last executing test programs:

19.672150513s ago: executing program 3 (id=559):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="44000000190001090000000024000000021800000002fd010e23b94208000100ac1414000800050064"], 0x44}}, 0x0)

19.379157643s ago: executing program 3 (id=562):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x244}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2004de, &(0x7f0000000100), 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
r3 = socket(0x10, 0x6, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000038c0)={0x20, 0x1e, 0xa01, 0x0, 0x0, {0x7}, [@generic="f4837e629eda4a7ea9"]}, 0x20}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x3, &(0x7f0000000040)=[{0x54, 0x0, 0x40, 0x101}, {0x1c}, {0x6, 0xfc}]})

16.803441349s ago: executing program 1 (id=567):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f0000001e40)=[{&(0x7f0000001a00)=""/108, 0x6c}, {&(0x7f0000001a80)=""/202, 0xca}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x6}, 0x1c)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x2000}, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f0000000080), 0x0)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f00000006c0)={@local, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xdd, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe, 0x0, 0x8000}}}}}}, 0x0)
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x78, 0x3, 0x1, 0x10, 0x10, 0x6}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1001f0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd25, 0x25dfdbff, {0x7, 0x0, 0x0, r6, 0x0, 0x0, 0x7}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048861}, 0x840)
lseek(0xffffffffffffffff, 0x1000, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711819000000"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$binfmt_format(r0, 0x0, 0x0)

14.366392697s ago: executing program 3 (id=572):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
close(r2)

14.067560696s ago: executing program 3 (id=574):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_HAS_DEVICE_ATTR_vm(r0, 0x4018aee3, 0x0)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r1, 0x4400ae8f, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000380)={'netdevsim0\x00', 0x5005})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x24068010}, 0x0)
write$tun(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="020304000100090104006bd648c610112f01fe80000000000000000000000000002eff020000000000000000000000000001042088be"], 0x1043)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)

13.229361396s ago: executing program 1 (id=576):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000180)=ANY=[], 0x1, 0x551f, &(0x7f00000056c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJm76seit6i5+YJey6sGTpkkasptkSpOmtScPHsWD/4koePLo3+DBszfxoHgTlMxMdesHCE0T2/5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgya3l4LiJuRsTME0epmP9j4mJEXI2IG6Pkec5S8dal28Nbqz+++fPX3166cO3zr76b3q6BaXs+Irrb+fleN49pK4+PivnasJ3F7sqwiPkb3cfFOM3jXnMzy7BXO1xXy+JyK1+fbu/2R3GrU6uPYqu9lc1v9/IL9oetwzzZBx7VdrJxo7mZxXY/zWLrIK9r/yD/v+2gP8jzNIp8H2bpYzA4jPl8c7+Z72f7cRbrvUExn+dNG839URwWsbhc1NNOI6tj8zjf9P/bW+3e7n4ybO7022kvWa1UX6xU75arO2mjOWiulGvdxt2VZKHVGS0rD5q17lorTVudZqWedheThVa9Xq5Wk4V7zc12rZdUq5Xlyp3y6mJxdjt57cG7SaeRLIziK+3e7qDd6Sdb6U6Sf2IxWaosv7SY3Komb69vJBsP799f33jn/XvvPXh5/Y1Xi0V/KytZWLqztFSu3ikvVRfP0f4/Looe4/7hWErTLgDg9Jlk//+Z/h8onFz/v/Mw4uT7/9D/j8Wp6n/PXv+/90LEVPcPx6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4t76f++L17GQ+H18r5p8qpp4pxqWImImI3/7BbFw8knO2yDP3L+vn/lLDN6XIMoyucak4rkbEWnH8+vRJfwsAAABwdn350c1P8249f5mfdkFMUn7TZub6B2PKV4qIufkfxpRtZvTy7JiSZf++L8T+mLJlN7AujylZfsvtwriy/SezR8LlJ0IpD1cmWg4AADARRzuByXYhAAAATNIn0y6A6SjF4aPMw2fB2V/e//lA8MqREQAAAHAKlaZdAAAAAHDisv7f7/8BAADA2Zb//h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO/s3E2O2jAcB9B/AgH6paKq+16lOzhGj9BllxUH6CU4QBf0Cr0AZ6C7HqGCijjDkJksRooTNKP3pGBiOT9sBAvbkgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY0p9qt/71/dOPvjnHUz95RgMAAAB0OVS7df1mme7fNPXvmqoPzX0REWVEdM3dJzFrZU6anOq+/c/r9tWDPvyOqBPOnzFvrtcR8bm5/r0f+lsAAACAl2u/2a7SbD29LG/dIcaUFm3Kt18y5RURUS3/Zkorz3kfM4XVv+9pfMuUVi9gLTKFpSW3aa60J6n/7pdVu8VVUaSi7Hzs0slsYwcAAEY0aRXjzkIAAAAY09dbd4DhtTfs0my/iLutzMtW4LzV+lXXswAAAMBzUty6AwAAAMDg6vn/SOf/nZz/BwAAACOYPa5K5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwpEO1W+8321XfnOOpnzyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA/+/OOAiEQBmGwd31nMvc/rDRoampSBcLH3xgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDmd3/5PzE1ziRzr42l55Fk7dTYOjX2zo2jP4yvXwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzsz1EKgCAQhsHNLOotvP9h4weDbhDBDAgfKysIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8EfLPNWeWBNXVfVME1vGo6r2XI05aYkjC4kzC+P9cP/qSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADc799MaRxkGAPyZmZ2tbRVjlBwiouBBLzbd1tbexIMSPPgRhJBua+zWP20QW4qYizfJuRfRo4igxFu/Q29CC73UWw97qOBZmdmZ7LQNuPXPzLb5/eCd99lhmPd5Z0LIM+9kAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAImL81jTOis3CJE6rfTfuXlkv+pv39YVr27eWi1bESZtJPxpeaH5IliLicHfJAAAAsD9kdX0fEbfzndWiTxfK+j+vjylq/m+fmsRVPf9ZXbLeX//XtX/Rfvn5znO7Ay1MxilOemZjNDz6YCq9/2uO8+7pvz2iV1758tlLVt6Q9N2tZ8d5eT2Tr69ff7tfhgfayBYA+CeO1H0V1H8PFf2gy8QA2Dd6jcK7rv+zhW5zAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjDeCsO13ESEcu9aVy4effK+l79te1by3U7efXqdnw5PWdxijwizmyMhkdbnc18u3jp8rm10Wh4of3gxYjoavQ3q+mfe3+GgyM6uT6C/yhIq5s9L/k8ZPBrNz9+Hf5SAgDgsZRXrajrb+c7q8W+ZDHiz+/urf9facQxY/1/54OTN5pjNev/QWsznH8rm+c/Wbl46fJrG+fXzg7PDj96/djgjcHxUydOnFopn5WseGICAADAv9OvWrP+TxcfXP8/1Ihjxvr/028GXzTHytT/e5ou+nWdCQAAwP72zEt//J7ssT/p9+Pztc3NC4PJdvfzscm2g1Qf2oGqNev/bLHrrAAAAIA2jLeSe9b/TzfimHH9/8nvn/+xec4sIg5W6/9H1j8enW5vOnOtjX8n7nqOAAAAdOtg1Zrr/3n5/n+6+8pDGhGvvjyJq68BnKn+z9756ofmWM33/4+3N8W5lC5NrkfZL0X0lrrOCAAAgMfZE1Uriv3f8p3VD3869F7f+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbfsrAAD//w3APAo=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x18e)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
fcntl$lock(r2, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x200, 0x2})
fcntl$lock(r2, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x40, 0x40000000006})
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
close(r1)

13.074858449s ago: executing program 3 (id=579):
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000315000/0x3000)=nil, 0x3000, 0x1)
symlink(0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x40001f9, 0x2, 0x0)
r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000140)=@req={0x6, 0xde3, 0x5, 0x61e}, 0x10)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)=@chain)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743d, 0x110e22fff6)
r4 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r6, @ANYBLOB="14000200000000000000edffffff0000000000000800080002070000"], 0x34}}, 0x0)

9.89281157s ago: executing program 3 (id=585):
open(0x0, 0xedc3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x1}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x4800)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd5cd7000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
setpgid(0x0, 0x0)
setpgid(0x0, 0x0)
tkill(0x0, 0x7)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, 0x0, 0x0}, 0x20)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000000080)={0x4, 0x0, 0xfc}, 0xc)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0x7, &(0x7f0000000140)={0x8001, 0x2, 0x62d, 0x3a6b}, 0x10)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000040)=0xd, 0x4)

9.695502043s ago: executing program 1 (id=586):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f0000001e40)=[{&(0x7f0000001a00)=""/108, 0x6c}, {&(0x7f0000001a80)=""/202, 0xca}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x6}, 0x1c)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x2000}, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f0000000080), 0x0)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f00000006c0)={@local, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xdd, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe, 0x0, 0x8000}}}}}}, 0x0)
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x78, 0x3, 0x1, 0x10, 0x10, 0x6}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1001f0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd25, 0x25dfdbff, {0x7, 0x0, 0x0, r6, 0x0, 0x0, 0x7}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048861}, 0x840)
lseek(0xffffffffffffffff, 0x1000, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711819000000"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$binfmt_format(r0, 0x0, 0x0)

8.355608013s ago: executing program 4 (id=591):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="120000000300000004000000"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000001c0)=0xf)
pipe(0x0)
socket$inet(0x2, 0x2, 0x1)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @broadcast}}, @sadb_sa={0x2, 0x1, 0x4d6, 0x0, 0x0, 0x0, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0xfffd, @multicast1}}]}, 0x50}}, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r4, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r0, &(0x7f0000000480), &(0x7f0000000540)=@tcp=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000400)={r0, &(0x7f0000000080), 0x20000000}, 0x20)

8.336728069s ago: executing program 0 (id=592):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000300)={0x0, <r0=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x0, r0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_get$uid(0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000327bd7000fedbdf251300000008000100706369303a30303a31302e3000000000080003000000000008000b00d00900000600110007000000080001007063690011003f00303030303a30303a31302e3000000000080003000000000008000b000104000006"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x48050)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f0000000000), 0x4000000000001f2, 0x0)

8.108780934s ago: executing program 2 (id=593):
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000083ef0840e07d6e67db77000000030902"], 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
close(r0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x25b5, 0x2, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x0, 0x4}}]}}, 0x0)
ioctl$SIOCSIFHWADDR(r0, 0x40095505, &(0x7f0000000140)={'syzkaller0\x00', @random="371692e7f7ef"})

7.027437756s ago: executing program 4 (id=594):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={0x0, 0x265}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @private=0xa210104, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0x8}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)
r4 = socket(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x13, @local, 0x2}, 0x1c)
listen(r4, 0x7f)
syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @mcast1, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0xff6f}}}}}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x82, 0xfffffffffffffffe, &(0x7f00000000c0)=0x95)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
listen(r0, 0xd9)
sendto$inet6(r0, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)

6.986756967s ago: executing program 0 (id=595):
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000315000/0x3000)=nil, 0x3000, 0x1)
symlink(0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x40001f9, 0x2, 0x0)
r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000140)=@req={0x6, 0xde3, 0x5, 0x61e}, 0x10)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)=@chain)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743d, 0x110e22fff6)
r4 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r6, @ANYBLOB="14000200000000000000edffffff0000000000000800080002070000"], 0x34}}, 0x0)

6.16628428s ago: executing program 4 (id=596):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0xe8)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
socket$netlink(0x10, 0x3, 0x8000000004)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

5.597951275s ago: executing program 1 (id=597):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20081e, &(0x7f0000000000)={[{@nojournal_checksum}, {@orlov}, {@i_version}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
connect$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0)
prlimit64(r0, 0xe, &(0x7f0000000240)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c399000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000ac0)=@filename='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0, 0x0)

3.815508759s ago: executing program 2 (id=598):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000440)={&(0x7f0000000180)=@l2={0x1f, 0x4, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x2, 0x2}, 0x80, 0x0}, 0x4048004)

3.815323199s ago: executing program 4 (id=599):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x2)
socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
recvmsg$unix(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x9200000000000000)

3.537374124s ago: executing program 0 (id=600):
syz_open_dev$vcsn(&(0x7f0000000000), 0x7, 0x8a142)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x400000000008d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000100)=0x7)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x4e23, 0x2, @mcast1={0xff, 0x7}, 0x3ff}}, {{0xa, 0x4e21, 0xfffffffd, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt(0xffffffffffffffff, 0x111, 0x2, 0x0, 0x0)

2.870798204s ago: executing program 2 (id=601):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syzkaller0\x00', <r1=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x2, 0x6, @remote}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.639540559s ago: executing program 1 (id=602):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./bus\x00', 0x20081e, &(0x7f0000000000)={[{@nojournal_checksum}, {@orlov}, {@i_version}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
connect$inet(0xffffffffffffffff, &(0x7f0000000380)={0x2, 0x0, @remote}, 0x10)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, 0x0)
prlimit64(r0, 0xe, &(0x7f0000000240)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x5c399000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000ac0)=@filename='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0, 0x0)
ioprio_set$pid(0x1, r1, 0x4004)

2.374814896s ago: executing program 4 (id=603):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000500)={[{@debug}, {@delalloc}, {@inlinecrypt}, {@test_dummy_encryption}, {@errors_continue}, {@errors_continue}, {@delalloc}, {@barrier}]}, 0x1, 0xbc8, &(0x7f0000002380)="$eJzs3M9rHNcdAPDvjH7alrtyKaXuxSql2FC6ll1kalOoXVx66aHQXgsW8soIrX8gqTiSdVgl/0BIcg7kEkhiEnyIz74kkGsuiXONySFggmIlEEKiMPtDWku7+mGtNIr8+cDTvDdvZt73q5F23oPdDeC5NZT9SCOOR8SVJKJQ359GRG+11h9RqR23tDg/9u3i/FgSy8v/+SqJJCKeLM6PNa6V1LdH6o3+iPj470n88qX1407Pzk2OlsulqXr79Mz1W6enZ+f+NHF99FrpWunGmXN/GTk7cm74/EjHcv3u84v3v/ndP7+ofP/2D3e/fvXNJC7GQL2vOY961js2FEMrv5Nm3REx2oHr7wdd9Xya80y6Nzkp3eWgAABoK22aw/06CtEVq5O3QnzwSa7BAQAAAB2x3BWxDAAAABxwifU/AAAAHHCN9wE8WZwfa5R835Gwtx5fiojBWv5L9VLr6Y5KddsfPRFx+EkSzR9rTWqn7dhQRDz67Px7WYkWn0PebZWFiPhNq/ufVPMfrH8Sem3+aUQMd2D8oTXtn1P+Fzswft75A/B8enCp9iBb//xLV+Y/0eL5193i2fUs8n7+NeZ/S+vmf6v5d7WZ//17i2Pceev12+36svz/ev8f7zZKNn623VFS2/B4IeK33a3yT1byT9rkf2WLYxR+vF1q15d3/stvRJyM1vk3JBt/P9Hp8Ylyabj2s+UYCx+NvNNu/Lzzz+7/4Tb5b3D/+7N9t566Uvsv9fnf5cv32vVtnn/6ZW/y32qtt77nhdGZmakzEb3Jv9bvP7txvo1jGtfI8j/1+43//1v9/WevCZX630aW+UJ9m7VfXDPm3+7eeX+j/LO1X573/+r2739138tbHOMPH75yql1f8/o3K9n4j5LaWhgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIgkLUZEUq2nabEYcSQifhWH0/LN6Zk/jt/8/42rWV/EYPSk4xPl0nBEFGrtJGufqdZX22fXtP8cEcci4rXCoWq7OHazfDXv5AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhxJCIGIkmLEZFGxFIhTYvFvKMCAAAAOm4w7wAAAACAXWf9DwAAAAef9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC77NiJBw+TiKhcOFQtmd56X0+ukQG7Lc07ACA3XXkHAOSmO+8AgNxsc41vugAHULJJf3/bnr6OxwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/nXy+IOHSURULhyqlkxvva+n5Rkn9jA6YDeleQcA5KZro87uvYsD2HvP/C9+tLNxAHuv9RofeJ4km/T3rx5Tebqnb9diAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD/GaiWJC1GRFqtp2mxGHE0IgajJxmfKJeGI+IXEfFpoacva/flHTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdNz07NzlaLpemnqWS7Ox0FRWVpkqyP8KoVfJ+ZQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/Ts3OTo+VyaWo670gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvE3Pzk2OlsulqS1U7m3n4KZK3jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCfnwIAAP//198NMw==")
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='.\x00', 0x0, 0xa00a, 0x0)

2.286697075s ago: executing program 0 (id=604):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x801800, &(0x7f0000000080)={[{@errors_continue}], [{@hash}]}, 0x2, 0x614, &(0x7f0000000500)="$eJzs3c9vFGUfAPDvTH/Svu/bQt6oeJAmxkCitLSAIV6EqyEExJunSgtBCiW0RosklgQvJsaLBxNPHsT/Qkm8evDqwYsnQ0KM4SCGyJrZnSnb7W5/bLvd0v18kqXPM8M+zzOlX74zT5+ZDaBjjWR/pBH7I+J6EjFUta878p0jlb/38M9bF7JXEqXS+T+SuPVJsljdVpJ/Hczf/M9QJD+nEfu6VvY7t3DzyuTMzPSNvD42f/X62NzCzcOXr05emr40fW3i9YkTx48dPzF+ZFPHl1SVT995/8Ohz868++3Xj5Px7349k8TJeJKPLTuu2vf2barn7Hs2EqWKR9Xbs+/riU22vVP8NVT8nDyV1G5gx0rzn8eeiHg+hqKr6l9zKD4919bBAS1VSqLIUaUsFZaADpI0FfP9Wz8QYJsV5wHFtX296+CV0haflQDb4cGpygRAJfZ7IqKI/+7K3GD0l+cGBh4my+Z5kojY3MxcRdbHTz+euZO9osE8HNAai7eLWe7a/J+UY3M4+su1gYfpsvhPq17Z9reb7H+kpr4i/t9qsmFgTYu3I+KFPP/3xobif6Qq/t9rsv814x8AAAAAAABYt3unIuK1euv/0qX1P7111v8MRsTJLeh/7d//pffzQrIF3QFVHpwqh3fd+M8Nd+W1/5bXA/QkFy/PTB+JiP9FxKHo6cvq4zXtVq8QPvz5vq8a9V+9/i97Zf0XawHzlu5319yIOzU5P7nJwway+L8d8WJ5/e+BfMvy9T9Z/k/q5P8svq+vs499r9w922jf2vEPtErpm4iDdfP/09PtZPXnc4yVzwfGirOClV76+IvvG/Uv/qF9svw/sHr89yXVz+uZ21j72cXF0YXuUqP9zZ7/9ybvdBXtZz6anJ+/MR7Rm5xeuX1iY2OG3aqIhyJesvg/9PLq839L5/9VcbgnIhbX2edzTwZ/a7RP/of2yeJ/avX8P7w8/2+8MHF3+IdG/Z9dV/4/Vs7ph/It5v+g2srncaw3QNsyXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4xqUR8Z9I0tGlcpqOjkYMRsT/YyCdmZ2bf/Xi7AfXprJ95c//T4tP+h2q1JPi8/+Hq+oTNfWjEbE3Ir7s2lOuj16YnZlq98EDAAAAAAAAAAAAAAAAAADADjFYvue/1Fd7/3/m9652jw5oue78q3iHztPd9DtLfY339TfdKrB9mo9/4Fm3/vjvaek4gO3XOP4fPS6VbetwgG3k/B86V5Px3xUR585v9WCAbSX/Q6da55yeX+fBriT/AwAAAADArrL3wL1fkohYfGNP+ZXpzfdZ7A+7W9ruAQBt45Ef0Lm6Z9s9AqBdXOMDyVLp77o3+zde/Z+0ZkAAAAAAAAAAAAAAwAoH97v/HzrV6vf/W9sPu9kq9//XC36PC4BdpPFHf8j9sNu5xgfWyvbu/wcAAAAAAAAAAACAHaD/5pXJmZnpG3MLW1+Yjla1XCm82bKWW1hYnNwRw9i6QrE0fOtb7omIHXCAbSgUj+Bo4zDa+H8SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwzL8BAAD//1NIH4c=")
mlock(&(0x7f00005b3000/0x3000)=nil, 0x3000)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = getpid()
process_vm_readv(r2, 0x0, 0x0, &(0x7f0000008640)=[{0x0}], 0x1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0})
write(r3, &(0x7f0000000000)="fa", 0xfffffdef)
ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000040)={'veth1\x00', {0x2, 0x4e23, @empty=0xfdfdffff}})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x800000000003)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000040)=0x1000)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

2.079537346s ago: executing program 2 (id=605):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="120000000300000004000000"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000a, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000001c0)=0xf)
pipe(0x0)
socket$inet(0x2, 0x2, 0x1)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @broadcast}}, @sadb_sa={0x2, 0x1, 0x4d6, 0x0, 0x0, 0x0, 0x1}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0xfffd, @multicast1}}]}, 0x50}}, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
listen(r4, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000580)={r0, &(0x7f0000000480), &(0x7f0000000540)=@tcp=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000400)={r0, &(0x7f0000000080), 0x20000000}, 0x20)

952.312877ms ago: executing program 2 (id=606):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000080)=@assoc_value={0x0, 0x265}, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_emit_ethernet(0x36, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x2, 0x6, 0x0, @private=0xa210104, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x0, 0x0, 0x8}}}}}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0x0, 0x0, 0x0, 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)
r4 = socket(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x13, @local, 0x2}, 0x1c)
listen(r4, 0x7f)
syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}, @val={@void}, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @mcast1, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x0, 0x0, 0xff6f}}}}}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x82, 0xfffffffffffffffe, &(0x7f00000000c0)=0x95)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0)
listen(r0, 0xd9)
sendto$inet6(r0, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)

716.69504ms ago: executing program 4 (id=607):
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f0000001e40)=[{&(0x7f0000001a00)=""/108, 0x6c}, {&(0x7f0000001a80)=""/202, 0xca}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x6}, 0x1c)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, 0x0, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x2000}, 0x4)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_SET_OP_VERSION(r0, 0x1, 0x53, &(0x7f0000000080), 0x0)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f00000006c0)={@local, @empty, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0xdd, 0x6, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xfffe, 0x0, 0x8000}}}}}}, 0x0)
syz_usb_connect$uac1(0x0, 0x8a, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x78, 0x3, 0x1, 0x10, 0x10, 0x6}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1001f0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd25, 0x25dfdbff, {0x7, 0x0, 0x0, r6, 0x0, 0x0, 0x7}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x20048861}, 0x840)
lseek(0xffffffffffffffff, 0x1000, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000010000000000000000000000711819000000"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$binfmt_format(r0, 0x0, 0x0)

694.763155ms ago: executing program 0 (id=608):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240))
syz_io_uring_setup(0x6d5f, &(0x7f0000000940)={0x0, 0x7779, 0x0, 0x100000, 0x186}, 0x0, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0xa, 0x1, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x82)
socket$inet6_icmp(0xa, 0x2, 0x3a)
socket$inet6_icmp(0xa, 0x2, 0x3a)
syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip_tables_targets\x00')
socket(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$packet(0x11, 0x2, 0x300)
socket$inet6(0xa, 0x2, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/power/pm_test', 0x88002, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x4000000, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @remote}, {0x2, 0x4e23, @loopback}, 0x1d7, 0x0, 0x0, 0x0, 0xfff8, 0x0, 0x4, 0x8})
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYRES8=r0], 0x1c}, 0x1, 0x0, 0x0, 0x20000844}, 0x48885)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000000), 0xd)

31.555727ms ago: executing program 1 (id=609):
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x30160f8, 0x0, 0x81, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000019, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x20045a, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./file0\x00')
execve(&(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x142ba3)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/mem_sleep', 0xb883, 0xb2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000280)={r2, 0x0, {0x0, 0x0, 0x0, 0x36f235e2, 0x0, 0x0, 0x0, 0xf, 0x10, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f9858c1a7bedabd69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30d50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "67523760fd40f78d2cfc20d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x9]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)
syz_pidfd_open(0x0, 0x0)

10.658832ms ago: executing program 2 (id=610):
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
mlock2(&(0x7f0000315000/0x3000)=nil, 0x3000, 0x1)
symlink(0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x40001f9, 0x2, 0x0)
r3 = add_key$keyring(0x0, &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000300)='keyring\x00', &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000140)=@req={0x6, 0xde3, 0x5, 0x61e}, 0x10)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000080)=@chain)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x4004743d, 0x110e22fff6)
r4 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100))
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="340000001400b59500000000000000000a400000", @ANYRES32=r6, @ANYBLOB="14000200000000000000edffffff0000000000000800080002070000"], 0x34}}, 0x0)

0s ago: executing program 0 (id=611):
syz_usb_connect(0x0, 0x5b, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002ffa94008191513000001025f0109024900000000000009047f00022513bf000a24010000"], 0x0)
syz_emit_ethernet(0xfdef, &(0x7f0000000140)={@random="5b1a033f2511", @remote, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x0, 0x4578, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x64, 0x0, @wg=@response={0x10, 0x0, 0x0, "fdcdae25a7a296872a8a5290e48e30acf8afc7e67d70a62c979cefa10a0028bd", "ae0000000000000000e400", {"35f3c07eeca4a20a9858ac1500", "63081fe8fe001a08ed082ad7121d696f"}}}}}}}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000240), 0x8, 0x40100)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='attr/current\x00')
preadv(r0, &(0x7f00000003c0)=[{0x0}], 0x1, 0x0, 0x0)
socket$inet6(0xa, 0x3, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x21, &(0x7f0000000000)=0x8, 0x4)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xc70}, 0x1c)
sendto$inet6(r1, 0x0, 0x30, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @private0, 0x409}, 0x1c)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000000)={&(0x7f0000000040)={0xa, 0x4e20, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="280000000000000029000000050000002f02020100000000fe8000000000000000000000000000bb180000000000000029000000360000008900000000000000bdba870330374f8dc5e57d143ed27f5a0b4538646a7d548a8c94d32db3717c49b49e9a6b05956101f4fcc3b9a22516a35b79525bbcd901995e42eb7a7eb6d852c48134e3e63d03609337ec30a336d918f841c9ca3f5aad2c83956c6a"], 0x40}, 0x0)
r5 = getpid()
tgkill(r2, r5, 0x11)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
close(0x4)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.52' (ED25519) to the list of known hosts.
[   50.439967][ T4170] cgroup: Unknown subsys name 'net'
[   50.602851][ T4170] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   51.928394][ T4170] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k FS
[   53.852465][ T4196] chnl_net:caif_netlink_parms(): no params data found
[   53.879481][ T4187] chnl_net:caif_netlink_parms(): no params data found
[   53.939951][ T4183] chnl_net:caif_netlink_parms(): no params data found
[   54.003470][ T4187] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.010784][ T4187] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.019135][ T4187] device bridge_slave_0 entered promiscuous mode
[   54.030608][ T4187] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.037705][ T4187] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.045703][ T4187] device bridge_slave_1 entered promiscuous mode
[   54.081210][ T4192] chnl_net:caif_netlink_parms(): no params data found
[   54.110661][ T4196] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.118080][ T4196] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.125861][ T4196] device bridge_slave_0 entered promiscuous mode
[   54.138920][ T4184] chnl_net:caif_netlink_parms(): no params data found
[   54.150059][ T4187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.161446][ T4187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.173770][ T4196] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.181273][ T4196] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.189732][ T4196] device bridge_slave_1 entered promiscuous mode
[   54.254305][ T4196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.265871][ T4187] team0: Port device team_slave_0 added
[   54.283832][ T4196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.299020][ T4183] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.306133][ T4183] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.314507][ T4183] device bridge_slave_0 entered promiscuous mode
[   54.323396][ T4187] team0: Port device team_slave_1 added
[   54.349289][ T4183] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.356416][ T4183] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.364670][ T4183] device bridge_slave_1 entered promiscuous mode
[   54.381024][ T4192] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.388179][ T4192] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.396106][ T4192] device bridge_slave_0 entered promiscuous mode
[   54.405622][ T4196] team0: Port device team_slave_0 added
[   54.426312][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.433393][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.461247][ T4187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.473720][ T4192] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.480960][ T4192] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.489092][ T4192] device bridge_slave_1 entered promiscuous mode
[   54.497200][ T4196] team0: Port device team_slave_1 added
[   54.504759][ T4183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.516754][ T4183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.532799][ T4187] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.539795][ T4187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.565893][ T4187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.606290][ T4183] team0: Port device team_slave_0 added
[   54.630403][ T4192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.642574][ T4183] team0: Port device team_slave_1 added
[   54.648469][ T4184] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.655528][ T4184] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.663843][ T4184] device bridge_slave_0 entered promiscuous mode
[   54.672410][ T4184] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.679707][ T4184] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.687731][ T4184] device bridge_slave_1 entered promiscuous mode
[   54.695944][ T4192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.705459][ T4196] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.712459][ T4196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.738400][ T4196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.779623][ T4187] device hsr_slave_0 entered promiscuous mode
[   54.786363][ T4187] device hsr_slave_1 entered promiscuous mode
[   54.794140][ T4196] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.801286][ T4196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.827836][ T4196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.865246][ T4183] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.872817][ T4183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.899263][ T4183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.912492][ T4192] team0: Port device team_slave_0 added
[   54.928362][ T4184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.939317][ T4184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.949023][ T4183] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.956007][ T4183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.982140][ T4183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.994711][ T4192] team0: Port device team_slave_1 added
[   55.038635][ T4192] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.045630][ T4192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.072758][ T4192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.097825][ T4196] device hsr_slave_0 entered promiscuous mode
[   55.104434][ T4196] device hsr_slave_1 entered promiscuous mode
[   55.111276][ T4196] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.119172][ T4196] Cannot create hsr debugfs directory
[   55.133350][ T4184] team0: Port device team_slave_0 added
[   55.139818][ T4192] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.147156][ T4192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.173434][ T4192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.199498][ T4184] team0: Port device team_slave_1 added
[   55.216988][ T4183] device hsr_slave_0 entered promiscuous mode
[   55.223730][ T4183] device hsr_slave_1 entered promiscuous mode
[   55.230459][ T4183] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.238248][ T4183] Cannot create hsr debugfs directory
[   55.283974][ T4192] device hsr_slave_0 entered promiscuous mode
[   55.290849][ T4192] device hsr_slave_1 entered promiscuous mode
[   55.297551][ T4192] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.305113][ T4192] Cannot create hsr debugfs directory
[   55.342553][ T4184] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.349759][ T4184] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.376153][ T4184] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.393151][ T4184] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.400754][ T4184] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.426812][ T4184] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.533249][ T4184] device hsr_slave_0 entered promiscuous mode
[   55.540193][ T4184] device hsr_slave_1 entered promiscuous mode
[   55.547259][ T4184] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.554838][ T4184] Cannot create hsr debugfs directory
[   55.587378][ T1108] Bluetooth: hci3: command 0x0409 tx timeout
[   55.587378][   T23] Bluetooth: hci4: command 0x0409 tx timeout
[   55.588338][ T1108] Bluetooth: hci2: command 0x0409 tx timeout
[   55.594075][   T23] Bluetooth: hci0: command 0x0409 tx timeout
[   55.613057][ T1108] Bluetooth: hci1: command 0x0409 tx timeout
[   55.723693][ T4187] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.734885][ T4187] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.755219][ T4187] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.774904][ T4187] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.821017][ T4196] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   55.830392][ T4196] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   55.855059][ T4196] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   55.873427][ T4196] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   55.927908][ T4192] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.936535][ T4192] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.945650][ T4192] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.956482][ T4192] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.025452][ T4187] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.057326][ T4183] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.067819][ T4183] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.090658][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.101248][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.111872][ T4183] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.126343][ T4183] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.153771][ T4187] 8021q: adding VLAN 0 to HW filter on device team0
[   56.168611][ T4196] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.177787][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   56.186493][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.196133][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.203598][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.213430][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   56.233693][ T4184] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   56.244102][ T4184] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   56.258904][ T4184] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   56.269460][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   56.279282][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.287937][ T4224] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.295002][ T4224] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.303102][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   56.312363][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   56.335740][ T4184] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   56.363993][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.372053][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.380784][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   56.390730][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   56.399664][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   56.408976][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.418550][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   56.427005][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.435501][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   56.453009][ T4196] 8021q: adding VLAN 0 to HW filter on device team0
[   56.470189][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.480555][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.499475][ T4187] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   56.526854][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   56.535545][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.545660][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.552786][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.561040][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   56.571509][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.580496][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.587614][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.606411][ T4192] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.644058][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   56.653055][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   56.663207][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   56.672594][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   56.682681][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   56.692648][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   56.731680][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   56.745822][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   56.756878][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   56.764746][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   56.781461][ T4192] 8021q: adding VLAN 0 to HW filter on device team0
[   56.801797][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   56.811467][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   56.835338][ T4183] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.848065][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   56.858059][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   56.868124][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.875171][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.883692][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   56.892509][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   56.901198][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.908293][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.919334][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   56.928507][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   56.940557][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   56.952472][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   56.978996][ T4184] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.999362][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.010615][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.020937][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   57.036434][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   57.052634][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   57.067858][ T4183] 8021q: adding VLAN 0 to HW filter on device team0
[   57.075230][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   57.114398][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   57.122707][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   57.130942][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   57.140674][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   57.149414][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   57.157834][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   57.166165][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   57.175601][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   57.184247][ T4230] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.191685][ T4230] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.204353][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   57.213211][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   57.221821][ T4230] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.228995][ T4230] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.236982][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   57.245661][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   57.254855][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   57.263965][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   57.278808][ T4184] 8021q: adding VLAN 0 to HW filter on device team0
[   57.288836][ T4192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.300283][ T4192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   57.311154][ T4187] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.324944][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   57.333877][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   57.342025][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   57.350586][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   57.360069][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   57.368755][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   57.377230][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   57.385680][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   57.419950][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   57.430593][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   57.439319][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.446380][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.455138][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   57.465607][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   57.481149][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.488349][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.502446][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   57.511903][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   57.526396][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   57.535321][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   57.544187][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   57.553521][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   57.562632][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   57.571027][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   57.585254][ T4183] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   57.596344][ T4183] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.618720][ T4196] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.646204][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   57.656329][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   57.673737][ T2238] Bluetooth: hci0: command 0x041b tx timeout
[   57.679958][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   57.683839][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   57.701783][ T2238] Bluetooth: hci1: command 0x041b tx timeout
[   57.714401][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   57.717018][ T2238] Bluetooth: hci2: command 0x041b tx timeout
[   57.734132][ T2238] Bluetooth: hci4: command 0x041b tx timeout
[   57.738020][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   57.741025][ T2238] Bluetooth: hci3: command 0x041b tx timeout
[   57.756599][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   57.771768][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   57.780653][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   57.789301][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   57.798179][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   57.806298][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   57.814892][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   57.822801][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   57.831938][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   57.844090][ T4184] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.855316][ T4184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   57.865320][ T4187] device veth0_vlan entered promiscuous mode
[   57.879988][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   57.893573][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   57.924935][ T4192] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.958306][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   57.965713][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   57.992455][ T4187] device veth1_vlan entered promiscuous mode
[   58.040054][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.064807][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.102616][ T4192] device veth0_vlan entered promiscuous mode
[   58.119297][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   58.138802][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.154289][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.166127][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.185436][ T4192] device veth1_vlan entered promiscuous mode
[   58.210960][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   58.219903][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.234706][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.255252][ T4187] device veth0_macvtap entered promiscuous mode
[   58.267607][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   58.275676][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   58.285285][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.294800][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.314222][ T4187] device veth1_macvtap entered promiscuous mode
[   58.339953][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   58.349097][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   58.356557][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   58.371127][ T4184] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.385575][ T4196] device veth0_vlan entered promiscuous mode
[   58.395525][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   58.403236][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   58.411414][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   58.422073][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.430691][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.440012][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.448618][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.456266][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.472869][ T4183] 8021q: adding VLAN 0 to HW filter on device batadv0
[   58.492450][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.502290][ T4192] device veth0_macvtap entered promiscuous mode
[   58.514011][ T4192] device veth1_macvtap entered promiscuous mode
[   58.524819][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   58.534451][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   58.542854][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   58.551860][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.564080][ T4187] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.574750][ T4187] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.584094][ T4187] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.593775][ T4187] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.602726][ T4187] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.615598][ T4196] device veth1_vlan entered promiscuous mode
[   58.626395][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   58.634783][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.643496][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.659151][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.667938][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.698928][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   58.709450][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   58.719115][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   58.758797][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   58.772685][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   58.782492][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.793473][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.806212][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.817289][ T4192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.828214][ T4192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.839532][ T4192] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.847863][ T4184] device veth0_vlan entered promiscuous mode
[   58.859841][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   58.868506][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   58.876145][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   58.885100][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   58.894185][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   58.903057][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   58.911686][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   58.921580][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   58.935849][ T4196] device veth0_macvtap entered promiscuous mode
[   58.959061][ T4184] device veth1_vlan entered promiscuous mode
[   58.971351][ T4183] device veth0_vlan entered promiscuous mode
[   58.984222][ T4196] device veth1_macvtap entered promiscuous mode
[   58.993376][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   59.003652][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   59.012869][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   59.023098][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   59.032435][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   59.042400][ T4192] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.051485][ T4192] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.060522][ T4192] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.069782][ T4192] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.101833][ T4183] device veth1_vlan entered promiscuous mode
[   59.127766][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   59.135986][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   59.145429][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.156267][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.166499][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.177093][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.189216][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.202558][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.211842][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.240287][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   59.249065][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   59.259741][  T446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   59.291914][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.302492][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.312708][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.323952][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.335330][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.352751][ T4184] device veth0_macvtap entered promiscuous mode
[   59.367385][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   59.375352][  T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.375414][  T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.392864][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   59.402011][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   59.411286][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   59.420134][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   59.431105][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   59.442217][ T4196] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.451362][ T4196] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.461705][ T4196] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.471015][ T4196] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.499400][ T4184] device veth1_macvtap entered promiscuous mode
[   59.524995][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   59.535818][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   59.551796][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   59.593846][ T4183] device veth0_macvtap entered promiscuous mode
[   59.638209][ T4183] device veth1_macvtap entered promiscuous mode
[   59.663533][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.675959][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.696961][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.709035][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.724642][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.738088][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.750644][ T4232] Bluetooth: hci4: command 0x040f tx timeout
[   59.760563][ T4232] Bluetooth: hci2: command 0x040f tx timeout
[   59.767174][ T4232] Bluetooth: hci1: command 0x040f tx timeout
[   59.769377][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.773353][ T4232] Bluetooth: hci0: command 0x040f tx timeout
[   59.789901][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.799468][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.828839][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   59.839006][ T4232] Bluetooth: hci3: command 0x040f tx timeout
[   59.845453][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   59.858826][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   59.868207][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   59.877555][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   59.888698][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.901979][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.914120][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.925136][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.935298][ T4184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.945978][ T4184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.958248][ T4184] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.982651][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   59.993165][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.003350][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.014715][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.024869][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.035467][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.045711][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.056576][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.068959][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   60.079802][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.091894][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_0
[   60.111354][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   60.119693][ T1108] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   60.126412][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   60.139386][  T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.148800][  T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.161973][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.176023][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.188581][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.200270][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.210263][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.221159][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.231860][ T4183] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   60.242500][ T4183] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   60.254800][ T4183] batman_adv: batadv0: Interface activated: batadv_slave_1
[   60.263271][ T4184] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.272089][ T4184] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.281475][ T4184] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.290398][ T4184] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.303315][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   60.312653][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   60.321779][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   60.331116][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.343128][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.353503][ T4183] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   60.362415][ T4183] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   60.373327][ T4183] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   60.382409][ T4183] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   60.403989][ T4230] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   60.423042][ T4230] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.434814][ T4230] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.462692][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   60.497372][ T1108] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   60.519208][ T1108] usb 3-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00
[   60.541644][ T1108] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   60.567226][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.595654][ T1108] usb 3-1: config 0 descriptor??
[   60.615932][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.644065][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   60.654612][ T1108] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[   60.664679][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.678051][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.689739][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   60.839000][  T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   60.878629][  T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   60.939581][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   61.853734][ T4259] Bluetooth: hci0: command 0x0419 tx timeout
[   61.860007][ T4259] Bluetooth: hci1: command 0x0419 tx timeout
[   61.866071][ T4259] Bluetooth: hci2: command 0x0419 tx timeout
[   61.942573][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   61.958813][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   62.034293][ T4259] Bluetooth: hci4: command 0x0419 tx timeout
[   62.042869][ T4259] Bluetooth: hci3: command 0x0419 tx timeout
[   62.057266][ T4249] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   62.168187][ T4283] netlink: 'syz.2.3': attribute type 3 has an invalid length.
[   62.371399][ T4259] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   62.708597][ T4287] loop0: detected capacity change from 0 to 512
[   62.758775][ T4259] usb 5-1: Using ep0 maxpacket: 32
[   63.156827][ T1108] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   63.255837][ T4300] tipc: Started in network mode
[   63.261045][ T4300] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711
[   63.270657][ T4300] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   63.343436][ T4287] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[   63.373701][ T4303] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8'.
[   63.471130][ T4297] xt_CT: No such helper "pptp"
[   63.478583][ T1108] usb 4-1: Using ep0 maxpacket: 16
[   63.597004][ T1108] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   63.621623][ T1108] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   63.639550][ T4296] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   63.653301][ T1108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   63.685436][ T1108] usb 4-1: config 0 descriptor??
[   63.723739][ T4296] IPv6: ADDRCONF(NETDEV_CHANGE): rose0: link becomes ready
[   63.739460][ T1108] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[   63.747780][ T4295] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   63.852989][ T4282] loop4: detected capacity change from 0 to 40427
[   63.888911][ T4282] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x1ffff
[   63.899876][ T4282] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x2
[   63.917898][ T4282] F2FS-fs (loop4): invalid crc value
[   63.919503][ T4307] loop0: detected capacity change from 0 to 4096
[   63.956152][ T4282] F2FS-fs (loop4): Found nat_bits in checkpoint
[   63.992763][ T4307] EXT4-fs (loop0): inline encryption not supported
[   64.003058][ T4307] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a84ec018, mo2=0003]
[   64.012744][ T4307] System zones: 0-5
[   64.018975][ T4307] EXT4-fs (loop0): mounted filesystem without journal. Opts: debug,lazytime,inlinecrypt,delalloc,errors=continue,quota,delalloc,barrier,,errors=continue. Quota mode: writeback.
[   64.095675][ T4282] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   64.164168][ T4294] udc-core: couldn't find an available UDC or it's busy
[   64.188460][ T4294] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[   64.221890][ T4262] usb 4-1: USB disconnect, device number 2
[   64.324231][ T4315] capability: warning: `syz.1.12' uses 32-bit capabilities (legacy support in use)
[   64.333867][ T4259] usb 5-1: unable to get BOS descriptor or descriptor too short
[   64.395774][ T4318] loop0: detected capacity change from 0 to 512
[   64.429168][ T4320] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   64.447190][ T4259] usb 5-1: unable to read config index 0 descriptor/start: -71
[   64.454805][ T4259] usb 5-1: can't read configurations, error -71
[   64.461903][ T4318] EXT4-fs (loop0): Journaled quota options ignored when QUOTA feature is enabled
[   64.482198][ T4318] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5
[   64.482198][ T4318] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[   64.482198][ T4318] 
[   64.515697][ T4318] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   64.573975][ T4318] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[   64.611498][ T4318] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=a0006019, mo2=0000]
[   64.632652][ T4318] EXT4-fs (loop0): failed to initialize system zone (-117)
[   64.640563][ T4318] EXT4-fs (loop0): mount failed
[   64.662241][ T4223] usb 3-1: USB disconnect, device number 2
[   64.813772][ T4330] loop2: detected capacity change from 0 to 1024
[   64.836015][ T4196] attempt to access beyond end of device
[   64.836015][ T4196] loop4: rw=2049, want=45104, limit=40427
[   64.850134][ T4318] loop0: detected capacity change from 0 to 128
[   64.916481][ T4330] EXT4-fs (loop2): Ignoring removed bh option
[   64.953521][ T4330] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[   65.060037][ T4330] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,data_err=abort,inode_readahead_blks=0x0000000000000004,nodioread_nolock,bh,max_dir_size_kb=0x00000000004007b1,data_err=ignore,nouid32,quota,user_xattr,nouid32,dioread_nolock,,errors=continue. Quota mode: writeback.
[   65.187831][   T26] audit: type=1804 audit(1772268231.920:2): pid=4330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.14" name="/newroot/1/file1/file1" dev="loop2" ino=15 res=1 errno=0
[   65.220276][   T26] audit: type=1800 audit(1772268231.920:3): pid=4330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.14" name="file1" dev="loop2" ino=15 res=0 errno=0
[   66.529375][ T4354] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[   66.537899][ T4354] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[   66.805664][ T4366] loop0: detected capacity change from 0 to 2048
[   66.819552][ T4370] Zero length message leads to an empty skb
[   66.915190][ T4366] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[   66.946972][ T4368] sctp: failed to load transform for md5: -2
[   67.034667][ T4382] EXT4-fs (loop0): re-mounted. Opts: . Quota mode: none.
[   67.124596][ T4382] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   67.214461][ T4382] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 256 with error 28
[   67.286352][ T4386] device syzkaller0 entered promiscuous mode
[   67.303206][ T4382] EXT4-fs (loop0): This should not happen!! Data will be lost
[   67.303206][ T4382] 
[   67.313755][ T4382] EXT4-fs (loop0): Total free blocks count 0
[   67.325478][ T4382] EXT4-fs (loop0): Free/Dirty block details
[   67.332028][ T4382] EXT4-fs (loop0): free_blocks=2415919104
[   67.338139][ T4384] netlink: 28 bytes leftover after parsing attributes in process `syz.3.29'.
[   67.347042][ T4382] EXT4-fs (loop0): dirty_blocks=256
[   67.347086][ T4382] EXT4-fs (loop0): Block reservation details
[   67.347101][ T4382] EXT4-fs (loop0): i_reserved_data_blocks=16
[   67.383148][ T4366] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 256 with max blocks 32 with error 28
[   67.513906][ T4389] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.595890][ T4384] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   67.640496][ T4393] loop4: detected capacity change from 0 to 256
[   67.828290][ T4393] =======================================================
[   67.828290][ T4393] WARNING: The mand mount option has been deprecated and
[   67.828290][ T4393]          and is ignored by this kernel. Remove the mand
[   67.828290][ T4393]          option from the mount to silence this warning.
[   67.828290][ T4393] =======================================================
[   68.836070][ T4393] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[   70.123179][ T4406] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[   70.352358][ T4419] device syzkaller0 entered promiscuous mode
[   70.467748][ T4262] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   70.724951][ T4428] sctp: failed to load transform for md5: -2
[   70.873083][ T4262] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   70.909382][ T4262] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   70.926269][ T4420] loop3: detected capacity change from 0 to 40427
[   70.929680][ T4262] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   70.947993][ T4262] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   71.034219][ T4420] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x1ffff
[   71.063457][ T4420] F2FS-fs (loop3): invalid crc value
[   71.091619][ T4420] F2FS-fs (loop3): Found nat_bits in checkpoint
[   71.117853][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[   71.124499][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[   71.153337][ T4262] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   71.157036][ T4226] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[   71.170100][ T4262] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.170126][ T4262] usb 1-1: Product: syz
[   71.170142][ T4262] usb 1-1: Manufacturer: syz
[   71.170157][ T4262] usb 1-1: SerialNumber: syz
[   71.258339][ T4420] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   71.351056][ T4442] netlink: 28 bytes leftover after parsing attributes in process `syz.1.46'.
[   71.387233][ T4184] attempt to access beyond end of device
[   71.387233][ T4184] loop3: rw=2049, want=45104, limit=40427
[   71.462641][ T4442] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.518570][ T4441] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   71.536935][ T4262] usb 1-1: 0:2 : does not exist
[   71.606078][ T4226] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   71.626971][ T4262] usb 1-1: USB disconnect, device number 2
[   71.633849][ T4226] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   71.673349][ T4226] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[   71.684686][ T4226] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   71.857044][ T4226] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   71.877368][ T4226] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.885441][ T4226] usb 5-1: Product: syz
[   71.920688][ T4226] usb 5-1: Manufacturer: syz
[   71.925357][ T4226] usb 5-1: SerialNumber: syz
[   72.457873][ T4226] usb 5-1: 0:2 : does not exist
[   72.918323][ T4226] usb 5-1: USB disconnect, device number 4
[   73.498024][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   74.453083][ T4490] netlink: 28 bytes leftover after parsing attributes in process `syz.3.61'.
[   74.772614][ T4501] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.954797][ T4489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   77.379479][ T4541] netlink: 28 bytes leftover after parsing attributes in process `syz.0.76'.
[   77.523109][ T4541] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   77.552509][ T4537] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   78.006840][ T4223] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   78.387068][ T4259] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   78.446960][ T4223] usb 5-1: Using ep0 maxpacket: 16
[   78.766934][ T4223] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[   78.775199][ T4223] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   78.792222][ T4223] usb 5-1: config 0 has no interface number 0
[   78.967035][ T4259] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[   78.986896][ T4223] usb 5-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[   78.999197][ T4259] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   79.013921][ T4223] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.035102][ T4223] usb 5-1: Product: syz
[   79.042252][ T4259] usb 2-1: config 0 has no interfaces?
[   79.056734][ T4223] usb 5-1: Manufacturer: syz
[   79.067220][ T4223] usb 5-1: SerialNumber: syz
[   79.137488][ T4223] usb 5-1: config 0 descriptor??
[   79.210909][ T4223] usb 5-1: Found UVC 0.00 device syz (046d:08f3)
[   79.221747][ T4223] usb 5-1: No valid video chain found.
[   79.256995][ T4259] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[   79.276313][ T4259] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[   79.292661][ T4259] usb 2-1: Product: syz
[   79.297286][ T4259] usb 2-1: Manufacturer: syz
[   79.301925][ T4259] usb 2-1: SerialNumber: syz
[   79.315646][ T4259] usb 2-1: config 0 descriptor??
[   79.413719][ T4259] usb 5-1: USB disconnect, device number 5
[   80.765286][ T4578] loop0: detected capacity change from 0 to 16
[   80.823603][ T4578] erofs: (device loop0): mounted with root inode @ nid 36.
[   80.893258][ T4578] erofs: (device loop0): erofs_fill_dentries: bogus dirent @ nid 36
[   81.355309][    T7] cfg80211: failed to load regulatory.db
[   81.792221][   T23] usb 2-1: USB disconnect, device number 2
[   81.922263][ T4600] netlink: 28 bytes leftover after parsing attributes in process `syz.1.94'.
[   82.307230][ T4600] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   83.168486][ T4636] mmap: syz.0.105 (4636) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[   83.756817][   T23] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   83.867222][ T4633] loop2: detected capacity change from 0 to 40427
[   83.906476][ T4633] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x1ffff
[   83.965596][ T4633] F2FS-fs (loop2): invalid crc value
[   84.013515][ T4633] F2FS-fs (loop2): Found nat_bits in checkpoint
[   84.126831][   T23] usb 4-1: unable to get BOS descriptor or descriptor too short
[   84.144659][ T4633] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   84.257272][   T23] usb 4-1: unable to read config index 0 descriptor/start: -71
[   84.264941][   T23] usb 4-1: can't read configurations, error -71
[   84.339509][ T4187] attempt to access beyond end of device
[   84.339509][ T4187] loop2: rw=2049, want=45104, limit=40427
[   85.866150][ T4649] loop4: detected capacity change from 0 to 40427
[   85.930686][ T4649] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   85.948028][ T4649] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   85.984895][ T4649] F2FS-fs (loop4): invalid crc value
[   86.057044][ T4649] F2FS-fs (loop4): Found nat_bits in checkpoint
[   86.213619][ T4649] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   86.234626][ T4649] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   86.411394][ T4665] device syzkaller0 entered promiscuous mode
[   88.816884][ T4226] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   89.023679][ T4688] netlink: 28 bytes leftover after parsing attributes in process `syz.3.121'.
[   89.145583][ T4693] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   89.236613][ T4687] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   89.277387][ T4226] usb 2-1: unable to get BOS descriptor or descriptor too short
[   89.393677][ T4226] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   89.408474][ T4226] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   89.434198][ T4226] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   89.463744][ T4226] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   89.669318][ T4226] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   89.682806][ T4226] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.700089][ T4226] usb 2-1: Product: syz
[   89.708909][ T4226] usb 2-1: Manufacturer: syz
[   89.719240][ T4226] usb 2-1: SerialNumber: syz
[   89.978989][ T4675] bridge: RTM_NEWNEIGH with invalid state 0x0
[   90.215769][ T4704] device syzkaller0 entered promiscuous mode
[   90.996860][ T4226] usb 2-1: 0:2 : does not exist
[   91.066924][ T4226] usb 2-1: USB disconnect, device number 3
[   91.540291][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   93.193502][ T4721] loop3: detected capacity change from 0 to 40427
[   93.244089][ T4721] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   93.268330][ T4721] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   93.289374][ T4721] F2FS-fs (loop3): invalid crc value
[   93.321905][ T4721] F2FS-fs (loop3): Found nat_bits in checkpoint
[   93.417548][ T4721] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   93.433757][ T4721] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   93.839145][ T4754] netlink: 28 bytes leftover after parsing attributes in process `syz.4.135'.
[   93.959286][ T4754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   94.139958][ T4752] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   94.185583][ T4760] device syzkaller0 entered promiscuous mode
[   94.376921][ T1108] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   95.646942][ T1108] usb 1-1: unable to get BOS descriptor or descriptor too short
[   95.767647][ T1108] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   95.782177][ T1108] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[   95.798991][ T1108] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   95.818548][ T1108] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   96.038136][ T1108] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   96.052703][ T1108] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.061433][ T1108] usb 1-1: Product: syz
[   96.065732][ T1108] usb 1-1: Manufacturer: syz
[   96.077023][ T1108] usb 1-1: SerialNumber: syz
[   96.443164][ T4758] bridge: RTM_NEWNEIGH with invalid state 0x0
[   96.617004][ T1108] usb 1-1: 0:2 : does not exist
[   96.657920][ T1108] usb 1-1: USB disconnect, device number 3
[   97.839080][ T4805] device syzkaller0 entered promiscuous mode
[   98.012164][ T4811] netlink: 28 bytes leftover after parsing attributes in process `syz.3.151'.
[   98.149916][ T4813] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   98.644872][ T4809] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  101.576682][    C0] sched: RT throttling activated
[  101.646863][ T2238] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  101.956292][ T4852] device syzkaller0 entered promiscuous mode
[  102.016912][ T2238] usb 4-1: unable to get BOS descriptor or descriptor too short
[  102.136792][ T2238] usb 4-1: unable to read config index 0 descriptor/start: -71
[  102.146895][ T2238] usb 4-1: can't read configurations, error -71
[  102.269979][ T4862] loop2: detected capacity change from 0 to 512
[  102.465535][ T4862] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  102.478934][ T4862] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  102.673236][ T4850] loop4: detected capacity change from 0 to 40427
[  103.064631][ T4850] F2FS-fs (loop4): invalid crc value
[  103.277453][ T4850] F2FS-fs (loop4): Found nat_bits in checkpoint
[  103.390724][ T4875] binder: BINDER_SET_CONTEXT_MGR already set
[  103.409186][ T4875] binder: 4874:4875 ioctl 4018620d 200000004a80 returned -16
[  103.440964][ T4850] F2FS-fs (loop4): Inconsistent segment (8) type [1, 0] in SSA and SIT
[  104.453177][ T4850] overlayfs: invalid origin (0000)
[  104.481131][ T4850] overlayfs: failed to get inode (-116)
[  104.503037][ T4850] overlayfs: invalid origin (0000)
[  104.533677][ T4850] overlayfs: failed to get inode (-116)
[  106.300191][ T4259] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  107.909128][ T4259] usb 3-1: unable to get BOS descriptor or descriptor too short
[  108.237593][ T4259] usb 3-1: unable to read config index 0 descriptor/start: -71
[  108.290428][ T4259] usb 3-1: can't read configurations, error -71
[  109.636864][ T4232] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  110.256988][ T4232] usb 2-1: unable to get BOS descriptor or descriptor too short
[  110.367089][ T4232] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  110.434278][ T4232] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  110.629559][ T4232] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  110.640889][ T4232] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  110.897766][ T4232] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  110.972665][ T4232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  111.152338][ T4232] usb 2-1: Product: syz
[  111.369854][ T4232] usb 2-1: Manufacturer: syz
[  111.374516][ T4232] usb 2-1: SerialNumber: syz
[  111.709290][ T4934] bridge: RTM_NEWNEIGH with invalid state 0x0
[  111.917461][ T4232] usb 2-1: 0:2 : does not exist
[  112.798882][ T4232] usb 2-1: USB disconnect, device number 4
[  113.235249][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  113.987019][ T1108] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  115.166855][ T1108] usb 4-1: unable to get BOS descriptor or descriptor too short
[  115.286861][ T1108] usb 4-1: unable to read config index 0 descriptor/start: -71
[  115.294506][ T1108] usb 4-1: can't read configurations, error -71
[  119.016882][ T1108] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  119.277477][ T1108] usb 4-1: Using ep0 maxpacket: 16
[  120.087091][ T1108] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.106447][ T1108] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  120.138911][ T1108] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.150686][ T1108] usb 4-1: config 0 descriptor??
[  120.189153][ T1108] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  120.384257][ T5011] loop0: detected capacity change from 0 to 40427
[  120.445650][ T5011] F2FS-fs (loop0): invalid crc value
[  120.470360][ T5011] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  120.559959][ T1108] usb 4-1: USB disconnect, device number 9
[  120.616598][ T5034] device syzkaller0 entered promiscuous mode
[  120.660890][ T5011] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  120.771722][ T5011] netlink: 'syz.0.209': attribute type 3 has an invalid length.
[  120.808704][ T5011] netlink: 'syz.0.209': attribute type 3 has an invalid length.
[  121.017169][ T4183] attempt to access beyond end of device
[  121.017169][ T4183] loop0: rw=2049, want=45104, limit=40427
[  122.819879][ T5047] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  123.175526][ T5054] loop4: detected capacity change from 0 to 512
[  125.130027][ T5064] device syzkaller0 entered promiscuous mode
[  127.255356][ T5077] loop2: detected capacity change from 0 to 40427
[  127.277522][ T5077] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  127.299188][ T5077] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  128.073471][ T5077] F2FS-fs (loop2): invalid crc value
[  128.193611][ T5077] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  128.233900][ T5102] process 'syz.3.239' launched './file1' with NULL argv: empty string added
[  128.652324][ T5114] device syzkaller0 entered promiscuous mode
[  129.581310][ T5121] Bluetooth: hci0: unsupported parameter 255
[  129.657155][ T5121] Bluetooth: hci0: unsupported parameter 255
[  132.601377][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  132.607827][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  133.401576][ T5153] device syzkaller0 entered promiscuous mode
[  133.729047][ T5163] Bluetooth: hci0: unsupported parameter 255
[  133.735116][ T5163] Bluetooth: hci0: unsupported parameter 255
[  133.982744][    T7] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  134.178353][ T4226] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  135.946923][    T7] usb 1-1: unable to get BOS descriptor or descriptor too short
[  136.107745][ T4226] usb 4-1: config 14 has an invalid descriptor of length 0, skipping remainder of the config
[  136.119579][    T7] usb 1-1: unable to read config index 0 descriptor/start: -71
[  136.156221][    T7] usb 1-1: can't read configurations, error -71
[  136.186991][ T4226] usb 4-1: config 14 has 0 interfaces, different from the descriptor's value: 1
[  136.447687][ T4226] usb 4-1: New USB device found, idVendor=c880, idProduct=760e, bcdDevice=35.fc
[  136.535204][ T4226] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.758477][ T4226] usb 4-1: Product: syz
[  136.867494][ T4226] usb 4-1: Manufacturer: syz
[  136.963064][ T4226] usb 4-1: SerialNumber: syz
[  137.217120][ T4226] usb 4-1: can't set config #14, error -71
[  137.400954][ T4226] usb 4-1: USB disconnect, device number 10
[  140.033678][ T5204] loop2: detected capacity change from 0 to 16
[  140.104755][ T5201] device syzkaller0 entered promiscuous mode
[  140.158560][ T5204] erofs: (device loop2): mounted with root inode @ nid 36.
[  140.274274][ T5203] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  140.386143][ T5203] overlayfs: failed to get metacopy (-117)
[  140.906819][ T2238] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  142.018581][ T2238] usb 4-1: Using ep0 maxpacket: 16
[  142.186817][ T2238] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  142.197078][ T2238] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  142.206057][ T2238] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  142.298127][   T23] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  142.443885][ T2238] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  142.728453][ T2238] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.736562][ T2238] usb 4-1: Product: syz
[  142.741230][ T2238] usb 4-1: Manufacturer: 鐐䊺룣ꩾ〮䒅庵
[  142.747701][ T2238] usb 4-1: SerialNumber: syz
[  142.956093][ T5242] device syzkaller0 entered promiscuous mode
[  143.109362][ T2238] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  143.116213][ T2238] cdc_ncm 4-1:1.0: bind() failure
[  143.131597][   T23] usb 3-1: unable to get BOS descriptor or descriptor too short
[  143.143387][ T2238] usb 4-1: USB disconnect, device number 11
[  143.288269][   T23] usb 3-1: unable to read config index 0 descriptor/start: -71
[  143.421710][   T23] usb 3-1: can't read configurations, error -71
[  144.453199][ T5256] loop2: detected capacity change from 0 to 4096
[  144.494782][ T5256] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  144.730841][ T5262] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  144.839659][ T5262] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  145.995651][ T5283] loop1: detected capacity change from 0 to 512
[  146.084113][ T5283] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  146.113829][ T5283] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  146.138923][ T5285] device syzkaller0 entered promiscuous mode
[  146.161517][ T5283] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  146.188795][ T5283] System zones: 0-2, 18-18, 34-35
[  146.195384][ T5283] EXT4-fs (loop1): mounted filesystem without journal. Opts: bsdgroups,,errors=continue. Quota mode: none.
[  146.372841][ T5283] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  146.406927][ T5283] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006]
[  146.443025][ T5283] EXT4-fs (loop1): re-mounted. Opts: . Quota mode: none.
[  146.595123][ T5283] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.294: bg 0: block 353: padding at end of block bitmap is not set
[  146.697667][ T5283] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6194: Corrupt filesystem
[  147.776822][ T4172] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  148.258299][ T4172] usb 5-1: not running at top speed; connect to a high speed hub
[  148.337049][ T4172] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  148.352280][ T4172] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  148.371973][ T4172] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  148.506552][ T5322] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  148.524512][ T5322] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  148.556967][ T4172] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  148.577239][ T4172] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.595474][ T4172] usb 5-1: Product: syz
[  148.600136][ T4172] usb 5-1: Manufacturer: syz
[  148.604783][ T4172] usb 5-1: SerialNumber: syz
[  148.825369][ T5326] device syzkaller0 entered promiscuous mode
[  148.922654][ T4172] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  148.942707][ T4172] cdc_ncm 5-1:1.0: bind() failure
[  148.990301][ T4172] usb 5-1: USB disconnect, device number 6
[  149.665695][ T5305] loop1: detected capacity change from 0 to 131072
[  149.950252][ T5305] F2FS-fs (loop1): invalid crc value
[  150.467171][ T5305] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-4)
[  150.572710][ T4226] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  150.950284][ T4226] usb 5-1: unable to get BOS descriptor or descriptor too short
[  151.076910][ T4226] usb 5-1: unable to read config index 0 descriptor/start: -71
[  151.086860][ T4226] usb 5-1: can't read configurations, error -71
[  153.503227][ T5372] device syzkaller0 entered promiscuous mode
[  153.780671][ T5378] overlayfs: failed to clone lowerpath
[  154.467071][ T4229] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  156.516923][ T4229] usb 5-1: unable to get BOS descriptor or descriptor too short
[  156.568137][ T5407] device syzkaller0 entered promiscuous mode
[  156.597131][ T4229] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  156.616757][ T4229] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  156.636557][ T4229] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  156.676984][ T4229] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  156.709354][ T5410] loop1: detected capacity change from 0 to 512
[  156.800893][ T5410] EXT4-fs (loop1): Unrecognized mount option "fowner<00000000000000000000" or missing value
[  156.847201][ T4229] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  156.856296][ T4229] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.900193][ T4229] usb 5-1: Product: syz
[  156.904483][ T4229] usb 5-1: Manufacturer: syz
[  156.935176][ T4229] usb 5-1: SerialNumber: syz
[  156.952498][ T5410] loop1: detected capacity change from 0 to 1024
[  157.007191][ T5410] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  157.336794][ T4229] usb 5-1: 0:2 : does not exist
[  157.393149][ T4229] usb 5-1: USB disconnect, device number 9
[  157.807964][ T5433] loop3: detected capacity change from 0 to 512
[  157.842164][ T5433] EXT4-fs (loop3): Ignoring removed orlov option
[  157.912923][ T5433] EXT4-fs (loop3): mounted filesystem without journal. Opts: nojournal_checksum,orlov,i_version,,errors=continue. Quota mode: writeback.
[  157.937133][ T5433] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  158.330079][ T5439] EXT4-fs error (device loop3): ext4_lookup:1858: inode #12: comm syz.3.339: iget: bad i_size value: 2533274857506816
[  158.373117][ T5439] usb usb8: usbfs: process 5439 (syz.3.339) did not claim interface 0 before use
[  159.665404][ T5449] loop4: detected capacity change from 0 to 1024
[  160.489615][ T5449] EXT4-fs (loop4): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,usrquota,nombcache,,errors=continue. Quota mode: writeback.
[  160.507116][ T5449] ext4 filesystem being mounted at /72/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.793513][ T5463] loop4: detected capacity change from 0 to 4096
[  162.814703][ T5466] device syzkaller0 entered promiscuous mode
[  162.918269][ T5463] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  163.266761][    T7] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  163.668057][    T7] usb 2-1: unable to get BOS descriptor or descriptor too short
[  163.746997][    T7] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  163.772322][    T7] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  163.806569][    T7] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  163.852235][    T7] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  164.047931][    T7] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  164.081217][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.101168][    T7] usb 2-1: Product: syz
[  164.105378][    T7] usb 2-1: Manufacturer: syz
[  164.141427][    T7] usb 2-1: SerialNumber: syz
[  164.424493][ T5469] bridge: RTM_NEWNEIGH with invalid state 0x0
[  164.576952][    T7] usb 2-1: 0:2 : does not exist
[  164.616478][    T7] usb 2-1: USB disconnect, device number 5
[  164.669056][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  164.698490][ T5476] loop0: detected capacity change from 0 to 40427
[  164.756446][ T5476] F2FS-fs (loop0): Unrecognized mount option "memory=low" or missing value
[  164.821597][ T5490] loop4: detected capacity change from 0 to 1024
[  164.857753][ T5490] EXT4-fs (loop4): Test dummy encryption mode enabled
[  164.912646][ T5490] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption=v1,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  164.963984][ T5494] loop0: detected capacity change from 0 to 128
[  166.320709][ T4223] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  166.327847][ T5515] device syzkaller0 entered promiscuous mode
[  167.396780][ T4223] usb 4-1: Using ep0 maxpacket: 8
[  167.414018][ T5527] loop0: detected capacity change from 0 to 2048
[  167.526828][ T4223] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  167.555171][ T4223] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  167.567486][ T5527] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  167.604359][ T5527] ext4 filesystem being mounted at /60/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  167.632922][ T4223] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.686002][ T4223] usb 4-1: config 0 descriptor??
[  167.706790][    T7] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  167.790272][ T4223] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  167.956717][    T7] usb 2-1: Using ep0 maxpacket: 16
[  168.013255][ T4226] usb 4-1: USB disconnect, device number 12
[  168.077145][    T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.095752][    T7] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  168.105981][    T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.117105][    T7] usb 2-1: config 0 descriptor??
[  168.173802][    T7] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  168.239079][ T4223] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  168.536566][    T7] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  168.721841][ T5546] udc-core: couldn't find an available UDC or it's busy
[  168.737042][ T4223] usb 3-1: unable to get BOS descriptor or descriptor too short
[  168.737052][ T5546] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  168.786849][    T7] usb 5-1: Using ep0 maxpacket: 32
[  168.846995][ T4223] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  168.857616][ T4223] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  168.866614][ T4223] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  168.878306][ T4223] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  168.906953][    T7] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  168.915338][    T7] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  168.924085][    T7] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  168.933225][    T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  168.944530][    T7] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  168.954367][    T7] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  168.969697][    T7] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  168.982204][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.994687][    T7] usb 5-1: config 0 descriptor??
[  169.056866][ T4223] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  169.076222][ T4223] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.096782][ T4223] usb 3-1: Product: syz
[  169.101016][ T4223] usb 3-1: Manufacturer: syz
[  169.105627][ T4223] usb 3-1: SerialNumber: syz
[  169.263917][    T7] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  169.300656][    T7] usb 5-1: USB disconnect, device number 10
[  169.346055][    T7] usblp0: removed
[  169.371916][ T5534] bridge: RTM_NEWNEIGH with invalid state 0x0
[  169.547475][ T4223] usb 3-1: 0:2 : does not exist
[  170.153727][ T5552] loop3: detected capacity change from 0 to 512
[  170.161577][ T4223] usb 3-1: USB disconnect, device number 7
[  170.232518][ T5552] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  170.258440][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  170.300027][ T5554] device syzkaller0 entered promiscuous mode
[  170.307081][ T5552] EXT4-fs (loop3): inline encryption not supported
[  170.316865][ T5552] EXT4-fs (loop3): Test dummy encryption mode enabled
[  170.323681][ T5552] EXT4-fs (loop3): Ignoring removed mblk_io_submit option
[  170.331197][ T5552] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  170.362083][ T5552] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:163: inode #15: comm syz.3.371: inline data xattr refers to an external xattr inode
[  170.412155][ T5552] EXT4-fs (loop3): Remounting filesystem read-only
[  170.442969][ T5552] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.371: couldn't read orphan inode 15 (err -117)
[  170.455782][ T5552] EXT4-fs (loop3): Remounting filesystem read-only
[  170.463000][ T5552] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,nomblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none.
[  170.625147][ T5564] loop1: detected capacity change from 0 to 256
[  170.632843][    T7] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  170.679519][ T5564] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  170.702808][   T23] usb 2-1: USB disconnect, device number 6
[  171.936844][    T7] usb 5-1: device not accepting address 11, error -71
[  173.657056][   T23] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  174.237134][   T23] usb 2-1: unable to get BOS descriptor or descriptor too short
[  174.344060][ T5574] loop0: detected capacity change from 0 to 40427
[  174.356980][   T23] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  174.374999][   T23] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  174.402191][   T23] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  174.451274][ T5574] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  174.452480][   T23] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  174.483164][ T5574] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  174.515176][ T5574] F2FS-fs (loop0): invalid crc value
[  174.620584][ T5574] F2FS-fs (loop0): Found nat_bits in checkpoint
[  174.686870][   T23] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  174.715037][   T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.742203][   T23] usb 2-1: Product: syz
[  174.751957][   T23] usb 2-1: Manufacturer: syz
[  174.766442][   T23] usb 2-1: SerialNumber: syz
[  174.959088][ T5599] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  174.967137][ T5599] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  175.126824][   T26] audit: type=1326 audit(1772268341.851:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  175.247711][ T5586] bridge: RTM_NEWNEIGH with invalid state 0x0
[  175.746697][   T26] audit: type=1326 audit(1772268341.851:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  175.837052][   T23] usb 2-1: 0:2 : does not exist
[  175.864836][   T23] usb 2-1: USB disconnect, device number 7
[  175.962490][   T26] audit: type=1326 audit(1772268341.871:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  176.079611][   T26] audit: type=1326 audit(1772268341.871:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  176.101834][   T26] audit: type=1326 audit(1772268341.871:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  176.124986][   T26] audit: type=1326 audit(1772268341.871:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  176.147198][   T26] audit: type=1326 audit(1772268341.871:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  176.262130][   T26] audit: type=1326 audit(1772268341.871:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  176.308129][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  176.970323][   T26] audit: type=1326 audit(1772268341.871:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  177.013891][   T26] audit: type=1326 audit(1772268341.871:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5609 comm="syz.4.388" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  177.036993][ T1108] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  177.677639][ T5632] binder: 5631:5632 ioctl c0306201 2000000003c0 returned -14
[  177.802744][ T5634] loop5: detected capacity change from 0 to 7
[  177.906788][ T1108] usb 4-1: Using ep0 maxpacket: 32
[  178.032021][ T1108] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.052137][ T1108] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  178.108108][ T5640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.398'.
[  178.236932][ T1108] usb 4-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f
[  178.251360][ T5634] loop1: detected capacity change from 0 to 40427
[  178.258044][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.276727][ T1108] usb 4-1: Product: syz
[  178.286876][ T1108] usb 4-1: Manufacturer: syz
[  178.296923][ T1108] usb 4-1: SerialNumber: syz
[  178.308823][ T1108] usb 4-1: config 0 descriptor??
[  178.348542][ T5634] F2FS-fs (loop1): invalid crc value
[  178.388662][ T5634] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 10241044815247771109)
[  178.594847][ T5634] F2FS-fs (loop1): recover fsync data on readonly fs
[  178.630846][ T5634] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  178.911232][ T5642] loop2: detected capacity change from 0 to 40427
[  178.947101][ T5642] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  178.985979][ T5642] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  179.045687][ T5642] F2FS-fs (loop2): invalid crc value
[  179.085901][ T5642] F2FS-fs (loop2): Found nat_bits in checkpoint
[  179.119313][ T4229] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  179.272656][ T4172] usb 4-1: USB disconnect, device number 13
[  179.280520][ T5642] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  179.305085][ T5642] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  179.376906][ T4229] usb 5-1: Using ep0 maxpacket: 16
[  180.939853][ T4232] Bluetooth: hci0: command 0x0406 tx timeout
[  180.994436][ T4226] Bluetooth: hci4: command 0x0406 tx timeout
[  181.000703][ T4226] Bluetooth: hci1: command 0x0406 tx timeout
[  181.006833][ T4226] Bluetooth: hci2: command 0x0406 tx timeout
[  181.012901][ T4226] Bluetooth: hci3: command 0x0406 tx timeout
[  181.087376][ T4229] usb 5-1: config 0 has no interfaces?
[  181.092930][ T4229] usb 5-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice= 0.5a
[  181.120930][ T4229] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.163734][ T4229] usb 5-1: config 0 descriptor??
[  181.610201][ T5653] udc-core: couldn't find an available UDC or it's busy
[  181.620961][ T5653] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  181.644039][ T4229] usb 5-1: USB disconnect, device number 13
[  182.751772][ T5692] loop4: detected capacity change from 0 to 1024
[  182.965634][ T5692] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  182.993615][ T5692] EXT4-fs (loop4): orphan cleanup on readonly fs
[  183.000810][ T5693] loop0: detected capacity change from 0 to 256
[  183.040915][ T5692] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.412: bg 0: block 10: padding at end of block bitmap is not set
[  183.096354][ T5692] __quota_error: 13 callbacks suppressed
[  183.096374][ T5692] Quota error (device loop4): write_blk: dquota write failed
[  183.124838][ T5693] FAT-fs (loop0): Unrecognized mount option "nnonumtail=1" or missing value
[  183.207087][ T5692] Quota error (device loop4): find_free_dqentry: Can't remove block (3) from entry free list
[  183.226131][ T5692] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  183.270068][ T5692] EXT4-fs error (device loop4): ext4_acquire_dquot:6234: comm syz.4.412: Failed to acquire dquot type 0
[  183.314861][ T5692] Quota error (device loop4): write_blk: dquota write failed
[  183.336938][ T5692] Quota error (device loop4): find_free_dqentry: Can't remove block (3) from entry free list
[  183.378453][ T5692] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  183.406749][ T5692] EXT4-fs error (device loop4): ext4_acquire_dquot:6234: comm syz.4.412: Failed to acquire dquot type 0
[  183.443302][ T5692] EXT4-fs error (device loop4): ext4_free_blocks:6234: comm syz.4.412: Freeing blocks not in datazone - block = 0, count = 4096
[  183.492167][ T5692] Quota error (device loop4): write_blk: dquota write failed
[  183.639980][ T5692] Quota error (device loop4): find_free_dqentry: Can't remove block (3) from entry free list
[  183.669211][ T5692] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  183.732315][ T5692] EXT4-fs error (device loop4): ext4_acquire_dquot:6234: comm syz.4.412: Failed to acquire dquot type 0
[  183.871826][ T5692] EXT4-fs (loop4): 1 orphan inode deleted
[  183.917805][ T5692] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  184.308505][ T5708] device syzkaller0 entered promiscuous mode
[  184.643303][ T5719] loop2: detected capacity change from 0 to 256
[  184.808099][ T5719] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  185.845485][ T5723] loop0: detected capacity change from 0 to 40427
[  185.897099][ T5733] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  185.940696][ T5723] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  185.953678][ T5733] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  185.967581][ T5723] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  186.030161][ T5723] F2FS-fs (loop0): invalid crc value
[  187.356915][ T5723] F2FS-fs (loop0): Found nat_bits in checkpoint
[  189.168902][ T5769] device syzkaller0 entered promiscuous mode
[  189.385877][ T5774] loop3: detected capacity change from 0 to 512
[  190.348529][ T5774] EXT4-fs (loop3): Test dummy encryption mode enabled
[  190.377306][ T5774] EXT4-fs (loop3): 1 orphan inode deleted
[  190.420373][ T5774] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,test_dummy_encryption,usrquota,jqfmt=vfsv1,jqfmt=vfsv0,delalloc,journal_dev=0x000000000000844d,debug_want_extra_isize=0x000000000000005c,i_version,,errors=continue. Quota mode: writeback.
[  190.922941][ T5790] netlink: 'syz.0.442': attribute type 4 has an invalid length.
[  190.930672][ T5790] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.442'.
[  191.072836][ T5774] fscrypt (loop3): Missing crypto API support for AES-256-CTS-CBC (API name: "cts(cbc(aes))")
[  191.625278][ T5814] loop2: detected capacity change from 0 to 1024
[  191.670796][ T5814] EXT4-fs (loop2): Ignoring removed orlov option
[  191.704933][ T5814] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  191.808779][ T4226] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  191.830703][ T5814] EXT4-fs (loop2): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,dioread_nolock,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none.
[  192.032055][   T26] audit: type=1800 audit(1772268358.801:27): pid=5814 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.447" name="file1" dev="loop2" ino=15 res=0 errno=0
[  192.067068][ T4226] usb 5-1: Using ep0 maxpacket: 16
[  192.186965][ T4226] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  192.226876][ T4226] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  192.323169][ T5820] device syzkaller0 entered promiscuous mode
[  192.380102][ T5804] loop3: detected capacity change from 0 to 40427
[  192.409696][ T4226] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  192.430948][ T4226] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.462571][ T5804] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  192.481350][ T4226] usb 5-1: Product: syz
[  192.485575][ T4226] usb 5-1: Manufacturer: syz
[  192.498913][ T5804] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  192.534657][ T4226] usb 5-1: SerialNumber: syz
[  192.565903][ T5804] F2FS-fs (loop3): invalid crc value
[  192.644590][ T5804] F2FS-fs (loop3): Found nat_bits in checkpoint
[  192.728285][ T5804] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  192.736789][ T5804] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  194.193923][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  194.200648][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  196.566746][ T4226] usb 5-1: 0:2 : does not exist
[  197.107119][ T4226] usb 5-1: USB disconnect, device number 14
[  197.388275][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  197.541603][ T5855] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  197.566831][ T5855] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  197.583469][ T5860] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  197.601862][ T5860] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  204.686941][ T5900] loop2: detected capacity change from 0 to 2048
[  204.873969][ T5900] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  205.156717][ T5906] EXT4-fs (loop2): re-mounted. Opts: . Quota mode: none.
[  205.191261][ T5900] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1163: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  205.209442][ T5900] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 320 with max blocks 32 with error 28
[  205.222048][ T5900] EXT4-fs (loop2): This should not happen!! Data will be lost
[  205.222048][ T5900] 
[  205.232438][ T5900] EXT4-fs (loop2): Total free blocks count 0
[  205.247659][ T5900] EXT4-fs (loop2): Free/Dirty block details
[  205.262272][ T5900] EXT4-fs (loop2): free_blocks=2415919104
[  205.268593][ T5900] EXT4-fs (loop2): dirty_blocks=352
[  205.299879][ T5900] EXT4-fs (loop2): Block reservation details
[  205.323279][ T5900] EXT4-fs (loop2): i_reserved_data_blocks=22
[  205.345029][ T5906] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 320 with error 28
[  206.948007][ T5936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.478'.
[  206.980852][ T5936] netlink: 24 bytes leftover after parsing attributes in process `syz.3.478'.
[  207.666144][ T1108] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  207.842132][ T5938] loop3: detected capacity change from 0 to 16
[  207.869026][ T5938] erofs: (device loop3): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 16700)
[  207.996788][ T1108] usb 5-1: Using ep0 maxpacket: 8
[  208.157045][ T1108] usb 5-1: unable to get BOS descriptor or descriptor too short
[  209.572932][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  209.582877][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024
[  209.594827][ T1108] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024
[  210.576685][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  210.586390][ T1108] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  211.376754][ T1108] usb 5-1: string descriptor 0 read error: -71
[  211.383001][ T1108] usb 5-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice= 0.4e
[  211.400187][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  211.444176][ T1108] usb 5-1: config 0 descriptor??
[  211.476890][ T1108] usb 5-1: can't set config #0, error -71
[  211.484124][ T1108] usb 5-1: USB disconnect, device number 15
[  211.724580][ T5959] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  212.405885][ T5964] loop0: detected capacity change from 0 to 1024
[  212.597305][ T5964] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpjquota=,,errors=continue. Quota mode: writeback.
[  212.771897][ T5976] loop3: detected capacity change from 0 to 256
[  212.784790][ T5961] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback.
[  212.848256][ T5961] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback.
[  212.882809][ T5976] loop3: detected capacity change from 0 to 128
[  212.924195][ T5976] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  217.476762][ T4226] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  217.588713][ T6020] loop1: detected capacity change from 0 to 128
[  217.758149][ T6025] netlink: 12 bytes leftover after parsing attributes in process `syz.4.506'.
[  217.817046][ T6025] device bridge0 entered promiscuous mode
[  217.827716][ T4172] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  217.854902][ T6029] loop1: detected capacity change from 0 to 1024
[  217.903573][ T6029] EXT4-fs (loop1): test_dummy_encryption requires encrypt feature
[  217.927006][ T4226] usb 1-1: unable to get BOS descriptor or descriptor too short
[  218.006942][ T4226] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  218.044018][ T4226] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  218.066793][ T4172] usb 3-1: Using ep0 maxpacket: 16
[  218.096025][ T4226] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  218.164027][ T4226] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  218.189171][ T4172] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  218.224990][ T4172] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  218.279777][ T4172] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.343421][ T4172] usb 3-1: config 0 descriptor??
[  218.403633][ T4172] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  218.416981][ T4226] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  219.087403][ T4226] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.095574][ T4226] usb 1-1: Product: syz
[  219.110010][ T4226] usb 1-1: Manufacturer: syz
[  219.120125][ T4226] usb 1-1: SerialNumber: syz
[  219.317864][ T4172] usb 3-1: USB disconnect, device number 8
[  219.327803][ T6042] loop4: detected capacity change from 0 to 256
[  219.666249][ T6008] bridge: RTM_NEWNEIGH with invalid state 0x0
[  220.100734][ T6042] FAT-fs (loop4): Directory bread(block 64) failed
[  220.160447][ T6042] FAT-fs (loop4): Directory bread(block 65) failed
[  220.167187][ T6042] FAT-fs (loop4): Directory bread(block 66) failed
[  220.173749][ T6042] FAT-fs (loop4): Directory bread(block 67) failed
[  220.183312][ T6042] FAT-fs (loop4): Directory bread(block 68) failed
[  220.190094][ T6042] FAT-fs (loop4): Directory bread(block 69) failed
[  220.199112][ T6042] FAT-fs (loop4): Directory bread(block 70) failed
[  220.205745][ T6042] FAT-fs (loop4): Directory bread(block 71) failed
[  220.212620][ T6042] FAT-fs (loop4): Directory bread(block 72) failed
[  220.247049][ T6042] FAT-fs (loop4): Directory bread(block 73) failed
[  220.277040][ T4226] usb 1-1: 0:2 : does not exist
[  220.347025][ T4226] usb 1-1: USB disconnect, device number 6
[  220.598582][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  222.197597][ T6074] loop2: detected capacity change from 0 to 1024
[  222.364292][ T6074] EXT4-fs (loop2): Test dummy encryption mode enabled
[  222.420937][ T6074] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption,i_version,noblock_validity,commit=0x0000000000000005,noinit_itable,max_batch_time=0x0000000000000000,abort,auto_da_alloc,lazytime,noauto_da_alloc,block_validity,,errors=continue. Quota mode: writeback.
[  222.640146][ T6081] loop1: detected capacity change from 0 to 512
[  223.274901][ T6081] EXT4-fs (loop1): Ignoring removed bh option
[  223.354001][ T6081] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  223.443269][ T6081] EXT4-fs error (device loop1): ext4_iget_extra_inode:4566: inode #15: comm syz.1.522: corrupted in-inode xattr
[  223.464801][ T6081] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.522: couldn't read orphan inode 15 (err -117)
[  223.546829][ T6091] syz.3.524[6091] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.547008][ T6091] syz.3.524[6091] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  223.569748][ T6081] EXT4-fs (loop1): mounted filesystem without journal. Opts: auto_da_alloc=0x0000000000000002,grpid,bh,grpid,noauto_da_alloc,max_dir_size_kb=0x0000000000000005,init_itable=0x0000000000000009,init_itable,usrjquota=,nolazytime,norecovery,,errors=continue. Quota mode: none.
[  223.835512][ T6099] loop3: detected capacity change from 0 to 1024
[  223.950847][ T6099] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpjquota=,,errors=continue. Quota mode: writeback.
[  223.976863][ T4172] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  224.146301][ T6099] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  224.215590][ T6099] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  224.338020][   T26] audit: type=1326 audit(1772268391.111:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.3.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff57223f799 code=0x7ffc0000
[  224.376988][ T4172] usb 3-1: unable to get BOS descriptor or descriptor too short
[  224.445580][   T26] audit: type=1326 audit(1772268391.161:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.3.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff57223f799 code=0x7ffc0000
[  224.486810][ T4172] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  224.504050][ T4172] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  224.532114][ T4172] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  224.576477][   T26] audit: type=1326 audit(1772268391.161:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.3.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff57223f799 code=0x7ffc0000
[  224.612317][ T4172] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  224.669944][   T26] audit: type=1326 audit(1772268391.161:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.3.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=52 compat=0 ip=0x7ff57223f799 code=0x7ffc0000
[  224.746710][   T26] audit: type=1326 audit(1772268391.161:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6109 comm="syz.3.530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff57223f799 code=0x7ffc0000
[  224.806993][ T4172] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  224.827782][ T4172] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.835842][ T4172] usb 3-1: Product: syz
[  224.876915][ T4172] usb 3-1: Manufacturer: syz
[  224.886940][ T4172] usb 3-1: SerialNumber: syz
[  225.036447][ T6118] loop4: detected capacity change from 0 to 512
[  225.149224][ T6095] bridge: RTM_NEWNEIGH with invalid state 0x0
[  225.165733][ T6118] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  225.186764][ T4226] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  225.317083][ T4172] usb 3-1: 0:2 : does not exist
[  225.387142][ T4172] usb 3-1: USB disconnect, device number 9
[  225.582442][ T4226] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  225.606748][ T4226] usb 4-1: New USB device found, idVendor=056e, idProduct=010c, bcdDevice= 0.00
[  225.615854][ T4226] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.653407][ T4226] usb 4-1: config 0 descriptor??
[  225.712911][ T4226] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  226.441367][ T6135] loop2: detected capacity change from 0 to 256
[  226.980666][ T6140] netlink: 'syz.3.533': attribute type 3 has an invalid length.
[  227.546264][ T6135] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  227.995405][ T6135] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d)
[  228.214595][ T4229] usb 4-1: USB disconnect, device number 14
[  229.539629][ T6157] tipc: Started in network mode
[  229.746086][ T6157] tipc: Node identity 4, cluster identity 4711
[  229.765577][ T6157] tipc: Node number set to 4
[  229.946708][ T4172] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  230.026850][ T4226] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  230.186728][ T4172] usb 4-1: Using ep0 maxpacket: 8
[  230.229029][ T4223] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  230.307047][ T4172] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  230.345749][ T4172] usb 4-1: New USB device found, idVendor=0853, idProduct=0146, bcdDevice= 0.00
[  230.392522][ T4172] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.406770][ T4226] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  230.434278][ T4226] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  230.457754][ T4172] usb 4-1: config 0 descriptor??
[  230.464236][ T6166] syz.1.552[6166] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  230.464380][ T6166] syz.1.552[6166] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  230.498997][ T4172] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  230.639757][   T26] audit: type=1326 audit(1772268397.381:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  230.887058][ T4223] usb 3-1: unable to get BOS descriptor or descriptor too short
[  231.031981][ T4223] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  231.233542][   T26] audit: type=1326 audit(1772268397.381:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.296811][ T4223] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  231.307503][ T4226] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  231.316586][ T4226] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  231.324691][ T4226] usb 5-1: SerialNumber: syz
[  231.330865][ T6151] netlink: 'syz.3.545': attribute type 4 has an invalid length.
[  231.340399][   T26] audit: type=1326 audit(1772268397.381:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.349938][ T4223] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  231.374130][   T26] audit: type=1326 audit(1772268397.381:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.420869][ T4223] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  231.456566][   T26] audit: type=1326 audit(1772268397.391:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.486666][ T4172] usb 4-1: USB disconnect, device number 15
[  231.508328][   T26] audit: type=1326 audit(1772268397.391:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.599240][   T26] audit: type=1326 audit(1772268397.391:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.624044][ T6149] netlink: 4 bytes leftover after parsing attributes in process `syz.4.544'.
[  231.717778][   T26] audit: type=1326 audit(1772268397.391:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.746933][   T26] audit: type=1326 audit(1772268397.391:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.824310][   T26] audit: type=1326 audit(1772268397.391:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6163 comm="syz.0.551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb60f60a799 code=0x7ffc0000
[  231.977911][ T4223] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  231.993415][ T4223] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  232.003583][ T4223] usb 3-1: Product: syz
[  232.011522][ T4223] usb 3-1: Manufacturer: syz
[  232.016527][ T4223] usb 3-1: SerialNumber: syz
[  232.304349][ T6159] bridge: RTM_NEWNEIGH with invalid state 0x0
[  232.468321][ T4223] usb 3-1: 0:2 : does not exist
[  232.515272][ T4223] usb 3-1: USB disconnect, device number 10
[  232.842911][ T4173] udevd[4173]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  233.158889][ T6192] netlink: 24 bytes leftover after parsing attributes in process `syz.3.559'.
[  233.813105][ T6197] loop4: detected capacity change from 0 to 256
[  234.150543][ T4226] usb 5-1: 0:2 : does not exist
[  234.161882][ T4226] usb 5-1: USB disconnect, device number 16
[  236.754500][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  236.754866][   T26] audit: type=1326 audit(1772268403.501:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  237.000008][ T6220] loop2: detected capacity change from 0 to 512
[  237.466675][   T26] audit: type=1326 audit(1772268403.501:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  237.500546][   T26] audit: type=1326 audit(1772268403.501:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  237.524987][ T4177] udevd[4177]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  237.540993][ T4229] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  237.623079][   T26] audit: type=1326 audit(1772268403.501:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  238.455774][   T26] audit: type=1326 audit(1772268403.501:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  238.519560][ T6220] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  238.527278][   T26] audit: type=1326 audit(1772268403.501:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  238.553719][   T26] audit: type=1326 audit(1772268403.501:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  238.576685][   T26] audit: type=1326 audit(1772268403.501:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  238.589305][ T6220] ext4 filesystem being mounted at /115/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.599023][   T26] audit: type=1326 audit(1772268403.501:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  238.599064][   T26] audit: type=1326 audit(1772268403.511:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.4.565" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8878445799 code=0x7ffc0000
[  238.746936][ T4229] usb 2-1: unable to get BOS descriptor or descriptor too short
[  238.846835][ T4229] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  238.870059][ T6239] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  238.881372][ T4229] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  239.120254][ T6239] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  239.484182][ T6239] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  239.627619][ T4229] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  239.638927][ T4229] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  239.686824][ T4229] usb 2-1: string descriptor 0 read error: -71
[  239.703264][ T4229] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  239.753731][ T4229] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  239.841445][ T6251] loop2: detected capacity change from 0 to 512
[  239.848124][ T4229] usb 2-1: can't set config #1, error -71
[  239.865613][ T4229] usb 2-1: USB disconnect, device number 8
[  239.940577][ T6251] EXT4-fs (loop2): Ignoring removed orlov option
[  240.615910][ T6261] ODEBUG: Out of memory. ODEBUG disabled
[  240.767048][ T6251] EXT4-fs (loop2): mounted filesystem without journal. Opts: nojournal_checksum,orlov,i_version,,errors=continue. Quota mode: writeback.
[  241.049727][ T6251] ext4 filesystem being mounted at /116/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  241.963464][ T6264] capability: warning: `syz.0.582' uses deprecated v2 capabilities in a way that may be insecure
[  243.596709][ T4232] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  244.666256][ T6294] netlink: 'syz.0.592': attribute type 12 has an invalid length.
[  244.922331][ T6294] netlink: 'syz.0.592': attribute type 29 has an invalid length.
[  245.247591][ T4232] usb 2-1: unable to get BOS descriptor or descriptor too short
[  245.507112][ T6294] netlink: 148 bytes leftover after parsing attributes in process `syz.0.592'.
[  245.517167][ T4232] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  245.527578][ T4223] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  245.544150][ T4232] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  245.604329][ T4232] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  245.667812][ T4232] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  245.681895][ T6294] netlink: 'syz.0.592': attribute type 3 has an invalid length.
[  245.947731][ T4223] usb 3-1: config 0 has no interfaces?
[  245.953910][ T4232] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  246.008178][ T4232] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.067172][ T4223] usb 3-1: config 0 has no interfaces?
[  246.125890][ T4232] usb 2-1: Product: syz
[  246.167597][ T4223] usb 3-1: config 0 has no interfaces?
[  246.199048][ T4223] usb 3-1: New USB device found, idVendor=7de0, idProduct=676e, bcdDevice=77.db
[  246.230425][ T4232] usb 2-1: Manufacturer: syz
[  246.231050][ T4232] usb 2-1: SerialNumber: syz
[  246.393904][ T4223] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.705385][ T4223] usb 3-1: config 0 descriptor??
[  246.897501][ T4232] usb 2-1: can't set config #1, error -71
[  246.987595][ T4232] usb 2-1: USB disconnect, device number 9
[  247.420370][ T6298] udc-core: couldn't find an available UDC or it's busy
[  247.593832][ T6298] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  248.044885][ T4223] usb 3-1: USB disconnect, device number 11
[  248.124896][ T6309] loop1: detected capacity change from 0 to 512
[  248.157295][ T6309] EXT4-fs (loop1): Ignoring removed orlov option
[  248.569526][ T6309] EXT4-fs (loop1): mounted filesystem without journal. Opts: nojournal_checksum,orlov,i_version,,errors=continue. Quota mode: writeback.
[  248.870196][ T6309] ext4 filesystem being mounted at /114/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  249.339073][ T6324] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.597: iget: bad i_size value: 2533274857506816
[  250.630887][ T6335] loop1: detected capacity change from 0 to 512
[  250.692571][ T6331] loop4: detected capacity change from 0 to 4096
[  250.846831][ T6331] EXT4-fs (loop4): inline encryption not supported
[  250.853661][ T6331] EXT4-fs (loop4): Test dummy encryption mode enabled
[  250.863838][ T6335] EXT4-fs (loop1): Ignoring removed orlov option
[  251.217262][ T6335] EXT4-fs (loop1): mounted filesystem without journal. Opts: nojournal_checksum,orlov,i_version,,errors=continue. Quota mode: writeback.
[  251.266224][ T6331] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  251.426145][ T6331] System zones: 0-5
[  251.727197][ T6331] EXT4-fs (loop4): mounted filesystem without journal. Opts: debug,delalloc,inlinecrypt,test_dummy_encryption,errors=continue,errors=continue,delalloc,barrier,,errors=continue. Quota mode: writeback.
[  251.757409][ T6335] ext4 filesystem being mounted at /115/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  252.163277][ T6352] EXT4-fs error (device loop1): ext4_lookup:1858: inode #12: comm syz.1.602: iget: bad i_size value: 2533274857506816
[  253.000812][ T4223] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  253.116990][ T4232] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  253.548277][ T4223] usb 5-1: unable to get BOS descriptor or descriptor too short
[  253.627959][ T4232] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 127
[  253.697749][ T4223] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  253.793542][ T4232] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  253.881836][ T4223] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  254.020071][ T4232] usb 1-1: config 0 has no interfaces?
[  254.071618][ T4223] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  254.157726][ T4223] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  254.317368][ T4232] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[  254.384204][ T4232] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=95
[  254.407596][ T4223] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  254.483668][ T4223] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.559807][ T4232] usb 1-1: Product: syz
[  254.618710][ T4223] usb 5-1: Product: syz
[  254.628319][ T4232] usb 1-1: Manufacturer: syz
[  254.682234][ T4223] usb 5-1: Manufacturer: syz
[  254.696141][ T4232] usb 1-1: SerialNumber: syz
[  254.749968][ T4223] usb 5-1: SerialNumber: syz
[  254.849810][ T4232] usb 1-1: config 0 descriptor??
[  255.221732][ T6355] bridge: RTM_NEWNEIGH with invalid state 0x0
[  255.427178][    C1] ==================================================================
[  255.435807][    C1] BUG: KASAN: use-after-free in rose_timer_expiry+0x470/0x490
[  255.443405][    C1] Read of size 2 at addr ffff88806005202a by task kworker/u4:10/4707
[  255.451515][    C1] 
[  255.453881][    C1] CPU: 1 PID: 4707 Comm: kworker/u4:10 Not tainted syzkaller #0
[  255.461540][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  255.471740][    C1] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  255.479605][    C1] Call Trace:
[  255.482903][    C1]  <IRQ>
[  255.485777][    C1]  dump_stack_lvl+0x188/0x250
[  255.490502][    C1]  ? show_regs_print_info+0x20/0x20
[  255.495741][    C1]  ? _printk+0xda/0x130
[  255.499927][    C1]  ? rose_timer_expiry+0x470/0x490
[  255.505078][    C1]  ? load_image+0x400/0x400
[  255.509641][    C1]  print_address_description+0x60/0x2d0
[  255.515220][    C1]  ? rose_timer_expiry+0x470/0x490
[  255.520365][    C1]  kasan_report+0xdf/0x130
[  255.524813][    C1]  ? rose_timer_expiry+0x470/0x490
[  255.529957][    C1]  rose_timer_expiry+0x470/0x490
[  255.535172][    C1]  ? rose_start_t1timer+0xd0/0xd0
[  255.540263][    C1]  call_timer_fn+0x17b/0x540
[  255.544920][    C1]  ? rose_start_t1timer+0xd0/0xd0
[  255.550082][    C1]  ? __run_timers+0x800/0x800
[  255.554806][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  255.560043][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  255.565284][    C1]  ? rose_start_t1timer+0xd0/0xd0
[  255.570351][    C1]  __run_timers+0x53e/0x800
[  255.574905][    C1]  ? detach_timer+0x2b0/0x2b0
[  255.579610][    C1]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  255.585667][    C1]  ? sched_clock_cpu+0x15/0x3c0
[  255.590545][    C1]  ? ktime_get_real_ts64+0x440/0x440
[  255.595957][    C1]  run_timer_softirq+0x63/0xf0
[  255.600752][    C1]  handle_softirqs+0x339/0x830
[  255.605558][    C1]  ? __irq_exit_rcu+0x13b/0x230
[  255.610443][    C1]  ? do_softirq+0x210/0x210
[  255.614985][    C1]  ? irqtime_account_irq+0xb2/0x1b0
[  255.620266][    C1]  __irq_exit_rcu+0x13b/0x230
[  255.624979][    C1]  ? irq_exit_rcu+0x20/0x20
[  255.629523][    C1]  irq_exit_rcu+0x5/0x20
[  255.633805][    C1]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  255.639476][    C1]  </IRQ>
[  255.642441][    C1]  <TASK>
[  255.645410][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  255.651786][    C1] RIP: 0010:preempt_schedule_irq+0xb6/0x160
[  255.657718][    C1] Code: 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 7f bf 01 00 00 00 e8 85 ee 8d f7 e8 f0 db ba f7 fb bf 01 00 00 00 <e8> 65 b5 ff ff 43 c6 44 37 08 00 48 c7 44 24 40 00 00 00 00 9c 8f
[  255.677441][    C1] RSP: 0018:ffffc9000321f7a0 EFLAGS: 00000286
[  255.683560][    C1] RAX: ed90340a7951c000 RBX: 0000000000000000 RCX: ed90340a7951c000
[  255.691560][    C1] RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001
[  255.699559][    C1] RBP: ffffc9000321f840 R08: ffffffff901d31b7 R09: 1ffffffff203a636
[  255.707557][    C1] R10: dffffc0000000000 R11: fffffbfff203a637 R12: 0000000000000000
[  255.715556][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000643ef4
[  255.723581][    C1]  ? __cond_resched+0xd0/0xd0
[  255.728304][    C1]  ? rcu_irq_exit_check_preempt+0xdb/0x200
[  255.734148][    C1]  irqentry_exit+0x63/0x70
[  255.738641][    C1]  asm_sysvec_reschedule_ipi+0x16/0x20
[  255.744134][    C1] RIP: 0010:lock_acquire+0x208/0x400
[  255.749464][    C1] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3d 04 f8 0f 85 f1 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 43 c7 44 3d 08 00 00 00 00 65 48 8b 04
[  255.769101][    C1] RSP: 0018:ffffc9000321f900 EFLAGS: 00000206
[  255.775227][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ed90340a7951c000
[  255.783314][    C1] RDX: 0000000000000000 RSI: ffffffff8a2b3a20 RDI: ffffffff8a79f800
[  255.792032][    C1] RBP: ffffc9000321fa20 R08: dffffc0000000000 R09: 1ffffffff203a618
[  255.800226][    C1] R10: dffffc0000000000 R11: fffffbfff203a619 R12: ffffffff8c31eaa0
[  255.808348][    C1] R13: 1ffff92000643f2c R14: 0000000000000246 R15: dffffc0000000000
[  255.816388][    C1]  ? rcu_lock_release+0x5/0x20
[  255.822063][    C1]  ? read_lock_is_recursive+0x10/0x10
[  255.827583][    C1]  ? __lock_acquire+0x7d10/0x7d10
[  255.832670][    C1]  rcu_lock_acquire+0x2a/0x30
[  255.837380][    C1]  ? rcu_lock_acquire+0x5/0x30
[  255.842172][    C1]  batadv_iv_ogm_schedule+0x432/0xec0
[  255.847719][    C1]  ? batadv_iv_send_outstanding_bat_ogm_packet+0x840/0x840
[  255.854973][    C1]  ? batadv_send_skb_packet+0x392/0x5f0
[  255.860658][    C1]  batadv_iv_send_outstanding_bat_ogm_packet+0x72f/0x840
[  255.867738][    C1]  process_one_work+0x85f/0x1010
[  255.872829][    C1]  ? worker_detach_from_pool+0x240/0x240
[  255.878495][    C1]  ? lockdep_hardirqs_off+0x70/0x100
[  255.883824][    C1]  ? _raw_spin_lock_irq+0xb7/0xf0
[  255.888883][    C1]  ? _raw_spin_lock_irqsave+0x100/0x100
[  255.894469][    C1]  ? wq_worker_running+0x97/0x170
[  255.899534][    C1]  worker_thread+0xaa6/0x1290
[  255.904261][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  255.909493][    C1]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  255.915438][    C1]  kthread+0x436/0x520
[  255.919535][    C1]  ? rcu_lock_release+0x20/0x20
[  255.924422][    C1]  ? kthread_blkcg+0xd0/0xd0
[  255.929044][    C1]  ret_from_fork+0x1f/0x30
[  255.933510][    C1]  </TASK>
[  255.936578][    C1] 
[  255.938924][    C1] Allocated by task 4803:
[  255.943282][    C1]  __kasan_kmalloc+0xb5/0xf0
[  255.947905][    C1]  __alloc_skb+0x22c/0x750
[  255.952352][    C1]  skb_copy+0x139/0x790
[  255.956662][    C1]  mac80211_hwsim_tx_frame_no_nl+0xce0/0x1600
[  255.963114][    C1]  mac80211_hwsim_tx_frame+0x1b5/0x200
[  255.968610][    C1]  mac80211_hwsim_beacon_tx+0x4f3/0x920
[  255.974199][    C1]  __iterate_interfaces+0x243/0x500
[  255.979438][    C1]  ieee80211_iterate_active_interfaces_atomic+0xb3/0x140
[  255.986501][    C1]  mac80211_hwsim_beacon+0x9b/0x180
[  255.991998][    C1]  __hrtimer_run_queues+0x4eb/0xb70
[  255.997376][    C1]  hrtimer_run_softirq+0x176/0x240
[  256.002716][    C1]  handle_softirqs+0x339/0x830
[  256.007554][    C1]  __irq_exit_rcu+0x13b/0x230
[  256.012266][    C1]  irq_exit_rcu+0x5/0x20
[  256.016544][    C1]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  256.022234][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  256.028247][    C1] 
[  256.030606][    C1] The buggy address belongs to the object at ffff888060052000
[  256.030606][    C1]  which belongs to the cache kmalloc-512 of size 512
[  256.044697][    C1] The buggy address is located 42 bytes inside of
[  256.044697][    C1]  512-byte region [ffff888060052000, ffff888060052200)
[  256.058043][    C1] The buggy address belongs to the page:
[  256.063755][    C1] page:ffffea0001801400 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888060050400 pfn:0x60050
[  256.075682][    C1] head:ffffea0001801400 order:2 compound_mapcount:0 compound_pincount:0
[  256.084150][    C1] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  256.092912][    C1] raw: 00fff00000010200 ffffea0000a17208 ffffea0000810d08 ffff888016c41c80
[  256.101537][    C1] raw: ffff888060050400 0000000000100006 00000001ffffffff 0000000000000000
[  256.110251][    C1] page dumped because: kasan: bad access detected
[  256.116701][    C1] page_owner tracks the page as allocated
[  256.122455][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 4187, ts 57086318437, free_ts 16358075103
[  256.142457][    C1]  get_page_from_freelist+0x1bbd/0x1ca0
[  256.148244][    C1]  __alloc_pages+0x1ee/0x480
[  256.149669][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[  256.152874][    C1]  new_slab+0xc0/0x4b0
[  256.163295][    C1]  ___slab_alloc+0x80a/0xdd0
[  256.167929][    C1]  __kmalloc+0x1cd/0x330
[  256.172204][    C1]  fib6_info_alloc+0x2e/0xe0
[  256.176826][    C1]  ip6_route_info_create+0x44f/0x1210
[  256.182254][    C1]  addrconf_f6i_alloc+0x1ec/0x430
[  256.187313][    C1]  ipv6_add_addr+0x45f/0xe10
[  256.192100][    C1]  inet6_addr_add+0x43a/0x9c0
[  256.196809][    C1]  inet6_rtm_newaddr+0x64c/0x8f0
[  256.201774][    C1]  rtnetlink_rcv_msg+0x844/0xf30
[  256.206739][    C1]  netlink_rcv_skb+0x1f5/0x440
[  256.211712][    C1]  netlink_unicast+0x774/0x920
[  256.216521][    C1]  netlink_sendmsg+0x8ba/0xbe0
[  256.221337][    C1]  __sys_sendto+0x46d/0x620
[  256.225886][    C1] page last free stack trace:
[  256.230584][    C1]  free_unref_page_prepare+0x637/0x6c0
[  256.236085][    C1]  free_unref_page+0x8f/0x2a0
[  256.240813][    C1]  free_contig_range+0x96/0xf0
[  256.245613][    C1]  destroy_args+0xf0/0xa00
[  256.250071][    C1]  debug_vm_pgtable+0x321/0x380
[  256.254965][    C1]  do_one_initcall+0x272/0x730
[  256.259782][    C1]  do_initcall_level+0x137/0x1f0
[  256.264936][    C1]  do_initcalls+0x4b/0x90
[  256.269292][    C1]  kernel_init_freeable+0x3e9/0x570
[  256.274644][    C1]  kernel_init+0x19/0x1b0
[  256.279021][    C1]  ret_from_fork+0x1f/0x30
[  256.283490][    C1] 
[  256.285990][    C1] Memory state around the buggy address:
[  256.291740][    C1]  ffff888060051f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  256.300019][    C1]  ffff888060051f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  256.308246][    C1] >ffff888060052000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  256.317024][    C1]                                   ^
[  256.322419][    C1]  ffff888060052080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  256.330509][    C1]  ffff888060052100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  256.338589][    C1] ==================================================================
[  256.346695][    C1] Disabling lock debugging due to kernel taint
[  256.352979][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  256.360196][    C1] CPU: 1 PID: 4707 Comm: kworker/u4:10 Tainted: G    B             syzkaller #0
[  256.369444][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  256.379534][    C1] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  256.387386][    C1] Call Trace:
[  256.390694][    C1]  <IRQ>
[  256.393555][    C1]  dump_stack_lvl+0x188/0x250
[  256.398267][    C1]  ? show_regs_print_info+0x20/0x20
[  256.403492][    C1]  ? load_image+0x400/0x400
[  256.408024][    C1]  panic+0x2e5/0x810
[  256.411948][    C1]  ? bpf_jit_dump+0xd0/0xd0
[  256.416513][    C1]  ? _raw_spin_unlock_irqrestore+0xbc/0x120
[  256.422431][    C1]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  256.428346][    C1]  ? _raw_spin_unlock+0x40/0x40
[  256.433510][    C1]  ? print_memory_metadata+0x314/0x400
[  256.439004][    C1]  ? rose_timer_expiry+0x470/0x490
[  256.444145][    C1]  check_panic_on_warn+0x80/0xa0
[  256.449126][    C1]  ? rose_timer_expiry+0x470/0x490
[  256.454259][    C1]  end_report+0x6d/0xf0
[  256.458446][    C1]  kasan_report+0x102/0x130
[  256.463000][    C1]  ? rose_timer_expiry+0x470/0x490
[  256.468165][    C1]  rose_timer_expiry+0x470/0x490
[  256.473146][    C1]  ? rose_start_t1timer+0xd0/0xd0
[  256.478209][    C1]  call_timer_fn+0x17b/0x540
[  256.482834][    C1]  ? rose_start_t1timer+0xd0/0xd0
[  256.487898][    C1]  ? __run_timers+0x800/0x800
[  256.492610][    C1]  ? _raw_spin_unlock_irq+0x1f/0x40
[  256.497846][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  256.503076][    C1]  ? rose_start_t1timer+0xd0/0xd0
[  256.508134][    C1]  __run_timers+0x53e/0x800
[  256.512678][    C1]  ? detach_timer+0x2b0/0x2b0
[  256.517382][    C1]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  256.523403][    C1]  ? sched_clock_cpu+0x15/0x3c0
[  256.525934][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  256.528297][    C1]  ? ktime_get_real_ts64+0x440/0x440
[  256.528323][    C1]  run_timer_softirq+0x63/0xf0
[  256.545466][    C1]  handle_softirqs+0x339/0x830
[  256.550280][    C1]  ? __irq_exit_rcu+0x13b/0x230
[  256.555178][    C1]  ? do_softirq+0x210/0x210
[  256.559732][    C1]  ? irqtime_account_irq+0xb2/0x1b0
[  256.564977][    C1]  __irq_exit_rcu+0x13b/0x230
[  256.569830][    C1]  ? irq_exit_rcu+0x20/0x20
[  256.574391][    C1]  irq_exit_rcu+0x5/0x20
[  256.578672][    C1]  sysvec_apic_timer_interrupt+0xa0/0xc0
[  256.584350][    C1]  </IRQ>
[  256.587321][    C1]  <TASK>
[  256.590275][    C1]  asm_sysvec_apic_timer_interrupt+0x16/0x20
[  256.596289][    C1] RIP: 0010:preempt_schedule_irq+0xb6/0x160
[  256.602235][    C1] Code: 00 00 43 c6 44 37 04 f8 74 0b 0f 0b 48 f7 03 08 00 00 00 74 7f bf 01 00 00 00 e8 85 ee 8d f7 e8 f0 db ba f7 fb bf 01 00 00 00 <e8> 65 b5 ff ff 43 c6 44 37 08 00 48 c7 44 24 40 00 00 00 00 9c 8f
[  256.621878][    C1] RSP: 0018:ffffc9000321f7a0 EFLAGS: 00000286
[  256.627985][    C1] RAX: ed90340a7951c000 RBX: 0000000000000000 RCX: ed90340a7951c000
[  256.635995][    C1] RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000001
[  256.644008][    C1] RBP: ffffc9000321f840 R08: ffffffff901d31b7 R09: 1ffffffff203a636
[  256.652146][    C1] R10: dffffc0000000000 R11: fffffbfff203a637 R12: 0000000000000000
[  256.660153][    C1] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff92000643ef4
[  256.668262][    C1]  ? __cond_resched+0xd0/0xd0
[  256.672981][    C1]  ? rcu_irq_exit_check_preempt+0xdb/0x200
[  256.679155][    C1]  irqentry_exit+0x63/0x70
[  256.683643][    C1]  asm_sysvec_reschedule_ipi+0x16/0x20
[  256.689203][    C1] RIP: 0010:lock_acquire+0x208/0x400
[  256.694542][    C1] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3d 04 f8 0f 85 f1 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 43 c7 44 3d 08 00 00 00 00 65 48 8b 04
[  256.714280][    C1] RSP: 0018:ffffc9000321f900 EFLAGS: 00000206
[  256.720485][    C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ed90340a7951c000
[  256.729551][    C1] RDX: 0000000000000000 RSI: ffffffff8a2b3a20 RDI: ffffffff8a79f800
[  256.737770][    C1] RBP: ffffc9000321fa20 R08: dffffc0000000000 R09: 1ffffffff203a618
[  256.745875][    C1] R10: dffffc0000000000 R11: fffffbfff203a619 R12: ffffffff8c31eaa0
[  256.754251][    C1] R13: 1ffff92000643f2c R14: 0000000000000246 R15: dffffc0000000000
[  256.762562][    C1]  ? rcu_lock_release+0x5/0x20
[  256.767790][    C1]  ? read_lock_is_recursive+0x10/0x10
[  256.773390][    C1]  ? __lock_acquire+0x7d10/0x7d10
[  256.778665][    C1]  rcu_lock_acquire+0x2a/0x30
[  256.783958][    C1]  ? rcu_lock_acquire+0x5/0x30
[  256.788780][    C1]  batadv_iv_ogm_schedule+0x432/0xec0
[  256.794222][    C1]  ? batadv_iv_send_outstanding_bat_ogm_packet+0x840/0x840
[  256.801990][    C1]  ? batadv_send_skb_packet+0x392/0x5f0
[  256.807589][    C1]  batadv_iv_send_outstanding_bat_ogm_packet+0x72f/0x840
[  256.814800][    C1]  process_one_work+0x85f/0x1010
[  256.820771][    C1]  ? worker_detach_from_pool+0x240/0x240
[  256.826538][    C1]  ? lockdep_hardirqs_off+0x70/0x100
[  256.832124][    C1]  ? _raw_spin_lock_irq+0xb7/0xf0
[  256.837411][    C1]  ? _raw_spin_lock_irqsave+0x100/0x100
[  256.843011][    C1]  ? wq_worker_running+0x97/0x170
[  256.848374][    C1]  worker_thread+0xaa6/0x1290
[  256.853313][    C1]  ? lockdep_hardirqs_on+0x94/0x140
[  256.859178][    C1]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  256.865114][    C1]  kthread+0x436/0x520
[  256.869325][    C1]  ? rcu_lock_release+0x20/0x20
[  256.874227][    C1]  ? kthread_blkcg+0xd0/0xd0
[  256.878996][    C1]  ret_from_fork+0x1f/0x30
[  256.883559][    C1]  </TASK>
[  256.886897][    C1] Kernel Offset: disabled
[  256.891244][    C1] Rebooting in 86400 seconds..