796230b08ed89fce6abe202dec401a3a8e7b87d7eaa3fda0984550f74589859ef7a5f516a584fa15cfcb2e45c1bb2c33905d9b03fec894fdb285c03c99a80e1e8f4a0401b76c6328d378f237ee3370dd0d60ffabbca116eb882e12e042b371f637108a6b2b", 0x0, &(0x7f00000003c0), 0x0, 0x1, r0}, 0x38)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="18"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000700)="ef16", 0x0}, 0x50)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000600)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e7", 0x9b}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5.053845059s ago: executing program 0 (id=738):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r0, 0x4b3a, 0x1)
ioctl$TCXONC(r0, 0x4b3a, 0x2)

4.832356544s ago: executing program 1 (id=739):
syz_usb_connect(0x5, 0x27, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000b75c7f40470501026411010203010902120001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000280)={&(0x7f0000000000)=[{0x5, 0xc810, 0x2, &(0x7f0000000180)="0010"}], 0x1})

4.703014557s ago: executing program 0 (id=740):
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, 0x0, 0x4000)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000002080)=""/102400, 0x19000)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000500)={'dt2814\x00', [0xddc, 0x4, 0x11000, 0x4, 0x5, 0x1, 0x4, 0x7, 0x54c6cfef, 0xfd, 0xe3c, 0x1, 0x1, 0x80001, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x5, 0x88, 0x0, 0x20001e58, 0x5, 0xe64, 0x3, 0x8, 0x80000003, 0x0, 0xfffffff8]})

4.432988653s ago: executing program 3 (id=741):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000800000034030000020000838500000073000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014800, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
geteuid()
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC(r4, 0x0, 0xcc, &(0x7f0000000140)={@multicast2, @multicast1, 0x0, "aaa517d60f2811d48c8a2cc60c4380bc23b510d442ff13482864280a9c0f4eb5", 0x0, 0xcc, 0xffffffff}, 0x3c)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r6, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10)
recvmmsg(r6, 0x0, 0x0, 0x60010000, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="540000004900010928bd700018dcdf250a00", @ANYRES32, @ANYBLOB="0000000014000100fe80000000000000000000000000001f14000100fe8000000000000000000000000000bb080002"], 0x54}}, 0x0)

2.856197741s ago: executing program 3 (id=742):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x1000)=nil)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0)
syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82)
mq_timedsend(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.570512479s ago: executing program 3 (id=743):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x10, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x4044844)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x80000000000, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4040040}, 0x20000010)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x100, 0x5, 0x2, 0x4002, 0x5, 0x37, 0xefffffffffffffff, 0x0, 0x0, 0x2000001, 0xfffffffface6e3cd, 0x40000000001c, 0x1, 0xffffffffffffffff, 0xfd]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.42427616s ago: executing program 4 (id=744):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc3c0000000c0a01010000000f000000000a0000060900020073797a31000000000900010073797a3100000000100003800c000080080003400000000214000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_BATCH(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002840)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELSETELEM={0x2c, 0xe, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x54}, 0x1, 0x0, 0x0, 0x8080}, 0x24008040)

1.231410331s ago: executing program 1 (id=745):
setresgid(0x0, 0xee01, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020}, 0x2020)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2200cd0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00')
read$FUSE(r1, &(0x7f0000002780)={0x2020}, 0x5ecfb203)

1.110992436s ago: executing program 3 (id=746):
syz_open_dev$ttys(0xc, 0x2, 0x0)
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000100)={0xfffe, 0xffff, 0x5, 0x4008, 0x11, "ad6f3b766fc20a78"})
write(r0, &(0x7f00000003c0)="23d67ac52e28660a9c89647b659e5233d5cc76216a6aac2c6255b8ad42280641d9c126cf0f37223d778ab49b8525c78a45198da9fc5658635ce61b7be01a5015e05bed690266adc387d4a9bcfc07640280866aa4b48b1627451eab2f1e051298cb31c88991e5efa5b49daa12dc64fa0a7cc37311dd5393d701547706fd2e7543287864bafa8ce6605ef9832dee63c77a487c125af2e8a4b4967c237ed9ba6f4df4f7d0aa8a3d9ff3e2b7ddb2646154f491ab5d0833", 0xb5)

1.048258013s ago: executing program 4 (id=747):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
sendmmsg$alg(r1, &(0x7f0000000c40)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000300)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f00000004c0)="33b6f982a62e715f3484fab4d07991a770bcae58c28945eaaeae058df5a923d651da3784c21428b02b2e1cc931d0822040fa6cda6079442f208f9488c0fa6e3a80c26b1d1b23fe4da5bf681446155a6994e346d2e844895b4eb1a6a14b6f0b6114", 0xffffff99}, {&(0x7f0000000600)="d09ef15703efa654edd387ed90d643beaf9b3aeb05160c5aaeafc5f20047d5c3966bd83fe1ea6ddf432db90b8d8cb2696edb962654f023f00790673e077e93713677b8672664a8fa91df9768f7b14e83a0b12ae1c4fa61fb8d3bbfc736b7ab83bc21ce66d122ce768d032f6690555f4420919edb6454bd0be2d36c9851a4e4c894ef9624e4973f2b3eb4e2a356b9af3c416676be5828c5c8ceeed81a978fd9c32d877ec94961df3203f2b7bafe86580c10d29ad805053e356bd960018a", 0xbd}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, {0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000002c0)="1914593fbe63c1c99bcbf2a2e1688c0ff2ee5b69", 0x14}, {&(0x7f00000006c0)="8d6500d3deb0317161b5e261a7f1e9dea247618f9703f844911f62e1d5ef48f42d25c5df86a12c2cb3d6678a34e724e3ab1620eaccf431a7b3233dd844f7f64b315280ab081a0adf7fe1e097111217fc5b32a93de5000e99be1f6930ec7f4400a24c04303d1b4a44569bfe6763fa541e3ba6f0b4ab128aca96995a3a8f1bc07e30add8ba2bdfe022", 0x88}], 0x2, &(0x7f0000000780)=ANY=[@ANYBLOB="e8000000000000001701000002000000cf00000062783c54cdc47da6cdb7f03d8cab5abe1a2c7fba3106730d09833a5f362901e8998d1bdb7b17d2231b63942a4e156500be1246b02efe051a238dc81ee8438f6b2ff7e93b21ff348844f5e5a67df0de01ec340585f874125320137c0bd3c5ea253f30729a229af1f07def7e9c5681f97cb16eb40f0447708b51899084186b7ef0e9431a107bf991abef4bbe24aa287d12171617a1748f0d13a7951392b8c8bd22c7d29d83480a7d720f738e8b2e22d5d6adb8656c6be7f8d4c74b19e9be637735447ed3b0d157c47581a13a9ca3cadaee1b605a000000000018000000000000001701000004000001070000000000000018000000000000001701000003000000000000000000000018000000000000001701000004000000070000000000000018000000000000001701000004000000800000000000000018000000000000001701000004000000e50a0000000000004000000000000000170100000200000025000000bd2dfdf3a35167789d1e86eb11d3da70196a98ded037398fd10a44e4483892f9e41494aeae000000000000000000000000000000170100000200000000000000a1525e4edb3ed20038351cbec9986b7f1548bae5344672d70bc4d90e089d8633b56f8225904f42e78f6230ee768d387680c1bf7e20c820e147bd8f79440392b7eefd4c5864e0f2a352fd407542c5ea9c24721e1a50f1c8fbc4e8483928334ef4890430eaf0a72d1e68b1d11113c773cd53225e60024023b723f721683d79a8533a6cd2b3b7eb0862c4f44eb51800000000000000170100000300000000000000000000003000000000000000000000e186f696fd1013a29e3da8955ad005d353361442a1000000000000000000000000000000008fb8960464426840b10d787ac586579c9c4d60a3e27a71ecb0b4143f970ce5ea4801a1a383fdd533c730259c405cb1e2b4ffc4de079c810c2900010eed1e00d253c25b74fc946869b75397a8c5fd9a26c45f9d327d5c577dfba562a6919210a820089b4245840b2c1eecd2865bc9f030fb50d8cdb6e494486e97a2c075809c"], 0x200, 0x4044044}, {0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000440)="eeec18b7a2f22103ffd1f9150c0e463d450dc5a4615dc8d05e03e6e8a4246acfedd42008bf0732311cbca46040ac3ba8b9f3d42acd5c6f364ce65a", 0x3b}], 0x1, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000000017010000040000000900000000005000000000000000170100000200000038000000ad9d57ae1a34cd169d6fad8561a7ecad9a52c724a11e24510fc61cfeb3470c372d2eff433cea2fec76c92d3482c3c6692d8275cd566690ad000000001800000000000000170100000300000000000000000000004001000000000000170100000200000028010000526b0e047fbc4fc252eaaa51f7070028035fd68fb6a92539435a12fdd225925548abd17a81e91752f591a67510f95fed70277e530a0b2df40e11706c22ec31fa53c1633bdd18cae8d5f81a9cdbf6cbe2071e0bc29a15a0f8da17b970b2a255f66034ee2b8d5279aebd84430400f736cc8877f63cf74b1ea57afcffff685b654790d2808056973ed5942a0b1eff9f9a579ff973f5ea72daa97da16b68e3673a015aba3a67d562dcf23d9c0d49fad7dc7a393c5930587e7134f5223a8d448c9eea6096d5daee0474879430adc1c28c5261a66ccbc39669576bb8e4cf5ebe4b2bd49a4edd6323179758dd152f4467c2de203fa6d1221b0c0d11e37a6e3a2b484bc9c07b9f91f394da7fe4bea5dcabafc0e4add1cfb250702f606ded8df35eff331aedfd9aacc8b7656d0000000018000000000000001701000004000000ed0e000000000000"], 0x1d8, 0x4000010}, {0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000ac0)="e57b2098eebbf00e85c066cd616ac4c7f7aad46ad25398631c11a50d045d08af9c20922a4d95b0e6f376a6acf9baffa30229d37793c31505429b9aeb02ebbce4a2", 0x41}], 0x1, &(0x7f0000000b40)=ANY=[@ANYBLOB="1800000000000000170100000300000000000000000000001800000000000000170100000400000007000800000000000000000000000000170100000400000001000000000000000000000000170100000200000065000000433075e40e764ff78e98d6e2fd28ab1e7de0926b29692837e244860a37ed45eef4be3fa9abbd4b13ca0aac110785fc948b1797d3fda90bbe4fc93ce397e33566a5f1637eabb82231e64719d3529d653ab937022831b3a638704fe05ac900800000000000000000"], 0xc8, 0x7a4e64b47bb0bd6a}], 0x4, 0x0)
syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102384, 0x18ff0)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x1f}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0xf5000000}, 0x0)

936.89013ms ago: executing program 1 (id=748):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02"], 0x48)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000d4e97f49b5b754baebaea54b76", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0xb, 0x5, 0x3fd, 0x9, 0x1}, 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0xfcf0, &(0x7f0000000340)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x7, 0x6, "45208e", 0x18, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, {[], @mld={0x84, 0x0, 0x0, 0x8, 0x1, @empty}}}}}}, 0x0)

321.555605ms ago: executing program 3 (id=749):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x4, 0x8, 0x101, 0x0, 0x0, {0xa}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x7fe2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4800}, 0x4000090)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
getrlimit(0x2, &(0x7f0000000040))
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r2)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r3, 0x1, 0xffffff80, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x24}}, 0x0)
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(0x0, 0xd, 0x0, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, 0x0, 0x4000080)
preadv(0xffffffffffffffff, &(0x7f0000000480)=[{&(0x7f0000000500)=""/212, 0xd4}], 0x1, 0x1a, 0x20f5)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r9, 0x192}}, 0x20}}, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
mprotect(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x6000001, 0x3032, 0xffffffffffffffff, 0x0)
fcntl$F_SET_RW_HINT(r7, 0x40c, 0x0)

224.488125ms ago: executing program 0 (id=750):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r5 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
keyctl$setperm(0x5, r5, 0x82004)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000080)="13", 0x1, 0xfffffffffffffffd)
keyctl$read(0xb, r5, &(0x7f0000000240)=""/112, 0x349b7f55)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
r6 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x20000)
ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r6, 0x40146f2c, &(0x7f0000000040)={0x4, 0x0, 0x0, 0xb, 0x4})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x5, @loopback}, 0x1c)
ioctl$SIOCGIFHWADDR(0xffffffffffffffff, 0x8927, &(0x7f00000001c0)={'dummy0\x00'})
sendto$inet6(r0, &(0x7f0000000180)="9a", 0x1, 0x800, &(0x7f0000000480)={0xa, 0x4e23, 0x20000000, @loopback}, 0x1c)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0)
ioctl$RTC_WKALM_SET(r7, 0x4028700f, &(0x7f0000000e40)={0x1, 0x0, {0x36, 0x33, 0x6, 0xd, 0x7, 0x400, 0x5, 0x3e}})
syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82)

75.873995ms ago: executing program 1 (id=751):
openat$ptp0(0xffffffffffffff9c, 0x0, 0xc0542, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00040000009a00000001"], 0x48)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffd000/0x1000)=nil)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$BLKPBSZGET(0xffffffffffffffff, 0x127b, 0x0)
syz_open_dev$dvb_frontend(&(0x7f00000003c0), 0x0, 0xe82)
mq_timedsend(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0xff00000000000000, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

0s ago: executing program 4 (id=752):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=@newlink={0x38, 0x10, 0x401, 0x5, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc33}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_ROLE={0x8, 0x4, 0x2}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000000)

kernel console output (not intermixed with test programs):

promiscuous mode
[   74.963816][ T5772] veth1_macvtap: entered promiscuous mode
[   74.976476][ T5785] Bluetooth: hci2: command tx timeout
[   74.980794][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.011538][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0
[   75.023675][ T5771] veth0_vlan: entered promiscuous mode
[   75.063568][ T5771] veth1_vlan: entered promiscuous mode
[   75.082602][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.109313][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.133590][ T5772] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.148184][ T5772] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.157670][ T5772] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.167904][ T5772] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.263611][ T5771] veth0_macvtap: entered promiscuous mode
[   75.299197][ T5773] veth0_vlan: entered promiscuous mode
[   75.312266][ T5771] veth1_macvtap: entered promiscuous mode
[   75.351519][ T5773] veth1_vlan: entered promiscuous mode
[   75.402376][ T5770] veth0_vlan: entered promiscuous mode
[   75.420469][  T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.444577][  T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.471719][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   75.484101][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.496494][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.514343][ T5773] veth0_macvtap: entered promiscuous mode
[   75.534063][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.546014][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.559587][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.571639][ T5771] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.580649][ T5771] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.590079][ T5771] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.600067][ T5771] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   75.624610][ T5773] veth1_macvtap: entered promiscuous mode
[   75.641915][ T5770] veth1_vlan: entered promiscuous mode
[   75.651896][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   75.682377][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   75.700467][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   75.712512][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.722525][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   75.735355][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.754054][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0
[   75.799873][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.820131][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.833087][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   75.847010][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   75.861519][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1
[   75.927773][ T5773] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   75.937977][ T5773] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   75.948097][ T5773] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   75.962911][ T5773] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.008261][ T5770] veth0_macvtap: entered promiscuous mode
[   76.028053][ T5770] veth1_macvtap: entered promiscuous mode
[   76.049392][   T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.068595][   T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.143908][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.165877][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.178299][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.190040][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.190186][ T5837] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   76.201320][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   76.201382][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.203206][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0
[   76.301678][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.305872][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.315105][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.339963][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.345880][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.365620][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.376246][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   76.387117][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   76.399550][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1
[   76.430654][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   76.452724][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   76.464423][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   76.475235][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   76.578311][ T3579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.608803][ T3579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.819917][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.849343][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.876619][  T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.895249][ T5843] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.6' sets config #1
[   76.910273][  T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.967397][  T143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   76.981506][  T143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   76.987600][ T5785] Bluetooth: hci3: command tx timeout
[   76.990820][ T5781] Bluetooth: hci0: command tx timeout
[   76.996031][ T5785] Bluetooth: hci1: command tx timeout
[   77.057570][ T5785] Bluetooth: hci2: command tx timeout
[   77.105639][ T5845] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1'.
[   77.361985][ T5855] process 'syz.2.7' launched './file0' with NULL argv: empty string added
[   79.058111][ T5781] Bluetooth: hci3: command tx timeout
[   79.064174][ T5785] Bluetooth: hci0: command tx timeout
[   79.145271][ T5785] Bluetooth: hci2: command tx timeout
[   79.768774][ T5860] Zero length message leads to an empty skb
[   79.838807][ T5876] netlink: 'syz.3.15': attribute type 4 has an invalid length.
[   80.187728][ T3477] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.797995][ T3477] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.925940][ T5833] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   81.395195][ T5833] usb 4-1: Using ep0 maxpacket: 16
[   81.451779][ T5833] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[   81.476621][ T3477] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.519104][ T5833] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   81.573640][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.732700][ T3477] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.804952][ T5833] usb 4-1: Product: syz
[   81.809350][ T5833] usb 4-1: Manufacturer: syz
[   81.814847][ T5833] usb 4-1: SerialNumber: syz
[   81.830487][ T5833] usb 4-1: config 0 descriptor??
[   81.849349][ T5833] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   81.862482][ T5833] em28xx 4-1:0.0: DVB interface 0 found: bulk
[   82.004018][ T5914] netlink: 8 bytes leftover after parsing attributes in process `syz.1.24'.
[   82.611982][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   82.622415][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   82.645171][ T5781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   82.664380][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   82.672824][ T5781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   82.681483][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   82.842358][ T5833] em28xx 4-1:0.0: chip ID is em2765
[   83.466819][ T5833] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   83.487937][ T5833] em28xx 4-1:0.0: board has no eeprom
[   83.700074][ T5938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.27'.
[   83.785157][ T5833] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[   83.832891][ T5833] em28xx 4-1:0.0: dvb set to bulk mode.
[   83.863545][ T5883] em28xx 4-1:0.0: Binding DVB extension
[   83.900637][ T5833] usb 4-1: USB disconnect, device number 2
[   83.911280][ T5833] em28xx 4-1:0.0: Disconnecting em28xx
[   83.982759][ T5915] chnl_net:caif_netlink_parms(): no params data found
[   84.046264][ T5883] em28xx 4-1:0.0: Registering input extension
[   84.063385][ T5833] em28xx 4-1:0.0: Closing input extension
[   84.118021][ T5833] em28xx 4-1:0.0: Freeing device
[   84.125114][ T5832] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   84.396440][ T5832] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[   84.553359][ T5915] bridge0: port 1(bridge_slave_0) entered blocking state
[   84.582880][ T5915] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.605319][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.613545][ T5915] bridge_slave_0: entered allmulticast mode
[   84.615588][ T5832] usb 2-1: Product: syz
[   84.625631][ T5832] usb 2-1: Manufacturer: syz
[   84.630505][ T5832] usb 2-1: SerialNumber: syz
[   84.654702][ T5915] bridge_slave_0: entered promiscuous mode
[   84.788394][ T5957] syz.3.31[5957]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   84.843230][ T5957] loop3: detected capacity change from 0 to 128
[   84.936597][ T5785] Bluetooth: hci1: command tx timeout
[   84.969797][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71
[   85.287164][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71
[   85.329147][ T5956] syz.3.31: attempt to access beyond end of device
[   85.329147][ T5956] loop3: rw=1, sector=145, nr_sectors = 65 limit=128
[   85.372923][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71
[   85.387183][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[   85.400432][ T5915] bridge0: port 2(bridge_slave_1) entered blocking state
[   85.417747][ T5915] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.420428][ T5832] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[   85.434311][ T5915] bridge_slave_1: entered allmulticast mode
[   85.459300][ T5832] lan78xx: probe of 2-1:1.0 failed with error -71
[   85.501798][ T5832] usb 2-1: USB disconnect, device number 2
[   85.595142][ T5915] bridge_slave_1: entered promiscuous mode
[   86.628145][ T5915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   86.649664][ T5915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   86.975172][ T5785] Bluetooth: hci1: command tx timeout
[   87.080454][ T5915] team0: Port device team_slave_0 added
[   87.122108][ T5915] team0: Port device team_slave_1 added
[   87.333371][    T8] cfg80211: failed to load regulatory.db
[   87.773676][ T3477] hsr_slave_0: left promiscuous mode
[   87.799847][ T3477] hsr_slave_1: left promiscuous mode
[   87.841997][ T3477] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.851090][ T3477] batman_adv: batadv0: Removing interface: batadv_slave_0
[   87.865659][ T3477] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.884630][ T3477] batman_adv: batadv0: Removing interface: batadv_slave_1
[   87.895086][ T3477] bridge_slave_1: left allmulticast mode
[   87.901442][ T3477] bridge_slave_1: left promiscuous mode
[   87.909488][ T3477] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.929283][ T3477] bridge_slave_0: left allmulticast mode
[   87.936089][ T3477] bridge_slave_0: left promiscuous mode
[   87.942562][ T3477] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.985490][ T3477] veth1_macvtap: left promiscuous mode
[   87.995204][ T3477] veth0_macvtap: left promiscuous mode
[   88.001586][ T3477] veth1_vlan: left promiscuous mode
[   88.035244][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   88.043869][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   88.091430][ T3477] veth0_vlan: left promiscuous mode
[   88.295344][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   88.435198][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   89.065227][ T5785] Bluetooth: hci1: command tx timeout
[   89.899059][ T3477] team0 (unregistering): Port device team_slave_1 removed
[   90.043446][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[   90.055713][ T5785] CPU: 0 PID: 5785 Comm: kworker/u5:7 Not tainted syzkaller #0
[   90.064082][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   90.074965][ T5785] Workqueue: hci3 hci_rx_work
[   90.080236][ T5785] Call Trace:
[   90.083894][ T5785]  <TASK>
[   90.087035][ T5785]  dump_stack_lvl+0x18c/0x250
[   90.092132][ T5785]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[   90.098436][ T5785]  ? show_regs_print_info+0x20/0x20
[   90.104132][ T5785]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[   90.110533][ T5785]  sysfs_create_dir_ns+0x26e/0x2a0
[   90.116430][ T5785]  ? sysfs_warn_dup+0xa0/0xa0
[   90.121327][ T5785]  ? do_raw_spin_unlock+0x121/0x230
[   90.126842][ T5785]  kobject_add_internal+0x61c/0xcc0
[   90.132677][ T5785]  kobject_add+0x164/0x240
[   90.138217][ T5785]  ? kobject_init+0x1e0/0x1e0
[   90.143289][ T5785]  ? _raw_spin_unlock+0x3a/0x40
[   90.148458][ T5785]  ? get_device_parent+0x366/0x390
[   90.154036][ T5785]  device_add+0x408/0xc20
[   90.158529][ T5785]  hci_conn_add_sysfs+0xd5/0x1e0
[   90.163916][ T5785]  le_conn_complete_evt+0xf5d/0x1540
[   90.169732][ T5785]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[   90.176132][ T5785]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[   90.182796][ T5785]  ? lockdep_hardirqs_on+0x98/0x150
[   90.189812][ T5785]  ? skb_pull_data+0xfb/0x200
[   90.197355][ T5785]  hci_le_conn_complete_evt+0x187/0x440
[   90.205566][ T5785]  ? hci_remote_host_features_evt+0x150/0x150
[   90.212937][ T5785]  hci_event_packet+0x7ba/0x1270
[   90.219350][ T5785]  ? bis_list+0x290/0x290
[   90.224675][ T5785]  ? kcov_remote_start+0x2b/0x7e0
[   90.230968][ T5785]  ? hci_send_to_monitor+0xd7/0x4f0
[   90.236840][ T5785]  hci_rx_work+0x43a/0xd60
[   90.242460][ T5785]  ? process_scheduled_works+0x96f/0x15d0
[   90.248794][ T5785]  process_scheduled_works+0xa5d/0x15d0
[   90.255113][ T5785]  ? assign_work+0x430/0x430
[   90.260206][ T5785]  ? assign_work+0x3d0/0x430
[   90.265190][ T5785]  worker_thread+0xa55/0xfc0
[   90.270104][ T5785]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[   90.276664][ T5785]  ? _raw_spin_unlock+0x40/0x40
[   90.281567][ T5785]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[   90.287882][ T5785]  kthread+0x2fa/0x390
[   90.292169][ T5785]  ? pr_cont_work+0x560/0x560
[   90.297407][ T5785]  ? kthread_blkcg+0xd0/0xd0
[   90.302104][ T5785]  ret_from_fork+0x48/0x80
[   90.306808][ T5785]  ? kthread_blkcg+0xd0/0xd0
[   90.312034][ T5785]  ret_from_fork_asm+0x11/0x20
[   90.318025][ T5785]  </TASK>
[   90.329125][ T5785] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   90.345658][ T5785] Bluetooth: hci3: failed to register connection device
[   90.401823][ T3477] team0 (unregistering): Port device team_slave_0 removed
[   90.452488][ T3477] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   90.552038][ T3477] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   91.242264][ T5781] Bluetooth: hci1: command tx timeout
[   91.921646][ T3477] bond0 (unregistering): Released all slaves
[   92.214308][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_0
[   92.275125][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.324123][ T5915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   92.343003][ T5915] batman_adv: batadv0: Adding interface: batadv_slave_1
[   92.361070][ T5915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   92.397061][ T5915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   92.597307][ T5915] hsr_slave_0: entered promiscuous mode
[   92.622207][ T5915] hsr_slave_1: entered promiscuous mode
[   93.380671][ T6044] ALSA: mixer_oss: invalid OSS volume '½Ë'
[   93.400295][ T6044] ipvlan4: entered promiscuous mode
[   93.407727][ T6044] bridge0: port 3(ipvlan4) entered blocking state
[   93.414479][ T6044] bridge0: port 3(ipvlan4) entered disabled state
[   93.421935][ T6044] ipvlan4: entered allmulticast mode
[   93.427961][ T6044] bridge0: entered allmulticast mode
[   93.434797][ T6044] ipvlan4: left allmulticast mode
[   93.439997][ T6044] bridge0: left allmulticast mode
[   93.448085][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.196668][ T5915] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   95.223537][ T5915] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   95.260502][ T5915] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   95.290608][ T5915] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   95.461538][ T5915] 8021q: adding VLAN 0 to HW filter on device bond0
[   95.513222][ T5915] 8021q: adding VLAN 0 to HW filter on device team0
[   95.529917][ T3464] bridge0: port 1(bridge_slave_0) entered blocking state
[   95.539350][ T3464] bridge0: port 1(bridge_slave_0) entered forwarding state
[   95.734341][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[   95.746087][ T5785] CPU: 0 PID: 5785 Comm: kworker/u5:7 Not tainted syzkaller #0
[   95.754222][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[   95.765622][ T5785] Workqueue: hci0 hci_rx_work
[   95.770612][ T5785] Call Trace:
[   95.774283][ T5785]  <TASK>
[   95.777540][ T5785]  dump_stack_lvl+0x18c/0x250
[   95.783307][ T5785]  ? show_regs_print_info+0x20/0x20
[   95.789317][ T5785]  ? load_image+0x400/0x400
[   95.794797][ T5785]  sysfs_create_dir_ns+0x26e/0x2a0
[   95.801390][ T5785]  ? sysfs_warn_dup+0xa0/0xa0
[   95.807103][ T5785]  ? do_raw_spin_unlock+0x121/0x230
[   95.813130][ T5785]  kobject_add_internal+0x61c/0xcc0
[   95.818539][ T5785]  kobject_add+0x164/0x240
[   95.823773][ T5785]  ? kobject_init+0x1e0/0x1e0
[   95.829449][ T5785]  ? _raw_spin_unlock+0x3a/0x40
[   95.835408][ T5785]  ? get_device_parent+0x366/0x390
[   95.842691][ T5785]  device_add+0x408/0xc20
[   95.850576][ T5785]  hci_conn_add_sysfs+0xd5/0x1e0
[   95.857789][ T5785]  le_conn_complete_evt+0xf5d/0x1540
[   95.864700][ T5785]  ? hci_event_packet+0x4cb/0x1270
[   95.870673][ T5785]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[   95.877763][ T5785]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[   95.885454][ T5785]  ? skb_pull_data+0xfb/0x200
[   95.891197][ T5785]  hci_le_conn_complete_evt+0x187/0x440
[   95.897055][ T5785]  ? hci_remote_host_features_evt+0x150/0x150
[   95.903579][ T5785]  hci_event_packet+0x7ba/0x1270
[   95.908999][ T5785]  ? bis_list+0x290/0x290
[   95.914312][ T5785]  ? kcov_remote_start+0x2b/0x7e0
[   95.920695][ T5785]  ? hci_send_to_monitor+0xd7/0x4f0
[   95.926303][ T5785]  hci_rx_work+0x43a/0xd60
[   95.932716][ T5785]  ? process_scheduled_works+0x96f/0x15d0
[   95.939541][ T5785]  process_scheduled_works+0xa5d/0x15d0
[   95.946545][ T5785]  ? assign_work+0x430/0x430
[   95.952227][ T5785]  ? assign_work+0x3d0/0x430
[   95.957681][ T5785]  worker_thread+0xa55/0xfc0
[   95.962861][ T5785]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[   95.970305][ T5785]  ? _raw_spin_unlock+0x40/0x40
[   95.975808][ T5785]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[   95.982131][ T5785]  kthread+0x2fa/0x390
[   95.986240][ T5785]  ? pr_cont_work+0x560/0x560
[   95.991338][ T5785]  ? kthread_blkcg+0xd0/0xd0
[   95.996054][ T5785]  ret_from_fork+0x48/0x80
[   95.998685][ T5915] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   96.000762][ T5785]  ? kthread_blkcg+0xd0/0xd0
[   96.017198][ T5785]  ret_from_fork_asm+0x11/0x20
[   96.022389][ T5785]  </TASK>
[   96.032425][ T5785] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   96.049062][ T5785] Bluetooth: hci0: failed to register connection device
[   96.072890][ T5915] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   96.119931][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.127622][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.338869][ T6088] loop0: detected capacity change from 0 to 128
[   96.575335][ T5781] Bluetooth: hci3: command 0x0406 tx timeout
[   96.666044][ T6088] syz.0.59: attempt to access beyond end of device
[   96.666044][ T6088] loop0: rw=2049, sector=145, nr_sectors = 200 limit=128
[   96.775848][ T6088] syz.0.59: attempt to access beyond end of device
[   96.775848][ T6088] loop0: rw=524288, sector=145, nr_sectors = 200 limit=128
[   96.836725][ T6088] syz.0.59: attempt to access beyond end of device
[   96.836725][ T6088] loop0: rw=0, sector=145, nr_sectors = 8 limit=128
[   96.884682][ T6088] syz.0.59: attempt to access beyond end of device
[   96.884682][ T6088] loop0: rw=0, sector=145, nr_sectors = 8 limit=128
[   96.906188][ T5915] 8021q: adding VLAN 0 to HW filter on device batadv0
[   96.932389][ T6088] syz.0.59: attempt to access beyond end of device
[   96.932389][ T6088] loop0: rw=0, sector=145, nr_sectors = 8 limit=128
[   96.976731][ T6088] syz.0.59: attempt to access beyond end of device
[   96.976731][ T6088] loop0: rw=0, sector=145, nr_sectors = 8 limit=128
[   97.018372][ T6088] syz.0.59: attempt to access beyond end of device
[   97.018372][ T6088] loop0: rw=0, sector=145, nr_sectors = 8 limit=128
[   97.064290][ T6088] syz.0.59: attempt to access beyond end of device
[   97.064290][ T6088] loop0: rw=0, sector=145, nr_sectors = 8 limit=128
[   97.064455][ T5915] veth0_vlan: entered promiscuous mode
[   97.154095][ T5915] veth1_vlan: entered promiscuous mode
[   97.298490][ T5915] veth0_macvtap: entered promiscuous mode
[   97.343813][ T5915] veth1_macvtap: entered promiscuous mode
[   97.440468][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.460787][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.472619][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.503968][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.543218][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.581333][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.594958][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.606732][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.618623][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.629365][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.640859][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.651580][ T5915] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.770641][ T5915] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.961680][ T5915] batman_adv: batadv0: Interface activated: batadv_slave_1
[   98.348011][ T5915] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   98.419446][ T5915] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   98.481635][ T5915] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   98.523238][ T5915] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.097290][ T6134] loop1: detected capacity change from 0 to 128
[   99.344571][ T6134] syz.1.67: attempt to access beyond end of device
[   99.344571][ T6134] loop1: rw=1, sector=145, nr_sectors = 65 limit=128
[   99.788684][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.806840][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.979107][ T3477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.037542][ T3477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.453854][ T5781] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection
[  101.358491][ T6160] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  101.416022][ T6160] batadv_slave_0: entered promiscuous mode
[  102.295024][ T5779] Bluetooth: hci0: command 0x0406 tx timeout
[  103.035226][ T6188] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  103.055285][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.073977][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  103.385381][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.623032][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  103.655225][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  104.570003][ T5779] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  104.588021][ T5779] CPU: 1 PID: 5779 Comm: kworker/u5:2 Not tainted syzkaller #0
[  104.598015][ T5779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  104.614527][ T5779] Workqueue: hci1 hci_rx_work
[  104.619925][ T5779] Call Trace:
[  104.624118][ T5779]  <TASK>
[  104.627808][ T5779]  dump_stack_lvl+0x18c/0x250
[  104.634556][ T5779]  ? show_regs_print_info+0x20/0x20
[  104.642079][ T5779]  ? dump_stack+0x9/0x20
[  104.648044][ T5779]  ? dump_stack_lvl+0x10/0x250
[  104.655876][ T5779]  sysfs_create_dir_ns+0x26e/0x2a0
[  104.663659][ T5779]  ? sysfs_warn_dup+0xa0/0xa0
[  104.669499][ T5779]  ? do_raw_spin_unlock+0x121/0x230
[  104.676470][ T5779]  kobject_add_internal+0x61c/0xcc0
[  104.684809][ T5779]  kobject_add+0x164/0x240
[  104.690733][ T5779]  ? kobject_init+0x1e0/0x1e0
[  104.697212][ T5779]  ? _raw_spin_unlock+0x3a/0x40
[  104.704056][ T5779]  ? get_device_parent+0x366/0x390
[  104.711061][ T5779]  device_add+0x408/0xc20
[  104.719267][ T5779]  hci_conn_add_sysfs+0xd5/0x1e0
[  104.725287][ T5779]  le_conn_complete_evt+0xf5d/0x1540
[  104.731306][ T5779]  ? hci_event_packet+0x4cb/0x1270
[  104.737362][ T5779]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  104.744907][ T5779]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  104.751776][ T5779]  ? skb_pull_data+0xfb/0x200
[  104.756782][ T5779]  hci_le_conn_complete_evt+0x187/0x440
[  104.764886][ T5779]  ? hci_remote_host_features_evt+0x150/0x150
[  104.772863][ T5779]  hci_event_packet+0x7ba/0x1270
[  104.778936][ T5779]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  104.786591][ T5779]  ? bis_list+0x290/0x290
[  104.791628][ T5779]  ? hci_send_to_monitor+0xd7/0x4f0
[  104.797600][ T5779]  hci_rx_work+0x43a/0xd60
[  104.804016][ T5779]  ? process_scheduled_works+0x96f/0x15d0
[  104.812680][ T5779]  process_scheduled_works+0xa5d/0x15d0
[  104.823161][ T5779]  ? assign_work+0x430/0x430
[  104.830425][ T5779]  ? assign_work+0x3d0/0x430
[  104.839498][ T5779]  worker_thread+0xa55/0xfc0
[  104.847613][ T5779]  kthread+0x2fa/0x390
[  104.855875][ T5779]  ? pr_cont_work+0x560/0x560
[  104.862057][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  104.869274][ T5779]  ret_from_fork+0x48/0x80
[  104.875314][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  104.884441][ T5779]  ret_from_fork_asm+0x11/0x20
[  104.891626][ T5779]  </TASK>
[  104.908369][ T5779] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  104.933360][ T5779] Bluetooth: hci1: failed to register connection device
[  105.258505][ T6216] Dead loop on virtual device ip6_vti0, fix it urgently!
[  105.793942][ T6233] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.906259][ T6233] batadv_slave_0: entered promiscuous mode
[  107.923814][ T5779] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection
[  110.297357][ T6280] loop3: detected capacity change from 0 to 128
[  110.467749][ T6283] syz.3.98: attempt to access beyond end of device
[  110.467749][ T6283] loop3: rw=2049, sector=145, nr_sectors = 272 limit=128
[  110.653383][ T6280] syz.3.98: attempt to access beyond end of device
[  110.653383][ T6280] loop3: rw=524288, sector=145, nr_sectors = 224 limit=128
[  110.677126][ T6280] syz.3.98: attempt to access beyond end of device
[  110.677126][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  110.697194][ T6280] syz.3.98: attempt to access beyond end of device
[  110.697194][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  110.717088][ T6280] syz.3.98: attempt to access beyond end of device
[  110.717088][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  110.734218][ T6280] syz.3.98: attempt to access beyond end of device
[  110.734218][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  110.760818][ T6280] syz.3.98: attempt to access beyond end of device
[  110.760818][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  110.781095][ T6280] syz.3.98: attempt to access beyond end of device
[  110.781095][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  110.800544][ T6280] syz.3.98: attempt to access beyond end of device
[  110.800544][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  110.821425][ T6280] syz.3.98: attempt to access beyond end of device
[  110.821425][ T6280] loop3: rw=0, sector=145, nr_sectors = 8 limit=128
[  111.455187][ T5813] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  111.645057][ T5813] usb 3-1: Using ep0 maxpacket: 16
[  111.655197][ T5813] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  111.669838][ T5813] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  111.681340][ T5813] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.690582][ T5813] usb 3-1: Product: syz
[  111.695411][ T5813] usb 3-1: Manufacturer: syz
[  111.700452][ T5813] usb 3-1: SerialNumber: syz
[  111.709390][ T5813] usb 3-1: config 0 descriptor??
[  111.718809][ T5813] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  111.728986][ T5813] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  112.207810][ T6309] netlink: 4 bytes leftover after parsing attributes in process `syz.1.106'.
[  112.329462][ T5813] em28xx 3-1:0.0: chip ID is em2765
[  112.941521][ T5813] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  112.956588][ T5813] em28xx 3-1:0.0: board has no eeprom
[  113.275010][ T5813] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  113.294474][ T5813] em28xx 3-1:0.0: dvb set to bulk mode.
[  113.303508][    T8] em28xx 3-1:0.0: Binding DVB extension
[  113.322442][ T5813] usb 3-1: USB disconnect, device number 2
[  113.336018][ T5813] em28xx 3-1:0.0: Disconnecting em28xx
[  113.358829][ T6328] loop1: detected capacity change from 0 to 128
[  113.432378][    T8] em28xx 3-1:0.0: Registering input extension
[  113.439953][ T5813] em28xx 3-1:0.0: Closing input extension
[  113.463023][ T5813] em28xx 3-1:0.0: Freeing device
[  114.091328][ T6339] loop2: detected capacity change from 0 to 256
[  114.099000][ T5813] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  114.300054][ T5813] usb 4-1: Using ep0 maxpacket: 32
[  114.329515][ T5813] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  114.344988][ T5813] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  114.355375][ T5813] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  114.371892][ T5813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  114.386000][ T5813] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  114.397086][ T5813] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  114.444155][ T5813] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  114.455276][ T5813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.469705][ T5813] usb 4-1: config 0 descriptor??
[  115.304147][ T5813] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  115.569178][ T5813] usb 4-1: USB disconnect, device number 3
[  115.590956][ T5813] usblp0: removed
[  115.788272][   T27] audit: type=1326 audit(1772526617.612:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6359 comm="syz.0.125" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd08699c799 code=0x0
[  116.038248][ T5813] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  116.244410][ T5813] usb 4-1: Using ep0 maxpacket: 32
[  116.288420][ T5813] usb 4-1: config index 0 descriptor too short (expected 29220, got 36)
[  116.336134][ T5813] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  116.363746][ T5813] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81
[  116.464018][ T5813] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  116.618307][ T5813] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  116.653142][ T5813] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  116.700668][ T5813] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  116.720755][ T5813] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.736238][ T5813] usb 4-1: config 0 descriptor??
[  116.878896][ T5813] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  116.960744][ T5813] usb 4-1: USB disconnect, device number 4
[  116.989201][ T5813] usblp0: removed
[  118.581683][ T6392] =======================================================
[  118.581683][ T6392] WARNING: The mand mount option has been deprecated and
[  118.581683][ T6392]          and is ignored by this kernel. Remove the mand
[  118.581683][ T6392]          option from the mount to silence this warning.
[  118.581683][ T6392] =======================================================
[  118.617746][    C1] vkms_vblank_simulate: vblank timer overrun
[  118.826515][ T6402] syzkaller0: entered promiscuous mode
[  118.832728][ T6402] syzkaller0: entered allmulticast mode
[  121.431686][ T6428] syzkaller0: entered promiscuous mode
[  121.452589][ T6428] syzkaller0: entered allmulticast mode
[  123.473003][ T6455] wg0 speed is unknown, defaulting to 1000
[  123.480683][ T6455] wg0 speed is unknown, defaulting to 1000
[  123.502005][ T6455] wg0 speed is unknown, defaulting to 1000
[  123.538496][ T6455] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  123.596909][ T6455] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  123.823592][ T6455] wg0 speed is unknown, defaulting to 1000
[  123.841293][ T6455] wg0 speed is unknown, defaulting to 1000
[  123.855736][ T6455] wg0 speed is unknown, defaulting to 1000
[  123.871631][ T6455] wg0 speed is unknown, defaulting to 1000
[  125.973713][ T6475] syzkaller0: entered promiscuous mode
[  125.980469][ T6475] syzkaller0: entered allmulticast mode
[  128.488544][ T6506] syzkaller0: entered promiscuous mode
[  128.501943][ T6506] syzkaller0: entered allmulticast mode
[  131.788850][ T6554] capability: warning: `syz.0.184' uses deprecated v2 capabilities in a way that may be insecure
[  132.249020][ T6566] syzkaller0: entered promiscuous mode
[  132.255532][ T6566] syzkaller0: entered allmulticast mode
[  133.300854][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  133.308018][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  137.124391][ T6609] syzkaller0: entered promiscuous mode
[  137.131537][ T6609] syzkaller0: entered allmulticast mode
[  141.868724][ T6652] syzkaller0: entered promiscuous mode
[  141.921778][ T6652] syzkaller0: entered allmulticast mode
[  143.061267][ T5779] Bluetooth: hci1: command tx timeout
[  144.895913][ T6667] netlink: 4 bytes leftover after parsing attributes in process `syz.0.216'.
[  146.196497][ T5779] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0'
[  146.222931][ T5779] CPU: 1 PID: 5779 Comm: kworker/u5:2 Not tainted syzkaller #0
[  146.238834][ T5779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  146.263526][ T5779] Workqueue: hci1 hci_rx_work
[  146.277596][ T5779] Call Trace:
[  146.283611][ T5779]  <TASK>
[  146.289574][ T5779]  dump_stack_lvl+0x18c/0x250
[  146.301646][ T5779]  ? show_regs_print_info+0x20/0x20
[  146.315807][ T5779]  ? load_image+0x400/0x400
[  146.322561][ T5779]  sysfs_create_dir_ns+0x26e/0x2a0
[  146.332530][ T5779]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  146.340234][ T5779]  ? sysfs_warn_dup+0xa0/0xa0
[  146.346476][ T5779]  ? kobject_add_internal+0x606/0xcc0
[  146.354775][ T5779]  kobject_add_internal+0x61c/0xcc0
[  146.361864][ T5779]  kobject_add+0x164/0x240
[  146.368612][ T5779]  ? kobject_init+0x1e0/0x1e0
[  146.374577][ T5779]  ? _raw_spin_unlock+0x3a/0x40
[  146.380194][ T5779]  ? get_device_parent+0x366/0x390
[  146.386136][ T5779]  device_add+0x408/0xc20
[  146.390788][ T5779]  hci_conn_add_sysfs+0xd5/0x1e0
[  146.396480][ T5779]  le_conn_complete_evt+0xf5d/0x1540
[  146.402492][ T5779]  ? hci_event_packet+0x4cb/0x1270
[  146.409717][ T5779]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  146.417625][ T5779]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  146.427598][ T5779]  ? skb_pull_data+0xfb/0x200
[  146.436290][ T5779]  hci_le_conn_complete_evt+0x187/0x440
[  146.443887][ T5779]  ? hci_remote_host_features_evt+0x150/0x150
[  146.453386][ T5779]  hci_event_packet+0x7ba/0x1270
[  146.461130][ T5779]  ? bis_list+0x290/0x290
[  146.467220][ T5779]  ? lockdep_hardirqs_on+0x98/0x150
[  146.475653][ T5779]  ? hci_send_to_monitor+0xd7/0x4f0
[  146.482238][ T5779]  hci_rx_work+0x43a/0xd60
[  146.488249][ T5779]  ? process_scheduled_works+0x96f/0x15d0
[  146.495580][ T5779]  process_scheduled_works+0xa5d/0x15d0
[  146.504863][ T5779]  ? assign_work+0x430/0x430
[  146.512831][ T5779]  ? assign_work+0x3d0/0x430
[  146.520781][ T5779]  worker_thread+0xa55/0xfc0
[  146.528806][ T5779]  kthread+0x2fa/0x390
[  146.537901][ T5779]  ? pr_cont_work+0x560/0x560
[  146.546080][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  146.552764][ T5779]  ret_from_fork+0x48/0x80
[  146.559263][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  146.566684][ T5779]  ret_from_fork_asm+0x11/0x20
[  146.575665][ T5779]  </TASK>
[  146.743168][ T5779] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory.
[  146.761675][ T5779] Bluetooth: hci1: failed to register connection device
[  147.179766][ T6697] siw: device registration error -23
[  148.211290][ T6696] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  148.572160][ T6706] syzkaller0: entered promiscuous mode
[  148.588435][ T6706] syzkaller0: entered allmulticast mode
[  148.815213][ T5779] Bluetooth: hci1: command tx timeout
[  153.247466][ T6748] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  153.346856][ T6748] batadv_slave_0: entered promiscuous mode
[  153.443963][ T6751] syzkaller0: entered promiscuous mode
[  153.450240][ T6751] syzkaller0: entered allmulticast mode
[  153.855014][ T5785] Bluetooth: hci0: command 0x0406 tx timeout
[  154.288201][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  154.299756][ T5785] CPU: 0 PID: 5785 Comm: kworker/u5:7 Not tainted syzkaller #0
[  154.307779][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  154.318728][ T5785] Workqueue: hci3 hci_rx_work
[  154.323894][ T5785] Call Trace:
[  154.327363][ T5785]  <TASK>
[  154.330494][ T5785]  dump_stack_lvl+0x18c/0x250
[  154.335300][ T5785]  ? show_regs_print_info+0x20/0x20
[  154.340999][ T5785]  ? load_image+0x400/0x400
[  154.345815][ T5785]  sysfs_create_dir_ns+0x26e/0x2a0
[  154.351948][ T5785]  ? sysfs_warn_dup+0xa0/0xa0
[  154.356961][ T5785]  ? do_raw_spin_unlock+0x121/0x230
[  154.362642][ T5785]  kobject_add_internal+0x61c/0xcc0
[  154.367969][ T5785]  kobject_add+0x164/0x240
[  154.372594][ T5785]  ? kobject_init+0x1e0/0x1e0
[  154.377383][ T5785]  ? _raw_spin_unlock+0x3a/0x40
[  154.382294][ T5785]  ? get_device_parent+0x366/0x390
[  154.387788][ T5785]  device_add+0x408/0xc20
[  154.392694][ T5785]  hci_conn_add_sysfs+0xd5/0x1e0
[  154.398121][ T5785]  le_conn_complete_evt+0xf5d/0x1540
[  154.404405][ T5785]  ? hci_event_packet+0x4cb/0x1270
[  154.409759][ T5785]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  154.416451][ T5785]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  154.423274][ T5785]  ? skb_pull_data+0xfb/0x200
[  154.428159][ T5785]  hci_le_conn_complete_evt+0x187/0x440
[  154.433747][ T5785]  ? hci_remote_host_features_evt+0x150/0x150
[  154.440644][ T5785]  hci_event_packet+0x7ba/0x1270
[  154.445814][ T5785]  ? bis_list+0x290/0x290
[  154.450526][ T5785]  ? kasan_check_range+0x89/0x290
[  154.455986][ T5785]  ? hci_send_to_monitor+0xd7/0x4f0
[  154.461430][ T5785]  hci_rx_work+0x43a/0xd60
[  154.466011][ T5785]  ? process_scheduled_works+0x96f/0x15d0
[  154.472138][ T5785]  process_scheduled_works+0xa5d/0x15d0
[  154.477862][ T5785]  ? assign_work+0x430/0x430
[  154.482665][ T5785]  ? assign_work+0x3d0/0x430
[  154.487477][ T5785]  worker_thread+0xa55/0xfc0
[  154.492095][ T5785]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  154.498417][ T5785]  ? _raw_spin_unlock+0x40/0x40
[  154.503472][ T5785]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  154.509668][ T5785]  kthread+0x2fa/0x390
[  154.513924][ T5785]  ? pr_cont_work+0x560/0x560
[  154.519074][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  154.523873][ T5785]  ret_from_fork+0x48/0x80
[  154.528678][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  154.533843][ T5785]  ret_from_fork_asm+0x11/0x20
[  154.539207][ T5785]  </TASK>
[  154.542687][    C0] vkms_vblank_simulate: vblank timer overrun
[  154.554912][ T5785] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  154.572729][ T5785] Bluetooth: hci3: failed to register connection device
[  154.993389][ T6780] syzkaller0: entered promiscuous mode
[  155.003707][ T6780] syzkaller0: entered allmulticast mode
[  156.660142][ T5785] Bluetooth: hci3: command 0x0406 tx timeout
[  156.856407][ T6809] syzkaller0: entered promiscuous mode
[  156.862392][ T6809] syzkaller0: entered allmulticast mode
[  156.867637][ T6814] loop2: detected capacity change from 0 to 1024
[  157.029088][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[  157.040671][ T5785] CPU: 0 PID: 5785 Comm: kworker/u5:7 Not tainted syzkaller #0
[  157.048890][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  157.060684][ T5785] Workqueue: hci2 hci_rx_work
[  157.066449][ T5785] Call Trace:
[  157.070091][ T5785]  <TASK>
[  157.073475][ T5785]  dump_stack_lvl+0x18c/0x250
[  157.078804][ T5785]  ? show_regs_print_info+0x20/0x20
[  157.084558][ T5785]  ? load_image+0x400/0x400
[  157.089551][ T5785]  sysfs_create_dir_ns+0x26e/0x2a0
[  157.094948][ T5785]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  157.101500][ T5785]  ? sysfs_warn_dup+0xa0/0xa0
[  157.107321][ T5785]  kobject_add_internal+0x61c/0xcc0
[  157.113380][ T5785]  kobject_add+0x164/0x240
[  157.118023][ T5785]  ? kobject_init+0x1e0/0x1e0
[  157.123028][ T5785]  ? _raw_spin_unlock+0x3a/0x40
[  157.128166][ T5785]  ? get_device_parent+0x366/0x390
[  157.133742][ T5785]  device_add+0x408/0xc20
[  157.138413][ T5785]  hci_conn_add_sysfs+0xd5/0x1e0
[  157.143643][ T5785]  le_conn_complete_evt+0xf5d/0x1540
[  157.149158][ T5785]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  157.155777][ T5785]  ? lockdep_hardirqs_on+0x98/0x150
[  157.161397][ T5785]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  157.167631][ T5785]  ? skb_pull_data+0xfb/0x200
[  157.172662][ T5785]  hci_le_conn_complete_evt+0x187/0x440
[  157.178701][ T5785]  ? hci_remote_host_features_evt+0x150/0x150
[  157.185020][ T5785]  hci_event_packet+0x7ba/0x1270
[  157.190224][ T5785]  ? bis_list+0x290/0x290
[  157.195462][ T5785]  ? kcov_remote_start+0x2b/0x7e0
[  157.200705][ T5785]  ? hci_send_to_monitor+0xd7/0x4f0
[  157.207970][ T5785]  hci_rx_work+0x43a/0xd60
[  157.212612][ T5785]  ? process_scheduled_works+0x96f/0x15d0
[  157.218802][ T5785]  process_scheduled_works+0xa5d/0x15d0
[  157.224918][ T5785]  ? assign_work+0x430/0x430
[  157.229799][ T5785]  ? assign_work+0x3d0/0x430
[  157.235278][ T5785]  worker_thread+0xa55/0xfc0
[  157.240176][ T5785]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  157.246275][ T5785]  ? _raw_spin_unlock+0x40/0x40
[  157.251241][ T5785]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  157.257717][ T5785]  kthread+0x2fa/0x390
[  157.262086][ T5785]  ? pr_cont_work+0x560/0x560
[  157.267150][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  157.272310][ T5785]  ret_from_fork+0x48/0x80
[  157.277566][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  157.283686][ T5785]  ret_from_fork_asm+0x11/0x20
[  157.288877][ T5785]  </TASK>
[  157.292588][    C0] vkms_vblank_simulate: vblank timer overrun
[  157.314534][ T5785] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  157.335621][ T5785] Bluetooth: hci2: failed to register connection device
[  157.363960][ T6814] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  157.379221][ T6814] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.534150][ T6814] EXT4-fs error (device loop2): ext4_free_blocks:6692: comm syz.2.262: Freeing blocks not in datazone - block = 0, count = 16
[  157.579755][ T6814] EXT4-fs (loop2): Remounting filesystem read-only
[  157.732963][ T5915] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  159.091872][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  159.113462][ T5785] CPU: 0 PID: 5785 Comm: kworker/u5:7 Not tainted syzkaller #0
[  159.121776][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  159.132641][ T5785] Workqueue: hci0 hci_rx_work
[  159.138160][ T5785] Call Trace:
[  159.141561][ T5785]  <TASK>
[  159.144607][ T5785]  dump_stack_lvl+0x18c/0x250
[  159.149529][ T5785]  ? show_regs_print_info+0x20/0x20
[  159.155561][ T5785]  ? load_image+0x400/0x400
[  159.160585][ T5785]  sysfs_create_dir_ns+0x26e/0x2a0
[  159.166001][ T5785]  ? sysfs_warn_dup+0xa0/0xa0
[  159.170909][ T5785]  ? do_raw_spin_unlock+0x121/0x230
[  159.177673][ T5785]  kobject_add_internal+0x61c/0xcc0
[  159.183845][ T5785]  kobject_add+0x164/0x240
[  159.189573][ T5785]  ? kobject_init+0x1e0/0x1e0
[  159.195328][ T5785]  ? _raw_spin_unlock+0x3a/0x40
[  159.202407][ T5785]  ? get_device_parent+0x366/0x390
[  159.208191][ T5785]  device_add+0x408/0xc20
[  159.213553][ T5785]  hci_conn_add_sysfs+0xd5/0x1e0
[  159.218797][ T5785]  le_conn_complete_evt+0xf5d/0x1540
[  159.225022][ T5785]  ? hci_event_packet+0x4cb/0x1270
[  159.231338][ T5785]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  159.237960][ T5785]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  159.243977][ T5785]  ? skb_pull_data+0xfb/0x200
[  159.249467][ T5785]  hci_le_conn_complete_evt+0x187/0x440
[  159.255403][ T5785]  ? hci_remote_host_features_evt+0x150/0x150
[  159.262276][ T5785]  hci_event_packet+0x7ba/0x1270
[  159.267697][ T5785]  ? bis_list+0x290/0x290
[  159.272625][ T5785]  ? lockdep_hardirqs_on+0x98/0x150
[  159.278567][ T5785]  ? hci_send_to_monitor+0xd7/0x4f0
[  159.284591][ T5785]  hci_rx_work+0x43a/0xd60
[  159.289676][ T5785]  ? process_scheduled_works+0x96f/0x15d0
[  159.296167][ T5785]  process_scheduled_works+0xa5d/0x15d0
[  159.302311][ T5785]  ? assign_work+0x430/0x430
[  159.307461][ T5785]  ? assign_work+0x3d0/0x430
[  159.312257][ T5785]  worker_thread+0xa55/0xfc0
[  159.317482][ T5785]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  159.323657][ T5785]  ? _raw_spin_unlock+0x40/0x40
[  159.329070][ T5785]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  159.335113][ T5785]  kthread+0x2fa/0x390
[  159.339646][ T5785]  ? pr_cont_work+0x560/0x560
[  159.344447][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  159.349241][ T5785]  ret_from_fork+0x48/0x80
[  159.354034][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  159.358912][ T5785]  ret_from_fork_asm+0x11/0x20
[  159.363978][ T5785]  </TASK>
[  159.367125][    C0] vkms_vblank_simulate: vblank timer overrun
[  159.375016][ T5779] Bluetooth: hci2: command tx timeout
[  159.388926][ T5785] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  159.408298][ T5785] Bluetooth: hci0: failed to register connection device
[  159.445240][ T6854] syzkaller0: entered promiscuous mode
[  159.451188][ T6854] syzkaller0: entered allmulticast mode
[  159.805040][ T6863] loop1: detected capacity change from 0 to 1024
[  159.847363][ T6863] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  159.862440][ T6863] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.961731][ T6863] EXT4-fs error (device loop1): ext4_free_blocks:6692: comm syz.1.277: Freeing blocks not in datazone - block = 0, count = 16
[  159.979292][ T6863] EXT4-fs (loop1): Remounting filesystem read-only
[  160.046058][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  160.888027][ T6881] netlink: 4 bytes leftover after parsing attributes in process `syz.2.283'.
[  161.315632][ T6883] syzkaller0: entered promiscuous mode
[  161.321882][ T6883] syzkaller0: entered allmulticast mode
[  161.562808][ T5785] Bluetooth: hci0: command 0x0406 tx timeout
[  161.684497][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  161.695341][ T5785] CPU: 0 PID: 5785 Comm: kworker/u5:7 Not tainted syzkaller #0
[  161.703281][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  161.714021][ T5785] Workqueue: hci3 hci_rx_work
[  161.719394][ T5785] Call Trace:
[  161.722964][ T5785]  <TASK>
[  161.726382][ T5785]  dump_stack_lvl+0x18c/0x250
[  161.731579][ T5785]  ? show_regs_print_info+0x20/0x20
[  161.737715][ T5785]  ? load_image+0x400/0x400
[  161.742825][ T5785]  sysfs_create_dir_ns+0x26e/0x2a0
[  161.748207][ T5785]  ? sysfs_warn_dup+0xa0/0xa0
[  161.753593][ T5785]  ? do_raw_spin_unlock+0x121/0x230
[  161.759031][ T5785]  kobject_add_internal+0x61c/0xcc0
[  161.764797][ T5785]  kobject_add+0x164/0x240
[  161.769601][ T5785]  ? kobject_init+0x1e0/0x1e0
[  161.774776][ T5785]  ? _raw_spin_unlock+0x3a/0x40
[  161.780030][ T5785]  ? get_device_parent+0x366/0x390
[  161.785367][ T5785]  device_add+0x408/0xc20
[  161.790356][ T5785]  hci_conn_add_sysfs+0xd5/0x1e0
[  161.795579][ T5785]  le_conn_complete_evt+0xf5d/0x1540
[  161.801177][ T5785]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  161.808542][ T5785]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  161.814983][ T5785]  ? lockdep_hardirqs_on+0x98/0x150
[  161.820543][ T5785]  ? skb_pull_data+0xfb/0x200
[  161.825457][ T5785]  hci_le_conn_complete_evt+0x187/0x440
[  161.831652][ T5785]  ? hci_remote_host_features_evt+0x150/0x150
[  161.838136][ T5785]  hci_event_packet+0x7ba/0x1270
[  161.843411][ T5785]  ? bis_list+0x290/0x290
[  161.847874][ T5785]  ? kcov_remote_start+0x2b/0x7e0
[  161.853284][ T5785]  ? hci_send_to_monitor+0xd7/0x4f0
[  161.858699][ T5785]  hci_rx_work+0x43a/0xd60
[  161.863329][ T5785]  ? process_scheduled_works+0x96f/0x15d0
[  161.869233][ T5785]  process_scheduled_works+0xa5d/0x15d0
[  161.875639][ T5785]  ? assign_work+0x430/0x430
[  161.880341][ T5785]  ? assign_work+0x3d0/0x430
[  161.885412][ T5785]  worker_thread+0xa55/0xfc0
[  161.890300][ T5785]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  161.896828][ T5785]  ? _raw_spin_unlock+0x40/0x40
[  161.901784][ T5785]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  161.908246][ T5785]  kthread+0x2fa/0x390
[  161.912343][ T5785]  ? pr_cont_work+0x560/0x560
[  161.917307][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  161.922094][ T5785]  ret_from_fork+0x48/0x80
[  161.926790][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  161.931578][ T5785]  ret_from_fork_asm+0x11/0x20
[  161.936556][ T5785]  </TASK>
[  161.939917][    C0] vkms_vblank_simulate: vblank timer overrun
[  161.948037][ T5785] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  161.965514][ T5785] Bluetooth: hci3: failed to register connection device
[  162.239438][ T6895] loop3: detected capacity change from 0 to 1024
[  162.269061][ T6895] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  162.331140][ T6895] ext4 filesystem being mounted at /82/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.426491][ T6895] EXT4-fs error (device loop3): ext4_free_blocks:6692: comm syz.3.288: Freeing blocks not in datazone - block = 0, count = 16
[  162.444968][ T6895] EXT4-fs (loop3): Remounting filesystem read-only
[  162.578692][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  163.627790][ T6916] syzkaller0: entered promiscuous mode
[  163.712123][ T6916] syzkaller0: entered allmulticast mode
[  164.015022][ T5785] Bluetooth: hci3: command 0x0406 tx timeout
[  164.951509][ T5785] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  164.963275][ T5785] CPU: 1 PID: 5785 Comm: kworker/u5:7 Not tainted syzkaller #0
[  164.972585][ T5785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  164.985305][ T5785] Workqueue: hci3 hci_rx_work
[  164.990762][ T5785] Call Trace:
[  164.994659][ T5785]  <TASK>
[  164.998088][ T5785]  dump_stack_lvl+0x18c/0x250
[  165.003369][ T5785]  ? show_regs_print_info+0x20/0x20
[  165.009500][ T5785]  ? load_image+0x400/0x400
[  165.015516][ T5785]  sysfs_create_dir_ns+0x26e/0x2a0
[  165.020951][ T5785]  ? sysfs_warn_dup+0xa0/0xa0
[  165.026525][ T5785]  ? do_raw_spin_unlock+0x121/0x230
[  165.033021][ T5785]  kobject_add_internal+0x61c/0xcc0
[  165.038913][ T5785]  kobject_add+0x164/0x240
[  165.043628][ T5785]  ? kobject_init+0x1e0/0x1e0
[  165.049656][ T5785]  ? _raw_spin_unlock+0x3a/0x40
[  165.055339][ T5785]  ? get_device_parent+0x366/0x390
[  165.060608][ T5785]  device_add+0x408/0xc20
[  165.065879][ T5785]  hci_conn_add_sysfs+0xd5/0x1e0
[  165.071729][ T5785]  le_conn_complete_evt+0xf5d/0x1540
[  165.077690][ T5785]  ? hci_event_packet+0x4cb/0x1270
[  165.083035][ T5785]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  165.090918][ T5785]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  165.096774][ T5785]  ? skb_pull_data+0xfb/0x200
[  165.101751][ T5785]  hci_le_conn_complete_evt+0x187/0x440
[  165.109761][ T5785]  ? hci_remote_host_features_evt+0x150/0x150
[  165.116504][ T5785]  hci_event_packet+0x7ba/0x1270
[  165.121871][ T5785]  ? bis_list+0x290/0x290
[  165.127138][ T5785]  ? kcov_remote_start+0x2b/0x7e0
[  165.133173][ T5785]  ? hci_send_to_monitor+0xd7/0x4f0
[  165.140248][ T5785]  hci_rx_work+0x43a/0xd60
[  165.145689][ T5785]  ? process_scheduled_works+0x96f/0x15d0
[  165.155556][ T5785]  process_scheduled_works+0xa5d/0x15d0
[  165.165881][ T5785]  ? assign_work+0x430/0x430
[  165.174543][ T5785]  ? assign_work+0x3d0/0x430
[  165.180669][ T5785]  worker_thread+0xa55/0xfc0
[  165.186937][ T5785]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  165.195139][ T5785]  ? _raw_spin_unlock+0x40/0x40
[  165.201427][ T5785]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  165.209985][ T5785]  kthread+0x2fa/0x390
[  165.215410][ T5785]  ? pr_cont_work+0x560/0x560
[  165.221780][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  165.228879][ T5785]  ret_from_fork+0x48/0x80
[  165.237263][ T5785]  ? kthread_blkcg+0xd0/0xd0
[  165.244436][ T5785]  ret_from_fork_asm+0x11/0x20
[  165.251783][ T5785]  </TASK>
[  165.265508][ T5785] kobject: kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  165.284574][    C0] vkms_vblank_simulate: vblank timer overrun
[  165.294141][ T5785] Bluetooth: hci3: failed to register connection device
[  165.776741][ T6938] netlink: 4 bytes leftover after parsing attributes in process `syz.2.299'.
[  166.565762][    T8] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  166.886091][    T8] usb 2-1: Using ep0 maxpacket: 16
[  167.455359][ T5779] Bluetooth: hci3: command 0x0406 tx timeout
[  167.506333][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  167.531733][    T8] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  169.264991][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.274108][    T8] usb 2-1: Product: syz
[  169.286417][ T6948] loop3: detected capacity change from 0 to 1024
[  169.298178][    T8] usb 2-1: Manufacturer: syz
[  169.304486][    T8] usb 2-1: SerialNumber: syz
[  169.449794][    T8] usb 2-1: config 0 descriptor??
[  169.467867][ T6948] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  169.515438][ T6948] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.527460][    T8] usb 2-1: can't set config #0, error -71
[  169.580876][    T8] usb 2-1: USB disconnect, device number 3
[  169.626079][ T6959] syzkaller0: entered promiscuous mode
[  169.631901][ T6959] syzkaller0: entered allmulticast mode
[  169.713821][ T6964] loop2: detected capacity change from 0 to 1024
[  169.754678][ T6964] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  169.784822][ T6964] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.812156][ T3464] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #15: comm kworker/u4:9: lblock 0 mapped to illegal pblock 0 (length 6)
[  169.896708][ T3464] EXT4-fs (loop3): Remounting filesystem read-only
[  169.958424][ T5915] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  170.069770][ T5771] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  170.319855][ T6976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.311'.
[  172.189733][ T6990] random: crng reseeded on system resumption
[  175.473727][ T5779] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  175.486414][ T5779] CPU: 0 PID: 5779 Comm: kworker/u5:2 Not tainted syzkaller #0
[  175.494734][ T5779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  175.507392][ T5779] Workqueue: hci0 hci_rx_work
[  175.513460][ T5779] Call Trace:
[  175.517836][ T5779]  <TASK>
[  175.521154][ T5779]  dump_stack_lvl+0x18c/0x250
[  175.526490][ T5779]  ? show_regs_print_info+0x20/0x20
[  175.532359][ T5779]  ? load_image+0x400/0x400
[  175.537682][ T5779]  sysfs_create_dir_ns+0x26e/0x2a0
[  175.544175][ T5779]  ? sysfs_warn_dup+0xa0/0xa0
[  175.548978][ T5779]  ? do_raw_spin_unlock+0x121/0x230
[  175.554207][ T5779]  kobject_add_internal+0x61c/0xcc0
[  175.559837][ T5779]  kobject_add+0x164/0x240
[  175.564646][ T5779]  ? kobject_init+0x1e0/0x1e0
[  175.569807][ T5779]  ? _raw_spin_unlock+0x3a/0x40
[  175.574909][ T5779]  ? get_device_parent+0x366/0x390
[  175.580251][ T5779]  device_add+0x408/0xc20
[  175.584986][ T5779]  hci_conn_add_sysfs+0xd5/0x1e0
[  175.590999][ T5779]  le_conn_complete_evt+0xf5d/0x1540
[  175.596806][ T5779]  ? hci_le_big_info_adv_report_evt+0x910/0x910
[  175.604065][ T5779]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  175.610331][ T5779]  ? lockdep_hardirqs_on+0x98/0x150
[  175.616192][ T5779]  ? skb_pull_data+0xfb/0x200
[  175.621166][ T5779]  hci_le_conn_complete_evt+0x187/0x440
[  175.626762][ T5779]  ? hci_remote_host_features_evt+0x150/0x150
[  175.634088][ T5779]  hci_event_packet+0x7ba/0x1270
[  175.639865][ T5779]  ? bis_list+0x290/0x290
[  175.644924][ T5779]  ? kcov_remote_start+0x2b/0x7e0
[  175.650101][ T5779]  ? hci_send_to_monitor+0xd7/0x4f0
[  175.655641][ T5779]  hci_rx_work+0x43a/0xd60
[  175.660351][ T5779]  ? process_scheduled_works+0x96f/0x15d0
[  175.666830][ T5779]  process_scheduled_works+0xa5d/0x15d0
[  175.673072][ T5779]  ? assign_work+0x430/0x430
[  175.677989][ T5779]  ? assign_work+0x3d0/0x430
[  175.683448][ T5779]  worker_thread+0xa55/0xfc0
[  175.688456][ T5779]  kthread+0x2fa/0x390
[  175.692689][ T5779]  ? pr_cont_work+0x560/0x560
[  175.698107][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  175.703425][ T5779]  ret_from_fork+0x48/0x80
[  175.708500][ T5779]  ? kthread_blkcg+0xd0/0xd0
[  175.713988][ T5779]  ret_from_fork_asm+0x11/0x20
[  175.720483][ T5779]  </TASK>
[  175.736567][ T5779] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  175.753554][ T5779] Bluetooth: hci0: failed to register connection device
[  175.937132][ T7012] loop2: detected capacity change from 0 to 1024
[  176.099462][ T7012] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  176.111928][ T7016] syzkaller0: entered promiscuous mode
[  176.127595][ T7016] syzkaller0: entered allmulticast mode
[  176.147273][ T7012] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.337709][ T5915] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  177.775027][ T5785] Bluetooth: hci0: command 0x0406 tx timeout
[  180.652185][ T7068] syzkaller0: entered promiscuous mode
[  180.658356][ T7068] syzkaller0: entered allmulticast mode
[  183.985582][    T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  184.235079][    T8] usb 4-1: device descriptor read/64, error -71
[  184.525004][    T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  184.705005][    T8] usb 4-1: device descriptor read/64, error -71
[  184.835891][    T8] usb usb4-port1: attempt power cycle
[  185.255014][    T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  186.075396][    T8] usb 4-1: device descriptor read/8, error -71
[  189.719582][ T7133] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  189.734367][ T7133] batadv_slave_0: entered promiscuous mode
[  190.238913][ T7133] syz.3.354 (7133) used greatest stack depth: 20840 bytes left
[  194.069219][   T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  194.294965][   T23] usb 4-1: Using ep0 maxpacket: 16
[  194.302521][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  194.320993][   T23] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  194.331229][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.340296][   T23] usb 4-1: Product: syz
[  194.346021][   T23] usb 4-1: Manufacturer: syz
[  194.351008][   T23] usb 4-1: SerialNumber: syz
[  194.359264][   T23] usb 4-1: config 0 descriptor??
[  194.374217][   T23] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  194.389210][   T23] em28xx 4-1:0.0: DVB interface 0 found: bulk
[  194.777326][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  194.948348][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  195.100333][ T7191] netlink: 4 bytes leftover after parsing attributes in process `syz.2.371'.
[  195.174457][   T23] em28xx 4-1:0.0: chip ID is em2765
[  196.251837][   T23] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  196.458767][   T23] em28xx 4-1:0.0: board has no eeprom
[  196.734073][   T23] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  196.771483][   T23] em28xx 4-1:0.0: dvb set to bulk mode.
[  196.810766][   T28] em28xx 4-1:0.0: Binding DVB extension
[  196.842106][   T23] usb 4-1: USB disconnect, device number 9
[  196.865298][ T5832] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  196.889220][   T23] em28xx 4-1:0.0: Disconnecting em28xx
[  196.898714][   T51] Bluetooth: hci0: command 0x0406 tx timeout
[  196.905747][ T5784] Bluetooth: hci2: command 0x0406 tx timeout
[  196.912651][ T5784] Bluetooth: hci3: command 0x0406 tx timeout
[  197.010741][   T28] em28xx 4-1:0.0: Registering input extension
[  197.027045][   T23] em28xx 4-1:0.0: Closing input extension
[  197.044390][   T23] em28xx 4-1:0.0: Freeing device
[  197.203564][ T5832] usb 2-1: device descriptor read/64, error -71
[  197.505248][ T5832] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  197.679036][ T5832] usb 2-1: device descriptor read/64, error -71
[  197.720543][ T7221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.382'.
[  197.822067][ T5832] usb usb2-port1: attempt power cycle
[  198.366188][ T5832] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  198.406130][ T5832] usb 2-1: device descriptor read/8, error -71
[  198.695177][ T5832] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  198.919061][ T5832] usb 2-1: device descriptor read/8, error -71
[  200.052656][ T7227] netlink: 16 bytes leftover after parsing attributes in process `syz.2.383'.
[  200.215333][ T5832] usb usb2-port1: unable to enumerate USB device
[  200.847051][ T3496] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  202.921902][ T5781] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  202.932896][ T5781] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  202.945112][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  202.953698][ T5781] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  202.965021][ T5781] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  202.973117][ T5781] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  204.540137][   T23] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  204.729034][   T23] usb 3-1: device descriptor read/64, error -71
[  205.023040][   T23] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  205.057718][ T5781] Bluetooth: hci0: command tx timeout
[  205.195585][   T23] usb 3-1: device descriptor read/64, error -71
[  205.346695][   T23] usb usb3-port1: attempt power cycle
[  205.814273][   T23] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  205.834064][ T3496] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  205.861527][   T23] usb 3-1: device descriptor read/8, error -71
[  206.011681][ T3496] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.072226][ T7254] wg0 speed is unknown, defaulting to 1000
[  206.137072][ T7264] hub 1-0:1.0: USB hub found
[  206.215876][ T7264] hub 1-0:1.0: 1 port detected
[  206.314721][ T3496] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.367333][   T23] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  206.460204][   T23] usb 3-1: device descriptor read/8, error -71
[  206.525718][ T7267] netlink: 16 bytes leftover after parsing attributes in process `syz.1.394'.
[  206.721563][   T23] usb usb3-port1: unable to enumerate USB device
[  207.095002][ T5781] Bluetooth: hci1: command 0x0406 tx timeout
[  207.135888][ T5779] Bluetooth: hci0: command tx timeout
[  207.465303][    T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  207.645139][    T8] usb 1-1: device descriptor read/64, error -71
[  207.812979][ T7254] chnl_net:caif_netlink_parms(): no params data found
[  208.644995][    T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  208.681344][ T7254] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.696135][ T7254] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.703697][ T7254] bridge_slave_0: entered allmulticast mode
[  208.715238][ T7254] bridge_slave_0: entered promiscuous mode
[  208.814978][    T8] usb 1-1: device descriptor read/64, error -71
[  208.828837][ T7254] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.845410][ T7254] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.853699][ T7254] bridge_slave_1: entered allmulticast mode
[  208.880728][ T7254] bridge_slave_1: entered promiscuous mode
[  208.965224][    T8] usb usb1-port1: attempt power cycle
[  208.981399][ T7254] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  209.037308][ T7254] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  209.227373][ T5779] Bluetooth: hci0: command tx timeout
[  209.428600][ T7254] team0: Port device team_slave_0 added
[  209.466435][    T8] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  209.496992][ T7254] team0: Port device team_slave_1 added
[  209.513188][    T8] usb 1-1: device descriptor read/8, error -71
[  209.646697][ T7254] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.655290][ T7254] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.700695][ T7254] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  209.739497][ T7254] batman_adv: batadv0: Adding interface: batadv_slave_1
[  209.760975][ T7254] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.807834][    T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  209.846884][ T7254] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  209.878437][    T8] usb 1-1: device descriptor read/8, error -71
[  209.942682][ T3496] hsr_slave_0: left promiscuous mode
[  209.978207][ T3496] hsr_slave_1: left promiscuous mode
[  210.006359][    T8] usb usb1-port1: unable to enumerate USB device
[  210.014814][ T3496] batman_adv: batadv0: Removing interface: batadv_slave_0
[  210.036242][ T3496] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  210.057070][ T3496] batman_adv: batadv0: Removing interface: batadv_slave_1
[  210.083196][ T3496] bridge_slave_1: left allmulticast mode
[  210.115767][ T3496] bridge_slave_1: left promiscuous mode
[  210.125189][ T3496] bridge0: port 2(bridge_slave_1) entered disabled state
[  210.172289][ T3496] bridge_slave_0: left allmulticast mode
[  210.213718][ T3496] bridge_slave_0: left promiscuous mode
[  210.246659][ T3496] bridge0: port 1(bridge_slave_0) entered disabled state
[  210.480971][ T3496] veth1_macvtap: left promiscuous mode
[  210.492884][ T3496] veth0_macvtap: left promiscuous mode
[  210.521832][ T3496] veth1_vlan: left promiscuous mode
[  210.532858][ T3496] veth0_vlan: left promiscuous mode
[  210.765172][    T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  210.951726][ T7341] netlink: 16 bytes leftover after parsing attributes in process `syz.2.405'.
[  211.366137][ T5779] Bluetooth: hci0: command tx timeout
[  211.597297][    T8] usb 2-1: no configurations
[  211.611527][    T8] usb 2-1: can't read configurations, error -22
[  211.772454][    T8] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  211.999116][    T8] usb 2-1: no configurations
[  212.005551][    T8] usb 2-1: can't read configurations, error -22
[  212.025798][    T8] usb usb2-port1: attempt power cycle
[  212.498121][    T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  212.520451][ T3496] team0 (unregistering): Port device team_slave_1 removed
[  212.569644][    T8] usb 2-1: no configurations
[  212.601848][    T8] usb 2-1: can't read configurations, error -22
[  212.630296][ T3496] team0 (unregistering): Port device team_slave_0 removed
[  212.705868][ T3496] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  212.773921][    T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  212.786581][ T3496] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  212.829675][    T8] usb 2-1: no configurations
[  212.840396][    T8] usb 2-1: can't read configurations, error -22
[  212.850686][    T8] usb usb2-port1: unable to enumerate USB device
[  213.296519][ T3496] bond0 (unregistering): Released all slaves
[  213.731198][ T7254] hsr_slave_0: entered promiscuous mode
[  214.166778][ T7254] hsr_slave_1: entered promiscuous mode
[  214.265042][ T7254] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  214.317825][ T7254] Cannot create hsr debugfs directory
[  214.325737][    T8] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  214.575831][    T8] usb 3-1: Using ep0 maxpacket: 32
[  214.616801][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  214.652435][    T8] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  214.693028][    T8] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  214.718941][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  214.744115][    T8] usb 3-1: Product: syz
[  214.763247][    T8] usb 3-1: Manufacturer: syz
[  214.783244][    T8] usb 3-1: SerialNumber: syz
[  214.811642][    T8] usb 3-1: config 0 descriptor??
[  215.738837][ T7385] netlink: 36 bytes leftover after parsing attributes in process `syz.0.417'.
[  215.920157][ T7254] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  215.932112][ T7254] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  215.964781][ T7254] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  215.979470][ T7254] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  216.443030][ T7254] 8021q: adding VLAN 0 to HW filter on device bond0
[  216.559119][ T7254] 8021q: adding VLAN 0 to HW filter on device team0
[  216.616547][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  216.626180][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  216.720544][    T8] usb 3-1: USB disconnect, device number 7
[  216.903364][ T3477] bridge0: port 2(bridge_slave_1) entered blocking state
[  216.914377][ T3477] bridge0: port 2(bridge_slave_1) entered forwarding state
[  217.177352][ T7404] netlink: 16 bytes leftover after parsing attributes in process `syz.0.420'.
[  218.086400][    T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  218.256916][ T7254] 8021q: adding VLAN 0 to HW filter on device batadv0
[  218.307542][    T8] usb 3-1: no configurations
[  218.326432][    T8] usb 3-1: can't read configurations, error -22
[  218.469296][ T7254] veth0_vlan: entered promiscuous mode
[  218.532608][ T7254] veth1_vlan: entered promiscuous mode
[  218.548341][    T8] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  218.641782][ T7254] veth0_macvtap: entered promiscuous mode
[  218.659500][ T7254] veth1_macvtap: entered promiscuous mode
[  218.842937][ T7254] batman_adv: batadv0: Interface activated: batadv_slave_0
[  218.865248][    T8] usb 3-1: no configurations
[  218.872245][    T8] usb 3-1: can't read configurations, error -22
[  218.899800][    T8] usb usb3-port1: attempt power cycle
[  218.914630][ T7254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.939935][ T7254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.978635][ T7254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.026019][ T7254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.083564][ T7254] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  219.111307][ T7254] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  219.183983][ T7254] batman_adv: batadv0: Interface activated: batadv_slave_1
[  219.306081][ T7254] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  219.325046][    T8] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  219.355086][ T7254] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  219.391075][ T7254] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  219.424422][ T7254] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  219.447042][    T8] usb 3-1: no configurations
[  219.452494][    T8] usb 3-1: can't read configurations, error -22
[  219.615455][    T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  219.653222][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.686074][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.709783][    T8] usb 3-1: no configurations
[  219.722596][    T8] usb 3-1: can't read configurations, error -22
[  219.741108][    T8] usb usb3-port1: unable to enumerate USB device
[  219.910511][ T3579] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.992047][ T3579] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  220.762166][ T7470] netlink: 8 bytes leftover after parsing attributes in process `syz.0.431'.
[  221.751248][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805cf18c00: rx timeout, send abort
[  222.253170][    C1] vcan0: j1939_tp_rxtimer: 0xffff888025312000: rx timeout, send abort
[  222.264963][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805cf18c00: abort rx timeout. Force session deactivation
[  222.764381][    C1] vcan0: j1939_tp_rxtimer: 0xffff888025312000: abort rx timeout. Force session deactivation
[  222.805041][ T5813] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  223.302996][ T5813] usb 1-1: no configurations
[  223.382112][ T7523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.446'.
[  224.058021][ T5813] usb 1-1: can't read configurations, error -22
[  224.215258][ T5813] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  224.485718][ T5813] usb 1-1: no configurations
[  224.496580][ T5813] usb 1-1: can't read configurations, error -22
[  224.508015][ T5813] usb usb1-port1: attempt power cycle
[  224.965602][ T5813] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  225.021813][ T5813] usb 1-1: no configurations
[  225.031438][ T5813] usb 1-1: can't read configurations, error -22
[  225.198365][ T5813] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  225.301666][ T5813] usb 1-1: no configurations
[  225.310068][ T5813] usb 1-1: can't read configurations, error -22
[  225.322641][ T5813] usb usb1-port1: unable to enumerate USB device
[  225.486869][ T5813] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  227.428760][ T7578] netlink: 8 bytes leftover after parsing attributes in process `syz.2.457'.
[  228.247045][ T7598] netlink: 24 bytes leftover after parsing attributes in process `syz.0.461'.
[  229.105230][ T5833] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  229.122455][ T7612] loop3: detected capacity change from 0 to 1024
[  229.437405][ T7612] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  229.523857][ T7620] netlink: 8 bytes leftover after parsing attributes in process `syz.0.467'.
[  229.587180][ T7612] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.884049][ T5833] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  230.145287][ T5833] usb 2-1: config 0 has no interfaces?
[  230.193163][ T5833] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  230.287025][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.304204][ T7254] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  230.322760][ T5833] usb 2-1: Product: syz
[  230.350365][ T5833] usb 2-1: Manufacturer: syz
[  230.384940][ T5833] usb 2-1: SerialNumber: syz
[  230.583615][ T5833] usb 2-1: config 0 descriptor??
[  231.094107][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805f9ce000: rx timeout, send abort
[  231.242671][ T7637] netlink: 24 bytes leftover after parsing attributes in process `syz.0.472'.
[  231.594213][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805f9ce800: rx timeout, send abort
[  231.614989][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805f9ce000: abort rx timeout. Force session deactivation
[  231.909118][  T786] usb 2-1: USB disconnect, device number 12
[  232.105428][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805f9ce800: abort rx timeout. Force session deactivation
[  232.508064][ T7662] netlink: 8 bytes leftover after parsing attributes in process `syz.1.478'.
[  234.185444][ T7688] netlink: 24 bytes leftover after parsing attributes in process `syz.0.485'.
[  235.017828][    T8] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  235.113906][ T7699] netlink: 8 bytes leftover after parsing attributes in process `syz.0.490'.
[  235.407455][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  235.420628][    T8] usb 3-1: config 0 has no interfaces?
[  235.847963][    T8] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  235.865425][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.874276][    T8] usb 3-1: Product: syz
[  235.879099][    T8] usb 3-1: Manufacturer: syz
[  235.883815][    T8] usb 3-1: SerialNumber: syz
[  235.968049][    T8] usb 3-1: config 0 descriptor??
[  236.597936][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805c90f400: rx timeout, send abort
[  237.032805][ T7723] netlink: 24 bytes leftover after parsing attributes in process `syz.0.498'.
[  237.098026][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805c90f000: rx timeout, send abort
[  237.114971][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805c90f400: abort rx timeout. Force session deactivation
[  237.607869][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805c90f000: abort rx timeout. Force session deactivation
[  237.794311][ T5812] usb 3-1: USB disconnect, device number 12
[  239.368755][ T7734] netlink: 56 bytes leftover after parsing attributes in process `syz.2.502'.
[  241.029070][ T7769] netlink: 24 bytes leftover after parsing attributes in process `syz.0.507'.
[  241.720106][    T8] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  242.230915][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  242.295013][    T8] usb 4-1: config 0 has no interfaces?
[  242.317387][    T8] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  242.360714][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.371022][    T8] usb 4-1: Product: syz
[  242.377899][    T8] usb 4-1: Manufacturer: syz
[  242.382993][    T8] usb 4-1: SerialNumber: syz
[  242.393235][    T8] usb 4-1: config 0 descriptor??
[  243.629743][ T7782] sched: RT throttling activated
[  243.780924][ T7784] netlink: 56 bytes leftover after parsing attributes in process `syz.1.514'.
[  244.701277][    T8] usb 4-1: USB disconnect, device number 10
[  245.216148][ T7809] vcan0: entered allmulticast mode
[  245.284202][ T7810] netlink: 24 bytes leftover after parsing attributes in process `syz.3.519'.
[  246.085281][ T7813] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.267817][ T7813] batadv_slave_0: entered promiscuous mode
[  248.427042][ T7821] netlink: 56 bytes leftover after parsing attributes in process `syz.3.523'.
[  252.968232][ T7863] loop1: detected capacity change from 0 to 32768
[  253.070189][ T7863] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.539 (7863)
[  253.833407][ T7863] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  253.896053][ T7863] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  254.006367][ T7863] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  254.054382][ T7863] BTRFS info (device loop1): force zstd compression, level 3
[  254.075115][ T7863] BTRFS info (device loop1): turning on sync discard
[  254.082427][ T7863] BTRFS info (device loop1): force clearing of disk cache
[  254.135154][ T7863] BTRFS info (device loop1): enabling disk space caching
[  254.164989][ T7863] BTRFS info (device loop1): turning off discard
[  254.172278][ T7863] BTRFS info (device loop1): disk space caching is enabled
[  254.278923][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  254.289952][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  254.332938][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  254.380916][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  254.393485][ T7893] loop2: detected capacity change from 0 to 512
[  254.424138][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  254.429954][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  254.460339][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  254.524271][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  254.547035][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  254.561093][ T7863] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  254.621037][ T7893] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.646167][ T7893] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  254.761678][ T7904] EXT4-fs error (device loop2): ext4_validate_inode_bitmap:106: comm syz.2.542: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20
[  254.768967][ T7893] EXT4-fs error (device loop2): ext4_validate_inode_bitmap:106: comm syz.2.542: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20
[  254.779726][ T7863] BTRFS error (device loop1): open_ctree failed: -12
[  254.973387][ T7893] EXT4-fs error (device loop2) in ext4_free_inode:363: Filesystem failed CRC
[  255.127978][ T7910] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  255.129770][ T5915] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.206278][ T7910] tipc: Started in network mode
[  255.257973][ T7910] tipc: Node identity c29c70bceb49, cluster identity 4711
[  255.316645][ T7910] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  255.355244][ T7914] syzkaller0: entered promiscuous mode
[  255.361124][ T7914] syzkaller0: entered allmulticast mode
[  255.588855][ T7910] tipc: Resetting bearer <eth:syzkaller0>
[  256.445389][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  256.456547][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  256.466869][   T23] tipc: Node number set to 701853884
[  256.520674][ T7909] tipc: Resetting bearer <eth:syzkaller0>
[  256.605007][  T786] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  256.636350][ T7909] tipc: Disabling bearer <eth:syzkaller0>
[  256.807681][  T786] usb 2-1: Using ep0 maxpacket: 16
[  256.833508][  T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  256.859968][  T786] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  256.892066][  T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.911561][  T786] usb 2-1: Product: syz
[  256.922935][  T786] usb 2-1: Manufacturer: syz
[  256.939849][  T786] usb 2-1: SerialNumber: syz
[  256.972476][  T786] usb 2-1: config 0 descriptor??
[  257.009612][  T786] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  257.038914][  T786] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  257.551737][ T7949] loop0: detected capacity change from 0 to 4096
[  257.775899][  T786] em28xx 2-1:0.0: chip ID is em2765
[  259.460083][  T786] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  260.184696][ T7949] EXT4-fs (loop0): Test dummy encryption mode enabled
[  260.228420][  T786] em28xx 2-1:0.0: board has no eeprom
[  260.271535][ T7949] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  260.304998][  T786] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  260.321735][  T786] em28xx 2-1:0.0: dvb set to bulk mode.
[  260.330283][ T5883] em28xx 2-1:0.0: Binding DVB extension
[  260.339523][  T786] usb 2-1: USB disconnect, device number 13
[  260.347323][  T786] em28xx 2-1:0.0: Disconnecting em28xx
[  260.428627][ T5883] em28xx 2-1:0.0: Registering input extension
[  260.465873][  T786] em28xx 2-1:0.0: Closing input extension
[  260.770361][ T7965] loop2: detected capacity change from 0 to 32768
[  260.799320][  T786] em28xx 2-1:0.0: Freeing device
[  260.804794][ T7965] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.562 (7965)
[  260.853347][ T7965] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  260.865271][ T7965] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  260.875130][ T7965] BTRFS info (device loop2): using free space tree
[  261.053815][ T7965] BTRFS info (device loop2): enabling ssd optimizations
[  261.061475][ T7965] BTRFS info (device loop2): auto enabling async discard
[  261.126934][ T7981] netlink: 16 bytes leftover after parsing attributes in process `syz.1.564'.
[  261.268150][ T7949] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  261.494747][   T27] audit: type=1800 audit(1772526763.312:3): pid=7965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.562" name="file1" dev="loop2" ino=260 res=0 errno=0
[  261.522049][   T27] audit: type=1800 audit(1772526763.342:4): pid=7965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.562" name="file1" dev="loop2" ino=260 res=0 errno=0
[  262.299410][ T5773] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.858231][ T7991] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  263.595775][ T8001] Can't find ip_set type hash:ip,po
[  264.204984][   T23] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  265.188893][   T23] usb 1-1: Using ep0 maxpacket: 16
[  265.283718][ T3496] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  265.298835][   T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  265.337757][   T23] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  265.376103][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.437538][   T23] usb 1-1: Product: syz
[  265.441963][   T23] usb 1-1: Manufacturer: syz
[  265.454935][   T23] usb 1-1: SerialNumber: syz
[  265.466883][ T8026] netlink: 16 bytes leftover after parsing attributes in process `syz.1.574'.
[  265.493294][   T23] usb 1-1: config 0 descriptor??
[  265.517467][   T23] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  265.532890][   T23] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  265.800209][ T3496] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.053561][ T3496] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.135490][   T23] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  266.314430][ T3496] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  266.537838][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  266.553961][ T5781] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  266.556435][   T23] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  266.593032][ T5781] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  266.625156][   T23] em28xx 1-1:0.0: board has no eeprom
[  266.654019][ T5781] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  266.707930][ T5781] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  266.717771][ T5781] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  266.865054][   T23] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  266.888875][   T23] em28xx 1-1:0.0: dvb set to bulk mode.
[  266.909496][ T8041] wg0 speed is unknown, defaulting to 1000
[  266.931003][  T786] em28xx 1-1:0.0: Binding DVB extension
[  266.951038][   T23] usb 1-1: USB disconnect, device number 11
[  266.995955][   T23] em28xx 1-1:0.0: Disconnecting em28xx
[  267.188389][  T786] em28xx 1-1:0.0: Registering input extension
[  267.249644][   T23] em28xx 1-1:0.0: Closing input extension
[  267.345283][   T23] em28xx 1-1:0.0: Freeing device
[  267.436873][ T5815] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  267.658407][ T5815] usb 2-1: Using ep0 maxpacket: 16
[  267.685636][ T5815] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  267.693947][ T5815] usb 2-1: config 0 has no interface number 0
[  267.718663][ T5815] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  267.737951][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.768230][ T5815] usb 2-1: Product: syz
[  267.786356][ T5815] usb 2-1: Manufacturer: syz
[  267.804089][ T5815] usb 2-1: SerialNumber: syz
[  267.856203][ T5815] usb 2-1: config 0 descriptor??
[  267.920160][ T5815] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  267.928986][ T8065] loop3: detected capacity change from 0 to 1024
[  268.056279][ T8065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  268.068951][ T8065] ext4 filesystem being mounted at /40/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  268.168359][ T7254] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  268.241007][ T8041] chnl_net:caif_netlink_parms(): no params data found
[  268.597414][ T5815] gspca_spca1528: reg_w err -110
[  268.659158][ T5815] spca1528: probe of 2-1:0.1 failed with error -110
[  268.742174][ T8086] netlink: 16 bytes leftover after parsing attributes in process `syz.3.584'.
[  268.815448][ T5779] Bluetooth: hci1: command tx timeout
[  268.840116][ T8041] bridge0: port 1(bridge_slave_0) entered blocking state
[  268.855109][ T8041] bridge0: port 1(bridge_slave_0) entered disabled state
[  268.864218][ T8041] bridge_slave_0: entered allmulticast mode
[  268.872643][ T8041] bridge_slave_0: entered promiscuous mode
[  268.902165][ T8041] bridge0: port 2(bridge_slave_1) entered blocking state
[  268.913453][ T8041] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.921311][ T8041] bridge_slave_1: entered allmulticast mode
[  268.929533][ T8041] bridge_slave_1: entered promiscuous mode
[  269.018417][ T8041] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  269.059477][ T8041] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  269.162274][ T8041] team0: Port device team_slave_0 added
[  269.178628][ T8041] team0: Port device team_slave_1 added
[  269.274684][ T8041] batman_adv: batadv0: Adding interface: batadv_slave_0
[  269.283075][ T8041] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.316473][ T8041] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  269.370181][ T8041] batman_adv: batadv0: Adding interface: batadv_slave_1
[  269.395358][ T8041] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  269.428399][ T8041] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  269.449982][ T3496] hsr_slave_0: left promiscuous mode
[  269.458181][ T3496] hsr_slave_1: left promiscuous mode
[  269.469926][ T3496] batman_adv: batadv0: Removing interface: batadv_slave_0
[  269.489747][ T3496] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  269.506162][ T3496] batman_adv: batadv0: Removing interface: batadv_slave_1
[  269.536573][ T3496] bridge_slave_1: left allmulticast mode
[  269.554697][ T3496] bridge_slave_1: left promiscuous mode
[  269.576317][ T3496] bridge0: port 2(bridge_slave_1) entered disabled state
[  269.601634][ T3496] bridge_slave_0: left allmulticast mode
[  269.644942][ T3496] bridge_slave_0: left promiscuous mode
[  269.665837][ T3496] bridge0: port 1(bridge_slave_0) entered disabled state
[  269.765669][ T3496] veth1_macvtap: left promiscuous mode
[  269.775701][ T3496] veth0_macvtap: left promiscuous mode
[  269.782823][ T3496] veth1_vlan: left promiscuous mode
[  269.789474][ T3496] veth0_vlan: left promiscuous mode
[  270.274461][ T8118] syz.3.588 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  270.655128][ T5813] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  270.841033][ T5813] usb 1-1: Using ep0 maxpacket: 16
[  270.858275][ T5813] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  270.875542][ T5813] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  270.895645][ T5779] Bluetooth: hci1: command tx timeout
[  270.900710][ T5813] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.921520][ T5813] usb 1-1: Product: syz
[  270.931505][ T5813] usb 1-1: Manufacturer: syz
[  270.945017][ T5813] usb 1-1: SerialNumber: syz
[  270.988076][ T5813] usb 1-1: config 0 descriptor??
[  270.998101][ T5813] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  271.008425][ T5813] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  271.132749][ T3496] team0 (unregistering): Port device team_slave_1 removed
[  271.211382][ T3496] team0 (unregistering): Port device team_slave_0 removed
[  271.315380][ T3496] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  271.455269][ T3496] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  271.617264][ T5813] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  272.013000][ T3496] bond0 (unregistering): Released all slaves
[  272.047372][ T5813] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  272.060569][ T5813] em28xx 1-1:0.0: board has no eeprom
[  272.140285][ T5813] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  272.154142][ T5813] em28xx 1-1:0.0: dvb set to bulk mode.
[  272.160710][    T8] em28xx 1-1:0.0: Binding DVB extension
[  272.185440][ T5883] usb 2-1: USB disconnect, device number 14
[  272.195003][ T5813] usb 1-1: USB disconnect, device number 12
[  272.226687][ T5813] em28xx 1-1:0.0: Disconnecting em28xx
[  272.351310][    T8] em28xx 1-1:0.0: Registering input extension
[  272.361460][ T8041] hsr_slave_0: entered promiscuous mode
[  272.361544][ T5813] em28xx 1-1:0.0: Closing input extension
[  272.386952][ T8041] hsr_slave_1: entered promiscuous mode
[  272.404581][ T5813] em28xx 1-1:0.0: Freeing device
[  273.007011][ T5779] Bluetooth: hci1: command tx timeout
[  273.702909][ T8041] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  273.768215][ T8041] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  273.796817][ T8041] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  273.851732][ T8041] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  274.162416][ T8041] 8021q: adding VLAN 0 to HW filter on device bond0
[  274.260977][ T8041] 8021q: adding VLAN 0 to HW filter on device team0
[  274.326993][ T3529] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.334448][ T3529] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.369864][ T3529] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.377414][ T3529] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.505379][ T5813] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  274.606177][ T5883] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  274.709878][ T5813] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  274.748480][ T5813] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.766351][ T5813] usb 4-1: Product: syz
[  274.776628][ T5813] usb 4-1: Manufacturer: syz
[  274.789677][ T5813] usb 4-1: SerialNumber: syz
[  274.810592][ T5813] usb 4-1: config 0 descriptor??
[  274.828457][ T5883] usb 2-1: config 1 has an invalid interface number: 82 but max is 0
[  274.862622][ T5883] usb 2-1: config 1 has no interface number 0
[  274.916597][ T8041] 8021q: adding VLAN 0 to HW filter on device batadv0
[  274.922943][ T5883] usb 2-1: config 1 interface 82 has no altsetting 0
[  274.968670][ T5883] usb 2-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice=fa.2a
[  274.993971][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  275.045860][ T5883] usb 2-1: Product: syz
[  275.051586][ T5883] usb 2-1: Manufacturer: syz
[  275.057053][ T5779] Bluetooth: hci1: command tx timeout
[  275.072534][ T5883] usb 2-1: SerialNumber: syz
[  275.128680][ T5813] usb 4-1: ignoring: probably an ADSL modem
[  275.328587][ T5883] hub 2-1:1.82: bad descriptor, ignoring hub
[  275.348091][ T5883] hub: probe of 2-1:1.82 failed with error -5
[  275.386208][ T5883] sierra 2-1:1.82: Sierra USB modem converter detected
[  275.434683][ T5883] usb 2-1: Sierra USB modem converter now attached to ttyUSB0
[  275.495171][ T5883] usb 2-1: USB disconnect, device number 15
[  275.526371][ T5883] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  275.541180][ T5813] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  275.595986][ T5813] usb 4-1: USB disconnect, device number 11
[  275.615540][ T5883] sierra 2-1:1.82: device disconnected
[  275.853557][ T8041] veth0_vlan: entered promiscuous mode
[  275.906335][ T8041] veth1_vlan: entered promiscuous mode
[  276.095524][ T8041] veth0_macvtap: entered promiscuous mode
[  276.133205][ T8041] veth1_macvtap: entered promiscuous mode
[  276.232535][ T8041] batman_adv: batadv0: Interface activated: batadv_slave_0
[  276.297913][ T8041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.359913][ T8041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.392242][ T8041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.421629][ T8041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.466439][ T8041] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  276.482815][ T8041] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  276.533014][ T8041] batman_adv: batadv0: Interface activated: batadv_slave_1
[  276.562253][ T8041] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  276.595329][ T8041] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  276.618197][ T8041] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  276.634715][ T8041] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  276.955928][ T1136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  276.989214][ T1136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.104756][ T1074] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  277.128440][ T1074] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  277.661879][ T8245] loop4: detected capacity change from 0 to 64
[  278.862666][ T8262] loop4: detected capacity change from 0 to 512
[  278.888578][ T8262] EXT4-fs: Ignoring removed orlov option
[  278.906744][   T23] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  278.970184][ T8262] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  279.038806][ T8262] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002]
[  279.074540][ T8262] EXT4-fs error (device loop4): ext4_iget_extra_inode:4732: inode #15: comm syz.4.613: corrupted in-inode xattr: e_value size too large
[  279.112763][ T8262] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.613: couldn't read orphan inode 15 (err -117)
[  279.148502][   T23] usb 4-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  279.173583][ T8262] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  279.195071][   T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.225562][   T23] usb 4-1: Product: syz
[  279.254364][   T23] usb 4-1: Manufacturer: syz
[  279.291040][   T23] usb 4-1: SerialNumber: syz
[  279.339512][   T23] usb 4-1: config 0 descriptor??
[  279.643959][   T23] usb 4-1: ignoring: probably an ADSL modem
[  280.234209][   T23] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  280.255859][   T23] usb 4-1: USB disconnect, device number 12
[  280.305751][ T8041] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.195427][ T5102] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  284.095086][ T5102] usb 1-1: Using ep0 maxpacket: 16
[  284.105059][ T5102] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  284.139890][ T5102] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  284.169898][ T5102] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.201438][ T5102] usb 1-1: Product: syz
[  284.219813][ T5102] usb 1-1: Manufacturer: syz
[  284.232545][ T5102] usb 1-1: SerialNumber: syz
[  284.266365][ T5102] usb 1-1: config 0 descriptor??
[  284.290043][ T5102] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  284.325325][ T5102] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  284.947460][ T5102] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  286.185094][ T5102] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  286.230695][ T5102] em28xx 1-1:0.0: board has no eeprom
[  286.364362][ T5102] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  286.368900][ T8361] loop4: detected capacity change from 0 to 2048
[  286.383714][ T5102] em28xx 1-1:0.0: dvb set to bulk mode.
[  286.416025][ T5813] em28xx 1-1:0.0: Binding DVB extension
[  286.582650][ T5102] usb 1-1: USB disconnect, device number 13
[  286.604993][ T8361] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  286.657956][ T5102] em28xx 1-1:0.0: Disconnecting em28xx
[  288.088494][ T8379] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  288.124107][ T5813] em28xx 1-1:0.0: Registering input extension
[  288.153773][ T5102] em28xx 1-1:0.0: Closing input extension
[  288.207338][ T5102] em28xx 1-1:0.0: Freeing device
[  288.472365][ T8383] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  288.768617][ T8383] Remounting filesystem read-only
[  288.905425][ T8383] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  288.979927][ T8383] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  289.005294][   T27] audit: type=1800 audit(1772526790.832:5): pid=8383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.636" name="file1" dev="loop4" ino=15 res=0 errno=0
[  289.057836][ T8383] syz.4.636 (8383) used greatest stack depth: 19024 bytes left
[  290.465141][ T5813] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  290.825085][ T5813] usb 5-1: Using ep0 maxpacket: 16
[  291.103642][ T5813] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  291.161014][ T5813] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  291.196882][ T5813] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.230609][ T5813] usb 5-1: Product: syz
[  291.349563][ T5813] usb 5-1: Manufacturer: syz
[  291.365627][ T5813] usb 5-1: SerialNumber: syz
[  291.383979][ T5813] usb 5-1: config 0 descriptor??
[  291.404239][ T5813] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  291.414515][ T5813] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  291.461510][ T8414] loop3: detected capacity change from 0 to 4096
[  291.559226][ T8414] EXT4-fs (loop3): Test dummy encryption mode enabled
[  291.662059][ T8420] loop0: detected capacity change from 0 to 4096
[  291.664234][ T8414] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  291.745437][ T8420] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  292.006320][ T5813] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  292.904204][ T5813] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  292.941341][ T7254] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.962180][ T5813] em28xx 5-1:0.0: board has no eeprom
[  293.055065][ T5813] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  293.109990][ T5813] em28xx 5-1:0.0: dvb set to bulk mode.
[  293.121363][ T5102] em28xx 5-1:0.0: Binding DVB extension
[  293.146400][ T5813] usb 5-1: USB disconnect, device number 2
[  293.153718][ T5813] em28xx 5-1:0.0: Disconnecting em28xx
[  293.266742][ T5102] em28xx 5-1:0.0: Registering input extension
[  293.307289][ T5813] em28xx 5-1:0.0: Closing input extension
[  293.373766][ T5813] em28xx 5-1:0.0: Freeing device
[  295.645258][   T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  296.823083][   T23] usb 1-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  296.833944][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.843181][   T23] usb 1-1: Product: syz
[  296.848130][   T23] usb 1-1: Manufacturer: syz
[  296.853207][   T23] usb 1-1: SerialNumber: syz
[  296.888732][   T23] usb 1-1: config 0 descriptor??
[  297.127385][   T23] usb 1-1: ignoring: probably an ADSL modem
[  297.550105][   T23] cxacru 1-1:0.0: usbatm_usb_probe: bind failed: -19!
[  297.559378][ T5815] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  297.598543][   T23] usb 1-1: USB disconnect, device number 14
[  297.924989][ T5815] usb 2-1: Using ep0 maxpacket: 16
[  297.933738][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  299.130746][ T5815] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  299.142462][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.152596][ T5815] usb 2-1: Product: syz
[  299.157166][ T5815] usb 2-1: Manufacturer: syz
[  299.168723][ T5815] usb 2-1: SerialNumber: syz
[  299.180323][ T5815] usb 2-1: config 0 descriptor??
[  299.195426][ T5815] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  299.206677][ T5815] em28xx 2-1:0.0: DVB interface 0 found: bulk
[  300.449076][ T5815] em28xx 2-1:0.0: unknown em28xx chip ID (0)
[  300.893855][ T5815] em28xx 2-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  300.918027][ T5815] em28xx 2-1:0.0: board has no eeprom
[  301.815029][ T5815] em28xx 2-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  301.824218][ T5815] em28xx 2-1:0.0: dvb set to bulk mode.
[  301.838157][ T5833] em28xx 2-1:0.0: Binding DVB extension
[  301.857199][ T5815] usb 2-1: USB disconnect, device number 16
[  301.867796][ T5815] em28xx 2-1:0.0: Disconnecting em28xx
[  303.397157][ T5833] em28xx 2-1:0.0: Registering input extension
[  303.404750][ T5815] em28xx 2-1:0.0: Closing input extension
[  303.511506][ T5815] em28xx 2-1:0.0: Freeing device
[  303.626015][   T27] audit: type=1326 audit(1772526805.452:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8530 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12079c799 code=0x7ffc0000
[  303.810483][ T8558] loop4: detected capacity change from 0 to 32768
[  303.966929][ T8558] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.675 (8558)
[  303.995760][ T8558] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  304.006494][ T8558] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  304.016576][ T8558] BTRFS info (device loop4): metadata ratio 2
[  304.022937][ T8558] BTRFS info (device loop4): force zlib compression, level 3
[  304.031613][ T8558] BTRFS info (device loop4): enabling auto defrag
[  304.038723][ T8558] BTRFS info (device loop4): max_inline at 0
[  304.045614][ T8558] BTRFS info (device loop4): using free space tree
[  304.455082][ T5102] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  304.565093][ T5815] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  304.635598][   T27] audit: type=1326 audit(1772526806.462:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8530 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fd12079c799 code=0x7ffc0000
[  304.703455][   T27] audit: type=1326 audit(1772526806.522:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8530 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12079c799 code=0x7ffc0000
[  304.730728][   T27] audit: type=1326 audit(1772526806.522:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8530 comm="syz.3.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd12079c799 code=0x7ffc0000
[  304.800933][ T8558] BTRFS info (device loop4): enabling ssd optimizations
[  304.810274][ T8558] BTRFS info (device loop4): auto enabling async discard
[  304.947604][ T5815] usb 2-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65
[  305.189637][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.204825][ T5815] usb 2-1: Product: syz
[  305.214087][ T5815] usb 2-1: Manufacturer: syz
[  305.222025][ T5815] usb 2-1: SerialNumber: syz
[  305.258711][ T5833] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  305.279740][ T5815] usb 2-1: config 0 descriptor??
[  305.542872][ T5815] usb 2-1: can't set config #0, error -71
[  305.795476][ T5833] usb 1-1: unable to get BOS descriptor or descriptor too short
[  305.826761][ T5815] usb 2-1: USB disconnect, device number 17
[  305.836945][ T8041] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  305.885739][ T5833] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  305.925543][ T5833] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  305.979958][ T5833] usb 1-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40
[  306.026420][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.082023][ T5833] usb 1-1: Product: syz
[  306.145524][ T5833] usb 1-1: Manufacturer: syz
[  306.178084][ T5833] usb 1-1: SerialNumber: syz
[  306.222472][ T5833] usb 1-1: selecting invalid altsetting 1
[  306.245700][ T5833] usb 1-1: unit 6 not found!
[  306.442374][ T5833] usb 1-1: 2:0: failed to get current value for ch 0 (-71)
[  306.767555][ T5833] snd-usb-audio: probe of 1-1:1.0 failed with error -22
[  306.822089][ T5833] usb 1-1: USB disconnect, device number 15
[  306.943761][ T5774] udevd[5774]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  308.078477][ T5102] usb 4-1: unable to read config index 0 descriptor/all
[  308.306696][ T8602] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  308.334789][ T8602] loop0: detected capacity change from 0 to 1024
[  308.479577][ T5102] usb 4-1: can't read configurations, error -71
[  310.965366][ T8618] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  312.160640][ T8656] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/nullb0": -EINTR
[  312.444420][   T27] audit: type=1326 audit(1772526813.622:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08699c799 code=0x7ffc0000
[  312.505338][   T27] audit: type=1326 audit(1772526813.622:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08699c799 code=0x7ffc0000
[  312.598634][   T27] audit: type=1326 audit(1772526813.622:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd08699c799 code=0x7ffc0000
[  312.622402][    C1] vkms_vblank_simulate: vblank timer overrun
[  312.630326][   T27] audit: type=1326 audit(1772526813.622:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08699c799 code=0x7ffc0000
[  312.653020][    C1] vkms_vblank_simulate: vblank timer overrun
[  312.660272][   T27] audit: type=1326 audit(1772526813.622:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd08699c799 code=0x7ffc0000
[  312.684730][    C1] vkms_vblank_simulate: vblank timer overrun
[  312.725013][   T27] audit: type=1326 audit(1772526813.622:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.686" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd08699c799 code=0x7ffc0000
[  314.361852][ T8693] loop4: detected capacity change from 0 to 512
[  314.430605][ T8693] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  314.504232][ T8693] ext4 filesystem being mounted at /17/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  314.706148][ T8041] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.000578][ T8688] loop0: detected capacity change from 0 to 32768
[  315.039964][ T8688] BTRFS: device fsid 28302361-d975-4c41-bd4c-c547b14b74a1 devid 1 transid 8 /dev/loop0 scanned by syz.0.699 (8688)
[  315.101875][ T8688] BTRFS info (device loop0): first mount of filesystem 28302361-d975-4c41-bd4c-c547b14b74a1
[  315.135857][ T8688] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  315.183732][ T8688] BTRFS info (device loop0): using free space tree
[  316.717645][ T8726] overlayfs: workdir and upperdir must reside under the same mount
[  316.763792][ T8688] BTRFS info (device loop0): enabling ssd optimizations
[  316.828519][ T8745] loop4: detected capacity change from 0 to 128
[  317.695504][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  317.701978][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  317.965153][ T8688] BTRFS info (device loop0): auto enabling async discard
[  318.289755][ T5773] BTRFS info (device loop0): last unmount of filesystem 28302361-d975-4c41-bd4c-c547b14b74a1
[  319.352583][ T8772] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  319.465708][ T8772] batadv_slave_0: entered promiscuous mode
[  322.756604][ T8812] loop0: detected capacity change from 0 to 128
[  322.805918][ T8812] bio_check_eod: 7204 callbacks suppressed
[  322.805934][ T8812] syz.0.718: attempt to access beyond end of device
[  322.805934][ T8812] loop0: rw=1, sector=145, nr_sectors = 65 limit=128
[  324.426436][ T8819] netlink: 56 bytes leftover after parsing attributes in process `syz.1.719'.
[  326.834993][   T23] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  327.168865][   T23] usb 2-1: Using ep0 maxpacket: 8
[  327.181352][   T23] usb 2-1: unable to get BOS descriptor or descriptor too short
[  328.370011][ T8881] netlink: 56 bytes leftover after parsing attributes in process `syz.4.732'.
[  328.375092][ T5833] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  328.393751][   T23] usb 2-1: config 4 interface 0 has no altsetting 0
[  328.420663][   T23] usb 2-1: string descriptor 0 read error: -22
[  328.432136][   T23] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  328.443334][   T23] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3
[  328.480366][   T23] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  328.508455][   T23] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  328.531469][   T23] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  328.540786][   T23] usb 2-1: media controller created
[  328.625130][ T5833] usb 1-1: Using ep0 maxpacket: 8
[  328.633564][ T5833] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  328.652119][   T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  328.675004][ T5833] usb 1-1: config 0 has no interface number 0
[  328.681880][ T5833] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  328.752859][ T5833] usb 1-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  328.798607][ T5833] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  328.828319][ T5833] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  328.865151][ T5833] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.888756][ T5833] usb 1-1: config 0 descriptor??
[  328.937434][ T5833] ldusb 1-1:0.55: Interrupt in endpoint not found
[  328.979944][   T23] zl10353_read_register: readreg error (reg=127, ret==0)
[  329.102198][   T23] usb 2-1: USB disconnect, device number 18
[  329.297675][ T5813] usb 1-1: USB disconnect, device number 16
[  330.418749][ T5781] Bluetooth: hci0: command 0x0406 tx timeout
[  330.525158][   T23] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  331.951675][ T8937] netlink: 56 bytes leftover after parsing attributes in process `syz.3.741'.
[  331.962376][ T8934] comedi comedi3: reset error (fatal)
[  332.003169][   T23] usb 2-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64
[  332.014653][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.024285][   T23] usb 2-1: Product: syz
[  332.030033][   T23] usb 2-1: Manufacturer: syz
[  332.035907][   T23] usb 2-1: SerialNumber: syz
[  332.057816][   T23] usb 2-1: config 0 descriptor??
[  332.136939][   T23] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state.
[  332.166528][   T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  332.205687][   T23] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0))
[  332.217437][   T23] usb 2-1: media controller created
[  332.341367][ T8929] dvb-usb: bulk message failed: -22 (7/0)
[  332.359719][   T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  333.195077][ T8942] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4)
[  333.514135][   T23] DVB: Unable to find symbol mt352_attach()
[  333.711312][   T23] DVB: Unable to find symbol nxt6000_attach()
[  333.746732][   T23] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)'
[  333.799918][   T23] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input14
[  333.867140][   T23] dvb-usb: schedule remote query interval to 1000 msecs.
[  333.901859][   T23] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected.
[  333.948477][   T23] dvb-usb: bulk message failed: -22 (7/0)
[  333.968660][   T23] dvb-usb: bulk message failed: -22 (7/0)
[  333.984806][   T23] usb 2-1: USB disconnect, device number 19
[  334.737515][   T23] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected.
[  335.085054][ T8979] ==================================================================
[  335.093569][ T8979] BUG: KFENCE: use-after-free read in dvb_device_open+0xca/0x370
[  335.093569][ T8979] 
[  335.105323][ T8979] Use-after-free read at 0xffff88823bd26f18 (in kfence-#146):
[  335.113977][ T8979]  dvb_device_open+0xca/0x370
[  335.119294][ T8979]  chrdev_open+0x5cc/0x6a0
[  335.124434][ T8979]  do_dentry_open+0x8c6/0x1500
[  335.130354][ T8979]  path_openat+0x27f1/0x3230
[  335.136902][ T8979]  do_filp_open+0x1f5/0x430
[  335.141874][ T8979]  do_sys_openat2+0x134/0x1d0
[  335.146766][ T8979]  __x64_sys_openat+0x139/0x160
[  335.152453][ T8979]  do_syscall_64+0x55/0xa0
[  335.157511][ T8979]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  335.164350][ T8979] 
[  335.167491][ T8979] kfence-#146: 0xffff88823bd26f00-0xffff88823bd26fd7, size=216, cache=kmalloc-256
[  335.167491][ T8979] 
[  335.181938][ T8979] allocated by task 1 on cpu 0 at 12.886904s:
[  335.191178][ T8979]  __kmem_cache_alloc_node+0x1f7/0x250
[  335.197722][ T8979]  kmalloc_trace+0x2a/0xe0
[  335.202572][ T8979]  dvb_register_device+0x2fd/0x2210
[  335.208591][ T8979]  dvb_register_frontend+0x649/0x930
[  335.214716][ T8979]  vidtv_bridge_probe+0x9ab/0xf80
[  335.223001][ T8979]  platform_probe+0x13b/0x1c0
[  335.230639][ T8979]  really_probe+0x25b/0xb20
[  335.237531][ T8979]  __driver_probe_device+0x18c/0x330
[  335.247005][ T8979]  driver_probe_device+0x4f/0x420
[  335.253525][ T8979]  __driver_attach+0x44e/0x6e0
[  335.258759][ T8979]  bus_for_each_dev+0x235/0x2b0
[  335.264694][ T8979]  bus_add_driver+0x340/0x630
[  335.270753][ T8979]  driver_register+0x23a/0x310
[  335.276312][ T8979]  vidtv_bridge_init+0x3d/0x70
[  335.282307][ T8979]  do_one_initcall+0x242/0x790
[  335.287810][ T8979]  do_initcall_level+0x137/0x1f0
[  335.293441][ T8979]  do_initcalls+0x69/0xd0
[  335.298142][ T8979]  kernel_init_freeable+0x3ed/0x580
[  335.303813][ T8979]  kernel_init+0x1d/0x1c0
[  335.308874][ T8979]  ret_from_fork+0x48/0x80
[  335.314722][ T8979]  ret_from_fork_asm+0x11/0x20
[  335.319965][ T8979] 
[  335.322401][ T8979] freed by task 8942 on cpu 1 at 333.350936s:
[  335.329301][ T8979]  dvb_device_open+0x2ee/0x370
[  335.334356][ T8979]  chrdev_open+0x5cc/0x6a0
[  335.339025][ T8979]  do_dentry_open+0x8c6/0x1500
[  335.344440][ T8979]  path_openat+0x27f1/0x3230
[  335.349754][ T8979]  do_filp_open+0x1f5/0x430
[  335.354920][ T8979]  do_sys_openat2+0x134/0x1d0
[  335.360149][ T8979]  __x64_sys_openat+0x139/0x160
[  335.365378][ T8979]  do_syscall_64+0x55/0xa0
[  335.370279][ T8979]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  335.376377][ T8979] 
[  335.378829][ T8979] CPU: 1 PID: 8979 Comm: syz.1.751 Not tainted syzkaller #0
[  335.386837][ T8979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  335.397552][ T8979] RIP: 0010:dvb_device_open+0xca/0x370
[  335.403348][ T8979] Code: 8b 3f 4d 85 ff 0f 84 83 01 00 00 4c 89 64 24 08 4d 8d 67 18 4c 89 e5 48 c1 ed 03 80 7c 1d 00 00 74 08 4c 89 e7 e8 c6 80 dd fa <4d> 8b 2c 24 4d 85 ed 0f 84 5e 01 00 00 4c 89 e8 48 c1 e8 03 80 3c
[  335.424027][ T8979] RSP: 0018:ffffc9000d0777f0 EFLAGS: 00010246
[  335.431174][ T8979] RAX: 1ffffffff2ec59db RBX: dffffc0000000000 RCX: 0000000000000000
[  335.440997][ T8979] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 00000000ffffffff
[  335.450038][ T8979] RBP: 1ffff110477a4de3 R08: ffffffff8defe9cf R09: 1ffffffff1bdfd39
[  335.462283][ T8979] R10: dffffc0000000000 R11: fffffbfff1bdfd3a R12: ffff88823bd26f18
[  335.471500][ T8979] R13: 1ffff92001a0ef0c R14: ffff88802662d900 R15: ffff88823bd26f00
[  335.480639][ T8979] FS:  00007f33013f66c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  335.491247][ T8979] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  335.499154][ T8979] CR2: ffff88823bd26f18 CR3: 000000002b4c9000 CR4: 00000000003506e0
[  335.509936][ T8979] Call Trace:
[  335.513591][ T8979]  <TASK>
[  335.516861][ T8979]  ? do_raw_spin_unlock+0x121/0x230
[  335.522974][ T8979]  chrdev_open+0x5cc/0x6a0
[  335.527739][ T8979]  ? cd_forget+0x160/0x160
[  335.532436][ T8979]  ? fsnotify_perm+0x3ed/0x5e0
[  335.537674][ T8979]  ? cd_forget+0x160/0x160
[  335.542375][ T8979]  do_dentry_open+0x8c6/0x1500
[  335.547523][ T8979]  path_openat+0x27f1/0x3230
[  335.552231][ T8979]  ? do_sys_openat2+0xda/0x1d0
[  335.557549][ T8979]  ? verify_lock_unused+0x140/0x140
[  335.563135][ T8979]  ? do_filp_open+0x430/0x430
[  335.567837][ T8979]  ? __virt_addr_valid+0x18c/0x540
[  335.573150][ T8979]  do_filp_open+0x1f5/0x430
[  335.578120][ T8979]  ? vfs_tmpfile+0x490/0x490
[  335.583105][ T8979]  ? _raw_spin_unlock+0x28/0x40
[  335.588590][ T8979]  ? alloc_fd+0x58f/0x630
[  335.593063][ T8979]  do_sys_openat2+0x134/0x1d0
[  335.598075][ T8979]  ? do_sys_open+0xe0/0xe0
[  335.602624][ T8979]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  335.609140][ T8979]  ? lock_chain_count+0x20/0x20
[  335.614282][ T8979]  __x64_sys_openat+0x139/0x160
[  335.619475][ T8979]  do_syscall_64+0x55/0xa0
[  335.624545][ T8979]  ? clear_bhb_loop+0x40/0x90
[  335.629528][ T8979]  ? clear_bhb_loop+0x40/0x90
[  335.634323][ T8979]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  335.640517][ T8979] RIP: 0033:0x7f330315cfce
[  335.645322][ T8979] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  335.666136][ T8979] RSP: 002b:00007f33013f5b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  335.675673][ T8979] RAX: ffffffffffffffda RBX: 00007f33013f66c0 RCX: 00007f330315cfce
[  335.684374][ T8979] RDX: 0000000000000e82 RSI: 00007f33013f5c00 RDI: ffffffffffffff9c
[  335.692548][ T8979] RBP: 00007f33013f5c00 R08: 0000000000000000 R09: 0000000000000000
[  335.701333][ T8979] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  335.709853][ T8979] R13: 00007f3303416128 R14: 00007f3303416090 R15: 00007fff0713f2f8
[  335.718645][ T8979]  </TASK>
[  335.721759][ T8979] ==================================================================
[  335.730365][ T8979] Kernel panic - not syncing: KFENCE: panic_on_warn set ...
[  335.738583][ T8979] CPU: 1 PID: 8979 Comm: syz.1.751 Not tainted syzkaller #0
[  335.746422][ T8979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  335.756983][ T8979] Call Trace:
[  335.760382][ T8979]  <TASK>
[  335.763514][ T8979]  dump_stack_lvl+0x18c/0x250
[  335.768404][ T8979]  ? show_regs_print_info+0x20/0x20
[  335.773911][ T8979]  ? load_image+0x400/0x400
[  335.779139][ T8979]  panic+0x2dc/0x730
[  335.783758][ T8979]  ? bpf_jit_dump+0xd0/0xd0
[  335.790015][ T8979]  check_panic_on_warn+0x84/0xa0
[  335.795973][ T8979]  kfence_report_error+0x77b/0xa50
[  335.802379][ T8979]  ? kfence_print_stack+0x2c0/0x2c0
[  335.808928][ T8979]  ? dvb_device_open+0xca/0x370
[  335.815588][ T8979]  ? chrdev_open+0x5cc/0x6a0
[  335.822738][ T8979]  ? do_dentry_open+0x8c6/0x1500
[  335.830323][ T8979]  ? path_openat+0x27f1/0x3230
[  335.835655][ T8979]  ? do_filp_open+0x1f5/0x430
[  335.841891][ T8979]  ? do_sys_openat2+0x134/0x1d0
[  335.847839][ T8979]  ? __x64_sys_openat+0x139/0x160
[  335.853714][ T8979]  ? do_syscall_64+0x55/0xa0
[  335.858430][ T8979]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  335.865019][ T8979]  ? _raw_spin_lock+0x40/0x40
[  335.869819][ T8979]  kfence_handle_page_fault+0x52c/0x700
[  335.875664][ T8979]  ? trim_init_extable+0x6f0/0x6f0
[  335.881508][ T8979]  ? rcu_guarded_free+0x50/0x50
[  335.887109][ T8979]  ? search_bpf_extables+0x36b/0x3c0
[  335.892939][ T8979]  ? search_bpf_extables+0x26/0x3c0
[  335.898635][ T8979]  page_fault_oops+0x1a3/0x930
[  335.903966][ T8979]  ? __mutex_trylock_common+0x159/0x260
[  335.910723][ T8979]  ? ex_get_fixup_type+0x70/0x70
[  335.916227][ T8979]  ? kernelmode_fixup_or_oops+0xf0/0xf0
[  335.923032][ T8979]  ? is_prefetch+0x451/0x690
[  335.927955][ T8979]  ? page_fault_oops+0x930/0x930
[  335.933633][ T8979]  ? __bad_area_nosemaphore+0xaa/0x690
[  335.939259][ T8979]  exc_page_fault+0xac/0x100
[  335.943960][ T8979]  ? mutex_lock_nested+0x20/0x20
[  335.949020][ T8979]  asm_exc_page_fault+0x26/0x30
[  335.954149][ T8979] RIP: 0010:dvb_device_open+0xca/0x370
[  335.959928][ T8979] Code: 8b 3f 4d 85 ff 0f 84 83 01 00 00 4c 89 64 24 08 4d 8d 67 18 4c 89 e5 48 c1 ed 03 80 7c 1d 00 00 74 08 4c 89 e7 e8 c6 80 dd fa <4d> 8b 2c 24 4d 85 ed 0f 84 5e 01 00 00 4c 89 e8 48 c1 e8 03 80 3c
[  335.981222][ T8979] RSP: 0018:ffffc9000d0777f0 EFLAGS: 00010246
[  335.987763][ T8979] RAX: 1ffffffff2ec59db RBX: dffffc0000000000 RCX: 0000000000000000
[  335.996295][ T8979] RDX: 0000000000000001 RSI: 0000000000000008 RDI: 00000000ffffffff
[  336.004741][ T8979] RBP: 1ffff110477a4de3 R08: ffffffff8defe9cf R09: 1ffffffff1bdfd39
[  336.013098][ T8979] R10: dffffc0000000000 R11: fffffbfff1bdfd3a R12: ffff88823bd26f18
[  336.021347][ T8979] R13: 1ffff92001a0ef0c R14: ffff88802662d900 R15: ffff88823bd26f00
[  336.031050][ T8979]  ? do_raw_spin_unlock+0x121/0x230
[  336.037867][ T8979]  chrdev_open+0x5cc/0x6a0
[  336.042854][ T8979]  ? cd_forget+0x160/0x160
[  336.047652][ T8979]  ? fsnotify_perm+0x3ed/0x5e0
[  336.052644][ T8979]  ? cd_forget+0x160/0x160
[  336.057510][ T8979]  do_dentry_open+0x8c6/0x1500
[  336.062763][ T8979]  path_openat+0x27f1/0x3230
[  336.069189][ T8979]  ? do_sys_openat2+0xda/0x1d0
[  336.074901][ T8979]  ? verify_lock_unused+0x140/0x140
[  336.081200][ T8979]  ? do_filp_open+0x430/0x430
[  336.087583][ T8979]  ? __virt_addr_valid+0x18c/0x540
[  336.095516][ T8979]  do_filp_open+0x1f5/0x430
[  336.101131][ T8979]  ? vfs_tmpfile+0x490/0x490
[  336.106325][ T8979]  ? _raw_spin_unlock+0x28/0x40
[  336.112293][ T8979]  ? alloc_fd+0x58f/0x630
[  336.117197][ T8979]  do_sys_openat2+0x134/0x1d0
[  336.122444][ T8979]  ? do_sys_open+0xe0/0xe0
[  336.127148][ T8979]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  336.133776][ T8979]  ? lock_chain_count+0x20/0x20
[  336.139168][ T8979]  __x64_sys_openat+0x139/0x160
[  336.144297][ T8979]  do_syscall_64+0x55/0xa0
[  336.149122][ T8979]  ? clear_bhb_loop+0x40/0x90
[  336.154289][ T8979]  ? clear_bhb_loop+0x40/0x90
[  336.159419][ T8979]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  336.167592][ T8979] RIP: 0033:0x7f330315cfce
[  336.172995][ T8979] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  336.199332][ T8979] RSP: 002b:00007f33013f5b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  336.210930][ T8979] RAX: ffffffffffffffda RBX: 00007f33013f66c0 RCX: 00007f330315cfce
[  336.220376][ T8979] RDX: 0000000000000e82 RSI: 00007f33013f5c00 RDI: ffffffffffffff9c
[  336.230642][ T8979] RBP: 00007f33013f5c00 R08: 0000000000000000 R09: 0000000000000000
[  336.239249][ T8979] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd
[  336.248742][ T8979] R13: 00007f3303416128 R14: 00007f3303416090 R15: 00007fff0713f2f8
[  336.258013][ T8979]  </TASK>
[  336.262893][ T8979] Kernel Offset: disabled
[  336.269461][ T8979] Rebooting in 86400 seconds..